Edge-Core ECS4310-26T Management Manual

Edge-Core ECS4310-26T Management Manual

26-port gigabit smart switch
Hide thumbs Also See for ECS4310-26T:
Table of Contents

Advertisement

ECS4310-26T
26-Port
Ma nage me nt Gu ide
Gigabit Smart Switch
www.edge-core.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the ECS4310-26T and is the answer not in the manual?

Questions and answers

Subscribe to Our Youtube Channel

Summary of Contents for Edge-Core ECS4310-26T

  • Page 1 ECS4310-26T 26-Port Ma nage me nt Gu ide Gigabit Smart Switch www.edge-core.com...
  • Page 3 ANAGEMENT UIDE ECS4310-26T G IGABIT MART WITCH with 24 10/100/1000BASE-T (RJ-45) Ports, and 2 Gigabit SFP Slots ECS4310-26T E072010-CS-R01 149100000083A...
  • Page 5: About This Guide

    BOUT UIDE This guide gives specific information on how to operate and use the URPOSE management functions of the switch. The guide is intended for use by network administrators who are UDIENCE responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
  • Page 6 BOUT UIDE – 6 –...
  • Page 7: Table Of Contents

    ONTENTS BOUT UIDE ONTENTS IGURES ABLES ECTION ETTING TARTED NTRODUCTION Key Features Description of Software Features Configuration Backup and Restore Authentication Port Configuration Rate Limiting Port Mirroring Port Trunking Storm Control Static Addresses IEEE 802.1D Bridge Store-and-Forward Switching Spanning Tree Algorithm Virtual LANs Traffic Prioritization Multicast Filtering...
  • Page 8 ONTENTS Changing a PC’s IP Address ECTION ONFIGURATION SING THE NTERFACE Connecting to the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu YSTEM ETTINGS Displaying System Information Setting a User Account Setting an IP Address Setting an IPv4 Address Setting an IPv6 Address ETTINGS...
  • Page 9 ONTENTS Multicast Entry Table IGMP Snooping Setting IGMP Global Setting IGMP VLAN Setting 10 S PANNING Configuring the Spanning Tree Protocol Configuring STP Global Settings Configuring STP Port Settings 11 Q UALITY OF ERVICE QoS Introduction Port-Based Priority DSCP-Based Priority Priority-to-Queue Mapping Packet Scheduling 12 L...
  • Page 10 ONTENTS 802.1X Global Settings 802.1X Port Settings 21 G ENERAL ECURITY ETTINGS IP Filter Security Storm Control Setting Port Isolation Defence Engine 22 P TATISTICS 23 M ANAGEMENT OOLS HTTP Upgrade Restoring Factory Defaults Resetting the Switch ECTION PPENDICES OFTWARE PECIFICATIONS Software Features Management Features...
  • Page 11: Figures

    IGURES Figure 1: Login Page Figure 2: Web Interface Home Page Figure 3: IP Settings Page Figure 4: User Accounts Page Figure 5: Home Page Figure 6: Front Panel Indicators Figure 7: System Information Figure 8: System Password Figure 9: IPv4 Address Configuration Figure 10: IPv6 Address Configuration Figure 11: Port Configuration Figure 12: Trunk Group Setting...
  • Page 12 IGURES Figure 32: Port Mirroring Figure 33: Port Security Figure 34: Bandwidth Control Figure 35: Jumbo Frame Setting Figure 36: Management Access Filter Figure 37: MAC Address Forwarding Table Figure 38: Static MAC Setting Figure 39: MAC Address Filtering Figure 40: 802.1X Setting Figure 41: 802.1X Port Setting Figure 42: IP Filter Setting Figure 43: Storm Control Settings...
  • Page 13: Tables

    ABLES Table 1: Key Features Table 2: System Defaults Table 3: Web Page Configuration Buttons Table 4: Main Menu Table 5: Recommended STP Path Cost Range Table 6: Recommended STP Path Costs Table 7: Default STP Path Costs Table 8: Default Mapping of CoS Values to Egress Queues Table 9: CoS Priority Levels Table 10: LLDP System Capabilities Table 11: Troubleshooting Chart...
  • Page 14 ABLES – 14 –...
  • Page 15: Sectioni

    ECTION ETTING TARTED This section provides an overview of the switch, and introduces some basic concepts about network switches. It also describes the basic settings required to access the management interface. This section includes these chapters: "Introduction" on page 17 ◆...
  • Page 16 | Getting Started ECTION – 16 –...
  • Page 17: Key Features

    NTRODUCTION This switch provides a broad range of features for Layer 2 switching. It includes a management agent that allows you to configure the features listed in this manual. The default configuration can be used for most of the features provided by this switch. However, there are many options that you should configure to maximize the switch’s performance for your particular network environment.
  • Page 18: Description Of Software Features

    | Introduction HAPTER Description of Software Features ESCRIPTION OF OFTWARE EATURES The switch provides a wide range of advanced performance enhancing features. Flow control eliminates the loss of packets due to bottlenecks caused by port saturation. Storm suppression prevents broadcast, multicast, and unknown unicast traffic storms from engulfing the network.
  • Page 19: Port Trunking

    | Introduction HAPTER Description of Software Features Ports can be combined into an aggregate connection. Trunks can be RUNKING manually set up or dynamically configured using Link Aggregation Control Protocol (LACP – IEEE 802.3-2005). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail.
  • Page 20: Virtual Lans

    | Introduction HAPTER Description of Software Features Rapid Spanning Tree Protocol (RSTP, IEEE 802.1w) – This protocol ◆ reduces the convergence time for network topology changes to about 3 to 5 seconds, compared to 30 seconds or more for the older IEEE 802.1D STP standard.
  • Page 21: System Defaults

    | Introduction HAPTER System Defaults YSTEM EFAULTS The following table lists some of the basic system defaults. Table 2: System Defaults Function Parameter Default Authentication User Name admin Password admin 802.1X Port Authentication Disabled Port Security Disabled IP Filtering Disabled Web Management HTTP Server Enabled...
  • Page 22 | Introduction HAPTER System Defaults – 22 –...
  • Page 23: Initial Switch Configuration

    NITIAL WITCH ONFIGURATION This chapter includes information on connecting to the switch and basic configuration procedures. The switch includes a built-in network management agent. The agent offers a web-based management interface, and it also supports management through SNMP (Simple Network Management Protocol). The switch’s web management interface allows you to configure switch parameters, monitor port connections, and display statistics using a standard web browser such as Internet Explorer 5.x or above, Netscape...
  • Page 24: Figure 1: Login Page

    | Initial Switch Configuration HAPTER Connecting to the Switch you are unfamiliar with this process, see “Changing a PC’s IP Address” on page Open your web browser and enter the address http://192.168.1.1. If your PC is properly configured, you will see the login page of your switch.
  • Page 25: Setting A Password

    | Initial Switch Configuration HAPTER Connecting to the Switch From the menu, click on System, then IP Settings. On the IP Address Setting page, enter the new IP address, Subnet Mask and Gateway IP Address for the switch, then click on the Apply button. The switch also supports dynamic IPv4 address assignment through DHCP (Dynamic Host Configuration Protocol).
  • Page 26: Figure 4: User Accounts Page

    | Initial Switch Configuration HAPTER Connecting to the Switch Figure 4: User Accounts Page In the New Username field, define an administrator user name. In the New Password field, define an administrator password. Confirm the new password setting in the Retype Password field. Click the Apply button.
  • Page 27: Changing A Pc's Ip Address

    | Initial Switch Configuration HAPTER Changing a PC’s IP Address PC’ IP A HANGING A DDRESS To change the IP address of a Windows 2000 PC: Click Start, Settings, then Network and Dial-up Connections. For the IP address you want to change, right-click the network connection icon, and then click Properties.
  • Page 28 | Initial Switch Configuration HAPTER Changing a PC’s IP Address – 28 –...
  • Page 29: Ection

    ECTION ONFIGURATION This section describes the basic switch features, along with a detailed description of how to configure each feature via a web browser. This section includes these chapters: "Using the Web Interface" on page 31 ◆ "System Settings" on page 37 ◆...
  • Page 30 | Web Configuration ECTION "General Security Settings" on page 113 ◆ "Port Statistics" on page 119 ◆ "Management Tools" on page 121 ◆ – 30 –...
  • Page 31: Using The Web Interface

    SING THE NTERFACE The switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.0, Netscape 6.2, Mozilla Firefox 2.0, or more recent versions).
  • Page 32: Navigating The Web Browser Interface

    | Using the Web Interface HAPTER Navigating the Web Browser Interface AVIGATING THE ROWSER NTERFACE To access the web-browser interface you must first enter a user name and password. By default, the user name is “admin” and password “admin.” When your web browser connects with the switch’s web agent, the home page is displayed as shown below.
  • Page 33: Panel Display

    | Using the Web Interface HAPTER Navigating the Web Browser Interface To ensure proper screen refresh, be sure that Internet Explorer is configured so that the setting “Check for newer versions of stored pages” reads “Every visit to the page.” Internet Explorer 6.x and earlier: This option is available under the menu “Tools / Internet Options / General / Temporary Internet Files / Settings.”...
  • Page 34 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page VLAN Stacking S-VLAN Table Sets QinQ settings for the switch S-VLAN Setting Sets QinQ settings for ports IGMP Snooping Multicast Entry Table Displays multicast groups to be filtered for VLANs IGMP Snooping Setting Configures global and port settings for multicast filtering...
  • Page 35 | Using the Web Interface HAPTER Navigating the Web Browser Interface Table 4: Main Menu Menu Description Page Port Isolation Limits traffic to and from specified ports Defence Engine Provides protection from traffic storms Monitoring Port Statistics Shows detailed Ethernet port statistics Tools HTTP Upgrade Updates software on the switch, and saves/restores...
  • Page 36 | Using the Web Interface HAPTER Navigating the Web Browser Interface – 36 –...
  • Page 37: System Settings

    YSTEM ETTINGS This chapter describes some basic system settings on the switch. It includes the following sections: ◆ “Displaying System Information” on page 37 “Setting a User Account” on page 39 ◆ “Setting an IP Address” on page 40 ◆ ISPLAYING YSTEM NFORMATION...
  • Page 38: Figure 7: System Information

    | System Settings HAPTER Displaying System Information NTERFACE To view System Information in the web interface, click System, then Information. Figure 7: System Information – 38 –...
  • Page 39: Setting A User Account

    | System Settings HAPTER Setting a User Account ETTING A CCOUNT The administrator has read/write access for all parameters governing the onboard agent. You should therefore assign a new administrator user name and password as soon as possible, and store them in a safe place. The default administrator user name is “admin”...
  • Page 40: Setting An Ip Address

    | System Settings HAPTER Setting an IP Address IP A ETTING AN DDRESS This section describes how to configure an IP interface for management access to the switch over the network. This switch supports both IP Version 4 and Version 6, and can be managed simultaneously through either of these address types.
  • Page 41: Setting An Ipv6 Address

    | System Settings HAPTER Setting an IP Address NTERFACE To configure static IPv4 address settings: Click System, then IP Setting. Set the Mode to “Static IP.” Specify the IPv4 address, subnet mask, and gateway address. Click Apply. Figure 9: IPv4 Address Configuration This section describes how to configure an IPv6 interface for management ETTING AN access over the network.
  • Page 42 | System Settings HAPTER Setting an IP Address interface identifier (i.e., the physical MAC address). You can manually configure a link-local address by entering the full address with the network prefix FE80. To connect to a larger network with multiple subnets, you must ◆...
  • Page 43: Figure 10: Ipv6 Address Configuration

    | System Settings HAPTER Setting an IP Address NTERFACE To configure IPv6 & Time in the web interface: Click Configuration, System, IPv6 & Time. Specify the IPv6 settings, and indicate the local time zone by configuring the appropriate offset. The information shown below provides a example of how to manually configure an IPv6 address.
  • Page 44 | System Settings HAPTER Setting an IP Address – 44 –...
  • Page 45: Port Settings

    ETTINGS The Port Configuration page includes configuration options for enabling auto-negotiation or manually setting the speed and duplex mode, or enabling flow control. ARAMETERS The following parameters are displayed on the Port Configuration page: Port – Selects one or more ports or trunks to configure. Hold down the ◆...
  • Page 46 | Port Settings HAPTER Avoid using flow control on a port connected to a hub unless it is actually required to solve a problem. Otherwise back pressure jamming signals may degrade overall performance for the segment attached to the hub. Current Port Status ◆...
  • Page 47: Figure 11: Port Configuration

    | Port Settings HAPTER Figure 11: Port Configuration – 47 –...
  • Page 48 | Port Settings HAPTER – 48 –...
  • Page 49: Link Aggregation

    GGREGATION You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault- tolerant link between two switches. This chapter includes the following sections for configuring link aggregation: “General Link Aggregation Guidelines”...
  • Page 50: Creating Trunk Groups

    | Link Aggregation HAPTER Creating Trunk Groups When configuring static trunks on switches of different types, they ◆ must be compatible with the Cisco EtherChannel standard. The ports at both ends of a trunk must be configured in an identical ◆...
  • Page 51: Figure 12: Trunk Group Setting

    | Link Aggregation HAPTER Creating Trunk Groups Current Configured Trunk Groups Group ID – Displays the trunk identifier. ◆ Type – Displays the trunk type; Static or LACP. ◆ Ports – Configured port members in the trunk. ◆ LACP Active/Passive – Configured port members in an LACP trunk. ◆...
  • Page 52: Configuring Trunk Settings

    | Link Aggregation HAPTER Configuring Trunk Settings ONFIGURING RUNK ETTINGS When incoming data frames are forwarded through the switch to a trunk, the switch must determine to which port link in the trunk an outgoing frame should be sent. To maintain the frame sequence of various traffic flows between devices in the network, the switch also needs to ensure that frames in each “conversation”...
  • Page 53: Figure 13: Trunk Distribution Algorithm Setting

    | Link Aggregation HAPTER Configuring Trunk Settings Dest. IP – All traffic with the same source and destination IP ■ address is output on the same link in a trunk. This mode works best for switch-to-router trunk links where traffic through the switch is destined for many different hosts.
  • Page 54: Configuring Lacp

    | Link Aggregation HAPTER Configuring LACP LACP ONFIGURING Use the LACP Settings page to enable LACP on the switch and configure the system priority. SAGE UIDELINES To avoid creating a loop in the network, be sure you enable LACP before ◆...
  • Page 55: Figure 14: Lacp Port Configuration

    | Link Aggregation HAPTER Configuring LACP Current LACP Port Configuration Port – Port identifier. (Range: 1-26) ◆ LACP – Indicates ports that are enabled as LACP ports and if they are ◆ passive or active. Aggregated – Indicates ports in a trunk that are members of an active ◆...
  • Page 56 | Link Aggregation HAPTER Configuring LACP – 56 –...
  • Page 57: Creating Vlan S

    VLAN REATING This chapter includes the following sections for configuring VLANs: “IEEE 802.1Q VLANs” on page 57 ◆ “Assigning Ports to VLANs” on page 58 ◆ ◆ “Configuring VLAN Attributes for Port Members” on page 60 IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains.
  • Page 58: Assigning Ports To Vlans

    | Creating VLANs HAPTER Assigning Ports to VLANs VLAN SSIGNING ORTS TO Before enabling VLANs for the switch, you must first assign each port to the VLAN group(s) in which it will participate. By default all ports are assigned to VLAN 1 as untagged ports. Add a port as a tagged port if you want it to carry traffic for one or more VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs.
  • Page 59: Figure 15: Vlan Membership Configuration

    | Creating VLANs HAPTER Assigning Ports to VLANs NTERFACE To configure IEEE 802.1Q VLAN groups: Click Configuration, VLAN, Static VLAN. Select a VLAN ID number. Define a name to identify the VLAN. Mark the ports to be assigned to the new VLAN as tagged or untagged members.
  • Page 60: Configuring Vlan Attributes For Port Members

    | Creating VLANs HAPTER Configuring VLAN Attributes for Port Members VLAN A ONFIGURING TTRIBUTES FOR EMBERS You can configure VLAN attributes for specific interfaces, including the default Port VLAN identifier (PVID). ARAMETERS The following parameters are displayed on the VLAN Setting page: Port - Selects one or more ports or trunks to configure.
  • Page 61: Vlan Stacking

    VLAN S TACKING This chapter includes the following sections for configuring VLAN Stacking: “Configuring IEEE 802.1Q Tunneling” on page 61 ◆ “VLAN Stacking Table” on page 62 ◆ ◆ “VLAN Stacking Settings” on page 63 IEEE 802.1Q T ONFIGURING UNNELING VLAN Stacking, or IEEE 802.1Q Tunneling (QinQ), is designed for service providers carrying traffic for multiple customers across their networks.
  • Page 62: Vlan Stacking Table

    | VLAN Stacking HAPTER VLAN Stacking Table When a double-tagged packet enters another trunk port in an intermediate or core switch in the service provider’s network, the outer tag is stripped for packet processing. When the packet exits another trunk port on the same core switch, the same S-VLAN tag is again added to the packet.
  • Page 63: Vlan Stacking Settings

    | VLAN Stacking HAPTER VLAN Stacking Settings Figure 17: VLAN Stacking Table VLAN S TACKING ETTINGS After configuring port members for stacking VLANs on the switch, the ports connected to a service provider network need to be enabled as doubled- tagged ports.
  • Page 64: Figure 18: Vlan Stacking Settings

    | VLAN Stacking HAPTER VLAN Stacking Settings the ethertype field, as they would be with a standard 802.1Q trunk. Frames arriving on the port containing any other ethertype are looked upon as untagged frames, and assigned to the native VLAN of that port. NTERFACE To configure stacking VLAN port settings: Click Configuration, VLAN Stacking, S-VLAN Setting.
  • Page 65: Igmp Snooping

    IGMP S NOOPING This chapter includes the following sections for configuring IGMP Snooping: “IGMP Snooping Introduction” on page 65 ◆ “Multicast Entry Table” on page 66 ◆ ◆ “IGMP Snooping Setting” on page 67 IGMP S NOOPING NTRODUCTION Multicasting is used to support real-time applications such as videoconferencing or streaming audio.
  • Page 66: Multicast Entry Table

    | IGMP Snooping HAPTER Multicast Entry Table ULTICAST NTRY ABLE The IGMP Multicast Router Information table displays the current multicast groups learned through IGMP Snooping. Multicast routers that are attached to ports on the switch use information obtained from IGMP, along with a multicast routing protocol such as DVMRP or PIM, to support IP multicasting across the Internet.
  • Page 67: Igmp Snooping Setting

    | IGMP Snooping HAPTER IGMP Snooping Setting NTERFACE To display multicast group and router port information, click Configuration, IGMP Snooping, Multicast Entry Table. Figure 19: Multicast Entry Table IGMP S NOOPING ETTING You can configure the switch to forward multicast traffic intelligently. Based on the IGMP query and report messages, the switch forwards traffic only to the ports that request multicast traffic.
  • Page 68 | IGMP Snooping HAPTER IGMP Snooping Setting IGMP Fast-Leave - Immediately deletes a member port of a multicast ◆ service if a leave packet is received on that port. Fast Leave can improve bandwidth usage for a network which frequently experiences many IGMP host add and leave requests.
  • Page 69: Igmp Vlan Setting

    | IGMP Snooping HAPTER IGMP Snooping Setting Figure 20: IGMP Snooping Global Settings The following parameters are displayed for the VLAN Setting section of the IGMP VLAN S ETTING IGMP Snooping Setting page: VLAN ID — Specifies the ID of a configured VLAN on the switch. ◆...
  • Page 70: Figure 21: Igmp Snooping Vlan Settings

    | IGMP Snooping HAPTER IGMP Snooping Setting Figure 21: IGMP Snooping VLAN Settings – 70 –...
  • Page 71: Spanning Tree

    PANNING This chapter includes the following sections for configuring Spanning Tree: “Configuring the Spanning Tree Protocol” on page 71 ◆ “Configuring STP Global Settings” on page 72 ◆ ◆ “Configuring STP Port Settings” on page 75 ONFIGURING THE PANNING ROTOCOL The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
  • Page 72: Configuring Stp Global Settings

    | Spanning Tree HAPTER Configuring STP Global Settings Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge. If a bridge does not get a Hello BPDU after a predefined interval (Maximum Age), the bridge assumes that the link to the Root Bridge is down.
  • Page 73 | Spanning Tree HAPTER Configuring STP Global Settings Maximum Age — The maximum time (in seconds) a device can wait ◆ without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals. Any port that ages out STP information (provided in the last configuration message) becomes the designated port for the attached LAN.
  • Page 74: Figure 22: Stp Global Setting

    | Spanning Tree HAPTER Configuring STP Global Settings network. (References to “ports” in this section means “interfaces,” which includes both ports and trunks.) Root Hello Time — The interval (in seconds) at which this device ◆ transmits a configuration message. Root Forward Delay —...
  • Page 75: Configuring Stp Port Settings

    | Spanning Tree HAPTER Configuring STP Port Settings STP P ONFIGURING ETTINGS Use the STP Port Setting page to configure Spanning Tree attributes for specific interfaces, including path cost, port priority, edge port (for fast forwarding), automatic detection of an edge port, and point-to-point link type.
  • Page 76: Table 7: Default Stp Path Costs

    | Spanning Tree HAPTER Configuring STP Port Settings Table 7: Default STP Path Costs Port Type Link Type IEEE 802.1w-2001 Ethernet Half Duplex 2,000,000 Full Duplex 1,000,000 Trunk 500,000 Fast Ethernet Half Duplex 200,000 Full Duplex 100,000 Trunk 50,000 Gigabit Ethernet Full Duplex 10,000 Trunk...
  • Page 77 | Spanning Tree HAPTER Configuring STP Port Settings Discarding — Port receives STP configuration messages, but does ■ not forward packets. Learning — Port has transmitted configuration messages for an ■ interval set by the Forward Delay parameter without receiving contradictory information.
  • Page 78: Figure 23: Stp Port Setting

    | Spanning Tree HAPTER Configuring STP Port Settings Edge — The Edge setting for the port: ◆ Config — The administrator configured Edge setting. ■ Actual — This parameter is initialized to the port setting for Edge ■ (that is, True or False), but will be set to false if a BPDU is received, indicating that another bridge is attached to this port.
  • Page 79: Quality Of Service

    UALITY OF ERVICE This chapter includes the following sections for configuring Quality of Service (QoS): ◆ “QoS Introduction” on page 79 “Port-Based Priority” on page 80 ◆ “DSCP-Based Priority” on page 81 ◆ “Priority-to-Queue Mapping” on page 82 ◆ “Packet Scheduling” on page 84 ◆...
  • Page 80: Port-Based Priority

    | Quality of Service HAPTER Port-Based Priority ASED RIORITY You can specify the default port priority for each port on the switch, a Quality Control List (which sets the priority for ingress packets based on detailed criteria), the default tag assigned to egress packets, the queuing mode, and queue weights.
  • Page 81: Dscp-Based Priority

    | Quality of Service HAPTER DSCP-Based Priority Figure 24: Port-Based Priority Setting DSCP-B ASED RIORITY The Differentiated Services Code Point (DSCP) is a six-bit field in the IP header, allowing coding for up to 64 different forwarding behaviors. The DSCP replaces the ToS bits, but it retains backward compatibility with the three precedence bits so that non-DSCP compliant, ToS-enabled devices, will not conflict with the DSCP mapping.
  • Page 82: Priority-To-Queue Mapping

    | Quality of Service HAPTER Priority-to-Queue Mapping NTERFACE To configure port-level DSCP remarking: Click Configuration, QoS, DSCP-based Priority. Map one or more DSCP values to a priority value. Click Apply. Figure 25: DSCP-Based Priority Setting RIORITY UEUE APPING This switch processes Class of Service (CoS) priority tagged traffic by using eight priority queues for each port, with service schedules based on Weighted Fair Queuing (WFQ) or Weighted Round Robin (WRR).
  • Page 83: Table 9: Cos Priority Levels

    | Quality of Service HAPTER Priority-to-Queue Mapping Table 9: CoS Priority Levels Priority Level Traffic Type Background (Spare) 0 (default) Best Effort Excellent Effort Controlled Load Video, less than 100 milliseconds latency and jitter Voice, less than 10 milliseconds latency and jitter Network Control ARAMETERS Priority —...
  • Page 84: Packet Scheduling

    | Quality of Service HAPTER Packet Scheduling Figure 26: Priority-to-Queue Mapping ACKET CHEDULING You can set the switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to be processed before lower priority queues are serviced, Weighted Fair Queuing (WFQ), or Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue.
  • Page 85: Figure 27: Packet Scheduling

    | Quality of Service HAPTER Packet Scheduling percentage of service time the switch services each queue before moving on to the next queue. Queue ID — Output queue buffer. (Range: 1-8, where 8 is the highest ◆ priority queue) Weight — Set a new weight for the selected traffic class. (Range: Strict ◆...
  • Page 86 | Quality of Service HAPTER Packet Scheduling – 86 –...
  • Page 87: Link Layer Discovery Protocol

    AYER ISCOVERY ROTOCOL This chapter includes the following sections for configuring Link Layer Discovery Protocol (LLDP): ◆ “Configuring LLDP” on page 87 “LLDP Neighbors” on page 89 ◆ LLDP ONFIGURING The Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain.
  • Page 88: Figure 28: Lldp Settings

    | Link Layer Discovery Protocol HAPTER Configuring LLDP Port — Port identifier. (Range: 1-26) ◆ State — Enables LLDP message transmit and receive modes for LLDP ◆ Protocol Data Units. (Options: Disabled, Tx/Rx, Rx only, Tx only; Default: Disabled) NTERFACE To configure global and port settings for LLDP: Click Configuration, LLDP, LLDP Settings.
  • Page 89: Lldp Neighbors

    | Link Layer Discovery Protocol HAPTER LLDP Neighbors LLDP N EIGHBORS Use the LLDP Neighbors page to display information about devices connected directly to the switch’s ports which are advertising information through LLDP. ARAMETERS The following parameters are displayed on the LLDP Neighbors page: Local Port —...
  • Page 90: Figure 29: Lldp Neighbors

    | Link Layer Discovery Protocol HAPTER LLDP Neighbors NTERFACE To display LLDP neighbors, click Configuration, LLDP, LLDP Neighbors. Use the Refresh button to update the LLDP information. Figure 29: LLDP Neighbors – 90 –...
  • Page 91: Snmp Settings

    SNMP S ETTINGS This chapter includes the following sections for configuring Simple Network Management Protocol (SNMP): ◆ “Simple Network Management Protocol” on page 91 “Setting SNMP System and Community Strings” on page 92 ◆ “Specifying SNMP Trap Receivers” on page 93 ◆...
  • Page 92: Setting Snmp System And Community Strings

    | SNMP Settings HAPTER Setting SNMP System and Community Strings SNMP S ETTING YSTEM AND OMMUNITY TRINGS To manage the switch through SNMP, you must first enable the protocol and configure the basic access parameters. You can configure community strings authorized for management access by clients using SNMP v1 and v2c.
  • Page 93: Specifying Snmp Trap Receivers

    | SNMP Settings HAPTER Specifying SNMP Trap Receivers Click Apply. Figure 30: SNMP Settings SNMP T PECIFYING ECEIVERS Traps indicating status changes are issued by the switch to specified trap managers. You must specify trap managers so that key events are reported by this switch to your management station (using network management software).
  • Page 94: Figure 31: Snmp Trap Receiver Settings

    | SNMP Settings HAPTER Specifying SNMP Trap Receivers Specify the IP address of management station that will receive SNMP trap messages. Specify a configured community string for the trap receiver. Click Apply. Figure 31: SNMP Trap Receiver Settings – 94 –...
  • Page 95: Port Mirroring

    IRRORING You can mirror traffic from one or more source ports to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source ports in a completely unobtrusive manner.
  • Page 96: Figure 32: Port Mirroring

    | Port Mirroring HAPTER Figure 32: Port Mirroring – 96 –...
  • Page 97: Port Security

    ECURITY Port security is a feature that allows you to configure a switch port with a maximum number of device MAC addresses that are authorized to access the network through that port. When port security is enabled on a port, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number.
  • Page 98: Figure 33: Port Security

    | Port Security HAPTER NTERFACE To configure port security: Click Configuration, Port Security. Select the ports to configure. Set Security to Enable. Configure the maximum number of MAC addresses allowed on the port. Set an action for port security violations. Click Apply.
  • Page 99: Bandwidth Control

    ANDWIDTH ONTROL This function allows the network manager to control the maximum rate for traffic received on a port or transmitted from a port. Rate limiting is configured on ports at the edge of a network to limit traffic into or out of the switch.
  • Page 100: Figure 34: Bandwidth Control

    | Bandwidth Control HAPTER Figure 34: Bandwidth Control – 100 –...
  • Page 101: Jumbo Frame

    UMBO RAME The switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
  • Page 102 | Jumbo Frame HAPTER – 102 –...
  • Page 103: Management Access Filter

    ANAGEMENT CCESS ILTER You can create a list of up to eight IP addresses or IP address groups that are allowed management access to the switch through the web interface. SAGE UIDELINES The web management interface is open to all IP addresses by default. ◆...
  • Page 104: Figure 36: Management Access Filter

    | Management Access Filter HAPTER Figure 36: Management Access Filter – 104 –...
  • Page 105: Mac Address Security

    MAC A DDRESS ECURITY This chapter includes the following sections for configuring MAC address security: ◆ “MAC Forwarding Table” on page 105 “Static MAC Addresses” on page 106 ◆ “MAC Address Filtering” on page 107 ◆ MAC F ORWARDING ABLE Switches store the addresses for all known devices.
  • Page 106: Static Mac Addresses

    | MAC Address Security HAPTER Static MAC Addresses NTERFACE To display the MAC address forwarding table, click Security, MAC Address, MAC Forwarding Table. Figure 37: MAC Address Forwarding Table MAC A TATIC DDRESSES A static address can be assigned to a specific interface on the switch. Static addresses are bound to the assigned interface and will not be moved.
  • Page 107: Mac Address Filtering

    | MAC Address Security HAPTER MAC Address Filtering Figure 38: Static MAC Setting MAC A DDRESS ILTERING The MAC Filtering pages are used to filter service to clients attempting to access the Internet based on protocol type, destination/source MAC address, and the direction of traffic for each packet. Click Advanced Setup, Security, MAC Filtering.
  • Page 108: Figure 39: Mac Address Filtering

    | MAC Address Security HAPTER MAC Address Filtering NTERFACE To configure MAC Address Filtering: Click Security, MAC Address, MAC Address Filtering. Specify the MAC address to be filtered. Specify the VLAN ID. Select to filter the MAC address as the source, destination, or both. Set a name to describe the filter.
  • Page 109: 802.1X Security

    802.1X S ECURITY This chapter includes the following sections for configuring 802.1X security: ◆ “Configuring 802.1X Authentication” on page 109 “802.1X Global Settings” on page 110 ◆ “802.1X Port Settings” on page 111 ◆ 802.1X A ONFIGURING UTHENTICATION Network switches can provide open and easy access to network resources by simply attaching a client PC.
  • Page 110: X Global Settings

    | 802.1X Security HAPTER 802.1X Global Settings RADIUS authentication must be enabled on the switch and the IP ◆ address of the RADIUS server specified. 802.1X must be enabled globally for the switch. ◆ Each switch port that will be used must be set to “Authentication” ◆...
  • Page 111: X Port Settings

    | 802.1X Security HAPTER 802.1X Port Settings NTERFACE To configure 802.1X global settings: Click Security, 802.1X, 802.1X Setting. Set 802.1X to Enabled. Specify the RADIUS server IP address. Specify the RADIUS server shared key. Modified other parameters as required. Click Apply. Figure 40: 802.1X Setting 802.1X P ETTINGS...
  • Page 112: Figure 41: 802.1X Port Setting

    | 802.1X Security HAPTER 802.1X Port Settings Force-Authorized – Forces the port to grant access to all clients, ■ either dot1x-aware or otherwise. Force-Unauthorized – Forces the port to deny access to all ■ clients, either dot1x-aware or otherwise. No Authentication – Disables 802.1X authentication on the port. ■...
  • Page 113: G Eneral S Ecurity S Ettings

    ENERAL ECURITY ETTINGS This chapter includes the following sections for other general security settings: ◆ “IP Filter Security” on page 113 “Storm Control Setting” on page 114 ◆ “Port Isolation” on page 116 ◆ “Defence Engine” on page 117 ◆ IP F ILTER ECURITY...
  • Page 114: Storm Control Setting

    | General Security Settings HAPTER Storm Control Setting NTERFACE To configure IP Filter settings: Click Security, IP Filter Setting. Select one or more ports to configure. Select the mode Static and set an IP address, or select DHCP. Select ports on which to allow traffic to DHCP servers. Click Apply.
  • Page 115: Figure 43: Storm Control Settings

    | General Security Settings HAPTER Storm Control Setting You can also protect your network from excess multicast or unknown multicast/unicast traffic traffic by setting thresholds for each port. Any packets exceeding the specified threshold will then be dropped. ARAMETERS The following parameters are displayed on the Storm Control page: Storm Type —...
  • Page 116: Port Isolation

    | General Security Settings HAPTER Port Isolation SOLATION Port Isolation provides port-based security and isolation of local ports. The switch isolates port traffic by specifying those ports to which it can forward or receive traffic. ARAMETERS The following parameters are displayed on the Port Isolation page: Port —...
  • Page 117: Defence Engine

    | General Security Settings HAPTER Defence Engine EFENCE NGINE Defence Engine is a advanced feature that can prevent switch’s CPU from being overwhelmed by flooded packets, such as unknown unicast, unknown multicast, or broadcast packets. This function can be used to prevent malicious viruses or worm attacks.
  • Page 118 | General Security Settings HAPTER Defence Engine – 118 –...
  • Page 119: P Ort S Tatistics

    TATISTICS You can display standard statistics on network traffic passing through each port. This information can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot. ARAMETERS The following parameters are displayed on the Port Statistics Information page:...
  • Page 120: Figure 46: Port Statistics

    | Port Statistics HAPTER NTERFACE To display port statistics, click Monitoring, Port Statistics. Figure 46: Port Statistics – 120 –...
  • Page 121: M Anagement T Ools

    ANAGEMENT OOLS This chapter includes the following sections for management tools: “HTTP Upgrade” on page 121 ◆ “Restoring Factory Defaults” on page 122 ◆ ◆ “Resetting the Switch” on page 123 HTTP U PGRADE Use the HTTP Upgrade page to upgrade the switch’s system firmware by specifying a new software file.
  • Page 122: Figure 47: Software Upgrade

    | Management Tools HAPTER Restoring Factory Defaults Do not reset or power off the switch during the upgrade process AUTION or the switch may fail to function afterwards. Figure 47: Software Upgrade ESTORING ACTORY EFAULTS Use the Reset page to restore the original factory settings. Note that the LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults.
  • Page 123: Resetting The Switch

    | Management Tools HAPTER Resetting the Switch ESETTING THE WITCH Use the Reboot page to restart the switch. NTERFACE To restart the switch, click Tools, Reboot, then click the Reboot button. The reboot will be complete when the web interface displays the login page.
  • Page 124 | Management Tools HAPTER Resetting the Switch – 124 –...
  • Page 125 ECTION PPENDICES This section provides additional information and includes these items: "Software Specifications" on page 127 ◆ "Troubleshooting" on page 131 ◆ – 125 –...
  • Page 126 | Appendices ECTION – 126 –...
  • Page 127 OFTWARE PECIFICATIONS OFTWARE EATURES Local, RADIUS, Port (802.1X), HTTPS, Port Security, IP Filter UTHENTICATION 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex ONFIGURATION 1000BASE-BX/SX/LX/LH - 1000 Mbps at full duplex (SFP) Full Duplex: IEEE 802.3-2005 ONTROL Half Duplex: Back pressure Broadcast, multicast, or unicast traffic throttled above a critical threshold TORM ONTROL...
  • Page 128: Management Features

    | Software Specifications PPENDIX Management Features IGMP Snooping ULTICAST ILTERING DHCP Client DDITIONAL EATURES LLDP (Link Layer Discover Protocol) SNMP (Simple Network Management Protocol) ANAGEMENT EATURES Web-based HTTP or SNMP manager ANAGEMENT Management access via MIB database SNMP Trap management to specified hosts TANDARDS IEEE 802.1AB Link Layer Discovery Protocol IEEE 802.1D-2004 Spanning Tree Algorithm and traffic priorities...
  • Page 129: Management Information Bases

    | Software Specifications PPENDIX Management Information Bases ANAGEMENT NFORMATION ASES Bridge MIB (RFC 1493) Differentiated Services MIB (RFC 3289) Entity MIB (RFC 2737) Ether-like MIB (RFC 2665) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) IGMP MIB (RFC 2933) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863)
  • Page 130 | Software Specifications PPENDIX Management Information Bases – 130 –...
  • Page 131: Table 11: Troubleshooting Chart

    ROUBLESHOOTING ROBLEMS CCESSING THE ANAGEMENT NTERFACE Table 11: Troubleshooting Chart Symptom Action Cannot connect using a ◆ Be sure the switch is powered up. web browser or SNMP ◆ Check network cabling between the management station and software the switch. ◆...
  • Page 132: Problems Accessing The Management Interface

    | Troubleshooting PPENDIX Problems Accessing the Management Interface – 132 –...
  • Page 133: G Lossary

    LOSSARY Access Control List. ACLs can limit network traffic and restrict access to certain users or devices by checking each packet for certain IP or MAC (i.e., Layer 2) information. Boot Protocol. BOOTP i used to provide bootup information for network BOOTP devices, including IP address information, the address of the TFTP server that contains the devices system files, and the name of the boot file.
  • Page 134 LOSSARY Differentiated Services Code Point Service. DSCP uses a six-bit tag to DSCP provide for up to 64 different forwarding behaviors. Based on network policies, different kinds of traffic can be marked for different kinds of forwarding. The DSCP bits are mapped to the Class of Service categories, and then into the output queues.
  • Page 135 LOSSARY VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. IEEE 802.1Q It allows switches to assign endstations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks. An IEEE standard for providing quality of service (QoS) in Ethernet IEEE 802.1 networks.
  • Page 136 LOSSARY A process whereby this switch can pass multicast traffic along to IP M ULTICAST ILTERING participating hosts. The Type of Service (ToS) octet in the IPv4 header includes three IP P RECEDENCE precedence bits defining eight different priority levels ranging from highest priority for network control packets to lowest priority for routine traffic.
  • Page 137 LOSSARY Network Time Protocol provides the mechanisms to synchronize time across the network. The time servers operate in a hierarchical-master- slave configuration in order to synchronize local clocks within the subnet and to national time standards via wire or radio. See IEEE 802.1X.
  • Page 138 LOSSARY Secure Shell is a secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt data connections between management clients and the switch. Spanning Tree Algorithm is a technology that checks your network for any loops.
  • Page 139 NDEX UMERICS 802.1Q tunnel main menu mode selection Management Information Bases (MIBs) 802.1X management IPv4 address port authentication mirror port, configuring multicast filtering BPDU path cost port authentication port priority community string configuring ports autonegotiation default settings, system capabilities duplex mode flow control mirroring edge port, STA...
  • Page 140 NDEX edge port global settings, displaying interface settings link type path cost port priority standards, IEEE STP Also see STA trap manager troubleshooting trunk configuration LACP static Type Length Value See LLDP TLV See also LLDP-MED TLV VLAN interface configuration VLANs 802.1Q tunnel mode adding static members...
  • Page 142 ECS4310-26T E072010-CS-R01 149100000083A...

Table of Contents