Download Print this page

CTS FOS-5128 Series User Manual

24-port 100/1000base-x sfp + 4-port 1g/10gbase-r sfp+ l2 managed fiber switch

Hide thumbs Also See for FOS-5128 Series:

User manual (25 pages)

Table Of Contents

page of 345

/ 345
Contents
Table of Contents
Bookmarks

Table of Contents

Advertisement

Quick Links

Download this manual

FOS-5128 Series

24-port 100/1000Base-X SFP + 4-port

1G/10GBase-R SFP+ L2 Managed Fiber

Switch

Network Management

User's Manual

Version 1.1

1

Table of Contents

Advertisement

Table of Contents

Need help?

Need help?

Do you have a question about the FOS-5128 Series and is the answer not in the manual?

Questions and answers

Summary of Contents for CTS FOS-5128 Series

Page 1 FOS-5128 Series 24-port 100/1000Base-X SFP + 4-port 1G/10GBase-R SFP+ L2 Managed Fiber Switch Network Management User’s Manual Version 1.1...
Page 2 Revision History Version Date Description 1.00.00 2019/08/22 First release 1.00.0I 2020/03/04 Add the description of MVR function.
Page 3 Trademarks CTS is a registered trademark of Connection Technology Systems Inc.. Contents are subject to revision without prior notice. All other trademarks remain the property of their owners. Copyright Statement Copyright  Connection Technology Systems Inc.. This publication may not be reproduced as a whole or in part, in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc..
Page 4 CTS Contact Information Headquarters/Manufacturer: ▓ Connection Technology Systems Inc. 18F-6, No.79, Sec.1, Xintai 5th Rd., Xizhi Dist., New Taipei City 221, Taiwan(R.O.C.) Tel: +886-2-2698-9661 Fax: +886-2-2698-3960 Sales Direct Line:+886-2-2698-9201 www.ctsystem.com Global Offices: ▓ Connection Technology USA Connection Technology Systems Japan 40538 La Purissima Way, Higobashi Bldg.
Page 5: Table Of Contents
Table of Content Chapter 1. INTRODUCTION ....................10 1.1 Management Options ....................10 1.2 Management Software ....................12 1.3 Management Preparations ..................13 Chapter 2. Command Line Interface (CLI)................ 15 2.1 Using the Local Console ..................... 15 2.2 Remote Console Management - Telnet ..............16 2.3 Navigating CLI ......................
Page 6 2.6.8 Digital Input Command ..................46 2.6.9 IP Command ......................47 2.6.10 IPv6 Command ....................58 2.6.11 LLDP Command ....................60 2.6.12 Loop Detection Command ................. 62 2.6.13 l2protocol-tunnel Command ................65 2.6.14 MAC Command ....................68 2.6.15 Management Command ..................70 2.6.16 Mirror Command ....................
Page 7 4.2 Port Management ..................... 161 4.2.1 Port Setup & Status .................... 162 4.2.2 Port Traffic Statistics ..................164 4.2.3 Port Packet Error Statistics ................165 4.2.4 Port Packet Analysis Statistics ................166 4.2.5 Port Mirroring ..................... 167 4.3 Link Aggregation ....................... 169 4.3.1 Distribution Rule....................
Page 8 4.8.1.3 IPMC Segment .................... 213 4.8.1.4 IPMC Profile ....................215 4.8.1.5 IGMP/MLD Filtering ..................217 4.8.1.6 IGMP Snooping Status ................218 4.8.1.7 IGMP Group Table ..................219 4.8.1.8 MLD Snooping Status ................. 219 4.8.1.9 MLD Group Table ..................220 4.8.2 Static Multicast Configuration ................221 4.8.3 MVR Configuration .....................
Page 9 4.14.1 CPU and Memory Statistics ................272 4.14.2 CPU Temperature Status ................. 274 4.14.3 FAN State ......................277 4.14.4 System Voltage ....................278 4.14.5 Ping ........................280 4.14.6 Loopback Test ....................280 4.14.7 Event Log ......................282 4.14.8 SFP Information ....................283 4.14.8.1 SFP Port Info .....................
Page 10: Chapter 1. Introduction
1. INTRODUCTION Thank you for using the 24 100/1000Base-X SFP ports plus 4 1G/10GBase-R SFP+ uplink ports Managed Switch that is specifically designed for FTTx applications. The Managed Switch provides a built-in management module that enables users to configure and monitor the operational status both locally and remotely.
Page 11: Ssh Management
SSH Management SSH Management supports encrypted data transfer to prevent the data from being “stolen” for remote management. You can use PuTTY, a free and open source terminal emulator application which can act as a client for the SSH, to gain access to the Managed Switch.
Page 12: Management Software
1.2 Management Software The following is a list of management software options provided by this Managed Switch: • Managed Switch CLI interface • SNMP-based Management Software • Web Browser Application Console Program The Managed Switch has a built-in Command Line Interface called the CLI which you can use to: •...
Page 13: Management Preparations
1.3 Management Preparations After you have decided how to manage your Managed Switch, you are required to connect cables properly, determine the Managed switch IP address and, in some cases, install MIB shipped with your Managed Switch. Connecting the Managed Switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches, hubs, workstations, etc..
Page 14 IP Addresses IP addresses have the format n.n.n.n, (The default factory setting is 192.168.0.1). IP addresses are made up of two parts:  The first part (for example 192.168.n.n) refers to network address that identifies the network where the device resides. Network addresses are assigned by three allocation organizations. Depending on your location, each allocation organization assigns a globally unique network number to each network which intends to connect to the Internet.
Page 15: Chapter 2. Command Line Interface (Cli)
2. Command Line Interface (CLI) This chapter introduces you how to use Command Line Interface CLI, specifically in: • Local Console • Telnet • Configuring the system • Resetting the system The interface and options in Local Console and Telnet are the same. The major difference is the type of connection and the port that is used to manage the Managed Switch.
Page 16: Remote Console Management - Telnet
2.2 Remote Console Management - Telnet You can manage the Managed Switch via Telnet session. However, you must first assign a unique IP address to the Switch before doing so. Use the Local Console to login the Managed Switch and assign the IP address for the first time. Follow these steps to manage the Managed Switch through Telnet session: Step 1.
Page 17: General Commands
2.3.1 General Commands This section introduces you some general commands that you can use in User, Privileged, and Configuration modes, including “help”, “exit”, “history” and “logout”. Entering the command… To do this… Available Modes User Mode Obtain a list of available help Privileged Mode commands in the current mode.
Page 18: Command Format
2.3.3 Command Format While in CLI, you will see several symbols very often. As mentioned above, you might already know what “>”, “#” and (config)# represent. However, to perform what you intend the device to do, you have to enter a string of complete command correctly. For example, if you want to assign IP address for the Managed Switch, you need to enter the following command with the required parameter and IP, subnet mask and default gateway: IP command syntax:...
Page 19: Login Username & Password
Example 2: specifying three values (separated by commas) Switch(config)#qos 802.1p-map 1,3 0 Switch(config)#qos dscp-map 10,13,15 3 Example 3: specifying a range of values (separated by a hyphen) Switch(config)#qos 802.1p-map 1-3 0 Switch(config)#qos dscp-map 10-15 3 2.3.4 Login Username & Password Default Login When you enter Console session, a login prompt for username and password will appear to request a valid and authorized username and password combination.
Page 20: User Mode
2.4 User Mode In User mode, only a limited set of commands are provided. Please note that in User mode, you have no authority to configure advanced settings. You need to enter Privileged mode and Configuration mode to set up advanced functions of the Switch. For a list of commands available in User mode, enter the question mark (?) or “help”...
Page 21: Ping Command
2.4.2 Ping Command Ping is used to test the connectivity of end devices and also can be used to self test the network interface card. Enter the ping command in User mode. In this command, you can add an optional packet size value and an optional value for the number of counts that PING packets are sent.
Page 22: Privileged Mode
2.5 Privileged Mode The only place where you can enter the Privileged mode is in User mode. When you successfully enter the Privileged mode (this mode is password protected), the prompt will be changed to Switch# (the model name of your device together with a pound sign). Enter the question mark (?) or help command to view a list of commands available for use.
Page 23: Firmware Command
2. Backup a configuration file to FTP or TFTP server. Command Parameter Description Switch# copy-cfg to [A.B.C.D | Enter the IPv4/IPv6 address of your FTP server. ftp [A.B.C.D | A:B:C:D:E:F:G:H] A:B:C:D:E:F:G:H] [file name] Enter the configuration file name that you want to [file name] [running backup.
Page 24: Ip Command
[A.B.C.D | [file_name] Enter the firmware file name that you want to A:B:C:D:E:F:G:H] upgrade. [file_name] [Image- [Image-1| Image- Choose image-1 or image-2 for the firmware to 1| Image-2] be upgraded to. Example Switch# firmware upgrade ftp 192.168.1.198 HS_0600_file.bin Image-1 edgeswitch10 abcxyz Switch# firmware upgrade tftp 192.168.1.198 HS_0600_file.bin Image-2 2.5.3 IP Command...
Page 25: Ping Command
2.5.5 Ping Command Command Parameter Description Switch# ping [A.B.C.D | Enter the IPv4/IPv6 address that you would like to [A.B.C.D | A:B:C:D:E:F:G:H] ping. A:B:C:D:E:F:G:H] [- [-s 1-20000] Enter the packet size that would be sent. The s 1-20000] [-c 1-99] allowable packet size is from 1 to 20000 bytes.
Page 26: Traceroute Command
2.5.7 Traceroute Command Traceroute is used to trace the path between the local host and the remote host. Enter the traceroute command in Privileged mode. In this command, you can add an optional maximum hops value for the number of hops that packets are sent and received, an optional value for the number of counts that PROBE packets are sent, or an optional waiting time value of the remote host response.
Page 27: Show Command
2.5.10 Show Command The “show” command is very important for network administrators to get information about the device, receive outputs to verify a command’s configurations or troubleshoot a network configuration error. It can be used in Privileged or Configuration mode. The following describes different uses of “show”...
Page 28 Power A/B: Display the installation status, the type of power source and state of Power A/B. CPU Temperature: Display the current CPU temperature of this device. 2. Display or verify currently-configured settings Refer to the following sub-sections. “Interface command”, “IP command”, “MAC command”, “QoS command”, “Security command”, “SNMP-Server command”, “User command”, “VLAN command”...
Page 29: Configuration Mode
2.6 Configuration Mode When you enter “configure” or “config” and press “Enter” in Privileged mode, you will be directed to the Global Configuration mode where you can set up advanced switching functions, such as QoS, VLAN and storm control security globally. All commands entered will apply to running-configuration and the device’s operation.
Page 30: No Command
Switch(config)# interface 1-3 Enter three continuous interfaces. Use a Switch(config-if-1-3)# hyphen to signify a range of interface numbers. In this example, interface 1, 2, and 3 will apply commands entered. Switch(config)# interface 1,3-5 Enter a single interface number together with Switch(config-if-1,3-5)# a range of interface numbers.
Page 31 Current Boot Image: The image that is currently using. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device. M/B Version: Display the main board version.
Page 32: Acl Command
2.6.4 ACL Command ACL Command Parameter Description Switch(config)# acl ipv4 [1- [1-64] The total number of IPv4 ACL rule can be created is 64. Use this command to enter ACL configuration mode for each ACL rule. When you enter each ACL rule, you can further configure detailed settings for this rule.
Page 33 Switch(config-acl-ipv4(6)- [any | 0xWXYZ] Specify Ethertype (Range: 0x0000 RULE)# ethertype [any | ~FFFF) or “ANY”. 0xWXYZ] Switch(config-acl-ipv4(6)- [any | port-list] Specify ingress port(s) or “ANY”. RULE)# ingress-port [any | port-list] Switch(config-acl-ipv4(6)- [name] Specify the name to the specified ACL RULE)# name [name] rule.
Page 34 Switch(config-acl-ipv4(6)- Reset action back to the default RULE)# no action (permit). Switch(config-acl-ipv4(6)- Reset copy(mirror)-to/redirect-to port RULE)# no action-port back to the default (Port 1). Switch(config-acl-ipv4(6)- Disable the specified ACL rule. RULE)# no apply Switch(config-acl-ipv4- Reset destination IPv4 address back to RULE)# no destination- the default (ANY).
Page 35 Switch# show acl ipv6 [index | sequence] Display all valid IPv6 ACL rules sorted [index | sequence] by specific option. Switch(config)# show acl Display all valid IPv4 ACL rules. ipv4 Switch(config)# show acl Display all valid IPv6 ACL rules. ipv6 Switch(config)# show acl [1-64] Display the specified IPv4 ACL rule...
Page 36: Archive Command
2.6.5 Archive Command Archive Command Parameter Description Switch(config)# archive Enable the auto-backup configuration auto-backup files function. Switch(config)# archive [A.B.C.D | Specify the IPv4/IPv6 address of the auto-backup path ftp A:B:C:D:E:F:G:H] FTP server. [A.B.C.D | [file_directory] Specify the file directory of the FTP A:B:C:D:E:F:G:H] server to save the start-up [file_directory] [user_name]...
Page 37: Channel-Group Command
2.6.6 Channel-group Command 1. Configure a static link aggregation group (LAG). Channel-group Command Parameter Description Switch(config)# channel-group [group_name] Specify a name for this link trunking [group_name] aggregation group. Up to 15 alphanumeric characters can be accepted. Switch(config)# interface [port_list] [port_list] Use “interface”...
Page 38 Show command Switch(config)# show channel-group Show link aggregation settings trunking and distribution rule information. Switch(config)# show channel-group [trunk_name] Show a specific link aggregation trunking [trunk_name] group’s settings including aggregated port numbers and distribution rule information. Below is an example of creating a static link aggregation group (port trunking group) using Channel-group commands to have the users realize the commands we mentioned above in this section.
Page 39 Enable Destination Mac STEP7 channel-group distribution-rule destination-mac Address in Distribution (Optional) Rule. Example: FOS-5128(config)# channel-group distribution-rule destination-mac OK ! In this example, it STEP8 group_name channel-group trunking configures the name of the Trunking Group as “CTSGROUP”. Example: FOS-5128(config)# channel-group trunking CTSGROUP OK ! Speciy the interface STEP9...
Page 40 2. Use “Interface” command to configure link aggregation groups dynamically (LACP). Channel-group & Interface Parameter Description Command Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable LACP on the selected channel-group lacp...
Page 41 Below is an example of creating a dynamic link aggregation group using Channel-group commands to have the users realize the commands we mentioned above in this section. Command Purpose Enter the global STEP1 configure configuration mode. Example: FOS-5128# config FOS-5128(config)# Enable Source IP Address STEP2 channel-group distribution-rule source-ip...
Page 42 In the Example 1, it STEP10 channel-group lacp role active configures LACP Port 5~7 as “Active” in [no channel-group lacp role] LACP Role. Example 1: In the Example 2, it FOS-5128(config-if-5-7)# channel-group lacp role active configures LACP Port OK ! 5~7 as “Passive”...
Page 43: Dot1X Command
2.6.7 Dot1x Command The IEEE 802.1X/MAB standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports. Before services are made available to clients connecting to a VLAN, clients that are 802.1X- complaint should successfully authenticate with the authentication server.
Page 44 Switch(config)# show dot1x Show each interface’s 802.1X/MAB interface configuration. Switch(config)# show dot1x [port_list] Show the specified interfaces’ interface [port_list] 802.1X/MAB configuration. Switch(config)# show dot1x Show each port’s 802.1X/MAB statistics statistics. Switch(config)# show dot1x [port_list] Show the specified interfaces’ statistics [port_list] 802.1X/MAB statistics.
Page 45 Managed Switch to deny access to all clients, neither 802.1X-aware nor 802.1X-unaware. Switch(config-if-PORT-PORT)# Enable radius-assigned vlan of the dot1x radius-assigned vlan specified port. Switch(config-if-PORT-PORT)# Re-authenticate the selected dot1x reauthenticate interfaces right now. Switch(config-if-PORT-PORT)# Enable the selected ports’ auto dot1x reauthentication reauthentication function.
Page 46: Digital Input Command
2.6.8 Digital Input Command Digital Input Command Parameter Description Switch(config)# digital input Specify the digital input number. Switch(config-input-1)# [open | close] Specify the normal digital input type normal [open | close] between open and close status for the digital input 1. No command Switch(config)# no digital Reset all digital input settings back to...
Page 47: Ip Command
2.6.9 IP Command 1. Set up an IP address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCP server. IP Command Parameter Description Switch(config)# ip enable Enable IPv4 address processing. Switch(config)# ip [A.B.C.D] Enter the desired IP address for your Managed address [A.B.C.D]...
Page 48 Switch(config-if-PORT- Enable IPv4 DHCP Auto Recycle PORT)# ip address dhcp function on the specified ports. Only auto-recycle when one of these specific link-up port is switched from link-down into link-up status, DHCP release packets and Discover packets will be sent to DHCP server automatically.
Page 49 Switch(config)# no ip dhcp Reset the leased time value back to the snooping leased default.(86400 seconds) Switch(config)# no ip dhcp Disable DHCPv4 Option 82 / DHCPv6 snooping option Option 37 relay agent. Switch(config)# no ip dhcp Globally disable DHCPv4 Option 82 / snooping remote DHCPv6 Option 37 Manual Remote Id.
Page 50 Switch(config-if-PORT-PORT)# Enable the Formatted DHCPv4 Option 82 / ip dhcp snooping circuit DHCPv6 Option 37 Circuit Id for the formatted selected interfaces. Switch(config-if-PORT-PORT)# [circuit_id] Specify the VLAN and port identifier using ip dhcp snooping circuit id a VLAN ID in the range of 1 to 4094 as [circuit_id] DHCPv4 Option 82 / DHCPv6 Option 37 Circuit ID.
Page 51 6. Enable or disable IGMP/MLD snooping globally. IGMP, Internet Group Management Protocol, is a communication protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It can be used for online streaming video and gaming, and allows more efficient use of resources when supporting these uses.
Page 52 Switch(config)# ip igmp [1-6000] Specify the query time interval of snooping query-interval [1-6000] IGMP/MLD querier. This is used to set up the time interval between transmitting IGMP/MLD queries. (Range:1-6000 seconds) Switch(config)# ip igmp [1-4094] Specify a VLAN ID. This enables snooping vlan [1-4094] IGMP/MLD Snooping for the specified VLAN.
Page 53 MVR VLAN ID. Switch(config)# show ip mld Show MLD Snooping status. snooping status Note: VID marked stands that it is a MVR VLAN ID. 7. Use “Interface” command to configure a group of ports’ IGMP/MLD snooping settings. IGMP/MLD Snooping & Parameter Description Interface command Switch(config)# interface...
Page 54 profile [profile_name] Switch(config)# no ip igmp [1-400] Delete the specified segment ID. Only segment [1-400] the segment that does not belong to any profiles can be deleted. Switch(config-profile-ID)# no Remove all existing segment IDs from segment the selected profile. Switch(config-profile-ID)# no [1-400] Remove the specified segment ID(s) segment [1-400]...
Page 55 Switch(config-if-PORT-PORT)# Enable IGMP filter for the selected ip igmp filter ports. Switch(config-if-PORT-PORT)# [profile_name] Assign the selected ports to an IGMP ip igmp filter profile filter profile. [profile_name] Note: Need to create an IGMP filter profile first under the igmp global configuration mode before assigning it.
Page 56 Switch(config-if-1)# ip igmp static-multicast-ip Create a static multicast IP to VLAN 224.10.0.5 vlan 50 entry. 10. Set Up IP Source Binding Function. IP Source Binding Command Parameter Description Switch(config)# ip source binding [1-5] Specify the IPv4/IPv6 address [1-5] ip-address [A.B.C.D | security binding number.
Page 57 Switch(config-if-PORT)# ip [A.B.C.D | Add a static IPv4/IPv6 address to sourceguard static-ip [A.B.C.D A:B:C:D:E:F:G:H] static IP address table. | A:B:C:D:E:F:G:H] vlan [1- Note: Only one port could be 4094] assigned at a time. [1-4094] Specify a VLAN ID. Note: Static IP can only be configured when IP sourceguard is set to fixed-ip.
Page 58: Ipv6 Command
2.6.10 IPv6 Command Brief Introduction to IPv6 Addressing IPv6 addresses are 128 bits long and number about 3.4×1038. IPv6 addresses are written in eight groups of four hexadecimal digits separated by colons, such as 2001:0db8:85a3:0000:0000:8a2e:0370:7334 IPv6 unicast addresses other than those that start with binary 000 are logically divided into two parts: a 64-bit network prefix and a 64-bit interface identifier.
Page 59 Set up the IPv6 address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCPv6 server. IPv6 Command Parameter Description Switch(config)# ipv6 Configuration of IPv6 addresses using address autoconfig stateless autoconfiguration. Switch(config)# ipv6 Configure DHCPv6 function into the address dhcp auto auto mode.
Page 60: Lldp Command
2.6.11 LLDP Command LLDP stands for Link Layer Discovery Protocol and runs over data link layer. It is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 61 Switch(config)# no lldp tlv-select port- Disable Port Description attribute to be sent. description Switch(config)# no lldp tlv-select Disable System Description attribute to be sent. system-description Switch(config)# no lldp tlv-select Disable System Name attribute to be sent. system-name Show command Switch# show lldp Show LLDP settings.
Page 62: Loop Detection Command
2.6.12 Loop Detection Command In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
Page 63 1440 minutes. NOTE: 1. Be aware that Looped port unlock- interval converted into seconds should be greater than or equal to Detection Interval seconds multiplied by 10. The ‘10’ is a magic number which is for the system to claims the loop detection disappears when the system does not receive the loop- detection packet from itself at least...
Page 64 Switch(config)# show loop- [port_list] Show Loop Detection status of the detection status [port_list] specified port(s). Examples of Loop Detection command Switch(config)# loop-detection interval 10 Set the Loop Detection time interval to 10 seconds. Switch(config)# loop-detection unlock-interval 120 Set the Loop Detection unlock time interval to 120 minutes.
Page 65: L2Protocol-Tunnel Command
2.6.13 l2protocol-tunnel Command L2PT (Layer 2 protocol tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), UDLD(Unidirectional Link Detection), to be tunneled through a network. GBPT, also referred to as Generic Bridge PDU Tunneling, provides a scalable approach to PDU tunneling by software encapsulating the PDUs in the ingress edge switches and then multicasting them in hardware.
Page 66 Switch(config)# show Clear each PDU’s encapsulation and l2protocol-tunnel clear decapsulation counters of all ports. Examples of L2PT command Switch(config)# l2protocol-tunnel Enable L2PT function. Switch(config)# l2protocol-tunnel cos 3 Specify the priority bit value “3” to L2PT Class of Service (CoS). Use “Interface” command to configure Layer 2 protocol data units (PDUs) settings. L2PT &...
Page 67 Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for PAgP packets on the pagp selected port(s). Switch(config-if-PORT-PORT)# no Disable point-to-point layer 2 protocol l2protocol-tunnel point-to-point tunneling for UDLD packets on the udld selected port(s). Switch(config-if-PORT-PORT)# no Disable layer 2 protocol tunneling for l2protocol-tunnel stp STP packets on the selected port(s).
Page 68: Mac Command
2.6.14 MAC Command Set up MAC address table aging time. Entries in the MAC address table containing source MAC addresses and their associated ports will be deleted if they are not accessed within aging time. MAC Command Parameter Description Switch(config)# mac [0-900s] Specify MAC address table aging time address-table aging-time...
Page 69 Switch(config)# show mac Show the current MAC address aging time. aging-time Examples of MAC command Switch(config)# mac address-table aging-time Set MAC address aging time to 200 seconds. Use “Interface” command to configure a group of ports’ MAC Table settings. MAC & Interface Command Parameter Description Switch(config)# interface...
Page 70: Management Command
2.6.15 Management Command Management Command Parameter Description Switch(config)# management Enable Console management. To manage console the Managed Switch via Console. Switch(config)# management [1-10] Configure the retry times if the console console fail-retry [1-10] login fails. The allowable value is 1~10 (times).
Page 71 Switch(config)# no management Disable SSH management. Switch(config)# no management Disable Telnet management. telnet Switch(config)# no management Reset Telnet port back to the default. The telnet port default port number is 23. Switch(config)# no management Disable Web management. Switch(config)# no management Reset web timeout value back to the web timeout default (20 minutes).
Page 72: Mirror Command
2.6.16 Mirror Command Mirror Command Parameter Description Switch(config)# mirror Globally enable Port Mirroring function. Switch(config)# mirror index [1-4] [1-4] Specify the index of port mirroring you would like to configure. Up to 4 sets of port mirroring can be set up. Switch (config-mirror-index)# Enable the specified port mirroring.
Page 73: Mvr Command
2.6.17 MVR Command MVR (Multicast VLAN Registration) allows clients receiving multicast stream transmitted from the upstream device to reside in different VLANs, which is particularly suitable for networks with the high demand of bandwidth. Instead of transmitting multiple copies of multicast traffic to clients in the different VLANs separately, an upstream device merely needs to transmit multicast traffic to a multicast VLAN if the configured MVR is enabled on Managed Switch.
Page 74 Show command Switch# show mvr Show the current MVR configuration. Switch# show mvr interface Show the current MVR port configuration of each port. Switch# show mvr interface [port_list] Show the current MVR port configuration [port_list] of the specific port. Switch# show mvr multicast- Show the current configuration of all IPv4 group and IPv6 multicast groups.
Page 75 Switch (config)# mvr vlan 500 Configure 500 VLAN ID as a multicast VLAN. Switch (config-mvr-500)# multicast-group ipv4 range Configure IPv4 multicast addresses from 239.0.0.1 to 239.0.0.254 ranging from 239.0.0.1 to 239.0.0.254 as the multicast group for MVR 500.
Page 76 2. Use “Interface” command to configure the MVR interfaces as Receiver & Sender Port settings. MVR & Interface Command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# [1-4094]...
Page 77: Ntp Command
2.6.18 NTP Command NTP Command Parameter Description Switch(config)# ntp Enable Network Time Protocol to have Managed Switch’s system time synchronize with NTP time server. Switch(config)# ntp [recurring] Enable daylight saving function with daylight-saving [ recurring | recurring mode. date ] [date] Enable daylight saving function with date mode.
Page 78 Switch(config)# no ntp time-zone Reset the time-zone setting back to the default. Show command Switch# show ntp Show the current NTP time server configuration. Switch(config)# show ntp Show the current NTP time server configuration. Examples of NTP command Switch(config)# ntp Enable NTP function for the Managed Switch.
Page 79: Qos Command
2.6.19 QoS Command 1. Set up QoS QoS Command Description Parameter Switch(config)# qos [802.1p | dscp] [802.1p | dscp] Specify QoS mode. Switch(config)# qos dscp-map [0- [0-63] Specify a DSCP bit value. 63] [0-7] [0-7] Specify a queue value. Switch(config)# qos management- [0-7] Specify management default priority [0-7]...
Page 80 ID back to the default. Switch (config-dscp-map-ID)# no rx- Reset the received DSCP bit dscp value for the selected priority mapping ID back to the default. Switch(config)# no qos remarking Globally disable 802.1p bit 802.1p remarking. Switch(config)# no qos remarking [1-8] Reset the 802.1p remaking for 802.1p-map [1-8]...
Page 81 Switch(config-if-PORT-PORT)# [Kbps | Mbps] Specify the unit of the ingress rate qos rate-limit ingress unit [Kbps | limit between Kbps and Mbps. Mbps] Switch(config-if-PORT-PORT)# Enable QoS egress rate limit qos rate-limit egress settings. Switch(config-if-PORT-PORT)# [500- Specify the egress rate limit value. qos rate-limit egress rate [500- 1000000 | 1- (Valid range is from 500-1000000 in...
Page 82 For QoS configuration via CLI, we take an FOS-5128 Managed Switch for example to let the users have a clear understanding of these QoS commands. Under this network environment, FOS-5128 will be configured as Table 2-1. Port 1-5 are client ports and Port 25 is the uplink port of the device.
Page 83 In this example, it configures STEP3 qos queuing-mode weight Queue Mode as “Weight”. Example: FOS-5128(config)# qos queuing-mode weight OK ! In this example, it configures STEP4 weighted qos queue-weighted the Queue Weighted to : 1(Q0):2(Q1):3(Q2):4(Q3): 5(Q4):6(Q5):7(Q6):8(Q7). Example: FOS-5128(config)# qos queue-weighted 1:2:3:4:5:6:7:8 OK ! In this example, it configures STEP5...
Page 84 In this example, it configures STEP13 kbps/Mbps qos rate-limit ingress unit the unit of the ingress rate limit as” Mbps” for Port 3 and Example: Port 4. FOS-5128(config-if-3,4)# qos rate-limit ingress unit Mbps OK ! In this example, it configures STEP14 limit_rate(kbps/Mbps) qos rate-limit ingress rate...
Page 85 In this example, it configures STEP24 P-Bit qos user-priority P-Bit value as 5 for Port 5. Example: FOS-5128(config-if-5)# qos user-priority 5 Return to the global STEP25 exit configuration mode. Example: FOS-5128(config-if-5)# exit FOS-5128(config)# Return to the Privileged mode. STEP26 exit Example: FOS-5128(config)# exit FOS-5128#...
Page 86 After completing the QoS settings for your FOS-5128 switches, you can issue the commands listed below for checking your configuration Example 1, FOS-5128(config)# show qos ======================================================================= QoS Information ======================================================================= QoS Mode : 802.1p Egress Mode : weight Weight : 1:2:3:4:5:6:7:8 Press Ctrl-C to exit or any key to continue! Priority Queue --------- ----------...
Page 87 Press Ctrl-C to exit or any key to continue! Port Priority ------ -------- 10 0 Press Ctrl-C to exit or any key to continue! 11 0 12 0 13 0 14 0 15 0 16 0 17 0 18 0 19 0 20 0 Press Ctrl-C to exit or any key to continue!
Page 88 Example 2, FOS-5128(config)# show qos interface ======================================================================= QoS port Information : ======================================================================= Ingress Rate Egress Rate ------------------------------- ------------------------------------ Port State Rate Unit State Rate Unit ------ --------- ---------- ---------- ---------- ---------- ----------- 1 disable 500 Kbps disable Kbps 2 disable 500 Kbps disable Kbps...
Page 89: Security Command
2.6.20 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
Page 90 between 120 and 86400 seconds. Switch(config)# security port- Globally enable the port isolation function. isolation If port isolation is set to enabled, the ports cannot communicate with each other. Note 1: If the port isolation function is enabled, the Port-based VLAN will be invaild automatically.
Page 91 Switch(config)# show Show the current port isolation security port-isolation configuration. Switch(config)# show Show the current storm control global security storm-protection configuration. Switch(config)# show Show the current storm control security storm-protection configuration of all ports. Interface Switch(config)# show Show the current storm control security storm-protection [port_list] configuration of specified port(s).
Page 92 Switch(config-if-PORT- Unlock the selected port(s) that are PORT)# security mac-limit locked because the number of MAC unlock address learned exceeds the threshold and the port action is set as “Shutdown”. Switch(config-if-PORT- Configure the selected port(s) as PORT)# security port-isolation uplinks that are allowed to up-link-port communicate with other ports.
Page 93 press “spacebar” and then followed by “?”. For example, “Switch(config)# security storm-protection unicast ?” No command Switch(config-if-PORT- Disable MAC Limit function of the PORT)# no security mac-limit selected port(s). Switch(config-if-PORT- Reset the action that would be taken PORT)# no security mac-limit when the number of source MAC action address learned exceeds the limit back...
Page 94: Snmp-Server Command
2.6.21 SNMP-Server Command 1. Create a SNMP community and set up detailed configurations for this community. Snmp-server Command Parameter Description Switch(config)# snmp- Enable SNMP Management. To manage server the Managed Switch via SNMP. Switch(config)# snmp- [community] Create/modify a SNMP community name. server community Up to 20 alphanumeric characters can be [community]...
Page 95 Exit command Switch(config-community-NAME)# exit Return to the global configuration mode. Example of Snmp-server Switch(config)# snmp-server community Create a new community “mycomm” and mycomm edit the details of this community account. Switch(config-community-mycomm)# active Activate the SNMP community “mycomm”. Switch(config-community-mycomm)# Add a description for “mycomm” description rddeptcomm community.
Page 96 Switch(config-trap-1)# community mycomm Add the description “mycomm” to this trap destination. Switch(config-trap-1)# destination Set SNMP server’s IP address as 192.168.1.254 “192.168.1.254” for this trap destination. 3. Set up SNMP trap types that will be sent. Trap-type Command Parameter Description Switch(config)# snmp- [all | auth-fail | Specify a trap type that will be sent when server trap-type [all | auth-...
Page 97 threshold interval setup of MAC Limit function once any port exceeds the specified source MAC address limit continuously. port-link: A trap will be sent when the link is up or down. power-down: A trap will be sent when the Managed Switch’s power is down. storm-control: A trap will be sent when broadcast/unknown multicast/unknown unicast packets flood.
Page 98 Show command Switch(config)# show snmp-server trap-type Show the current enable/disable status of each type of trap. Examples of Trap-type Switch(config)# snmp-server trap-type all All types of SNMP traps will be sent.
Page 99 4. Set up detailed configurations for SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
Page 100 Switch (config-v3-community- user_name)# no private Delete the configured private password. password Show Command Switch(config)# show snmp- Show SNMPv3 user configuration. server user Switch(config)# show snmp- [user_name] Show the specified SNMPv3 user server user [user_name] configuration. Switch(config-v3-user- Show the specified SNMPv3 user user_name)# show configuration.
Page 101: Spanning-Tree Command
2.6.22 Spanning-tree Command The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
Page 102 point ports (forced_false). Switch(config)# spanning- [4-30] Specify the forward delay time value in tree delay-time [4-30] seconds. The allowable value is between 4 and 30 seconds. Switch(config)# spanning- [1-10] Specify the hello interval value in tree hello-time [1-10] seconds. The allowable value is between 1 and 10 seconds.
Page 103 Switch(config)# show Show RSTP settings on aggregated spanning-tree aggregated- ports. port Switch(config)# show Show each interface’s RSTP information, spanning-tree interface including port state, path cost, priority, edge port state, and p2p port state. Switch(config)# show [port_list] Show the specified interfaces’ RSTP spanning-tree interface information, including port state, path [port_list]...
Page 104 Use “Interface” command to configure a group of ports’ Spanning Tree settings. Spanning tree & Interface Parameter Description Command Switch(config)# interface [port_list] [port_list] Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# Enable spanning tree protocol on...
Page 105 For RSTP configuration via CLI, we take the following ring network topology composed of 3 sets of FOS-5128 Managed Switches, including Switch A, Switch B and Switch C for example to let the users have a clear understanding of these RSTP commands. Under this network environment, Switch A, Switch B and Switch C will be configured as Table 2-2, and the “Root Switch”...
Page 106 In this example, it configures the STEP5 forward_delay_time spanning-tree delay-time Forward Delay Time of Switch A as Example: FOS-5128(config)# spanning-tree delay-time 4 OK ! In this example, it configures the STEP6 spanning-tree version stp_version STP Version of Switch A as “Normal”.
Page 108 After completing the RSTP Switch settings for your FOS-5128 switches, you can issue the commands listed below for checking your configuration Example 1, FOS-5128(config)# show spanning-tree ======================================================================== RSTP Switch Information ======================================================================== State : enabled System Priority : 4096 Max Age Hello Time Forward Delay : 4 Force Version : normal...
Page 109 Example 3, FOS-5128(config)# show spanning-tree interface ======================================================================== RSTP Port Information ======================================================================== Port State Path-Cost Priority Edge Point2point ------ ---------- ------------- ---------- ---------- -------------- disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable forced-true disable disable...
Page 110 Example 5, FOS-5128(config)# show spanning-tree status ======================================================================== RSTP Port Status ======================================================================== Port Path Cost Edge Cost P2P Cost :yes Protocol :RSTP Role :Non-STP Port State :Non-STP --------------------------------------------- Packet Statistics --------------------------------------------- RSTP Received RSTP Transmitted STP Received STP Transmitted TCN Received TCN Transmitted Illegal Received Unknown Received...
Page 111 Port : 10 Path Cost : 2000000 Edge Cost : no P2P Cost : yes Protocol : RSTP Role : Disable Port State : Disable --------------------------------------------- Packet Statistics --------------------------------------------- RSTP Received RSTP Transmitted :0 STP Received STP Transmitted TCN Received TCN Transmitted Illegal Received Unknown Received :0...
Page 112: Switch Command
2.6.23 Switch Command Switch Command Parameter Description Switch(config)# switch mtu [1518- [1518-9600] Specify the maximum frame size 9600] in bytes. The allowable MTU value is between 1518 and 9600 bytes. Switch(config)# switch statistics [1-28] Specify the number of ports for polling port [1-28] data acquisition in each polling.
Page 113: Switch-Info Command
2.6.24 Switch-info Command 1. Set up the Managed Switch’s basic information, including company name, hostname, system name, etc.. Switch-info Command Parameter Description Switch(config)# switch-info [company_name] Enter a company name, up to 55 company-name alphanumeric characters, for this Managed [company_name] Switch. Switch(config)# switch-info [10-3000] Specify CPU loading threshold.
Page 114 No command Switch(config)# no switch-info company-name Reset the entered company name back to the default. Switch(config)# no switch-info cpu-loading- Reset CPU loading threshold back to the threshold default. Switch(config)# no switch-info cpu- Disable the continuous alarm message temperature notification continuous-alarm sending function for CPU temperature of the system.
Page 115: Syslog Command
2.6.25 Syslog Command Syslog Command Parameter Description Switch(config)# syslog Enable the system log function. Switch(config)# syslog [0-7] Specify a facility code (Local 0~Local 7) to a facility [0-7] specific device for classifying the syslog message provided by different devices. Switch(config)# syslog Enable Terminal-history log function.
Page 116: Terminal Length Command
2.6.26 Terminal Length Command Terminal Length Parameter Description Command Switch(config)# terminal [0-512] Specify the number of event lines that will length [0-512] show up each time on the screen for “show running-config”, “show default-config” and “show start-up-config” commands. (“0” stands for no pausing.) No Command Switch(config)# no terminal Reset the terminal length back to the default...
Page 117: User Command
2.6.27 User Command 1. Create a new login account. User Command Parameter Description Switch(config)# user name [user_name] Create/modify a user account. The [user_name] authorized user login name is up to 20 alphanumeric characters. Up to 10 users can be registered. Switch(config)# user Enable MD5 (Message-Digest Algorithm).
Page 118 Switch(config)# no user Disable MD5(Message-Digest Algorithm). password-encryption Switch(config-user- Deactivate the selected user account. NAME)# no active Switch(config-user- Remove the configured description for the NAME)# no description specified user account. Switch(config-user- Reset the access privilege level back to the NAME)# no level default (Read Only).
Page 119 2. Configure RADIUS server settings. User Command Parameter Description Switch(config)# user radius Enable RADIUS authentication. Switch(config)# user radius [1025- Specify RADIUS server port number. radius-port [1025-65535] 65535] Switch(config)# user radius [0-2] Specify the retry time value. This is the retry-time [0-2] number of times that the Managed Switch will try to reconnect if the RADIUS server is not reachable.
Page 120 3. Configure TACACS server settings. User Command Parameter Description Switch(config)# user Enable TACACS+ authentication. tacacs Switch(config)# user [49, 1025- Specify TACACS server port number. The tacacs tacacs-port [49, 65535] default setting is at 49 port. 1025-65535] Switch(config)# user [0-2] Specify the retry time value. This is the tacacs retry-time [0-2] number of times that the Managed Switch will try to reconnect if the TACACS server is...
Page 121: Vlan Command
2.6.28 VLAN Command A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Page 122 Introduction to 802.1Q frame format: Preamble Type/LEN PAYLOAD Original frame 802.1q Preamble Type/LEN PAYLOAD FCS TCI/P/C/VID frame PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header Destination Address 6 bytes The MAC address of the destination Source Address 6 bytes...
Page 123 Trunk Native Mode : A Trunk-native port can carry untagged packets simultaneously with the 802.1Q tagged packets. When you assign a default Access-VLAN to the trunk-native port, all untagged traffic travels on the default Access-VLAN for the trunk-native port, and all untagged traffic is assumed to belong to this Access-VLAN.
Page 124: Introduction To Q-In-Q (Dot1Q-Tunnel)
2.6.28.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 125 1. Use “Interface” command to configure a group of ports’ 802.1q/Port-based VLAN settings. VLAN & Interface Command Parameter Description Switch(config)# interface [port_list] Enter several discontinuous port [port_list] numbers separated by commas or a range of ports with a hyphen. For example:1,3 or 2-4 Switch(config-if-PORT-PORT)# [1-4094]...
Page 126 2. Create/Modify an 802.1q VLAN and a management VLAN rule or create a port-based VLAN group. VLAN dot1q Command Parameter Description Switch(config)# vlan dot1q-vlan [1-4094] Enter a VLAN ID number to create [1-4094] a new 802.1q VLAN or modify an existing 802.1q VLAN.
Page 127 interface [port_list] assignment and VLAN mode. Switch(config)# show vlan port- Show port-based VLAN table. based Exit command Switch(config-vlan-ID)# exit Return to Global Configuration mode. Examples of Port-based VLAN Switch(config)# vlan port-based MKT_Office Create a port-based VLAN “MKT_Office”. Switch(config)# vlan management-vlan 1 Set VLAN 1 to management VLAN management-port 1-3 mode access (untagged) and Port 1~3 as...
Page 128 [1-4094] Specify the preferred VLAN ID that the assigned original VID will be translated. Valid range: 1-4094. Note: Different Mapped VIDs cannot be assigned to the trunk port with the same original VID. [0-7] Specify the preferred priority bit value to replace the original priority level in the tagged packets.
Page 129 FOS-5128(config-if-1,2)# vlan dot1q-vlan mode Set the selected ports to Trunk Mode trunk (tagged). FOS-5128(config-if-1,2)# exit Exit current ports interface mode. FOS-5128 (config)# interface 3-4 Enter port 3 to 4’s interface mode. FOS-5128(config-if-3,4)# vlan dot1q-vlan pvid Set port 3 to port 4’s Access-VLAN ID (PVID) to 50.
Page 130 FOS-5128 (config)# vlan dot1q-vlan 70 Enter VLAN 70. FOS-5128 (config-vlan-70)# name PME Specify ”PME” as the name for VLAN 70. FOS-5128 (config-vlan-70)# exit Exit VLAN 70. Example 2, We will configure two sets of FOS-5128 Managed Switch( including #1 FOS-5128 and #2 FOS- 5128) via CLI as the Table 2-4 listed.
Page 131 FOS-5128(config)# Specify Port 2 that you would STEP7 port_list interface like to configure it as Trunk port. Example: FOS-5128(config)# interface 2 FOS-5128(config-if-2)# In this example, it configures STEP8 vlan_id vlan dot1q-vlan trunk-vlan Trunk-VLAN ID “10” to Port 2. Example: FOS-5128(config-if-2)# vlan dot1q-vlan trunk-vlan 10 OK ! Configure Port 2’s VLAN mode STEP9...
Page 132 Specify Port 4 that you would STEP15 port_list interface like to configure it as dot1q- tunnel port. Example: FOS-5128(config)# interface 4 FOS-5128(config-if-4)# In this example, it configures STEP16 vlan dot1q-vlan access-vlan vlan_id Access-VLAN ID “20” to Port 4. Example: FOS-5128(config-if-4)# vlan dot1q-vlan pvid 20 OK !
Page 133 Configure Port 4’s VLAN mode STEP17 dot1q-tunnel vlan dot1q-vlan mode as “dot1q-tunnel” mode. Example: FOS-5128 (config-if-4)# vlan dot1q-vlan mode dot1q-tunnel OK ! Return to the global STEP18 exit configuration mode. Example: FOS-5128 (config-if-4)# exit FOS-5128 (config)# Return to the Privileged mode. STEP19 exit Example:...
Page 134 After completing the VLAN settings for your FOS-5128 switches, you can issue the commands listed below for checking your configuration Example 1, FOS-5128(config)# show vlan interface ======================================================================== IEEE 802.1q Tag VLAN Interface ======================================================================== CPU VLAN ID Dot1q-Tunnel EtherType : 0x9100 Port P-Bit Port VLAN Mode PVID Trunk-vlan ---- --------- ------------------------ ------- ---------------- dot1q tunnel...
Page 135: Interface Command
2.6.29 Interface Command Use “interface” command to set up configurations of several discontinuous ports or a range of ports. 1. Entering interface numbers. Interface Command Parameter Description Switch(config)# interface [port_list] Enter several port numbers separated by [port_list] commas or a range of port numbers with a hyphen.
Page 136 Switch(config-if-PORT-PORT)# [group_name] Specify the selected interfaces to the channel-group trunking trunking group. [group_name] Note1: At lease 2 ports but not more than 8 ports can be aggregated. Note2: Ports cannot be in LACP and port-trunking mode at the same time. Note3 : A port-trunking group need to created before assigning ports to it.
Page 137 6. Enable flow control operation. Command Parameter Description Switch(config-if-PORT-PORT)# Enable flow control on the selected flowcontrol port(s). No command Switch(config-if-PORT-PORT)# Disable flow control on the selected no flowcontrol port(s). 7. Setup DHCP snooping/relay sub-commands Command Parameter Description Switch(config-if-PORT-PORT)# Enable the selected interfaces’ DHCP ip dhcp snooping option Option 82 / DHCPv6 Option 37 relay agent globally.
Page 138 8. Setup IGMP snooping/MLD sub-commands Command Parameter Description Switch(config-if-PORT- Enable IGMP filter for the selected ports. PORT)# ip igmp filter Switch(config-if-PORT- [profile_name] Assign the selected ports to an IGMP filter PORT)# ip igmp filter profile profile. [profile_name] Note: Need to create an IGMP filter profile first under the igmp global configuration mode before assigning it.
Page 139 10. Setup IP source guard Command Parameter Description Switch(config-if-PORT- [dhcp | fixed-ip] Specify the authorized access type as PORT)# ip sourceguard [dhcp either DHCP or fixed-IP for the selected | fixed-ip] ports. dhcp: DHCP server assigns IP address. fixed IP: Only Static IP (Create Static IP table first).
Page 140 12. Configure QoS rate limit. Command Parameter Description Switch(config-if-PORT-PORT)# [500- Specify the ingress rate limit value. qos rate-limit ingress rate [500- 1000000 | (Valid range is from 500-1000000 in unit of 1000000 | 1-1000] Kbps/Mbps 1-1000] Kbps or 1-1000 in unit of Mbps). Kbps/Mbps Specify the egress rate limit value.
Page 141 automatically (auto). By default, physical ports are set to point to point ports (forced_true). No command Switch(config-if-PORT- Disable spanning-tree PORT)# no spanning-tree protocol on the selected interface(s). Switch(config-if-PORT- Reset the cost value back PORT)# no spanning-tree to the default for the cost selected interface(s).
Page 142 16. Set up VLAN parameters per port. Command Parameter Description Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’ Access-VLAN vlan dot1q-vlan pvid [1-4094] ID (PVID). Switch(config-if-PORT-PORT)# [1-4094] Specify the selected ports’ Trunk-VLAN ID vlan dot1q-vlan trunk-vlan [1- (VID). 4094] Switch(config-if-PORT-PORT)# Set the selected ports to the access mode vlan dot1q-vlan mode access (untagged).
Page 143 17. Set up MAC Limit. Command Parameter Description Switch(config-if-PORT- Enable MAC Limit function of the selected PORT)# security mac-limit port(s). Switch(config-if-PORT- [1-50] Specify the maximum number of source PORT)# security mac-limit MAC address that can be learned for each maximum [1-50] of the selected port(s).
Page 144: Show Interface Statistics Command
2.6.30 Show interface statistics Command The command of “show interface statistics”, displaying port traffic statistics, port packet error statistics and port analysis history, can be used either in Privileged mode or Global Configuration mode. This command is useful for network administrators to diagnose and analyze the real-time conditions of each port traffic.
Page 145: Show Sfp Command
2.6.31 Show sfp Command When you slide-in SFP transceiver, detailed information about this module can be viewed by issuing this command. Show sfp Command Description Display SFP information, including the speed of transmission, the distance of Switch(config)# show sfp information transmission, vendor name, vendor PN, and vendor SN.
Page 146: Show Log Command
Switch(config)# show start-up- Show the difference between the config startup configuration and the default configuration. Switch(config)# show start-up- [string] Specify the keyword to search for config include [string] the matched information from the difference between the startup configuration and the default configuration.
Page 147: Chapter 3. Snmp Network Management
3. SNMP NETWORK MANAGEMENT The Simple Network Management Protocol (SNMP) is an application-layer protocol that facilitates the exchange of management information between network devices. It is part of the TCP/IP protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
Page 148: Chapter 4. Web Management
4. WEB MANAGEMENT You can manage the Managed Switch via a web browser. However, you must first assign a unique IP address to the Managed Switch before doing so. Through the connection of any SFP ports using the fiber cable or any TP ports using a RJ45 cable, you will be allowed to have an access of the Managed Switch and set up the IP address for the first time.
Page 149 Besides the Main Menu, a general overview of the Managed Switch’s all functions will also be displayed when clicking on the icon among the quick buttons located on the top-right corner of each webpage. You can also reach each fucnions from the listed hyperlink. As for other quick buttons, the icon is provided for the user to save any new settings permanently into Flash, the...
Page 150 In the Main Menu, there are 16 main functions, including System Setup, Port Management, Link Aggregation, VLAN Setup, Rapid Spanning Tree, MAC Address Management, QoS Setup, Multicast, ACL Setup, Security Setup, 802.1X Setup, LLDP, Power over Ethernet, Layer 2 Protocol Tunneling, Maintenance, Management and Logout contained.
Page 151  LLDP: Enable or disable LLDP on ports, set up LLDP-related attributes, and view the TLV information sent by the connected device with LLDP-enabled.  Layer 2 Protocol Tunneling: Enable or disable L2PT function, set up acceptable BPDUs for GBPT (Generic Bridge PDU Tunneling), and view the state of Layer 2 protocol data units (PDUs) as well as their encapsulation &...
Page 152: System Setup
4.1 System Setup In order to enable network management of the Managed Switch, proper network configuration is required. To do this, click the folder System Setup from the Main Menu and then 5 options within this folder will be displayed as follows. 1.
Page 153: Switch Information
4.1.1 Switch Information Select the option System Information from the System Setup menu and then the following screen shows up. Company Name: Enter a company name for this Managed Switch. System Object ID: Display the predefined System OID. System Contact: Enter the contact information for this Managed Switch. System Name: Enter a descriptive system name for this Managed Switch.
Page 154 Model Name: Display the product’s model name. Host Name: Enter the product’s host name. Current Boot Image: The image that is currently being used. Configured Boot Image: The image you would like to use after rebooting. Image-1 Version: Display the firmware version 1 (image-1) used in this device. Image-2 Version: Display the firmware version 2 (image-2) used in this device.
Page 155: Ip Setup
4.1.2 IP Setup Click the option IP Setup from the System Setup menu and then the following screen page appears. Enable IPv4: Click the checkbox in front of enable IPv4 to enable IPv4 function on the Managed Switch. MAC Address: This view-only field shows the unique and permanent MAC address assigned to the Managed switch.
Page 156 Gateway: Specify the IP address of a gateway or a router, which is responsible for the delivery of the IP packets sent by the Managed Switch. This address is required when the Managed Switch and the network management station are on different networks or subnets. The default value of this parameter is 0.0.0.0, which means no gateway exists and the network management station and Managed Switch are on the same network.
Page 157 address from its MAC address and the link-local prefix FE80::/10. This is done by putting the prefix into the leftmost bits and the MAC address (in EUI-64 format) into the rightmost bits, and if there are any bits left in between, those are set to zero. IPv6 Global Address/Prefix Length: This is done in the same fashion as the link-local address, but instead of the link-local prefix FE80:: it will use the prefix supplied by the router and put it together with its identifier (which by default is the MAC address in EUI-64 format).
Page 158: Ip Source Binding
4.1.3 IP Source Binding Click the option IP Source Binding from the System Setup menu and then the following screen page appears. Source Binding State: Globally enable or disable IP source binding. State: Disable or enable the assigned IP address to reach the management. IPv4/IPv6 Address: Specify the IP address for source binding.
Page 159: Time Server Setup
4.1.4 Time Server Setup Click the option Time Server Setup from the System Setup menu and then the following screen page appears. Time Synchronization: To enable or disable the time synchronization function. 1st Time Server: Set up the IPv4/IPv6 address of the first NTP time server. 2nd Time Server: Set up the IPv4/IPv6 address of the secondary NTP time server.
Page 160: Syslog Configuration
4.1.5 Syslog Configuration Click the option Syslog Setup from the System Setup menu and then the following screen page appears. When DHCP snooping filters unauthorized DHCP packets on the network, the mal-attempt log will allow the Managed Switch to send event notification message to log server. Log Server: Enable or disable mal-attempt log function.
Page 161: Port Management
4.2 Port Management In order to configure each port of the Managed Switch and monitor the real-time ports’ link-up status or traffic counters for maintenance or diagnostic purposes. Select the folder Port Management from the Main Menu and then 5 options within this folder will be displayed for your selection.
Page 162: Port Setup & Status
4.2.1 Port Setup & Status Click the option Port Setup &Status from the Port Management menu and then the following screen page appears. Maximum Frame Size: Specify the maximum frame size between 1518 and 9600 bytes. The default maximum frame size is 9600 bytes. Statistics Polling Port: Specify the number of ports for data acquisition at a time.
Page 163 Description: Enter a unique description for the port. Up to 35 alphanumeric characters can be accepted. Preferred Media Type: Select copper or fiber as the preferred media type. Port Type: Select Auto-Negotiation or Manual mode as the port type. State of Port in Speed field: View-only field that shows the current operation speed of ports, which can be 100Mbps or 1000Mbps in 1-24 SFP port(s) and 1000Mbps or 10Gbps in 25-28 SFP+ port(s), and the current operation duplex mode of the port, either Full or Half.
Page 164: Port Traffic Statistics
4.2.2 Port Traffic Statistics In order to view the real-time port traffic statistics of the Managed Switch, select the option Port Traffic Statistics from the Port Management menu and then the following screen page appears. Monitor: Choose the way of representing Port Traffic Statistics from the pull-down menu. Either “Rate”...
Page 165: Port Packet Error Statistics
4.2.3 Port Packet Error Statistics Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Error Statistics from the Port Management menu and then the following screen page appears.
Page 166: Port Packet Analysis Statistics
4.2.4 Port Packet Analysis Statistics Port Packet Analysis Statistics mode counters allow users to view the port analysis history of the Managed Switch in both “Rate” and “Event” representing ways. The event mode counters are calculated since the last time that counter was reset or cleared. Select the option Port Packet Analysis Statistics from the Port Management menu and then the following screen page appears.
Page 167: Port Mirroring
4.2.5 Port Mirroring In order to allow the destination port to mirror the source port(s) and enable traffic monitoring, select the option Port Mirroring from the Port Management menu and then the following screen page appears. Please note that functions of Port Isolation and Port Mirroring cannot be enabled concurrently.
Page 168 Enabled: Enable or disable the specific port mirroring. TX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the transmitting packets of preferred source port(s) for mirroring. Please note that the port selected as the destination port cannot be the source port. RX Source Port: Input the port number (e.g.1, 2, 3-7) to specify the receiving packets of preferred source port(s) for mirroring.
Page 169: Link Aggregation
4.3 Link Aggregation Link aggregation is an inexpensive way to set up a high-speed backbone network that transfers much more data than any one single port or device can deliver without replacing everything and buying new hardware. For most backbone installations, it is common to install more cabling or fiber optic pairs than initially necessary, even if there is no immediate need for the additional cabling.
Page 170: Distribution Rule
4.3.1 Distribution Rule Click the option Distribution Rule from the Link Aggregation menu, the following screen page appears. There are six rules offered for you to set up packets according to operations. Source MAC Address: Enable or disable packets according to source MAC address. Destination MAC Address: Enable or disable packets according to Destination MAC address.
Page 171 The Managed Switch allows users to create 14 trunking groups. Each group consists of 2 to 8 links (ports). Occupied/Max Entry: View-only field. Occupied: This shows the amount of total registered trunking groups. Max: This shows the maximum number available for registration. The maximum number is Click Add Port Trunking to create a new trunking group and then the following screen page appears for the further port trunking settings.
Page 172: Link Aggregation Setup
4.3.3 Link Aggregation Setup The Managed Switch supports dynamic Link Aggregation Control Protocol (LACP) which is specified in IEEE 802.3ad. Static trunks have to be manually configured at both ends of the link. In other words, LACP configured ports can automatically negotiate a trunked link with LACP configured ports on other devices.
Page 173 Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
Page 174: Lacp Port Status
4.3.4 LACP Port Status LACP Port Status allows users to view a list of all LACP ports’ information. Select the option LACP Port Status from the Link Aggregation menu and then the following screen page appears. In this page, you can find the following information about LACP port status: Port: The number of the port.
Page 175 In LACP mode, link aggregation control protocol data unit (LACPDU) is used for exchanging information among LACP-enabled devices. After LACP is enabled on a port, the port sends LACPDUs to notify the remote system of its system LACP priority, system MAC address, port LACP priority, port number and operational key.
Page 176: Lacp Port Statistics
4.3.5 LACP Port Statistics In order to view the real-time LACP statistics status of the Managed Switch, select the option LACP Port Statistics from the Link Aggregation menu and then the following screen page appears. Port: The port that LACP packets (LACPDU) are transmitted or received. LACP Transmitted: The current LACP packets transmitted from the port.
Page 177 Clear button in Clear Counters field: Clear the statistics of the corresponding port. Clear All: Clear the statistics of all ports.
Page 178: Vlan Setup
4.4 VLAN Setup A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN. VLAN also logically segments the network into different broadcast domains.
Page 179 Click the icon to remove a specified Port-Based VLAN and its settings from the Port-Based VLAN table. Or click Batch Delete to remove a number of / all Port-Based VLANs at a time by clicking on the checkbox belonging to the corresponding Port-Based VLAN in the Action field and then click Delete Select Item, these selected VLANs will be deleted immediately.
Page 180: Q Vlan
4.4.2 802.1Q VLAN 802.1Q VLAN Concept Port-Based VLAN is simple to implement and use, but it cannot be deployed cross switches VLAN. The 802.1Q protocol was developed in order to provide the solution to this problem. By tagging VLAN membership information to Ethernet frames, the IEEE 802.1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level security between segments of internal networks.
Page 181 It is important to note at this point that any network host connected to an Access Port is totally unaware of the VLAN assigned to the port. The network host simply assumes it is part of a single broadcast domain, just as it happens with any normal switch. During data transfers, any VLAN information or data from other VLANs is removed so the recipient has no information about them.
Page 182 Mode = Trunk PortX’s PVID is ignored PortX sends and receives Tagged packets VID 10,11 and 12 PortX is a Trunk-native Port Trunk-VLAN = 10,11,12 PortX’s VID is 10,11 and 12 Access-VLAN = 20 Mode = Trunk-native PortX’s PVID is 20 PortX sends and receives Tagged packets VID 10,11 and 12 PortX receives Untagged packets and add PVID 20 PortX is a Dot1q-tunnel Port...
Page 183: Introduction To Q-In-Q (Dot1Q-Tunnel)
4.4.3 Introduction to Q-in-Q (DOT1Q-Tunnel) The IEEE 802.1Q double tagging VLAN is also referred to as Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 184: Ieee 802.1Q Tag Vlan
4.4.4 IEEE 802.1q Tag VLAN The following screen page appears when you choose the option IEEE 802.1q Tag VLAN mode from the VLAN Setup menu and then select VLAN Interface function. 1. Trunk VLAN Setup: To create, modify or remove IEEE 802.1q Tag VLAN settings. 2.
Page 185: Trunk Vlan Setup
4.4.4.1 Trunk VLAN Setup The following screen page appears if you choose Trunk VLAN Setup function. Click Add Trunk VLAN to add a new VLAN and then the following screen page appears for the further IEEE 802.1q Tag VLAN settings. Click the icon to modify the settings of a specified 802.1q VLAN.
Page 186: Vlan Interface
4.4.4.2 VLAN Interface The following screen page appears if you choose VLAN Interface function. CPU VLAN ID: Specify an existing VLAN ID. Dot1q-Tunnel EtherType: Configure outer VLAN's ethertype. (Range: 0000~FFFF, Default: 9100). Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 187: Ieee 802.1Q Vlan Table
Mode: Pull down the list in the Mode field and select the appropriate mode for each port. The port behavior of each mode is listed as the following table. Access: Set the selected port to the access mode (untagged). Trunk: Set the selected port to the trunk mode (tagged). Trunk-Native: Enable native VLAN for untagged traffic on the selected port.
Page 188 VLAN Name: View-only field that shows the VLAN name. If the VLAN name belongs to an “Enabled” multicast VLAN ID, it will be automatically changed into the one same as MVR name configured in MVR > MVR System Setup function. VID: View-only field that shows the ID of the VLAN.
Page 189: Vlan Translation Configuration
4.4.5 VLAN Translation Configuration Besides the aforementioned ways of creating VLANs, another way to establish the translated VLANs is to configure VLAN ID translation (or VLAN mapping) on trunk ports connected to a customer network to map the original VLANs to the translated VLANs. Through this VLAN ID translation, it will save much effort in massive Ethernet network deployments.
Page 190 Entry: View-only field. This shows the number of VLAN mapping rule that is currently created. Name: Specify a name for the VLAN mapping rule. Up to 32 alphanumeric characters can be accepted. Port: Specify one preferred trunk port used for the VLAN ID translation. (For more details on turnk port settings, please refer to Section 4.4.4.2 “VLAN Interface”.)
Page 191: Rapid Spanning Tree
4.5 Rapid Spanning Tree The Spanning Tree Protocol (STP), defined in the IEEE Standard 802.1D, creates a spanning tree within a mesh network of connected layer-2 bridges (typically Ethernet switches) and disables the links which are not part of that tree, leaving a single active path between any two network nodes. Multiple active paths between network nodes cause a bridge loop.
Page 192 1. RSTP Switch Setup: Set up the system priority, max Age, hello time, forward delay time and force version. 2. RSTP Port Setup: Set up the RSTP state, path cost, priority, edge status, and point to point setting of each physical port. 3.
Page 193: Rstp Switch Setup
4.5.1 RSTP Switch Setup Click the option RSTP Switch Setup from the Rapid Spanning Tree menu and then the following screen page appears. State: Enable or disable Rapid Spanning Tree function globally. System Priority: Each interface is associated with a port (number) in the STP code. And, each switch has a relative priority and cost that is used to decide what the shortest path is to forward a packet.
Page 194: Rstp Port Setup
4.5.2 RSTP Port Setup Click the option RSTP Port Setup from the Rapid Spanning Tree menu and then the following screen page appears. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 195 Port Priority: From the pull-down menu of the corresponding port number, you can choose Port Priority value between 0 and 240 for each port. The default value is “128”. Port Edge: Click on the checkbox of the corresponding port number to enable or disable Port Edge for each port.
Page 196: Rstp Status
4.5.3 RSTP Status RSTP Status allows users to view a list of RSTP brief information such as Bridge ID, topology status and Root ID, a list of all RSTP ports’ information, and the real-time RSTP statistics of the Managed Switch. Please select the option RSTP Status from the Rapid Spanning Tree menu and then the following screen page appears.
Page 197 Fwd Delay: Display Forward Delay Time setting of the Managed Switch. Topology: Display Managed Switch’s state of the topology. Root ID: Display the Root ID of the Managed Switch. Root port: Display the Root Port Number of the Managed Switch. Port: The number of the port.
Page 198: Mac Address Management
4.6 MAC Address Management Select the folder MAC Address Management from the Main Menu and then 3 options will be displayed for your selection. 1. MAC Table Learning: Set up MAC address table aging time, and enable/disable MAC address learning function. 2.
Page 199 MAC Address Aging Time: Specify MAC address table aging time between 0 and 900 seconds. “0” means that MAC addresses will never age out. MAC Address Learning Per Port: Enable port MAC address learning function on the specified ports by clicking on the checkbox of the corresponding port number. Or directly input the port number (e.g.1, 2, 3-7) in the Quick Select field and then press the Select button, the specified port(s) will be checked immediately.
Page 200: Static Mac Table Setup
4.6.2 Static MAC Table Setup Click the option Static MAC Table Setup from the MAC Address Management menu and then the following screen page appears. This table will display the overview of each port’s static source MAC addresses typed as “Manual”, which are manually added by clicking on the Add Static MAC button.
Page 201 Occupied/Max Entry: View-only field. Occupied: This shows the amount of total static MAC address that have already been created of the specific port. Different ports may have different values. Max: This shows the maximum number available for static MAC address of each port. The maximum number is 50.
Page 202: Mac Address Table
4.6.3 MAC Address Table MAC Address Table displays MAC addresses learned when MAC Address Learning is enabled. Select the option MAC Address Table from the MAC Address Management menu and then the following screen page appears. The table above is composed of the MAC addresses that are automatically learned from each port of Managed Switch or manually created by the users.
Page 203: Qos Setup
4.7 QoS Setup Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery. To overcome this challenge, Quality of Service (QoS) is applied throughout the network. This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments.
Page 204: Qos Priority
4.7.1 QoS Priority Select the option QoS Priority from the QoS Setup menu and then the following screen page appears. Priority Mode: Select the QoS priority mode of the Managed Switch. IEEE 802.1p: IEEE 802.1p mode utilizes p-bits in VLAN tag for differential service. DSCP: DSCP mode utilizes TOS field in IPv4 header for differential service.
Page 205 802.1p to Queue Mapping: Assign an 802.1p value (0~7) of 8 different levels to the specific queue. DSCP to Queue Mapping: Assign a DSCP value (0~63) of 64 different levels to the specific queue by pulling down the Queue menu. Or directly input a range of the DSCP value (e.g.1, 2, 3-7) in the DSCP Value List field and specify them to the preferred queue from the Queue pull-down menu at a time.
Page 206: Qos Remarking
4.7.2 QoS Remarking QoS Remarking includes 802.1p Remarking and DSCP Remarking. To configure it, select the option QoS Remarking from the QoS Setup menu and then the following screen page appears Please note that 802.1p / DSCP remarking rule will not affect the priority mapping rule. Configure 802.1p Remarking: This allows you to enable or disable 802.1p remarking for each priority by pulling down the 802.1p Remarking...
Page 207 Configure DSCP Remarking: This allows you to enable or disable DSCP remarking for each priority by pulling down the DSCP Remarking menu. The default setting is disabled.
Page 208: Qos Rate Limit
4.7.3 QoS Rate Limit Select the option QoS Rate Limit from the QoS Setup menu and then the following screen page appears. This allows users to specify each port’s both inbound and outbound bandwidth. The excess traffic will be dropped. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 209: Multicast Configuration
4.8 Multicast Configuration Select the folder Multicast from the Main Menu, IGMP/MLD Snooping subfolder, Static Multicast Setup option and MVR subfolder for multicast setup will be displayed. 4.8.1 IGMP/MLD Snooping The Internet Group Management Protocol (IGMP) is a communications protocol used to manage the membership of Internet Protocol multicast groups.
Page 210: Igmp/Mld Setup
1. IGMP/MLD Setup: To enable or disable IGMP/MLD Snooping, IGMPv3/MLDv2 Snooping, Unregistered IPMC Flooding and set up router ports. 2. IGMP/MLD VLAN Setup: To set up the ability of IGMP/MLD snooping and querying with VLAN. 3. IPMC Segment: To create, edit or delete IPMC segment. 4.
Page 211: Igmp/Mld Vlan Setup
IGMP/MLD Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. IGMPv3/MLDv2 Snooping: When enabled, the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic. This is for IGMPv3 and MLDv2 only. Unregistered IPMC Flooding: Set forwarding mode for unregistered (not-joined) IP multicast traffic.
Page 212 VLAN Name: View-only field that shows the VLAN name. If the VLAN name belongs to an “Enabled” multicast VLAN ID, it will be automatically changed into the one same as MVR name configured in MVR > MVR System Setup function. Snooping: When enabled, the port in VLAN will monitor network traffic and determine which hosts to receive the multicast traffic.
Page 213: Ipmc Segment
4.8.1.3 IPMC Segment Select the option IPMC Segment from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Segment ID, Name and IP Range appears. This table will display the overview of each configured IPMC segment. Up to 400 IPMC segments can be created.
Page 214 Click the icon to remove a specified registered IPMC segment entry and its settings from the IPMC segment table. Or click Batch Delete to remove a number of /all IPMC segments at a time by clicking on the checkbox belonging to the corresponding IPMC segment in the Action field and then click Delete Select Item, the selected IPMC segment(s) will be deleted immediately.
Page 215: Ipmc Profile
4.8.1.4 IPMC Profile Select the option IPMC Profile from the IGMP/MLD Snooping menu and then the following screen page with the configuration of IPMC Profile appears. This table will display the overview of each configured IPMC profile. Up to 60 IPMC profiles can be registered.
Page 216 Click the icon to remove a specified registered IPMC profile entry and its settings from the IPMC profile table. Or click Batch Delete to remove a number of /all IPMC profiles at a time by clicking on the checkbox belonging to the corresponding IPMC profile in the Action field and then click Delete Select Item, the selected IPMC profile(s) will be deleted immediately.
Page 217: Igmp/Mld Filtering
4.8.1.5 IGMP/MLD Filtering Select the option IGMP/MLD Filtering from the IGMP/MLD Snooping menu and then the following screen page appears. Port: View-only field that shows the port number that is currently configured. Channel Limit: Specify the maximum transport multicast stream. Vaild range is 1~512. To quickly set up this parameter at a time, just directly input the port number (e.g.1, 2, 3-7) in the field of Port List, the specified port(s) will be given the assigned value in the Channel Limit field in front of the Insert button immediately when pressing this Insert button.
Page 218: Igmp Snooping Status
4.8.1.6 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries’ information in VLAN(s) such as VLAN ID, Querier and Queries Transmitted/Received packets. Select the option IGMP Snooping Status from the IGMP/MLD Snooping menu and then the following screen page appears.
Page 219: Igmp Group Table
4.8.1.7 IGMP Group Table In order to view the real-time IGMP multicast group status of the Managed Switch, select the option IGMP Group Table from the IGMP/MLD Snooping menu and then the following screen page appears. Refresh: Click Refresh to update the latest IGMP group table. VLAN ID: VID of the specific VLAN.
Page 220: Mld Group Table
Queries Received: The total amount of received MLD general queries from MLD querier. v1 Reports: The total amount of received MLD Version 1 reports (packets). v2 Reports: The total amount of received MLD Version 2 reports (packets). Done: The total amount of received MLD Version 1 done (packets). 4.8.1.9 MLD Group Table In order to view the real-time MLD multicast group status of the Managed Switch, select the option MLD Group Table from the IGMP/MLD Snooping menu and then the following screen page...
Page 221: Static Multicast Configuration
4.8.2 Static Multicast Configuration Select the option Static Multicast Setup from the Multicast menu and then the following screen page appears. This table will display the overview of each configured static multicast entry. Up to 128 static multicast entries can be created. Occupied/Max Entry: View-only field.
Page 222 Click the icon to remove a specified registered static multicast entry and its settings from the static multicast table. Or click Batch Delete to remove a number of /all static multicast entries at a time by clicking on the checkbox belonging to the corresponding static multicast entry in the Action field and then click Delete Select Item, the selected static multicast entry/entries will be deleted immediately.
Page 223: Mvr Configuration
4.8.3 MVR Configuration MVR (Multicast VLAN Registration) allows clients receiving multicast stream transmitted from the upstream device to reside in different VLANs, which is particularly suitable for networks with the high demand of bandwidth. Instead of transmitting multiple copies of multicast traffic to clients in the different VLANs separately, an upstream device merely needs to transmit multicast traffic to a multicast VLAN if the configured MVR is enabled on Managed Switch.
Page 224: Mvr Sytstem Setup
4.8.3.1 MVR Sytstem Setup MVR System Setup allows users to create the multicast VLANs. Select the option MVR System Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured multicast VLAN entry. Up to 128 MVR entries can be created.
Page 225 Index: The identification number for each MVR entry. MVR VLAN: Specify a VLAN ID to configure the specified VLAN as the multicast VLAN. Name: Specify a MVR name for the specific multicast VLAN. Up to 15 characters can be accepted. Enable: Enable or disable the new MVR you create.
Page 226: Mvr Port Setup
4.8.3.2 MVR Port Setup MVR Port Setup allows users to configure the receiver/sender MVR port for the existing multicast VLANs. Select the option MVR Port Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured MVR port entry. Up to 512 MVR port entries can be created.
Page 227 Port: Specify a port number to configure the specified port as the multicast port. Port Type: Specify the port type for the specific multicast port, either receiver or sender. Receiver port: Configure a port as a receiver port if it is a client port and should only receive multicast data.
Page 228: Multicast Group Setup
4.8.3.3 Multicast Group Setup Multicast Group Setup allows users to configure a range of multicast IP addresses for the existing multicast VLANs. Select the option Multicast Group Setup from the MVR menu and then the following screen page appears. This table will display the overview of each configured multicast group entry. Up to 128 multicast group entries can be created.
Page 229 NOTE: The value of the multicast IP address that starts for the specific multicast group cannot be greater than the one ends. Click OK when the settings are completed, this new multicast group entry will be listed on the multicast group table, or click Cancel to cancel the settings. Click the icon to modify the settings of a specified multicast group entry.
Page 230: Access Control List (Acl) Setup
4.9 Access Control List (ACL) Setup Creating an access control list allows users to define who has the authority to access information or perform tasks on the network. In the Managed Switch, users can establish entries applied to port numbers to permit or deny actions. Select ACL Setup from the Main Menu and then the following screen page appears.
Page 231 Add an IPv4 ACL Entry Add an IPv6 ACL Entry...
Page 232 Sort By: Sort all of the created IPv4/IPv6 ACL entries by selecting Index/Sequence option from the Sort By pull-down menu. Index: The identification number for each ACL entry. Name: Specify the name of the ACL entry. Sequence: Valid range: 1-65536, 1 will be processed first. Default: 100 Enable: Enable or disable the ACL entry.
Page 233 Click the icon to modify the settings of a specified ACL entry. Click the icon to remove an existing ACL entry and its settings from the IPv4 or IPv6 ACL table. Or click Batch Delete to remove a number of /all ACL entries at a time by clicking on the checkbox belonging to the corresponding ACL entry in the Action field and then click Delete Select Item, the selected ACL entries will be deleted immediately.
Page 234: Security Setup
4.10 Security Setup In this section, several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch. Layer 2 attacks are typically launched by or from a device that is physically connected to the network. For example, it could be a device that you trust but has been taken over by an attacker.
Page 235 5. Storm Control: To prevent the Managed Switch from unicast, broadcast, and multicast storm. 6. MAC Limiters: Set up MAC Address limit and view the MAC Limit status of each port. 7. Loop Detection: Enable or disable Loop Detection function, set up Loop Detection configuration and view the Loop Detection status of each port.
Page 236: Dhcp Snooping Configuration
4.10.1 DHCP Snooping Configuration Select the option DHCP Snooping from the Security Setup folder and then three functions, including DHCP Snooping Setup, DHCP Option 82 / DHCPv6 Option 37 Setup and DHCP Snooping Table will be displayed for your selection. 4.10.1.1 DHCP Snooping Setup The following screen page appears if you choose DHCP Snooping Setup function.
Page 237: Dhcp Option 82 / Dhcpv6 Option 37 Setup
4.10.1.2 DHCP Option 82 / DHCPv6 Option 37 Setup The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information. This helps provide authentication about the source of the requests. The DHCP server can then provide an IP address based on this information.
Page 238 DHCP Opt82 Relay Agent Enable: To globally enable or disable DHCP Option 82 Relay Agent global setting. When enabled, Relay Agent Information option is inserted by the DHCP relay agent when forwarding client-originated DHCP packets to a DHCP server. Servers recognizing the Relay Agent Information option may use the Information to implement IP address or other parameter assignment policies.
Page 239 For example, A DHCP request is from Port 1 that is marked as both Opt82 port and trust port. A. If a DHCP request is with Opt82 Agent information and then the Managed Switch will forward it. B. If a DHCP request is without Opt82 Agent information and then the Managed Switch will add Opt82 Agent information and forward it.
Page 240 Circuit ID Suboption: This suboption may be added by DHCP relay agents that terminate switched or permanent circuits. It encodes an agent-local identifier of the circuit from which a DHCP client-to-server packet was received. It is intended for use by agents in relaying DHCP responses back to the proper circuit.
Page 241: Dhcp Snooping Table
4.10.1.3 DHCP Snooping Table DHCP Snooping Table displays the Managed Switch’s DHCP Snooping table. The following screen page appears if you choose DHCP Snooping Table function. Refresh: Click Refresh to update the DHCP snooping table. Port of Client: View-only field that shows where the DHCP client binding port is. Port of Server: View-only field that shows the port where the IP addrsss is obtained from VID: View-only field that shows the VLAN ID of the client port.
Page 242: Ip Source Guard Setup
4.10.2 IP Source Guard Setup Select the option IP Source Guard Setup from the Security Setup menu and then the following screen page appears. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 243 Fix-IP: Only static IP (You must create Static IP table first. Refer to Static IPv4/IPv6 Table Setup for further information.).
Page 244: Port Isolation
4.10.3 Port Isolation This is used to set up port’s communication availability that they can only communicate with a given "uplink". Please note that if the port isolation function is enabled, the Port-based VLAN will be invaild automatically. Also note that "Port Isolation" function is not "Private VLAN" fucntion. Select the option Port Isolation from the Security Setup menu and then the following screen page appears.
Page 245: Static Ipv4/Ipv6 Table Setup
4.10.4 Static IPv4/IPv6 Table Setup Click the option Static IPv4/IPv6 Table Setup from the Security Setup menu and then the following screen page appears. This table will display the overview of each configured static IPv4/IPv6 IP address and port mapping. Up to 48 static IP addresses can be created. Occupied/Max Entry: View-only field.
Page 246: Configure Dhcp Snooping
Click the icon to remove a specified static IP address entry and its settings from the static IPv4/IPv6 table. Or click Batch Delete to remove a number of /all static IP addresses at a time by clicking on the checkbox belonging to the corresponding static IP address in the Action field and then click Delete Select Item, the selected static IP address/addresses will be deleted immediately.
Page 247 Step 2. Enable DHCP Snooping Step 3. Connect your clients to the Managed Switch After you complete Step 1 & 2, connect your clients to the Managed Switch. Your clients will send a DHCP Request out to DHCP Server soon after they receive a DHCP offer. When DCHP Server responds with a DHCP ACK message that contains lease duration and other configuration information, the IP configuration process is complete.
Page 248: Storm Control
4.10.5 Storm Control When a device on the network is malfunctioning or application programs are not well designed or properly configured, broadcast/unknown multicast/unknown unicast storms may occur, network performance may be degraded or, in the worst situation, a complete halt may happen. The Managed Switch allows users to set a threshold rate for broadcast/unknown multicast/unknown unicast traffic on a per port basis so as to protect network from broadcast/unknown multicast/ unknown unicast storms.
Page 249 Storm Control: Enable or disable the storm control function globally. Threshold Interval: To set up the time interval of sending the alarm trap or system log if broadcast/unknown multicast/unknown unicast packets flood continuously. Valid range: 120-86400 seconds. Default is 120 seconds. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time.
Page 250: Mac Limiters
4.10.6 MAC Limiters This is to set number of threshold within which MAC address can be learned. After it reaches the threshold, any other incoming MAC address would be dropped or port would be shutdown until the recovery mechanism activates. Please note that MAC address table will be erased if the Mac Limit function is enabled.
Page 251 MAC Limit: Globally enable the MAC Limit function of the switch. After that, proceed to further port settings as shown below. Threshold Interval for Notification: To set up the time interval of sending the alarm trap or system log if the number of source MAC address learned exceeds the limit continuously. Refresh: Click Refresh to update the MAC Limiters status.
Page 252: Loop Detection Configuration
4.10.7 Loop Detection Configuration In a real network, it is possible the people misconnect the network cable to incur loop condition. In a worst case, the network is out of service thereafter. This section gives a guide to configure the Loop Detection function of the system to prevent the system from loop.
Page 253 Loop Detection Enable: Check to enable the Loop Detection function on a system basis. The default setting is disabled. Detection Interval: This is the time interval (in seconds) that the device will periodically send loop detection packets to detect the presence of looped network. The valid range is from 1 to 20 seconds.
Page 254 Status: View-only field that shows the loop status of each port. Reason of being locked: View-only field that shows the cause why the port is locked. Unlock: Press the Unlock button to unlock the specific port if this port is locked.
Page 255: L2 Control Protocol Filter Setup
4.10.8 L2 Control Protocol Filter Setup Select the option L2 Control Protocol Filter Setup from the Security Setup menu and then the following screen page appears. Layer 2 Control Protocol: 0180C200000X: Select either “No Filter Out” or “Filter Out”. When “Filter Out” is selected, packets from the address ranging from 0180C2000000 to 0180C200000F will be dropped.
Page 256: Setup
4.11 802.1X Setup The IEEE 802.1X/MAB standard provides a port-based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports. Before services are made available to clients connecting to a VLAN, clients that are 802.1X- complaint should successfully authenticate with the authentication server.
Page 257: System Setup
4.11.1 802.1X System Setup The following screen page appears if you choose 802.1X System Setup function. Enable: Enable or disable IEEE 802.1X/MAB on the Managed Switch. When enabled, the Managed Switch acts as a proxy between the 802.1X-enabled client and the authentication server. In other words, the Managed Switch requests identifying information from the client, verifies that information with the authentication server, and relays the response to the client.
Page 258: Port Setup
4.11.2 802.1X Port Setup The following screen page appears if you choose 802.1X Port Setup function. Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
Page 259 RADIUS-Assigned VLAN Enabled: Allow the RADIUS server to send a VLAN assignment to the device port. Re-Authentication Enabled: Enable or disable the auto re-authentication function for each port. Re-Authentication Period (Secs 1-65535): Specify a period of authentication time that a client authenticates with the authentication server.
Page 260: Port Status
4.11.3 802.1X Port Status 802.1X Port Status allows users to view a list of all 802.1x ports’ information. The following screen page appears if you choose 802.1X Port Status function. In this webpage, you can find the following information about 802.1X ports and view the real-time 802.1X port statistics of the Managed Switch.
Page 261 Rx Auth. Successes/Failures: Display the counters of success or failure in authentication.
Page 262: Lldp Configuration
4.12 LLDP Configuration LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network. By using LLDP, two devices running different network layer protocols can learn information about each other.
Page 263: Lldp Setup
4.12.1 LLDP Setup Click the option LLDP Setup from the LLDP menu and then the following screen page appears. State: Globally enable or disable LLDP function. Receiver Hold-Time (TTL): Enter the amount of time for receiver hold-time in seconds. The Managed Switch will keep the information sent by the remote device for a period of time you specify here before discarding it.
Page 264: Lldp Status
4.12.2 LLDP Status Click the option LLDP Status from the LLDP menu and then the following screen page appears. Refresh: Click Refresh to update the LLDP Status table. Port: View-only field that shows the port number on which LLDP frames are received. Chassis ID: View-only field that shows the MAC address of the LLDP frames received (the MAC address of the neighboring device).
Page 265: Layer 2 Protocol Tunneling Configuration
4.13 Layer 2 Protocol Tunneling Configuration L2PT (Layer 2 Protocol Tunneling) allows Layer 2 protocol data units (PDUs), including CDP(Cisco Discovery Protocol), LLDP(Link Layer Discovery Protocol), STP(Spanning Tree Protocol), VTP(Vlan Trunking Protocol), LACP(Link Aggregation Control Protocol), PAgP(Port Aggregation Protocol), and UDLD(Unidirectional Link Detection), to be tunneled through a network. Without L2PT, the handling of the PDUs will create different spanning tree domains (different spanning tree roots) for the customer switches.
Page 266 1. Layer 2 Protocol Tunneling Setup: Enable or disable L2PT function and set up acceptable BPDUs for GBPT (Generic Bridge PDU Tunneling). 2. Layer 2 Protocol Tunneling Status: View the state of Layer 2 protocol data units (PDUs) and their encapsulation, decapsulation and drop counters of each port.
Page 267: Layer 2 Protocol Tunneling Setup
4.13.1 Layer 2 Protocol Tunneling Setup Select the option Layer 2 Protocol Tunneling Setup from the Layer 2 Protocol Tunneling menu and then the following screen page appears. Layer 2 Protocol Tunneling: Enable or disable the Layer 2 Protocol Tunneling fuction globally. Destination MAC Address: Specify a MAC address for GBPT.
Page 268 Select: Enable or disable any new settings configured in the row of All port to be applied as well to all ports at a time. To enable it, please click on its checkbox in the row of All port, and then all ports will be checked immediately afterwards.
Page 269: Layer 2 Protocol Tunneling Status
4.13.2 Layer 2 Protocol Tunneling Status Layer 2 Protocol Tunneling Status displays the state of each Layer 2 protocol data units (PDUs) and the statistics of each PDU’s encapsulation as well as decapsulation. Select Layer 2 Protocol Tunneling Status option from the Layer 2 Protocol Tunneling menu and then the following screen page appears.
Page 270: Maintenance
4.14 Maintenance Maintenance allows users to monitor the real-time operation status of the Managed Switch for maintenance or diagnostic purposes and easily operate and maintain the system. Select the folder Maintenance from the Main Menu and then 9 options within this folder will be displayed for your selection.
Page 271 8. SFP Information: View the current port’s SFP information, e.g. speed, Vendor ID, Vendor S/N, etc.. SFP port state shows current DMI (Diagnostic monitoring interface) temperature, voltage, TX Bias, etc.. 9. Digital Input: Set up the normal status of the digital input.
Page 272: Cpu And Memory Statistics
4.14.1 CPU and Memory Statistics CPU & Memory Statistics is to manually or automatically update statistics of CPU and Memory. Select the option CPU & Memory Statistics from the Maintenance menu and then the following screen page appears. Refresh Page Interval: Automatically updates statistics of CPU & Memory at a specified interval in seconds.
Page 273 Load Averages – 1 min: The average active tasks percentage in last 1 minute. Load Averages – 5 min: The average active tasks percentage in last 5 minutes. Load Averages – 15 min: The average active tasks percentage in last 15 minutes. Total Memory: It shows the entire memory in kilobytes.
Page 274: Cpu Temperature Status
4.14.2 CPU Temperature Status With the built-in temperature sensor, the Managed Switch is capable of detecting whether CPU temperature is at normal status or not. In addition, by the the notification via trap, syslog and event log, the user can realize the real-time CPU temperature to prevent the device’s lifespan from being shorten due to the abnormal operation environment.
Page 275 Refresh Page Interval: Automatically updates CPU temperature of the system at a specified interval in seconds. Please note that the value you assign in this parameter is temporarily used and will not be saved into the configuration file of the Managed Switch. This value will not be applied into the next system boot-up.
Page 276 Last Status Normal Over the Threshold Detected Status No message will be Send the “CPU sent. temperature is at or Normal under threshold” normal message. Send the “CPU Send the “CPU Over the temperature is over temperature is over Threshold threshold”...
Page 277: Fan State
4.14.3 FAN State FAN State is to manually or automatically update 3 fans’ (FAN1, FAN2 and FAN3 that are located on the rear panel of Managed Switch) speed and status for the system diagnostics. With the built- in fan sensor of the Managed Switch, the user can diagnose device’s heat dissipation is good or not by monitoring the real-time speed of these 3 fans.
Page 278: System Voltage
4.14.4 System Voltage System Voltage, also offered for the system diagnostics, is to let the user know that whether the system is in healthy status or not through the diagnosis of system’s internal powers such as ASIC system power, ASIC core power and Power A & B (Power B is only available in models with two fixed power modules).
Page 279 State: In ASIC system power, “Warning” will be shown in orange color if its voltage is at or over the High threshold (≥ 3.40 V) or is at or under the Low threshold (≤ 3.20 V). Or it will show “Normal” in green color if its voltage is higher than the Low threshold and lower than the High threshold (3.20 V <...
Page 280: Ping
4.14.5 Ping Ping can help you test the network connectivity between the Managed Switch and the host. Select the option Ping from the Maintenance menu and then the following screen page appears. Enter the IPv4/IPv6 address of the host you would like to ping. You can also specify the count and size of the Ping packets.
Page 281 Diagnostic Port: Pull down the menu to select the desired port number as the diagnostic port for the loopback test. The diagnostic port you select should be configured as the VLAN TRUNK mode. Accompany Port: Pull down the menu to select the desired port number as the accompany port for the loopback test.
Page 282: Event Log
4.14.7 Event Log Event log keeps a record of switch-related information, such as user login, logout timestamp and so on. In the Type field, “I” is the abbreviation of “Information”, “W” is the abbreviation of “Warning”, and “E” is the abbreviation of “Error”. Select the option Event Log from the Maintenance menu and then the following screen page appears.
Page 283: Sfp Information
4.14.8 SFP Information Select the option SFP Information from the Maintenance menu and then two functions, including SFP Port Info and SFP Port State within this subfolder will be displayed. 4.14.8.1 SFP Port Info SFP Port Info displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the speed of transmission, the distance of transmission, vendor Name, vendor PN, vendor SN, etc.
Page 284 Refresh: Click Refresh to update the SFP Port Info status. Port: The number of the SFP/SFP+ module slide-in port. Speed: Data rate of the slide-in SFP/SFP+ Transceiver. Distance: Transmission distance of the slide-in SFP/SFP+ Transceiver. Vendor Name: Vendor name of the slide-in SFP/SFP+ Transceiver. Vendor PN: Vendor PN of the slide-in SFP/SFP+ Transceiver.
Page 285: Sfp Port State
4.14.8.2 SFP Port State SFP Port State displays each port’s slide-in SFP/SFP+ Transceiver information e.g. the currently detected temperature, voltage, TX Bias, etc.. The following screen page appears if you choose SFP Port State function. Refresh: Click Refresh to update the SFP Port State status. Port: The number of the SFP/SFP+ module slide-in port.
Page 286: Digital Input
4.14.9 Digital Input The DI (Digital Input) with a dry contact is a voltage-free connector that is used to decide whether the trigger occurs or not by detecting its open/close status. Refer to the following figure for the DI configuration. Open: Logic Level 0 Close: Logic Level Select the option Digital Input from the Maintenance menu and then two functions, including...
Page 287: Digital Input Status
4.14.9.2 Digital Input Status Select Digital Input Status from the Digital Input menu and then the following screen page appears. Click Refresh to update the digital input and alarm status. Current Status: View-only field that shows the current status of Digital Input 1. Alarm: View-only field that shows the current alarm status.
Page 288: Management
4.15 Management In order to do the firmware upgrade, load the factory default settings, etc.. for the Managed Switch, please click the folder Management from the Main Menu and then 8 options will be displayed for your selection. 1. Management Access Setup: Enable or disable the specified network services, view the RS- 232 serial port setting, specific Telnet and Console services.
Page 289 7. Save Configuration: Save all changes to the system. 8. Reset System: Reset the Managed Switch.
Page 290: Management Access Setup
4.15.1 Management Access Setup Click the option Management Access Setup from the Management menu and then the following screen page appears. Telnet Service: To enable or disable the Telnet Management service. SSH Service: To enable or disable the SSH Management service. SNMP Service: To enable or disable the SNMP Management service.
Page 291 HTTPS is provided for authentication of the accessed website and protection of the privacy and integrity of the exchanged data while in transit. It protects against attacks by hackers. The user is allowed to access the Managed Switch either by inputting its IP address with the format of https://192.168.0.1 or http://192.168.0.1 that will be automatically transferred into https://192.168.0.1 in URL.
Page 292: User Authentication
4.15.2 User Authentication To prevent any unauthorized operations, only registered users are allowed to operate the Managed Switch. Users who would like to operate the Managed Switch need to create a user account first. To view or change current registered users, select the option User Authentication from the Management menu and then the following screen page shows up.
Page 293 Account State: Enable or disable this user account. User Name: Specify the authorized user login name. Up to 20 alphanumeric characters can be accepted. Password: Enter the desired user password. Up to 20 alphanumeric characters can be accepted. Retype Password: Enter the password again for double-checking. Description: Enter a unique description for this user.
Page 294: Radius/Tacacs+ Configuration
NOTE: 1. To prevent incautious operations, users cannot delete their own account, modify their own user name and change their own account state. 2. The acquired hashed password from backup config file is not applicable for user login on CLI/Web interface. 3.
Page 295 RADIUS Secret Key: The word to encrypt data of being sent to RADIUS server. RADIUS Port: The RADIUS service port on RADIUS server. RADIUS Retry Times: Times of trying to reconnect if the RADISU server is not reachable. RADIUS Server IPv4/IPv6 Address: IPv4/IPv6 address of the primary RADIUS server. 2nd RADIUS Server IPv4/IPv6 Address: IPv4/IPv6 address of the secondary RADIUS server.
Page 296: Snmp
4.15.3 SNMP Select the option SNMP from the Management menu and then four functions, including SNMPv3 USM User, Device Community, Trap Destination and Trap Setup will be displayed for your selection. 4.15.3.1 SNMPv3 USM User Simple Network Management Protocol Version 3, SNMPv3 in short, features stronger security mechanism, including authentication and encryption that helps ensure that the message is from a valid source and scramble the content of a packet, to prevent from being learned by an unauthorized source.
Page 297 Account State: View-only field that shows this user account is enabled or disabled. User Name: View-only field that shows the authorized user login name. Authentication: This is used to ensure the identity of users. The following is the method to perform authentication.
Page 298 SNMP Level: View-only field that shows user’s authentication level. Administrator: Own the full-access right, including maintaining user account & system information, load factory settings …etc. Read & Write: Own the full-access right but cannot modify user account & system information, cannot load factory settings. Read Only: Allow to view only.
Page 299: Device Community
4.15.3.2 Device Community The following screen page appears if you choose Device Community function. This table will display the overview of each configured devcie community. Up to 10 devcie communities can be registered. Occupied/Max Entry: View-only field. Occupied: his shows the amount of total registered communities. Max: This shows the maximum number available for the device community registration.
Page 300 Community: Specify the authorized SNMP community name, up to 20 alphanumeric characters. Description: Enter a unique description for this community name. Up to 35 alphanumeric characters can be accepted. This is mainly for reference only. Click when the settings are completed, this new community will be listed on the devcie community table, or click to cancel the settings.
Page 301: Trap Destination
4.15.3.3 Trap Destination The following screen page appears if you choose Trap Destination function. State: Enable or disable the function of sending trap to the specified destination. Destination IP: Enter the specific IPv4/IPv6 address of the network management system that will receive the trap.
Page 302: Trap Setup
4.15.3.4 Trap Setup The following screen page appears if you choose Trap Setup function. Cold Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on. Warm Start Trap: Enable or disable the Managed Switch to send a trap when the Managed Switch restarts.
Page 303 Digital Input Start Trap: Enable or disable the Managed Switch to send a trap when the alarm occurs. Auto Backup Trap: Enable or disable the Managed Switch to send a trap when the auto backup succeeds or fails. Storm Control Trap: Enable or disable the Managed Switch to send a trap when broadcast/ unknown multicast/unknown unicast packets flood.
Page 304: Firmware Upgrade
4.15.4 Firmware Upgrade The Managed Switch offers three methods, including HTTP, FTP and TFTP to back up/restore the configuration and update the firmware. To do this, please select the option Firmware Upgrade from the Management menu and then the following screen page appears. 4.15.4.1 Configuration Backup/Restore via HTTP To back up or restore the configuration via HTTP, just pull down the Protocol menu and select HTTP.
Page 305: Firmware Upgrade Via Http
Backup: Click Backup to begin download the configuration file to your PC. Select File: Click Choose File to select the designated data and then click Update to restore the configuration. 4.15.4.2 Firmware Upgrade via HTTP To update the firmware via HTTP, just pull down the Protocol menu and select HTTP. Also configure the type of file as “Firmware”...
Page 306: Configuration Backup/Restore Via Ftp/Tftp
4.15.4.3 Configuration Backup/Restore via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may back up or restore the configuration via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Configuration” to process. The related parameter description is as below.
Page 307: Firmware Upgrade Via Ftp/Tftp
4.15.4.4 Firmware Upgrade via FTP/TFTP The Managed Switch has both built-in TFTP and FTP clients. Users may update the firmware via FTP/TFTP. Just pull down the Protocol menu and select FTP or TFTP, also configure the type of file as “Firmware” to process. The related parameter description is as below. Protocol: Select the preferred protocol, either FTP or TFTP.
Page 308: Load Factory Settings
4.15.5 Load Factory Settings Load Factory Settings will set all the configurations of the Managed Switch back to the factory default settings, including the IP and Gateway address. Load Factory Setting is useful when network administrators would like to re-configure the system. A system reset is required to make all changes effective after Load Factory Setting.
Page 309: Auto-Backup Setup
4.15.6 Auto-Backup Setup In the Managed Switch, the forementioned HTTP Upgrade and FTP/TFTP Upgrade functions are offered for the users to do the manual backup of the start-up configuration. Alternatively, you can choose the Auto-Backup Setup function to do this backup automatically and periodically. It is useful to prevent the loss of users’...
Page 310 Auto Backup: Enable/Disable the auto-backup function for the start-up configuration files of the device. Backup Time: Set up the time when the backup of the start-up configuration files will start every day for the system. Protocol: Either FTP or TFTP server can be selected to backup the start-up configuration files. File Type: Display the type of files that will be backed up.
Page 311: Save Configuration
4.15.7 Save Configuration In order to save the configuration permanently, users need to save configuration first before resetting the Managed Switch. Select the option Save Configuration from the Management menu and then the following screen page appears. Click OK to save the configuration. Alternatively, you can also press the Save quick button located on the top-right side of the webpage, which has the same function as Save Configuration.
Page 312: Appendix A: Free Radius Readme
APPENDIX A: Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below. When free RADIUS client is enabled on the device, On the server side, it needs to put this file "dictionary.sample" under the directory /raddb, and modify these three files - "users", "clients.conf"...
Page 313: Appendix B: Set Up Dhcp Auto-Provisioning
APPENDIX B: Set Up DHCP Auto-Provisioning Networking devices, such as switches or gateways, with DHCP Auto-provisioning function allow you to automatically upgrade firmware and configuration at startup process. Before setting up DHCP Server for auto-upgrade of firmware and configuration, please make sure the Managed Switch that you purchased can support DHCP Auto-provisioning.
Page 314 Step 2. Set up Auto Provision Server  Update DHCP Client Linux Fedora 12 supports “yum” function by default. First of all, update DHCP client function by issuing “yum install dhclient” command.  Install DHCP Server Issue “yum install dhcp” command to install DHCP server.
Page 315  Copy dhcpd.conf to /etc/dhcp/ directory Copy dhcpd.conf file provided by the vendor to /etc/dhcp/ directory. Please note that each vendor has their own way to define auto provisioning. Make sure to use the file provided by the vendor.  Enable and run DHCP service 1.
Page 316 Step 3. Modify dhcpd.conf file  Open dhcpd.conf file in /etc/dhcp/ directory Double-click dhcpd.conf placed in /etc/dhcp/ directory to open it.
Page 317  Modify dhcpd.conf file The following marked areas in dhcpd.conf file can be modified with values that work with your networking environment. 1. Define DHCP default and maximum lease time in seconds. Default lease time: If a client does not request a specific IP lease time, the server will assign a default lease time value.
Page 318 5. This value is configurable and can be defined by users. 6. Specify the protocol used (Protocol 1: FTP; Protocol 0: TFTP). 7. Specify the FTP or TFTP IP address. 8. Login TFTP server anonymously (TFTP does not require a login name and password). 9.
Page 319  Restart DHCP service...
Page 320: Step 4. Backup A Configuration File
Every time when you modify dhcpd.conf file, DHCP service must be restarted. Issue “killall dhcpd” command to disable DHCP service and then issue “dhcpd” command to enable DHCP service. Step 4. Backup a Configuration File Before preparing a configuration file in TFTP/FTP Server, make sure the device generating the configuration file is set to “Get IP address from DHCP”...
Page 321 B. Auto-Provisioning Process This switching device is setting-free (through auto-upgrade and configuration) and its upgrade procedures are as follows: 1. The ISC DHCP server will recognize the device whenever it sends an IP address request to it, and it will tell the device how to get a new firmware or configuration. 2.
Page 322: Appendix C: Vlan Application Note
APPENDIX C: VLAN Application Note Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme instead of the physical layout. It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains.
Page 323: Port-Based Vlan
I. Port-Based VLAN Port-Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network. In the network diagram provided below, the network administrator is required to set up VLANs to separate traffic based on the following design conditions: •...
Page 324: Cli Configuration
CLI Configuration: Steps… Commands… 1. Enter Global Configuration Switch> enable Password: mode. Switch#config Switch(config)# 2. Create port-based VLANs Switch(config)# vlan port-based Marketing OK ! “Marketing” and “RD” Switch(config)# vlan port-based RD OK ! Switch(config)# interface 1,21,23,28 3. Select port 1, 21, 23 and 28 to Switch(config-if-1,21,23,28)# configure.
Page 325 2. Click “Add Port Based VLAN” to add a new Port-Based VLAN VLAN Setup>Port Based VLAN>Add Port Based VLAN 3. Add Port 1, 21, 23 and 28 in a group and name it to “Marketing”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing.
Page 326 5. Add Port 2, 22, 23 and 28 in a group and name it to “RD”. VLAN Setup>Port Based VLAN>Add Port Based VLAN Click to apply the new settings when completing. 6. Check Port-Based VLAN settings. VLAN Setup>Port Based VLAN NOTE: By default, all ports are member ports of the Default_VLAN.
Page 327 II. Data VLAN In networking environment, VLANs can carry various types of network traffic. The most common network traffic carried in a VLAN could be voice-based traffic, management traffic and data traffic. In practice, it is common to separate voice and management traffic from data traffic such as files, emails.
Page 328 Switch(config)# interface 28 4. Set Port 28 to trunk mode. Switch(config-if-28)# vlan dot1q-vlan mode trunk OK ! Switch(config-if-28)# exit 5. Change Port 1’s Access VLAN Switch(config)# interface 1 Switch(config-if-1)# vlan dot1q-vlan pvid 11 ID into “11”. OK ! Switch(config-if-1)# exit 6.
Page 329 2. Create a new Data VLAN 11 that includes Port 1 and Port 28 as members. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing.. 3. Click icon belonging to the new Trunk VLAN 11 named VLAN0011, and the following screen shows up.
Page 330 4. Check Trunk VLAN 11 settings. VLAN Setup>IEEE 802.1q Tag VLAN>Trunk VLAN Setup...
Page 331 5. Change Port 1’s Access VLAN ID into 11, and set Port 28 to trunk mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Treatments of Packets: 1. A untagged packet arrives at Port 1 When an untagged packet arrives at Port 1, Port 1’s Port VLAN ID (11) will be added to the original port.
Page 332: Management Vlan
III. Management VLAN For security and performance reasons, it is best to separate user traffic and management traffic. When Management VLAN is set up, only a host or hosts that is/are in this Management VLAN can manage the device; thus, broadcasts that the device receives or traffic (e.g. multicast) directed to the management port will be minimized.
Page 333 1. Change the Management default VLAN 1 into VLAN 15 that includes Port 25, 26, 27 and 28 under the Access mode. VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
Page 334 Note2: To check the current status of Management VLAN, please refer to VLAN Table.
Page 335 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 under Access mode (It’s necessary to include Port 26 to prevent the disconnection.) VLAN Setup>IEEE 802.1q Tag VLAN>VLAN Interface Click OK to apply the new settings when completing..
Page 336 Note: To check the current status of Management VLAN, please refer to VLAN Table.
Page 337 Web Management Configuration (Trunk Mode): In Management VLAN Network Diagram shown below, the management PC on the right would like to manage the Managed Switch on the left remotely. You can follow the steps described below to set up the Management VLAN. Management VLAN Network Diagram Supposed that the Management PC is remotely connected to Managed Switch Port 15 as shown above while we have a variety of existing trunk vlan and the Management VLAN 15 is set on Port...
Page 338 1. Change the Management VLAN 15 into VLAN 20 that includes Port 25, 26, 27 under Trunk mode. Click OK to apply the new settings when completing. Note1: Make sure you have correct management VLAN and VLAN Mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you click OK to apply.
Page 339 Then, Management VLAN has been changed into VLAN 20. IEEE 802.1q Tag VLAN Table VLAN Interface...
Page 340 CLI Configuration (Access Mode): Supposed that we have the default Management VLAN whose VLAN ID is 1 for all ports, we can create new Management VLANs as required. This example is to demonstrate how to set up Management VLAN 15 and then change VLAN 15 into VLAN 20 on specified ports under Access mode.
Page 341 2. Now, change the Management VLAN 15 into VLAN 20 and includes Port 25, 26 and 27 to Access mode (It’s necessary to include Port 26 to prevent the disconnection.) Steps… Commands… 1. Enter Global Configuration Switch> enable Password: mode. Switch# configure Switch(config)# 2.
Page 342 CLI Configuration(Trunk Mode): This part is to demonstrate how to change Management VLAN 15 into VLAN 20 on specified ports under Trunk mode. Supposed that we have the existing Management VLAN 15 on Port 25,26,27,28 and CPU, we can create new Management VLAN 20 as required. Here, we supposed that the Management PC is remotely connected to Managed Switch Port 15.
Page 343 IV. Q-in-Q The IEEE 802.1Q double tagging VLAN is also referred to Q-in-Q or VLAN stacking (IEEE 802.1ad). Its purpose is to expand the 802.1q VLAN space by tagging the inner tagged packets. In this way, a “double-tagged” frame is created so as to separate customer traffic within a service provider network.
Page 344 0 access . . . 0 access 0 trunk 1 15 NOTE: By default, all ports are member ports of the Default_VLAN. Before removing the Default_VLAN from the VLAN table, make sure you have correct management VLAN and VLAN mode configurations, otherwise, incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command.
Page 345 This page is intentionally left blank. Revision History Manual Version Modification Firmware Version Date Add SSH function 1.08.90 2012/4 Remove CFM function Add “show default-setting” CLI command Modify Appendix C - VLAN Application 1.08.00 2011/9 Note with new CLI and Web GUI Revise VLAN descriptions...