BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features Configuration Backup and Restore Authentication Port Configuration Rate Limiting Port Mirroring Port Trunking Storm Control Static Addresses IEEE 802.1D Bridge Store-and-Forward Switching Spanning Tree Algorithm Virtual LANs Traffic Prioritization Multicast Filtering...
Page 8
ONTENTS Changing a PC’s IP Address ECTION ONFIGURATION SING THE NTERFACE Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu YSTEM ETTINGS Displaying System Information Setting a User Account Setting an IP Address Setting an IPv4 Address Setting an IPv6 Address ETTINGS...
Page 9
ONTENTS Multicast Entry Table IGMP Snooping Setting IGMP Global Setting IGMP VLAN Setting 10 S PANNING Configuring the Spanning Tree Protocol Configuring STP Global Settings Configuring STP Port Settings 11 Q UALITY OF ERVICE QoS Introduction Port-Based Priority DSCP-Based Priority Priority-to-Queue Mapping Packet Scheduling 12 L...
Page 10
ONTENTS 802.1X Global Settings 802.1X Port Settings 21 G ENERAL ECURITY ETTINGS IP Filter Security Storm Control Setting Port Isolation Defence Engine 22 P TATISTICS 23 M ANAGEMENT OOLS HTTP Upgrade Restoring Factory Defaults Resetting the Switch ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features...
ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 17 ◆...
NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
| Introduction HAPTER Description of Software Features ESCRIPTION OF OFTWARE EATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network.
| Introduction HAPTER Description of Software Features Ports can be combined into an aggregate connection. Trunks can be RUNKING manually set up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail.
| Introduction HAPTER Description of Software Features Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol ◆ reduces the convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard.
| Introduction HAPTER System Defaults YSTEM EFAULTS The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Authentication User Name admin Password admin 802.1X Port Authentication Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled...
Page 22
| Introduction HAPTER System Defaults – 22 –...
NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. The switch includes a built-in network management agent. The agent offers a web-based management interface, and it also supports management through SNMP (Simple Network Management Protocol). The switch’s web management interface allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Internet Explorer 5.x or above, Netscape...
| Initial Switch Configuration HAPTER Connecting to the Switch you are unfamiliar with this process, see “Changing a PC’s IP Address” on page Open your web browser and enter the address http://192.168.1.1. If your PC is properly configured, you will see the login page of your switch.
| Initial Switch Configuration HAPTER Connecting to the Switch From the menu, click on System, then IP Settings. On the IP Address Setting page, enter the new IP address, Subnet Mask and Gateway IP Address for the switch, then click on the Apply button. The switch also supports dynamic IPv4 address assignment through DHCP (Dynamic Host Configuration Protocol).
| Initial Switch Configuration HAPTER Connecting to the Switch Figure 4: User Accounts Page In the New Username field, define an administrator user name. In the New Password field, define an administrator password. Confirm the new password setting in the Retype Password field. Click the Apply button.
| Initial Switch Configuration HAPTER Changing a PC’s IP Address PC’ IP A HANGING A DDRESS To change the IP address of a Windows 2000 PC: Click Start, Settings, then Network and Dial-up Connections. For the IP address you want to change, right-click the network connection icon, and then click Properties.
Page 28
| Initial Switch Configuration HAPTER Changing a PC’s IP Address – 28 –...
ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 31 ◆ "System Settings" on page 37 ◆...
Page 30
| Web Configuration ECTION "General Security Settings" on page 113 ◆ "Port Statistics" on page 119 ◆ "Management Tools" on page 121 ◆ – 30 –...
SING THE NTERFACE The switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0, or more recent versions).
| Using the Web Interface HAPTER Navigating the Web Browser Interface AVIGATING THE ROWSER NTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” and password “admin.” When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
| Using the Web Interface HAPTER Navigating the Web Browser Interface To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page.” Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings.”...
Page 34
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page VLAN Stacking S-VLAN Table Sets QinQ settings for the switch S-VLAN Setting Sets QinQ settings for ports IGMP Snooping Multicast Entry Table Displays multicast groups to be filtered for VLANs IGMP Snooping Setting Configures global and port settings for multicast filtering...
Page 35
| Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Isolation Limits traffic to and from specified ports Defence Engine Provides protection from traffic storms Monitoring Port Statistics Shows detailed Ethernet port statistics Tools HTTP Upgrade Updates software on the switch, and saves/restores...
Page 36
| Using the Web Interface HAPTER Navigating the Web Browser Interface – 36 –...
YSTEM ETTINGS This chapter describes some basic system settings on the switch. It includes the following sections: ◆ “Displaying System Information” on page 37 “Setting a User Account” on page 39 ◆ “Setting an IP Address” on page 40 ◆ ISPLAYING YSTEM NFORMATION...
| System Settings HAPTER Displaying System Information NTERFACE To view System Information in the web interface, click System, then Information. Figure 7: System Information – 38 –...
| System Settings HAPTER Setting a User Account ETTING A CCOUNT The administrator has read/write access for all parameters governing the onboard agent. You should therefore assign a new administrator user name and password as soon as possible, and store them in a safe place. The default administrator user name is “admin”...
| System Settings HAPTER Setting an IP Address IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
| System Settings HAPTER Setting an IP Address NTERFACE To configure static IPv4 address settings: Click System, then IP Setting. Set the Mode to “Static IP.” Specify the IPv4 address, subnet mask, and gateway address. Click Apply. Figure 9: IPv4 Address Configuration This section describes how to configure an IPv6 interface for management ETTING AN access over the network.
Page 42
| System Settings HAPTER Setting an IP Address interface identifier (i.e., the physical MAC address). You can manually configure a link-local address by entering the full address with the network prefix FE80. To connect to a larger network with multiple subnets, you must ◆...
| System Settings HAPTER Setting an IP Address NTERFACE To configure IPv6 & Time in the web interface: Click Configuration, System, IPv6 & Time. Specify the IPv6 settings, and indicate the local time zone by configuring the appropriate offset. The information shown below provides a example of how to manually configure an IPv6 address.
Page 44
| System Settings HAPTER Setting an IP Address – 44 –...
ETTINGS The Port Configuration page includes configuration options for enabling auto-negotiation or manually setting the speed and duplex mode, or enabling flow control. ARAMETERS The following parameters are displayed on the Port Configuration page: Port – Selects one or more ports or trunks to configure. Hold down the ◆...
Page 46
| Port Settings HAPTER Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub. Current Port Status ◆...
GGREGATION You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches. This chapter includes the following sections for configuring link aggregation: “General Link Aggregation Guidelines”...
| Link Aggregation HAPTER Creating Trunk Groups When configuring static trunks on switches of different types, they ◆ must be compatible with the Cisco EtherChannel standard. The ports at both ends of a trunk must be configured in an identical ◆...
| Link Aggregation HAPTER Creating Trunk Groups Current Configured Trunk Groups Group ID – Displays the trunk identifier. ◆ Type – Displays the trunk type; Static or LACP. ◆ Ports – Configured port members in the trunk. ◆ LACP Active/Passive – Configured port members in an LACP trunk. ◆...
| Link Aggregation HAPTER Configuring Trunk Settings ONFIGURING RUNK ETTINGS When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent. To maintain the frame sequence of various traffic flows between devices in the network, the switch also needs to ensure that frames in each “conversation”...
| Link Aggregation HAPTER Configuring Trunk Settings Dest. IP – All traffic with the same source and destination IP ■ address is output on the same link in a trunk. This mode works best for switch-to-router trunk links where traffic through the switch is destined for many different hosts.
| Link Aggregation HAPTER Configuring LACP LACP ONFIGURING Use the LACP Settings page to enable LACP on the switch and configure the system priority. SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before ◆...
| Link Aggregation HAPTER Configuring LACP Current LACP Port Configuration Port – Port identifier. (Range: 1-26) ◆ LACP – Indicates ports that are enabled as LACP ports and if they are ◆ passive or active. Aggregated – Indicates ports in a trunk that are members of an active ◆...
VLAN REATING This chapter includes the following sections for configuring VLANs: “IEEE 802.1Q VLANs” on page 57 ◆ “Assigning Ports to VLANs” on page 58 ◆ ◆ “Configuring VLAN Attributes for Port Members” on page 60 IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains.
| Creating VLANs HAPTER Assigning Ports to VLANs VLAN SSIGNING ORTS TO Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
| Creating VLANs HAPTER Assigning Ports to VLANs NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLAN, Static VLAN. Select a VLAN ID number. Define a name to identify the VLAN. Mark the ports to be assigned to the new VLAN as tagged or untagged members.
| Creating VLANs HAPTER Configuring VLAN Attributes for Port Members VLAN A ONFIGURING TTRIBUTES FOR EMBERS You can configure VLAN attributes for specific interfaces, including the default Port VLAN identifier (PVID). ARAMETERS The following parameters are displayed on the VLAN Setting page: Port - Selects one or more ports or trunks to configure.
VLAN S TACKING This chapter includes the following sections for configuring VLAN Stacking: “Configuring IEEE 802.1Q Tunneling” on page 61 ◆ “VLAN Stacking Table” on page 62 ◆ ◆ “VLAN Stacking Settings” on page 63 IEEE 802.1Q T ONFIGURING UNNELING VLAN Stacking, or IEEE 802.1Q Tunneling (QinQ), is designed for service providers carrying traffic for multiple customers across their networks.
| VLAN Stacking HAPTER VLAN Stacking Table When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provider’s network, the outer tag is stripped for packet processing. When the packet exits another trunk port on the same core switch, the same S-VLAN tag is again added to the packet.
| VLAN Stacking HAPTER VLAN Stacking Settings Figure 17: VLAN Stacking Table VLAN S TACKING ETTINGS After configuring port members for stacking VLANs on the switch, the ports connected to a service provider network need to be enabled as doubled- tagged ports.
| VLAN Stacking HAPTER VLAN Stacking Settings the ethertype field, as they would be with a standard 802.1Q trunk. Frames arriving on the port containing any other ethertype are looked upon as untagged frames, and assigned to the native VLAN of that port. NTERFACE To configure stacking VLAN port settings: Click Configuration, VLAN Stacking, S-VLAN Setting.
IGMP S NOOPING This chapter includes the following sections for configuring IGMP Snooping: “IGMP Snooping Introduction” on page 65 ◆ “Multicast Entry Table” on page 66 ◆ ◆ “IGMP Snooping Setting” on page 67 IGMP S NOOPING NTRODUCTION Multicasting is used to support real-time applications such as videoconferencing or streaming audio.
| IGMP Snooping HAPTER Multicast Entry Table ULTICAST NTRY ABLE The IGMP Multicast Router Information table displays the current multicast groups learned through IGMP Snooping. Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
| IGMP Snooping HAPTER IGMP Snooping Setting NTERFACE To display multicast group and router port information, click Configuration, IGMP Snooping, Multicast Entry Table. Figure 19: Multicast Entry Table IGMP S NOOPING ETTING You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic.
Page 68
| IGMP Snooping HAPTER IGMP Snooping Setting IGMP Fast-Leave - Immediately deletes a member port of a multicast ◆ service if a leave packet is received on that port. Fast Leave can improve bandwidth usage for a network which frequently experiences many IGMP host add and leave requests.
| IGMP Snooping HAPTER IGMP Snooping Setting Figure 20: IGMP Snooping Global Settings The following parameters are displayed for the VLAN Setting section of the IGMP VLAN S ETTING IGMP Snooping Setting page: VLAN ID — Specifies the ID of a configured VLAN on the switch. ◆...
PANNING This chapter includes the following sections for configuring Spanning Tree: “Configuring the Spanning Tree Protocol” on page 71 ◆ “Configuring STP Global Settings” on page 72 ◆ ◆ “Configuring STP Port Settings” on page 75 ONFIGURING THE PANNING ROTOCOL The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
| Spanning Tree HAPTER Configuring STP Global Settings Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
Page 73
| Spanning Tree HAPTER Configuring STP Global Settings Maximum Age — The maximum time (in seconds) a device can wait ◆ without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information (provided in the last configuration message) becomes the designated port for the attached LAN.
| Spanning Tree HAPTER Configuring STP Global Settings network. (References to “ports” in this section means “interfaces,” which includes both ports and trunks.) Root Hello Time — The interval (in seconds) at which this device ◆ transmits a configuration message. Root Forward Delay —...
| Spanning Tree HAPTER Configuring STP Port Settings STP P ONFIGURING ETTINGS Use the STP Port Setting page to configure Spanning Tree attributes for specific interfaces, including path cost, port priority, edge port (for fast forwarding), automatic detection of an edge port, and point-to-point link type.
| Spanning Tree HAPTER Configuring STP Port Settings Table 7: Default STP Path Costs Port Type Link Type IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,000,000 Trunk 500,000 Fast Ethernet Half Duplex 200,000 Full Duplex 100,000 Trunk 50,000 Gigabit Ethernet Full Duplex 10,000 Trunk...
Page 77
| Spanning Tree HAPTER Configuring STP Port Settings Discarding — Port receives STP configuration messages, but does ■ not forward packets. Learning — Port has transmitted configuration messages for an ■ interval set by the Forward Delay parameter without receiving contradictory information.
| Spanning Tree HAPTER Configuring STP Port Settings Edge — The Edge setting for the port: ◆ Config — The administrator configured Edge setting. ■ Actual — This parameter is initialized to the port setting for Edge ■ (that is, True or False), but will be set to false if a BPDU is received, indicating that another bridge is attached to this port.
UALITY OF ERVICE This chapter includes the following sections for configuring Quality of Service (QoS): ◆ “QoS Introduction” on page 79 “Port-Based Priority” on page 80 ◆ “DSCP-Based Priority” on page 81 ◆ “Priority-to-Queue Mapping” on page 82 ◆ “Packet Scheduling” on page 84 ◆...
| Quality of Service HAPTER Port-Based Priority ASED RIORITY You can specify the default port priority for each port on the switch, a Quality Control List (which sets the priority for ingress packets based on detailed criteria), the default tag assigned to egress packets, the queuing mode, and queue weights.
| Quality of Service HAPTER DSCP-Based Priority Figure 24: Port-Based Priority Setting DSCP-B ASED RIORITY The Differentiated Services Code Point (DSCP) is a six-bit field in the IP header, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
| Quality of Service HAPTER Priority-to-Queue Mapping NTERFACE To configure port-level DSCP remarking: Click Configuration, QoS, DSCP-based Priority. Map one or more DSCP values to a priority value. Click Apply. Figure 25: DSCP-Based Priority Setting RIORITY UEUE APPING This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on Weighted Fair Queuing (WFQ) or Weighted Round Robin (WRR).
| Quality of Service HAPTER Priority-to-Queue Mapping Table 9: CoS Priority Levels Priority Level Traffic Type Background (Spare) 0 (default) Best Effort Excellent Effort Controlled Load Video, less than 100 milliseconds latency and jitter Voice, less than 10 milliseconds latency and jitter Network Control ARAMETERS Priority —...
| Quality of Service HAPTER Packet Scheduling Figure 26: Priority-to-Queue Mapping ACKET CHEDULING You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, Weighted Fair Queuing (WFQ), or Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
| Quality of Service HAPTER Packet Scheduling percentage of service time the switch services each queue before moving on to the next queue. Queue ID — Output queue buffer. (Range: 1-8, where 8 is the highest ◆ priority queue) Weight — Set a new weight for the selected traffic class. (Range: Strict ◆...
Page 86
| Quality of Service HAPTER Packet Scheduling – 86 –...
AYER ISCOVERY ROTOCOL This chapter includes the following sections for configuring Link Layer Discovery Protocol (LLDP): ◆ “Configuring LLDP” on page 87 “LLDP Neighbors” on page 89 ◆ LLDP ONFIGURING The Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain.
| Link Layer Discovery Protocol HAPTER Configuring LLDP Port — Port identifier. (Range: 1-26) ◆ State — Enables LLDP message transmit and receive modes for LLDP ◆ Protocol Data Units. (Options: Disabled, Tx/Rx, Rx only, Tx only; Default: Disabled) NTERFACE To configure global and port settings for LLDP: Click Configuration, LLDP, LLDP Settings.
| Link Layer Discovery Protocol HAPTER LLDP Neighbors LLDP N EIGHBORS Use the LLDP Neighbors page to display information about devices connected directly to the switch’s ports which are advertising information through LLDP. ARAMETERS The following parameters are displayed on the LLDP Neighbors page: Local Port —...
SNMP S ETTINGS This chapter includes the following sections for configuring Simple Network Management Protocol (SNMP): ◆ “Simple Network Management Protocol” on page 91 “Setting SNMP System and Community Strings” on page 92 ◆ “Specifying SNMP Trap Receivers” on page 93 ◆...
| SNMP Settings HAPTER Setting SNMP System and Community Strings SNMP S ETTING YSTEM AND OMMUNITY TRINGS To manage the switch through SNMP, you must first enable the protocol and configure the basic access parameters. You can configure community strings authorized for management access by clients using SNMP v1 and v2c.
| SNMP Settings HAPTER Specifying SNMP Trap Receivers Click Apply. Figure 30: SNMP Settings SNMP T PECIFYING ECEIVERS Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management software).
| SNMP Settings HAPTER Specifying SNMP Trap Receivers Specify the IP address of management station that will receive SNMP trap messages. Specify a configured community string for the trap receiver. Click Apply. Figure 31: SNMP Trap Receiver Settings – 94 –...
IRRORING You can mirror traffic from one or more source ports to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source ports in a completely unobtrusive manner.
ECURITY Port security is a feature that allows you to configure a switch port with a maximum number of device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
| Port Security HAPTER NTERFACE To configure port security: Click Configuration, Port Security. Select the ports to configure. Set Security to Enable. Configure the maximum number of MAC addresses allowed on the port. Set an action for port security violations. Click Apply.
ANDWIDTH ONTROL This function allows the network manager to control the maximum rate for traffic received on a port or transmitted from a port. Rate limiting is configured on ports at the edge of a network to limit traffic into or out of the switch.
UMBO RAME The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
ANAGEMENT CCESS ILTER You can create a list of up to eight IP addresses or IP address groups that are allowed management access to the switch through the web interface. SAGE UIDELINES The web management interface is open to all IP addresses by default. ◆...
MAC A DDRESS ECURITY This chapter includes the following sections for configuring MAC address security: ◆ “MAC Forwarding Table” on page 105 “Static MAC Addresses” on page 106 ◆ “MAC Address Filtering” on page 107 ◆ MAC F ORWARDING ABLE Switches store the addresses for all known devices.
| MAC Address Security HAPTER Static MAC Addresses NTERFACE To display the MAC address forwarding table, click Security, MAC Address, MAC Forwarding Table. Figure 37: MAC Address Forwarding Table MAC A TATIC DDRESSES A static address can be assigned to a specific interface on the switch. Static addresses are bound to the assigned interface and will not be moved.
| MAC Address Security HAPTER MAC Address Filtering Figure 38: Static MAC Setting MAC A DDRESS ILTERING The MAC Filtering pages are used to filter service to clients attempting to access the Internet based on protocol type, destination/source MAC address, and the direction of traffic for each packet. Click Advanced Setup, Security, MAC Filtering.
| MAC Address Security HAPTER MAC Address Filtering NTERFACE To configure MAC Address Filtering: Click Security, MAC Address, MAC Address Filtering. Specify the MAC address to be filtered. Specify the VLAN ID. Select to filter the MAC address as the source, destination, or both. Set a name to describe the filter.
802.1X S ECURITY This chapter includes the following sections for configuring 802.1X security: ◆ “Configuring 802.1X Authentication” on page 109 “802.1X Global Settings” on page 110 ◆ “802.1X Port Settings” on page 111 ◆ 802.1X A ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC.
| 802.1X Security HAPTER 802.1X Global Settings RADIUS authentication must be enabled on the switch and the IP ◆ address of the RADIUS server specified. 802.1X must be enabled globally for the switch. ◆ Each switch port that will be used must be set to “Authentication” ◆...
| 802.1X Security HAPTER 802.1X Port Settings NTERFACE To configure 802.1X global settings: Click Security, 802.1X, 802.1X Setting. Set 802.1X to Enabled. Specify the RADIUS server IP address. Specify the RADIUS server shared key. Modified other parameters as required. Click Apply. Figure 40: 802.1X Setting 802.1X P ETTINGS...
| 802.1X Security HAPTER 802.1X Port Settings Force-Authorized – Forces the port to grant access to all clients, ■ either dot1x-aware or otherwise. Force-Unauthorized – Forces the port to deny access to all ■ clients, either dot1x-aware or otherwise. No Authentication – Disables 802.1X authentication on the port. ■...
ENERAL ECURITY ETTINGS This chapter includes the following sections for other general security settings: ◆ “IP Filter Security” on page 113 “Storm Control Setting” on page 114 ◆ “Port Isolation” on page 116 ◆ “Defence Engine” on page 117 ◆ IP F ILTER ECURITY...
| General Security Settings HAPTER Storm Control Setting NTERFACE To configure IP Filter settings: Click Security, IP Filter Setting. Select one or more ports to configure. Select the mode Static and set an IP address, or select DHCP. Select ports on which to allow traffic to DHCP servers. Click Apply.
| General Security Settings HAPTER Storm Control Setting You can also protect your network from excess multicast or unknown multicast/unicast traffic traffic by setting thresholds for each port. Any packets exceeding the specified threshold will then be dropped. ARAMETERS The following parameters are displayed on the Storm Control page: Storm Type —...
| General Security Settings HAPTER Port Isolation SOLATION Port Isolation provides port-based security and isolation of local ports. The switch isolates port traffic by specifying those ports to which it can forward or receive traffic. ARAMETERS The following parameters are displayed on the Port Isolation page: Port —...
| General Security Settings HAPTER Defence Engine EFENCE NGINE Defence Engine is a advanced feature that can prevent switch’s CPU from being overwhelmed by flooded packets, such as unknown unicast, unknown multicast, or broadcast packets. This function can be used to prevent malicious viruses or worm attacks.
TATISTICS You can display standard statistics on network traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot. ARAMETERS The following parameters are displayed on the Port Statistics Information page:...
ANAGEMENT OOLS This chapter includes the following sections for management tools: “HTTP Upgrade” on page 121 ◆ “Restoring Factory Defaults” on page 122 ◆ ◆ “Resetting the Switch” on page 123 HTTP U PGRADE Use the HTTP Upgrade page to upgrade the switch’s system firmware by specifying a new software file.
| Management Tools HAPTER Restoring Factory Defaults Do not reset or power off the switch during the upgrade process AUTION or the switch may fail to function afterwards. Figure 47: Software Upgrade ESTORING ACTORY EFAULTS Use the Reset page to restore the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults.
| Management Tools HAPTER Resetting the Switch ESETTING THE WITCH Use the Reboot page to restart the switch. NTERFACE To restart the switch, click Tools, Reboot, then click the Reboot button. The reboot will be complete when the web interface displays the login page.
Page 125
ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 127 ◆ "Troubleshooting" on page 131 ◆ – 125 –...
Page 127
OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, Port (802.1X), HTTPS, Port Security, IP Filter UTHENTICATION 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex ONFIGURATION 1000BASE-BX/SX/LX/LH - 1000 Mbps at full duplex (SFP) Full Duplex: IEEE 802.3-2005 ONTROL Half Duplex: Back pressure Broadcast, multicast, or unicast traffic throttled above a critical threshold TORM ONTROL...
ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 11: Troubleshooting Chart Symptom Action Cannot connect using a ◆ Be sure the switch is powered up. web browser or SNMP ◆ Check network cabling between the management station and software the switch. ◆...
LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol. BOOTP i used to provide bootup information for network BOOTP devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
Page 134
LOSSARY Differentiated Services Code Point Service. DSCP uses a six-bit tag to DSCP provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
Page 135
LOSSARY VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. IEEE 802.1Q It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. An IEEE standard for providing quality of service (QoS) in Ethernet IEEE 802.1 networks.
Page 136
LOSSARY A process whereby this switch can pass multicast traffic along to IP M ULTICAST ILTERING participating hosts. The Type of Service (ToS) octet in the IPv4 header includes three IP P RECEDENCE precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
Page 137
LOSSARY Network Time Protocol provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master- slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. See IEEE 802.1X.
Page 138
LOSSARY Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops.
Page 139
NDEX UMERICS 802.1Q tunnel main menu mode selection Management Information Bases (MIBs) 802.1X management IPv4 address port authentication mirror port, configuring multicast filtering BPDU path cost port authentication port priority community string configuring ports autonegotiation default settings, system capabilities duplex mode flow control mirroring edge port, STA...
Page 140
NDEX edge port global settings, displaying interface settings link type path cost port priority standards, IEEE STP Also see STA trap manager troubleshooting trunk configuration LACP static Type Length Value See LLDP TLV See also LLDP-MED TLV VLAN interface configuration VLANs 802.1Q tunnel mode adding static members...
Need help?
Do you have a question about the ECS4310-26T and is the answer not in the manual?
Questions and answers