Page 1: Black Box
Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) Customer FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 Support Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 Information Web site: www.blackbox.com • E-mail: info@blackbox.com...
Page 2 Trademarks Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners. We‘re here to help! If you have any questions about your application or our products, contact Black Box Tech Support at 724-746-5500 or go to blackbox.com and click on “Talk to Black Box.”...
Page 3: Fcc Statement
FCC Statement Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause inter ference to radio communication. It has been tested and found to comply with the limits for a Class A computing device in accordance with the specifications in Subpart B of Part 15 of FCC rules, which are designed to provide reasonable protection against such interference when the equipment is operated in a commercial environment.
Page 4: Instrucciones De Seguridad
NOM Statement Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3.
Page 5: Table Of Contents
Table of Contents Table of Contents 1. Overview ....................................9 1.1 Initial Configuration ............................... 10 1.2 Connecting to PCs, Servers, Hubs, and Switches ......................13 1.3 Network Wiring Connections ............................14 2. System Configuration ................................15 2.1 System Information ................................ 15 2.1.1 Information .................................
Page 6 Chapter 1: Overview 3.4 Spanning Tree ................................63 3.4.1 Bridge Settings ..............................64 3.4.2. MSTI Mapping ..............................65 3.4.3 MSTI Priorities ..............................66 3.4.4 CIST Ports ................................67 3.4.5 MSTI Ports ................................69 3.4.6 Bridge Status ..............................70 3.4.7 Port Status ................................71 3.4.8 Port Statistics ..............................72 3.5 IGMP Snooping ................................73 3.5.1 Basic Configuration .............................73 3.5.2 VLAN Configuration ............................
Page 7 Chapter 1: Overview 3.13 GVRP ..................................129 3.13.1 Configuration ..............................129 3.13.2 Statistics ................................131 3.14 QoS ................................... 132 3.14.1 Port Classification ............................132 3.14.2 Port Policing ..............................134 3.14.3 Port Scheduler ..............................135 3.14.4 Port Shaping ..............................137 3.14.5 Port Tag Remarking ............................139 3.14.6 Port DSCP ...............................140 3.14.7 DSCP-Based QoS ............................
Page 8 Chapter 1: Overview 4.6 AAA ...................................186 4.6.1 Configuration ..............................186 4.6.2 RADIUS Overview ............................189 4.6.3 RADIUS Details ..............................190 4.7 Port Security ................................191 4.7.1 Limit Control ..............................191 4.7.2 Switch Status ..............................193 4.7.3 Port Status ................................ 195 4.8 Access Management ..............................196 4.8.1 Configuration ..............................196 4.8.2 Statistics ................................
Page 9: Overview
Web-based interface. The Gigabit Managed Switch, part of the next generation of Web-managed switches from Black Box, provides a reliable infrastructure for your business network. This switch delivers the intelligent features you need to improve the availability of your critical business applications, to protect your sensitive information, and to optimize your network bandwidth to deliver information and applications more effectively.
Page 10: Initial Configuration
Chapter 1: Overview 1.1 Initial Configuration This section details how to configure and manage the Gigabit Managed Switch through the Web user interface. This feature enables administrators to easily access and monitor the entire status of the switch through any one port of the switch. Statuses which may be monitored include status of the MIBs, activity of each port, status of spanning trees, port aggregation status, multicast traffic, VLAN and priority status, even illegal access records.
Page 11 Chapter 1: Overview The login process now is completed. In this login menu, you must input the complete username and password respectively: the Gigabit Managed Switch will not give you a shortcut to username automatically. This may be inconvenient, but it is safer. The Gigabit Managed Switch supports a simple user management function allowing only one administrator to configure the system at the same time.
Page 12 Chapter 2: System Configuration Figure 1-2. Accessing the on-line help function. 724-746-5500 | blackbox.com Page 12 LGB1108A...
Page 13: Connecting To Pcs, Servers, Hubs, And Switches
Chapter 2: System Configuration Connecting Network Devices The switch is designed to be connected to 10-, 100-, or 1000-Mbps network cards in PCs and servers, as well as to other switch- es and hubs. It may also be connected to remote devices using optional SFP transceivers. Twisted-Pair Devices Each device requires an unshielded twisted-pair (UTP) cable with RJ-45 connectors at both ends.
Page 14: Network Wiring Connections
Chapter 2: System Configuration 1.3 Network Wiring Connections Today, the punchdown block is an integral part of many of the newer equipment racks. It is actually part of the patch panel. Instructions for making connections in the wiring closet with this type of equipment follows: Step 1: Attach one end of a patch cable to an available port on the switch, and the other end to the patch panel.
Page 15: System Configuration
Chapter 2: System Configuration 2. System Configuration This chapter describes all of the basic configration tasks, including the system information and any management of the switch (e.g., Time, Account, IP, Syslog, and SNMP). 2.1 System Information After logging in, the switch shows you the system information. This page is the default and tells you the basic information of the system, including “Model Name”, “System Description”, “Contact”, “Device Name”, “System Uptime”, “BIOS Version”, “Firmware Version”, “Hardware-Mechanical Version”, “Serial Number”, “Host IP Address”, “Host Mac Address”, “Device Port”, “RAM Size”...
Page 16 Chapter 2: System Configuration • Contact: Enter the contact person’s name and phone here. You can configure this parameter through the device’s user inter- face or SNMP. • Device Name: The name of the switch. User-defined. • System Date: Show the system time of the switch. Its format: day of week, month, day, hours : minutes : seconds, year. •...
Page 17: Configuration
Chapter 2: System Configuration 2.1.2 Configuration You can identify the system by configuring the contact information, name, and location of the switch. Web Interface To configure System Information in the Web interface: 1. Click System, System Information, Configuration. 2. Write System Contact, System Name, System Location information in this page. 3.
Page 18: Cpu Load
Chapter 2: System Configuration 2.1.3 CPU Load This page displays the CPU load, using an SVG graph. The load is measured as averaged over the last 100-ms, 1-second, and 10-second intervals. The last 120 samples are graphed, and the last numbers are displayed as text as well. To display the SVG graph, your browser must support the SVG format.
Page 19: Time
Chapter 2: System Configuration 2.2 Time This section describes how to configure the switch time, including Time Configuration and NTP Configuration. 2.2.1 Manual The switch provides manual and automatic ways to set the system time via NTP. Manual setting is simple. Input “Year”, “Month”, “Day”, “Hour”, “Minute”...
Page 20 Chapter 2: System Configuration • Daylight Savings Time Set Offset: Daylight savings time is used in some countries. If you select this setting, the unit will adjust the time, forward or backward in increments of one hour, between the starting date and the ending date that you select. For example, if you set the daylight savings offset to be 1 hour, when the time reaches the starting time, the system time will be increased one hour.
Page 21: Ntp
Chapter 2: System Configuration 2.2.2 NTP NTP is Network Time Protocol and is used to sync the network time based Greenwich Mean Time (GMT). If you use the NTP mode and select a built-in NTP time server or manually specify an user-defined NTP server as well as Time Zone, the switch will sync the time a short time after pressing yjr <Apply>...
Page 22: Users
Chapter 2: System Configuration 2.3.1 Users This page provides an overview of the current users. Currently the only way to log in as another user on the Web server is to close and reopen the browser. Web Interface To configure Account in the Web interface: 1.
Page 23: Privilege Levels
Chapter 2: System Configuration 2.3.2 Privilege Levels This section provides an overview of Privilege Levels. The switch enables administrators to set user privileges in a number of different categories, including Account, Aggregation, Diagnostics, EEE, GARP, GVRP, IP, IPMC, Snooping, LACP, LLDP, LLDP, MED, MAC, Table, MRP, MVR, MVRP, Maintenance, Mirroring, PoE, Ports, Private VLANs, QoS, SMTP, SNMP, Security, Spanning Tree, System, Trap Event ,VCL, VLANs, and Voice VLAN Privilege Levels from 1 to 15.
Page 24 Chapter 2: System Configuration Parameter Description • Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them contain more than one. The following description defines these privilege level groups in detail: - System: Contact, Name, Location, Timezone, Log.
Page 25: Ip (Internet Protocol)
Chapter 2: System Configuration 2.4 IP (Internet Protocol) IP is an acronym for Internet Protocol. It is a protocol used for communicating data across an Internet network. IP is a "best effort" system, which means that no packet of information sent over is ensured to reach its destination in the same condition it was sent.
Page 26 Chapter 2: System Configuration Parameter Description • DHCP Client: Enable the DHCP client by checking this box. If DHCP fails and the configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP address is non-zero, DHCP will stop and the configured IP settings will be used. The DHCP client will announce the configured system name as hostname to provide DNS lookup.
Page 27: Ipv6
Chapter 2: System Configuration 2.4.2 IPV6 This section describes how to configure the switch-managed IPv6 information. The Configured column is used to view or change the IPv6 configuration. And the Current column is used to show the active IPv6 configuration. Configure the switch-managed IPv6 information on this page.
Page 28: Syslog
Chapter 2: System Configuration 2.5 Syslog The Syslog (system log) is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It can also be used for generalized informational, analysis, and debugging messages.
Page 29: Log
Chapter 2: System Configuration 2.5.2 Log This section describes how to display the System Log Information for the switch. Web Interface To display the log configuration in the Web interface: 1. Click Syslog, Log. 2. Display the log information. Figure 2-11. The System Log Information screen. Parameter Description •...
Page 30: Detailed Log
Chapter 2: System Configuration 2.5.3 Detailed Log This section describes how to use the Detailed Log Information for the switch. Web Interface To display the detailed log configuration in the Web interface: 1. Click Syslog, Detailed Log. 2. Display the log information. Figure 2-12.
Page 31: Snmp
Chapter 2: System Configuration 2.6 SNMP Any Network Management System (NMS) running the Simple Network Management Protocol (SNMP) can manage the managed devices equipped with SNMP agent, provided that the Management Information Base (MIB) is installed correctly on the managed devices.
Page 32: Communities
Chapter 2: System Configuration 2.6.2 Communities This function is used to configure SNMPv3 communities. The Community and UserName are unique. To create a new community account, check <Add new community> button, and enter the account information. Then click <Save>. The maximum group number is four.
Page 33: Users
Chapter 2: System Configuration 2.6.3 Users The function is used to configure SNMPv3 users. The Entry index key is UserName. To create a new UserName account, check the <Add new user> button, enter the user information, and then check <Save>. The maximum number of groups is 10. Web Interface To display the SNMP Users Configuration in the Web interface: 1.
Page 34 Chapter 2: System Configuration • Authentication Password: A string identifying the authentication password phrase. For MD5 authentication protocol, the string length should be 8 to 32 ASCII characters from 33 to 126. For SHA authentication protocol, the string length should 8 to 40ASCII characters from 33 to 126.
Page 35: Groups
Chapter 2: System Configuration 2.6.4 Groups This function is used to configure SNMPv3 group. The Entry index keys are Security Model and Security Name. To create a new group account, please check <Add new group> button, and enter the group information then check <Save>. The Maximum Group Number : v1: 2, v2: 2, v3:10.
Page 36: Views
Chapter 2: System Configuration 2.6.5 Views This function is used to configure SNMPv3 view. The entry index keys are OID Subtree and View Name. To create a new view account, click the <Add new view> button, and enter the view information then check <Save>. Max Group Number : 28. Web Interface 1.
Page 37: Access
Chapter 3: Configuration 2.6.6 Access This function is used to configure SNMPv3 access. The entry index keys are Group Name, Security Model and Security level. To create a new access account, check <Add new access> button, and enter the access information then check <Save>. Max Group Number :14 Web Interface To display the configure SNMP Access in the Web interface:...
Page 38: Trap
Chapter 3: Configuration • Read View Name: The name of the MIB view defining the MIB objects for which this request may request the current values. The string length should be 1 to 32 characters, using ASCII characters from 33 to 126. •...
Page 39 Chapter 3: Configuration • UDP Port: To assign port number. Default: 162 • Community / Security Name: The length of “Community / Security Name” string is restricted to 1–32. • Security Level: Indicates what kind of message will send to the Security Level. Possible modes are: - Info: Send information, warnings, and errors.
Page 40: Configuration
Chapter 3: Configuration 3. Configuration This chapter describes all the basic network configuration tasks, which include the Ports, Layer 2 network protocol (e.g. VLANs, QoS, IGMP, ACLs and PoE etc.), and any setting of the switch. 3.1 Port This section describes how to configure the Port detail parameters of the switch, including how to configure, enable, or disable the Port, or to monitor the port‘s content or status functionality 3.1.1 Configuration This chapter describes how to view the current port configuration and how to configure ports to non-default settings, including...
Page 41 Chapter 3: Configuration Parameter Description • Port: This is the logical port number for this row. • Link: The current link state is displayed graphically. Green indicates the link is up and red that it is down. • Current Link Speed: Provides the current link speed of the port. •...
Page 42: Port Description
Chapter 3: Configuration 3.1.2 Port Description This section describes how to configure the port’s alias and any descriptions for the Port Identity. It prompts the user to create an alphanumeric string describing the full name and version for the system’s hardware, software version, and networking application. Web Interface To configure an Port Description in the Web interface: 1.
Page 43: Traffic Overview
Chapter 3: Configuration 3.1.3 Traffic Overview This section describes the port statistics information and provides an overview of general traffic statistics for all switch ports. Web Interface To Display the Port Statistics Overview in the Web interface: 1. Click Configuration, Port, then Traffic Overview. 2.
Page 44: Detailed Statistics
Chapter 3: Configuration 3.1.4 Detailed Statistics This section describes how to find detailed traffic statistics for a specific switch port. Use the port select box to select which switch port details to display. The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.
Page 45 Chapter 3: Configuration Receive and Transmit Size Counters: The number of (good and bad) packets split into categories that have been received and transmitted based on their respective frame sizes. Receive and Transmit Queue Counters: The number of packets per input and output queue received and transmitted. Receive Queue Counters: •...
Page 46: Qos Statistics
Chapter 3: Configuration 3.1.5 Qos Statistics This section describes how the switch displays the QoS detailed Queuing Counters for a specific switch port for the different queues for all switch ports. Web Interface To Display the Queueing Counters in the Web interface: 1.
Page 47: Sfp Information
Chapter 3: Configuration 3.1.6 SFP Information This section describes the SFP module detail information, including connector type, fiber type, wavelength, baud rate, and vendor OUI, etc. Web Interface To display the SFP information in the Web interface: 1. Click Configuration, Port, then SFP Information 2.
Page 48: Eee
Chapter 3: Configuration 3.1.7 EEE This section enables the user to inspect and configure the current EEE port settings. EEE is a power saving option that reduces the power usage when there is very low traffic utilization (or no traffic). EEE works by powering down circuits when there is no traffic.
Page 49 Chapter 3: Configuration Parameter Description EEE Port Configuration: The EEE port settings relate to the currently selected item, as shown in the page header. • Port: The switch port number of the logical EEE port. • EEE Enabled: Controls whether EEE is enabled for this switch port. •...
Page 50: Acl
Chapter 3: Configuration 3.2 ACL The Gigabit Managed Switch access control list (ACL) is probably the most commonly used object in the IOS. It is used not only for packet filtering but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way. The ACLs are divided into EtherTypes.
Page 51 Chapter 3: Configuration • Port Copy: Select which port frames are copied on. The values permitted are “Disabled“ or a specific port number. The default value is “Disabled.“ • Mirror: Specify the mirror operation of this port. The permitted values are: - Enabled: Frames received on the port are mirrored.
Page 52: Rate Limiters
Chapter 3: Configuration 3.2.2 Rate Limiters This section describes how to configure the switch’s ACL Rate Limiter parameters. The Rate Limiter Levels from 1 to 16 permit the user to set rate limiter value and units with pps or kbps. Web Interface To configure ACL Rate Limiter in the Web interface: 1.
Page 53: Access Control List
Chapter 3: Configuration 3.2.3 Access Control List This section describes how to configure Access Control List rule. An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one.
Page 54 Chapter 3: Configuration Parameter Description • Ingress Port : Indicates the ingress port of the ACE. Possible values are: - Any: The ACE will match any ingress port. - Policy: The ACE will match ingress ports with a specific policy. - Port: The ACE will match a specific ingress port.
Page 55: Acl Status
Chapter 3: Configuration • Buttons: - Save: Click to save changes. - Reset: Click to undo any changes made locally and revert to previously saved values. - Cancel: Click to cancel changes. • Auto-refresh: Click to refresh the information automatically. •...
Page 56 Chapter 3: Configuration - Permit: Frames matching the ACE may be forwarded and learned. - Deny: Frames matching the ACE are dropped. • Rate Limiter: Indicates the rate limiter number of the ACE. The range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled. •...
Page 57: Aggregation
This is also a disadvantage because the peer ports of your static trunk group may not know that they should be aggre- gated together to form a “logic trunked port”. Black Box strongly recommends using Static Trunk on both ends of a link.
Page 58 Chapter 3: Configuration Parameter Description Hash Code Contributors • Source MAC Address: The Source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the Source MAC address or uncheck to disable. By default, Source MAC Address is enabled. •...
Page 59: Lacp
Chapter 3: Configuration 3.3.2 LACP Ports using Link Aggregation Control Protocol (according to IEEE 802.3ad specification) as their trunking method can choose their unique LACP GroupID to form a logic “trunked port”. The benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready member of a “trunk group”...
Page 60 Chapter 3: Configuration • Key: The Key value incurred by the port, range 1-65535. The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3. Using the Specific setting, a user-defined value can be entered. Ports with the same Key value can participate in the same aggregation group, while ports with different keys cannot.
Page 61 Chapter 3: Configuration Port Status When you set the LACP function on the switch, a Port Status overview for all LACP instances is enabled. Web Interface To display the LACP Port Status in the Web interface: 1. Click Configuration, LACP, Port Status 2.
Page 62 Chapter 3: Configuration Port Statistics When you complete the LACP function on the switch, a Port Statistics overview for all LACP instances is enabled. Web Interface To display the LACP Port status in the Web interface: 2. To set the switch to auto-refresh the information, check “Auto-refresh”. 3.
Page 63: Spanning Tree
Chapter 3: Configuration 3.4 Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges, or routers. This allows the switch to interact with other bridging devices (that is, an STP-compliant switch, bridge, or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 64: Bridge Settings
Chapter 3: Configuration 3.4.1 Bridge Settings This section describes how to configure the Spanning Tree Bridge and STP System settings. It allows you to configure STP System settings that are used by all STP Bridge instances in the swtich. Web Interface To configure the Spanning Tree Bridge Settings parameters in the Web interface: 1.
Page 65: Msti Mapping
Chapter 3: Configuration Advanced Settings • Edge Port BPDU Filtering: Control whether a port explicitly configured as Edge will transmit and receive BPDUs. • Edge Port BPDU Guard: Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU. The port will enter the error-disabled state, and will be removed from the active topology.
Page 66: Msti Priorities
Chapter 3: Configuration Parameter Description Configuration Identification • Configuration Name: The name identifying the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI mapping configuration to share spanning trees for MSTI's (Intra-region). The name should not exceed 32 characters.
Page 67: Cist Ports
Chapter 3: Configuration Parameter Description • MSTI: The bridge instance. The CIST is the default instance, always active. • Priority: Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. •...
Page 68 Chapter 3: Configuration • Priority: Controls the port priority. This can be used to control priority of ports having identical port cost. (See 3.4.3 MSTI Priorities). • operEdge (state flag): This is the operational flag describing whether the port is connecting directly to edgedevices. (No Bridges attached.) Transition to the forwarding state is faster for edge ports (having operEdge true) than for other ports.
Page 69: Msti Ports
Chapter 3: Configuration 3.4.5 MSTI Ports This section enables the user to inspect or adjust the current STP MSTI port configuration. An MSTI port is a virtual port, which is represented separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options.
Page 70: Bridge Status
Chapter 3: Configuration • Priority: Controls the port priority. This can be used to control priority of ports having identical port cost. (See 3.4.3 MSTI Priorities). • Buttons: - Save: Click to save changes. - Reset: Click to undo any changes made locally and revert to previously saved values. 3.4.6 Bridge Status After you complete the MSTI Port configuration, confibure the Bridge Status.
Page 71: Port Status
Chapter 3: Configuration 3.4.7 Port Status After you complete the STP configuration, configure the switch display for the STP Port Status. This section enables you to display the STP CIST port status for physical ports of the currently selected switch. Web Interface To display the STP Port status in the Web interface: 1.
Page 72: Port Statistics
Chapter 3: Configuration 3.4.8 Port Statistics After you complete the STP configuration, configure the switch to display the STP Statistics. This section enables you to adjust the STP Statistics detail counters of bridge ports in the currently selected switch. Web Interface To display the STP Port status in the Web interface: 1.
Page 73: Igmp Snooping
Chapter 3: Configuration 3.5 IGMP Snooping This function is used to establish the multicast groups to forward the multicast packet to the member ports, and, in doing so, avoids wasting the bandwidth while IP multicast packets are running over the network. This is because a switch that does not support IGMP or IGMP Snooping cannot tell the multicast packet from the broadcast packet, so it can only treat them all as broadcast packets.
Page 74: Vlan Configuration
Chapter 3: Configuration Parameter Description • Snooping Enabled: Enable the Global IGMP Snooping. • Unregistered IPMCv4 Flooding Enabled: Enable unregistered IPMCv4 traffic flooding. • IGMP SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers to run the SSM service model for the groups in the address range.
Page 75: Port Group Filtering
Chapter 3: Configuration Parameter Description • VLAN ID: It displays the VLAN ID of the entry. • Snooping Enabled: Enable the per-VLAN IGMP Snooping. Only up to 32 VLANs can be selected. • IGMP Querier: Sends IGMP Query messages onto a particular link. Enable the IGMP Querier in the VLAN. •...
Page 76 Chapter 3: Configuration Web Interface To configure the IGMP Snooping Port Group Configuration in the Web interface: 1. Click Configuration, IGMP Snooping, Port Group Filtering 2. Click Add new Filtering Group 3. Scroll the Port to enable the Port Group Filtering. Specify the Filtering Groups in the blank field. 4.
Page 77: Status
Chapter 3: Configuration 3.5.4 Status After completing the IGMP Snooping configuration, the switch will display the IGMP Snooping Status. This section enables you to view the IGMP Snooping detail status. Web Interface To display the IGMP Snooping status in the Web interface: 1.
Page 78: Group Information
Chapter 3: Configuration 3.5.5 Group Information After setting the IGMP Snooping function, you can view the IGMP Snooping Group Information. Entries in the IGMP Group Table are shown on this page. The IGMP Group Table is sorted first by VLAN ID, and then by group. It will use the last entry of the currently displayed table as a basis for the next lookup.
Page 79: Ipv4 Ssm Information
Chapter 3: Configuration 3.5.6 IPv4 SSM information Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many applications, also known as broadcast applications. SSM is a core network technology of IP multicast targeted for audio and video broadcast application environments.
Page 80 Chapter 3: Configuration • Mode: Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude. • Source Address: The IP Address of the source. Currently, system limits the total number of IP source addresses for filtering to 128.
Page 81: Mld Snooping
Chapter 3: Configuration 3.6 MLD Snooping Curiously enough, a network node that acts as a source of IPv6 multicast traffic is only an indirect participant in MLD snooping— it just provides multicast traffic, and MLD doesn’t interact with it. (Note, however, that in an application like desktop conferencing a network node may act as both a source and an MLD host;...
Page 82 Chapter 3: Configuration Figure 3-33. The MLD Snooping Basic Configuration screen. Parameter Description • Snooping Enabled: Enables the Global MLD Snooping. • Unregistered IPMCv6 Flooding Enabled: Enable unregistered IPMCv6 traffic flooding. Please note that disabling unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery. •...
Page 83: Vlan Configuration
Chapter 3: Configuration 3.6.2 VLAN Configuration When MLD snooping is enabled on a VLAN, the switch acts to minimize unnecessary multicast traffic. If the switch receives multicast traffic destined for a given multicast address, it forwards that traffic only to ports on the VLAN that have MLD hosts for that address.
Page 84: Port Group Filtering
Chapter 3: Configuration • Icons, upper right of screen (Refresh, <<, >> ): Click “Refresh“ to refresh the IGMP Group Status manually; click the arrows to navigaate to the next page or entry. • Buttons: - Save: Click to save changes. - Reset: Click to undo any changes made locally and revert to previously saved values.
Page 85: Status
Chapter 3: Configuration 3.6.4 Status This section describes how to display the MLD Snooping Status. Web Interface To display the MLD Snooping Status in the Web interface: 1. Click Configuration, MLD Snooping, Status 2. If you want to auto-refresh the information, check “Auto-refresh” 3.
Page 86: Group Information
Chapter 3: Configuration 3.6.5 Group Information This section describes how to set MLD Snooping Groups Information. The “Start from VLAN“, and “group“ input fields allow the user to select the starting point in the MLD Group Table. Each page shows up to 99 entries from the MLD Group table, default being 20, selected through the “entries per page“ input field.
Page 87: Ipv6 Ssm Information
Chapter 3: Configuration 3.6.6 IPv6 SSM Information This section describes how to configure the entries in the MLDv2 Information Table. The MLDv2 Information Table is sorted first by VLAN ID, then by group, and then by Port No. Different source addresses belonging to the same group are treated as a single entry.
Page 88: Mvr
Chapter 3: Configuration 3.7 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLAN. In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port.
Page 89: Groups Information
Chapter 3: Configuration 3.7.2 Groups Information This section describes how to display the MVR Groups detail information on the switch. Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID, and then by group. Web Interface To display the MVR Groups Information in the Web interface: 1.
Page 90: Statistics
Chapter 3: Configuration 3.7.3 Statistics This section describes the switch will display the MVR detail statistics after you had configured MVR on the switch. It provides the detail MVR statistics information. Web Interface To display the MVR statistics information in the Web interface: 1.
Page 91: Lldp
Chapter 3: Configuration 3.8 LLDP The switch supports the LLDP. For current information on your switch model, the Link Layer Discovery Protocol (LLDP) provides a standards-based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices.
Page 92 Chapter 3: Configuration • Tx Delay: If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value. Valid values are restricted to one to 8192 seconds.
Page 93: Lldp Neighbors
Chapter 3: Configuration 3.8.2 LLDP Neighbors This page provides a status overview for all LLDP neighbors. The displayed table contains a row for each port on which an LLDP neighbor is detected. The columns hold the following information: Web Interface To show LLDP neighbors: 1.
Page 94: Lldp-Med Configuration
Chapter 3: Configuration • System Description: System Description is the port description advertised by the neighbor unit. • Management Address: Management Address is the neighbor unit’s address that is used for higher layer entities to assist discovery by the network management. This could hold the neighbor's IP address, for example. •...
Page 95 Because there is a risk of an LLDP frame being lost during transmission between neighbors, Black Box recommends that you repeat the fast start transmission multiple times to increase the possibility of the neighbors receiving the LLDP frame. With the fast start repeat count selection, it is possible to specify the number of times the fast start transmission would be repeated.
Page 96 Chapter 3: Configuration Parameter Description: Coordinates Location • Latitude: Latitude should be normalized to within 0-90 degrees with a maximum of 4 digits. It is possible to specify the direction to either north of the equator or south of the equator. •...
Page 97 Chapter 3: Configuration • Apartment: Unit (Apartment, suite) - Example: Apt 42. • Floor: Floor - Example: 4. • Room no.: Room number - Example: 450F. • Place type: Place type - Example: Office. • Postal community name: Example: Leonia. •...
Page 98 Chapter 3: Configuration • Application Type: Intended use of the application types: 1. Voice - for use by dedicated IP telephony handsets and similar appliances supporting interactive voice services. These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications. 2.
Page 99: Lldp-Med Neighbors
Chapter 3: Configuration 3.8.4 LLDP-MED Neighbors This section provides a status overview of all LLDP-MED neighbors. The table contains a row for each port on which an LLDP neighbor is detected. This function applies to VoIP devices that support LLDP-MED. Web Interface To show LLDP-MED neighbor: 1.
Page 100 Chapter 3: Configuration • LLDP-MED Generic Endpoint (Class I): The LLDP-MED Generic Endpoint (Class I) definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA-1057, however do not support IP media or act as an end-user communication appliance.
Page 101 Chapter 3: Configuration 7. Streaming Video - for use by broadcast or multicast-based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment. Video applications relying on TCP with buffering would not be an intended use of this application type. 8.
Page 102: Eee
Chapter 3: Configuration 3.8.5 EEE By using EEE, power savings can be achieved at the expense of traffic latency. This latency occurs because EEE circuits turn off to save power, and they need time to boot up before sending traffic over the link. This time is called “wakeup time“. To achieve minimal latency, devices can use LLDP to exchange information about their respective tx and rx “wakeup time“...
Page 103: Port Statistics
Chapter 3: Configuration 3.8.6 Port Statistics Two types of counters are shown. Global counters are counters that refer to the whole switch, while local counters refer to per-port counters for the currently selected switch. Web Interface To show LLDP Statistics: 1.
Page 104 Chapter 3: Configuration • Frames Discarded: If an LLDP frame is received on a port, and the switch’s internal table has run full, the LLDP frame is count- ed and discarded. This situation is known as “Too Many Neighbors“ in the LLDP standard. LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table.
Page 105: Filtering Data Base
Chapter 3: Configuration 3.9 Filtering Data Base The Filtering Data Base Configuration function gathers many functions, including MAC Table Information, Static MAC Learning, which cannot be categorized to some function type. MAC Table The switching of frames is based upon the DMAC address contained in the frame. The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame).
Page 106 Chapter 3: Configuration Figure 3-49: The MAC Address Table Configuration screen. Parameter Description • Aging Configuration: By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging. Configure aging time by entering a value here in seconds. For example, Age time seconds. The range given should be 10 to 1,000,000 seconds.
Page 107 Chapter 3: Configuration Static MAC Table Configuration The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries. The MAC table is sorted first by VLAN ID and then by MAC address. •...
Page 108: Dynamic Mac Table
Chapter 3: Configuration 3.9.2 Dynamic MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address. Web Interface To Display MAC Address Table in the Web interface: 1.
Page 109: Vlan
Chapter 3: Configuration 3.10 VLAN This section describes how to assign a specific VLAN for management purpose. The management VLAN is used to establish an IP connection to the switch from a workstation connected to a port in the VLAN. This connection supports a VSM, SNMP, and Telnet session.
Page 110: Vlan Membership
Chapter 3: Configuration 3.10.1 VLAN Membership The VLAN membership configuration for the selected switch can be monitored and modified here. Up to 4094 VLANs are supported. This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN. Web Interface To configure VLAN membership configuration in the Web interface: 1.
Page 111: Ports
Chapter 3: Configuration 3.10.2 Ports User can configure all parameters to each port in VLAN Port Setting. These parameters involved two parts, Ingress rule and Egress rule. The function of Port Type, Ingress Filtering, Frame Type, and PVID affect Ingress process. Furthermore, Port Type, Egress Rule, and PVID affect Egress process.
Page 112 Chapter 3: Configuration Table 3-1: Port Types. Port Type Ingress Action Egress Action Unaware: The function When the port received untagged frames, an untagged The TPID of a frame transmitted by of Unaware can be frame obtains a tag (based on PVID) and is forwarded. an Unaware port will be set to used for 802.1QinQ 0x8100.
Page 113: Switch Status
Chapter 3: Configuration 3.10.3 Switch Status The function Switch Status gathers the information of all VLAN status and reports it by the order of Static NAS MVRP MVP Voice VLAN MSTP GVRP Combined. Web Interface To Display VLAN membership status in the Web interface: 1.
Page 114: Port Status
Chapter 3: Configuration 3.10.4 Port Status This function, Port Status, gathers the information of all VLAN status and reports it by the order of Static NAS MVRP MVP Voice VLAN MSTP GVRP Combined. Web Interface To Display VLAN Port Status in the Web interface: 1.
Page 115: Private Vlans
Chapter 3: Configuration 3.10.5 Private VLANs In a private VLAN, communication between ports is not permitted. A VLAN can be configured as a private VLAN. Assigning Membership in Private VLANs The Private VLAN membership configurations for the switch can be monitored and modified here. Private VLANs can be added or deleted here.
Page 116 Chapter 3: Configuration Port Isolation Port Isolation provides for an apparatus and method to isolate ports on Layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair.
Page 117: Mac-Based Vlan
Chapter 3: Configuration 3.10.6 MAC-Based VLAN MAC address-based VLAN decides the VLAN for forwarding an untagged frame based on the source MAC address of the frame. A most common way of grouping VLAN members is by port, hence the name port-based VLAN. Typically, the device adds the same VLAN tag to untagged packets that are received through the same port.
Page 118 Chapter 3: Configuration Parameter Description • Delete: To delete a MAC-based VLAN entry, check this box and press Save. The entry will be deleted on the selected switch. • MAC Address: Indicates the MAC address. • VLAN ID: Indicates the VLAN ID. •...
Page 119 Chapter 3: Configuration Status This section shows MAC-based VLAN entries configured by various MAC-based VLAN users. Currently we support following VLAN User types: NAS : NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. Web Interface To Display MAC-based VLAN configured in the Web interface: 1.
Page 120: Protocol-Based Vlan
Chapter 3: Configuration 3.10.7 Protocol-Based VLAN This section describes Protocol-based VLAN. The switch supports protocol including Ethernet LLC SNAP Protocol. The Logical Link Control (LLC) data communications protocol layer is the upper sub-layer of the Data Link Layer (which is itself Layer 2, just above the Physical Layer) in the seven-layer OSI reference model.
Page 121 Chapter 3: Configuration Parameter Description • Delete: To delete a Protocol to Group Name map entry, check this box. The entry will be deleted on the switch during the next Save. • Frame Type: Frame Type can have one of the following values: 1.
Page 122 Chapter 3: Configuration Group to VLAN This section has instructions on how to map an already-configured Group Name to a VLAN for the selected switch. Web Interface To Display Group Name to VLAN mapping table configured in the Web interface: 1.
Page 123: Voice Vlan
Chapter 3: Configuration 3.11 Voice VLAN Voice VLAN is VLAN configured specially for voice traffic. By adding the ports with voice devices attached to voice VLAN, we can perform QoS-related configuration for voice data, ensuring the transmission priority of voice traffic and voice quality. 3.11.1 Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, then the switch can classify and schedule network traffic.
Page 124 Chapter 3: Configuration Parameter Description • Mode: Indicates the Voice VLAN mode operation. Disable the MSTP feature before enabling Voice VLAN to avoid the conflict of ingress filtering. Possible modes are: Enabled: Enable Voice VLAN mode operation. Disabled: Disable Voice VLAN mode operation. •...
Page 125: Oui
Chapter 3: Configuration 3.11.2 OUI This section describes how to Configure the VOICE VLAN OUI table. The maximum entry number is 16. Modifying the OUI table will restart auto detection of OUI process. Web Interface To configure Voice VLAN OUI Table in the Web interface: 1.
Page 126: Garp
Chapter 3: Configuration 3.12 GARP The Generic Attribute Registration Protocol (GARP) provides a generic framework in which devices in a bridged LAN, e.g. end stations and switches, can register and de-register attribute values, such as VLAN Identifiers, with each other. In doing so, the attributes are propagated to devices in the bridged LAN, and these devices form a reachability tree that is a subset of an active topology.
Page 127 Chapter 3: Configuration • Timer Values: To set the GARP join timer, leave timer, and leave all timers, the unit is microseconds (ms). Three different timers can be configured on this page: - Join Timer: The default value for Join timer is 200 ms. - Leave Timer: The range of values for Leave Time is 600–1000 ms.
Page 128: Statistics
Chapter 3: Configuration 3.12.2 Statistics This section describes the port statistics of GARP for all switch ports. The port statistics relate to the currently selected unit, as shown in the page header. Web Interface To display GARP Port statistics in the Web interface: 1.
Page 129: Gvrp
Chapter 3: Configuration 3.13 GVRP GVRP is an application based on Generic Attribute Registration Protocol (GARP), mainly used to automatically and dynamically maintain the group membership information of the VLANs. The GVRP offers the function providing the VLAN registration service through a GARP application.
Page 130 Chapter 3: Configuration 1. GVRP Mode This configuration is to enable/disable GVRP Mode on particular port locally. - Disable: Select to disable GVRP Mode on this port. - Enable: Select to enable GVRP Mode on this port. The default value of configuration is Disable. 2.
Page 131: Statistics
Chapter 3: Configuration 3.13.2 Statistics The section describes the basic GVRP Port statistics for all switch ports. The statistics relate to the currently selected unit, as shown in the page header. Web Interface To display GVRP Port statistics in the Web interface: 1.
Page 132: Qos
Chapter 3: Configuration 3.14 QoS The switch supports four QoS queues per port, with strict or weighted fair queuing scheduling. It supports QoS Control Lists (QCL) for advance programmable QoS classification, based on IEEE 802.1p, Ethertype, VID, IPv4/IPv6 DSCP and UDP/TCP ports and ranges.
Page 133 Chapter 3: Configuration • DP level: Controls the default DP level, i.e., the DP level for frames not classified in any other way. • PCP: Controls the default PCP for untagged frames. • DEI: Controls the default DEI for untagged frames. •...
Page 134: Port Policing
Chapter 3: Configuration 3.14.2 Port Policing This section provides an overview of QoS Ingress Port Policers for all switch ports. Because voice and video usually maintain a steady rate of traffic, Port Policing is useful in constraining traffic flows and marking frames above specific rates. Web Interface To display the QoS Port Schedulers in the Web interface: 1.
Page 135: Port Scheduler
Chapter 3: Configuration 3.14.3 Port Scheduler This section provides an overview of QoS Egress Port Schedulers for all switch ports. and the ports belong to the currently selected unit, as stated in the screen header. Web Interface To display the QoS Port Schedulers in the Web interface: 1.
Page 136 Chapter 3: Configuration Selecting “Weighted“ mode will display this screen instead of that shown in Figure 3-65. Figure 3-71. The QoS Egress Port Scheduler front screen in Weighted mode. Parameter Description • Port: The logical port for the settings contained in the same row. Click on the port number to configure the schedulers. •...
Page 137: Port Shaping
Chapter 3: Configuration 3.14.4 Port Shaping This section provides an overview of QoS Egress Port Shaping for all switch ports. Others the user could get all detail information ot the ports belong to the currently selected unit, as shown in the page header. Web Interface To display the QoS Port Shapers screen in the Web interface: 1.
Page 138 Chapter 3: Configuration Selecting “Weighted“ mode will display this screen instead of that shown in Figure 3-65. Figure 3-73. The QoS Egress Port Shapers screen, Weighted mode. Parameter Description • Port: The logical port for the settings contained in the row. Click on the port number to configure the shapers. •...
Page 139: Port Tag Remarking
Chapter 3: Configuration 3.14.5 Port Tag Remarking This section provides an overview of QoS Egress Port Tag Remarking for all switch ports. Others the ports belong to the currently selected unit, as shown in the screen header. Web Interface To display the QoS Port Tag Remarking in the Web interface: Click Configuration, QoS, Port Tag Remarking. Click the Port Index to set the QoS Port Tag Remarking.
Page 140: Port Dscp
Chapter 3: Configuration 3.14.6 Port DSCP The section describes how to set the QoS Port DSCP configuration, enabling you to configure the basic QoS Port DSCP Configuration settings for all switch ports. Others the settings relate to the currently selected unit, as shown in the page header. Web Interface To configure the QoS Port DSCP parameters in the Web interface: 1.
Page 141: Dscp-Based Qos
Chapter 3: Configuration • Egress: Port Egress Rewriting can be one of these parameters: - Disable: No Egress rewrite. - Enable: Rewrite enable without remapped. - Remap: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. •...
Page 142 Chapter 3: Configuration Figure 3-76. The DSCP-Based QoS Ingress Classification Configuration screen. Parameter Description • DSCP: Maximum number of supported DSCP values are 64. • Trust: Click to check if the DSCP value is trusted. • QoS Class: QoS Class value can be any of (0-7). •...
Page 143: Dscp Translation
Chapter 3: Configuration 3.14.8 DSCP Translation This section describes how you can configure the basic QoS DSCP Translation settings for all switches. DSCP Translation can be done in Ingress or Egress. Web Interface To configure the DSCP Translation parameters in the Web interface: 1.
Page 144 Chapter 3: Configuration Parameter Description • DSCP: Maximum number of supported DSCP values are 64, and valid DSCP value ranges from 0 to 63. • Ingress: The Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP translation: 1.
Page 145: Dscp Classification
Chapter 3: Configuration 3.14.9 DSCP Classification This section describes how to configure and map DSCP value to a QoS Class and DPL value. Others the settings relate to the currently selected unit, as shown in the page header. Web Interface To configure the DSCP Classification parameters in the Web interface: 1.
Page 146: Qos Control List Configuration
Chapter 3: Configuration 3.14.10 QoS Control List Configuration This section shows the QoS Control List (QCL), which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch. Click on the lowest plus sign to add a new QCE to the list. Web Interface To configure the QoS Control List parameters in the Web interface: 1.
Page 147 Chapter 3: Configuration • SMAC: Displays the OUI field of Source MAC address, i.e. first three octet (byte) of MAC address. • DMAC: Specify the type of Destination MAC addresses for incoming frame. Possible values are: Any: All types of Destination MAC addresses are allowed. Unicast: Only Unicast MAC addresses are allowed.
Page 148 Chapter 3: Configuration DMAC Type Destination MAC type: possible values are unicast (UC), multicast (MC), broadcast (BC) or ’Any.’ Frame Type can have any of the following values: 1. Any 2. Ethernet 3. LLC 4. SNAP 5. IPv4 6. IPv6 All frame types are explained below: 1.
Page 149: Qcl Status
Chapter 3: Configuration 3.14.11 QCL Status This section describes how to configure the QCL status by different QCL users. Each row describes the QCE that is defined. It is a conflict if a specific QCE is not applied to the hardware because of hardware limitations. The maximum number of QCEs is 256 on each switch.
Page 150: Storm Control
Chapter 3: Configuration • Auto-refresh: Check the auto-refresh box to set the unit to refresh information automatically. • Resolve Conflict: Click it to resolve confict issues. • Icon, upper right of screen (Refresh): Click to refresh the QCL information manually. 3.14.12 Storm Control This section describes how to configure the Storm control for the switch.
Page 151: Thermal Protection
Chapter 3: Configuration 3.15 Thermal Protection This section describes how to inspect and configure current settings for controlling thermal protection. Thermal protection is used to protect the chip from becoming overheated. 3.15.1 Configuration When the temperature exceeds the configured thermal protection temperature, ports will be turned off to decrease the power consumption.
Page 152: Status
Chapter 3: Configuration NOTE: The temperature means the MAC and PHY chipset’s TA temperature, not the PSU device or environment temperature. Do not set environment temperature limitation value. • Port priorities: This indicates the priority for each port. It allows the user to set what priority criterion is used to trigger the Port to be turned off via thermal protection.
Page 153: Sflow Agent
Chapter 3: Configuration 3.16 sFlow Agent The sFlow Collector configuration for the switch can be monitored and modified here. Up to one Collector is supported. This section contains instructions on how to configure sFlow collector IP type, sFlow collector IP Address, and Port Number for each sFlow Collector.
Page 154: Sampler
Chapter 3: Configuration • Time out: It is the duration during which the collector receives samples, Once it is expired, the sampler stops sending the samples. It is through the management the value is set before it expires. The value accepted is within the range of 0-2147483647.
Page 155 Chapter 3: Configuration Parameter Description • sFlow Ports: List of the port numbers on which sFlow is configured. • sFlow Instance: Configured sFlow instance for the port number. • Sampler Type: Configured sampler type on the port and could be any of the types: None, Rx, Tx or All. Scroll to choose. By default, The value is “None”.
Page 156: Loop Protection
Chapter 3: Configuration 3.17 Loop Protection Loop detection detects the presence of traffic. When a switch becomes aware that a packet’s (looping detection frame) MAC address is the same that of its own port, Loop Protection activates. The port will be locked when it receives the looping detection frames.
Page 157: Status
Chapter 3: Configuration • Action: Configures the action performed when a loop is detected on a port. Valid values are Shutdown Port, Shutdown Port and Log or Log Only. • Tx Mode: Controls whether the port is actively generating loop protection PDUs, or whether it is just passively looking for looped PDUs.
Page 158: Single Ip
Chapter 3: Configuration 3.18 Single IP Single IP Management (SIM) is a simple and useful method to optimize network utilities and management, designed to manage a group of switches as a single entity, called a SIM group. The SIM feature will enable users to: - Simplify management of small workgroups or wiring closets while scaling networks to handle increased bandwidth demand.
Page 159 Chapter 3: Configuration Web Interface To show the Single IP in the Web interface: 1. Click Configuration, Single IP, and then Information. 2. Click refresh, or check auto-refresh to automaticaly update Information. Figure 3-89. The Single IP Information screen. Parameter Description •...
Page 160: Easy Port
Chapter 3: Configuration 3.19 Easy Port Easy Port provides a convenient way to save and share common configurations. Use it to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network, including Voice IP phones, wireless access points and IP cameras, Or leverage it to run a converged voice, video, and data network considering quality of service (QoS), bandwidth, latency, and high performance.
Page 161 Chapter 3: Configuration • Port Security limit: Set the Port security limit here. The default is 1. • Spanning Tree Admin Edge: Enable or disable the Spanning Tree Admin Edge function. • Spanning Tree BPDU Guard: Enable or disable the Spanning Tree BPDU Guard function on the Easy Port. •...
Page 162: Mirroring
Chapter 3: Configuration 3.20 Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. The Mirror Configuration enables you to monitor the traffic of the network.
Page 163: Trap Event Severity
Chapter 3: Configuration 3.21 Trap Event Severity This function is used to set a Alarm trap and get the Event log. The Trap Events Configuration function is used to enable the switch to send out the trap information while pre-defined trap events occurred. Web Interface To configure the Trap Event Severity Configuration in the Web interface: 1.
Page 164: Smtp Configuration
Chapter 3: Configuration 3.22 SMTP Configuration When the switch perceives an alarm, use this function to enable the SMTP server to send you an alarm e-mail. Web Interface To configure the SMTP Configuration in the Web interface: 1. Click Configuration, SMTP Configuration. 2.
Page 165: Upnp
Chapter 3: Configuration 3.23 UPnP Universal Plug and Play (UPnP) enables devices to connect seamlessly and to simplify the implementation of networks in home (data sharing, communications, and entertainment) and corporate environments. Web Interface To configure the UPnP Configuration in the Web interface: 1.
Page 166: Security
Chapter 4: Security 4. Security This chapter describes all the switch security configuration tasks to enhance the security of the local network including IP Source Guard, ARP Inspection, DHCP Snooping, AAA, and others. 4.1. IP Source Guard This section describes how to configure the IP Source Guard detail parameters of the switch. Use the IP Source Guard Configuration screen to configure to enable or disable with the port of the switch.
Page 167: Static Table
Chapter 4: Security Parameter Description • Mode of IP Source Guard Configuration: Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled. • Port Mode Configuration: Specify on which ports IP Source Guard is enabled. Only when both Global Mode and Port Mode on a given port are enabled is IP Source Guard enabled on that port.
Page 168: Dynamic Table
Chapter 4: Security • IP Mask: Used for calculating the allowed network with IP address. • MAC address: Valid source MAC address. • Adding new entry: Click to add a new entry to the Static IP Source Guard table. Specify the Port, VLAN ID, IP address, and IP Mask for the new entry.
Page 169: Arp Inspection
Chapter 4: Security 4.2 ARP Inspection The section describes to configure the ARP Inspection parameters of the switch. Use the ARP Inspection configure to manage the ARP table. 4.2.1 Configuration This section describes how to configure ARP Inspection setting including: - Mode (Enabled and Disabled).
Page 170: Static Table
Chapter 4: Security 4.2.2 Static Table This section describes how to configure the Static ARP Inspection Table parameters of the switch. Web Interface To configure a Static ARP Inspection Table Configuration in the Web interface: 1. Click “Add new entry”. 2.
Page 171: Dynamic Table
Chapter 4: Security 4.2.3 Dynamic Table This section describes how to configure the Dynamic ARP Inspection Table parameters. The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. Web Interface To configure a Dynamic ARP Inspection Table Configuration in the Web interface: 1.
Page 172: Dhcp Snooping
Chapter 4: Security 4.3 DHCP Snooping The section describes how to configure the DHCP Snooping parameters of the switch, for the purpose of preventing attackers from adding their own DHCP servers to the network. 4.3.1 Configuration This section describes how to configure the DHCP Snooping setting including: - Snooping Mode (Enabled and Disabled) - Port Mode Configuration (Trusted, Untrusted) Web Interface...
Page 173: Statistics
Chapter 4: Security 4.3.2 Statistics This section describes how to display the DHCP snooping port statistics. The statistics show only packet counters when DHCP snooping mode is enabled and relay mode is disabled. They don’t count the DHCP packets for a DHCP client. Web Interface To configure DHCP Snooping Statistics in the Web interface: 1.
Page 174: Dhcp Relay
Chapter 4: Security 4.4 DHCP Relay The section describes how to forward DHCP requests to another specific DHCP servers via DHCP relay. The DHCP servers may be on another network. 4.4.1 Configuration This section describes how to configure DHCP Relay setting including: - Relay Mode (Enabled and Disabled) - Relay Server IP setting - Relay Information Mode (Enabled and Disabled)
Page 175: Statistics
Chapter 4: Security • Relay Information Policy: Indicates the DHCP relay information option policy. When DHCP relay information mode operation is enabled, if agent receives a DHCP message that already contains relay agent information, it will enforce the policy. And it only works under DHCP if relay information operation mode is enabled.
Page 176 Chapter 4: Security Client Statistics • Transmit to Client: The number of relayed packets from server to client. • Transmit Error: The number of packets that resulted in error while being sent to servers. • Receive from Client: The number of received packets from server. •...
Page 177: Nas
Chapter 4: Security 4.5 NAS This section describes how to configure the NAS parameters of the switch. The NAS server can be used to connect users to a variety of resources including Internet access, conference calls, printing documents on shared printers, or by simply logging on to the Internet.
Page 178 Chapter 4: Security Parameter Description • Mode: Indicates if NAS is globally enabled or disabled on the switch. If globally disabled, all ports are allowed forwarding of frames. • Reauthentication Enabled: If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period.
Page 179 Chapter 4: Security • RADIUS-Assigned VLAN Enabled: RADIUS-assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch. Incoming traffic will be classified to and switched on the RADIUS- assigned VLAN. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned VLAN Enabled below for a detailed description).
Page 180 Chapter 4: Security NOTE: Suppose two backend servers are enabled and that the server timeout is configured to X seconds (using the AAA configuration page), and suppose that the first server in the list is currently down (but not considered dead). Now, if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, then it will never get authenticated, because the switch will cancel ongoing backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant.
Page 181 Chapter 4: Security The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a third party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate.
Page 182 Chapter 4: Security - Value of Tunnel-Type must be set to "VLAN" (ordinal 13). - Value of Tunnel-Private-Group-ID must be a string of ASCII characters in the range '0' - '9', which is interpreted as a decimal string representing the VLAN ID. Leading '0's are discarded. The final value must be in the range [1; 4095]. •...
Page 183: Switch Status
Chapter 4: Security Reinitialize: Forces a reinitialization of the clients on the port—and thereby a reauthentication—immediately. The clients will transfer to the unauthorized state while the reauthentication is in progress. • Buttons: - Save: Click to save changes. - Reset: Click to undo any changes made locally and revert to previously saved values. •...
Page 184: Port Status
Chapter 4: Security 4.5.3 Port Status This section provides detailed informationon how to display NAS statistics for a specific switch port running EAPOL-based IEEE 802.1X authentication. Web Interface To configure a NAS Port Status Configuration in the Web interface: 1. Specify the Port you want to check. 2.
Page 185 Chapter 4: Security - Multi 802.1X - MAC-based Auth. • Last Supplicant/Client Info: Information about the last supplicant/client that attempted to authenticate. This information is available for the following administrative states: - Port-based 802.1X - Single 802.1X - Multi 802.1X - MAC-based Auth.
Page 186: Aaa
Chapter 4: Security 4.6 AAA This section shows you how to use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage objects that contain settings for using AAA servers.
Page 187 Chapter 4: Security Figure 4-15. The TACACS+ Authorization and Accounting Configuration screen. Figure 4-16. The RADIUS Authentication Configuration screen. Figure 4-17. The RADIUS Accounting Configuration screen. Figure 4-18. The TACACS+ Authentication Configuration screen. 724-746-5500 | blackbox.com Page 187 LGB1108A...
Page 188 Chapter 4: Security Parameter Description • Timeout: The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
Page 189: Radius Overview
Chapter 4: Security • Port: The TCP port to use on the TACACS+ Authentication Server. If the port is set to 0 (zero), the default port (49) is used on the TACACS+ Authentication Server. • Secret: The secret—up to 29 characters long—shared between the TACACS+ Authentication Server and the switch. •...
Page 190: Radius Details
Chapter 4: Security - Disabled: The server is disabled. - Not Ready: The server is enabled, but IP communication is not yet up and running. - Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept accounting attempts.
Page 191: Port Security
Chapter 4: Security 4.7 Port Security This section demonstrates how to configure the Port Security settings of the Switch. Use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses. 4.7.1 Limit Control This section demonstrates how to configure the Port Security settings of the Switch. Use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses.
Page 192 Chapter 4: Security • Aging Enabled: If checked, secured MAC addresses are subject to aging as discussed under Aging Period. • Aging Period: If Aging Enabled is checked, then the aging period is controlled with this input. If other modules are using the underlying port security for securing MAC addresses, they may have other requirements to the aging period.
Page 193: Switch Status
Chapter 4: Security - Shutdown: Indicates that the port is shut down by the Limit Control module. This state can only be shown if Action is set to Shutdown or Trap & Shutdown. • Re-open Button: If a port is shutdown by this module, you may reopen it by clicking this button, which will only be enabled if this is the case.
Page 194 Chapter 4: Security • Port Status: The table has one row for each port on the selected switch and a number of columns, which are: • Port: The port number for which the status applies. Click the port number to see the status for this particular port. •...
Page 195: Port Status
Chapter 4: Security 4.7.3 Port Status This section shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules, including the user modules. When a user module has enabled port security on a port, the port is set up for software-based learning.
Page 196: Access Management
Chapter 4: Security 4.8 Access Management This section shows how to configure access management table of the Switch including HTTP/HTTPS, SNMP, and TELNET/SSH. You can manage the Switch over an Ethernet LAN, or over the Internet. 4.8.1 Configuration This section shows how to configure access management table of the switch. The maximum entry number is 16. If the application’s type matches any one of the access management entries, it will allow access to the switch.
Page 197: Statistics
Chapter 4: Security • TELNET/SSH: Indicates that the host can access the switch from TELNET/SSH interface if the host IP address matches the IP address range provided in the entry. • Buttons: - Save: Click to save changes. - Reset: Click to undo any changes made locally and revert to previously saved values. 4.8.2 Statistics This section shows you a detailed statistics of the Access Management including HTTP, HTTPS, SSH.
Page 198: Ssh
Chapter 4: Security 4.9 SSH This section shows how to use SSH (Secure SHell) to securely access the Switch. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication. Web Interface To configure a SSH Configuration in the Web interface: 1.
Page 199: Https
Chapter 4: Security 4.10 HTTPS This section shows how to use HTTPS to securely access the Switch. HTTPS is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication via the browser. Web Interface To configure a HTTPS Configuration in the Web interface: 1.
Page 200: Authentication Method
Chapter 4: Security 4.11 Authentication Method This section shows how to configure a user with authentication when logging in to the switch via one of the management client interfaces. Web Interface To configure a Authentication Method Configuration in the Web interface: 1.
Page 201: Maintenance
Chapter 5: Maintenance 5. Maintenance This chapter describes all the switch Maintenance configuration tasks to enhance the performance of local network including Restart Device, Firmware upgrade, Save/Restore, Import/Export, and Diagnostics. 5.1 Restart Device This section describes how to restart the switch for any maintenance needs. Any configuration files or scripts saved in the switch should still be available after restart.
Page 202: Firmware
Chapter 5: Maintenance 5.2 Firmware This section describes how to upgrade firmware. The switch can be enhanced with more value-added functions by installing firmware upgrades. 5.2.1 Firmware Upgrade This page facilitates an update of the firmware controlling the switch. Web Interface To configure a Firmware Upgrade Configuration in the Web interface: 1.
Page 203: Firmware Selection
Chapter 5: Maintenance 5.2.2 Firmware Selection The switch supports dual images for firmware redundancy. You can select the firmware image for your device: Start firmware or Operating firmware. This page provides information about the active and alternate (backup) firmware images in the device, and enables you to revert to the alternate image.
Page 204: Save / Restore
Chapter 5: Maintenance 5.3 Save / Restore This section describes how to save and restore the switch configuration including reset to Factory Defaults, Save Start, Save Users, Restore Users for any maintenance needs. 5.3.1 Factory Defaults This section describes how to reset the Switch configuration to Factory Defaults. Any configuration files or scripts will recover to factory default values.
Page 205: Save Start
Chapter 5: Maintenance 5.3.2 Save Start This section describes how to save the Switch Start configuration. Any current configuration files will be saved as XML format. Web Interface To configure a Save Start Configuration in the Web interface: 1. Click “Save Start.“ 2.
Page 206: Restore User
Chapter 5: Maintenance 5.3.4 Restore User This section describes how to restore user information back to the switch. Any current configuration files will be restored via XML format. Web Interface To configure a Restore User Configuration in the Web interface: 1.
Page 207: Export / Import
Chapter 5: Maintenance 5.4 Export / Import This section describes how to export and import the switch configuration. Any current configuration files will be exported as XML format. 5.4.1 Export Config This section describes how to export the switch configuration for maintenance needs. Any current configuration files will be exported as XML format.
Page 208: Import Config
Chapter 5: Maintenance 5.4.2 Import Config This section describes how to import the switch configuration for maintenance needs. Any current configuration files will be imported as XML format. Web Interface To configure an Import Configuration in the Web interface: 1. Click “Browser to select the config file in your device.“ 2.
Page 209: Diagnostics
Chapter 5: Maintenance 5.5 Diagnostics This section provides a set of basic system diagnotsics. It lets users know that whether the system is healthy or needs to be fixed. The basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics. 5.5.1 Ping This section allows you to issue ICMP PING packets to troubleshoot IPv6 connectivity issues.
Page 210: Ping6
Chapter 5: Maintenance 5.5.2 Ping6 This section enables you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues. Web Interface To configure an ICMPv6 PING Configuration in the web interface: 1.Specify ICMPv6 PING IP Address. 2.Specify ICMPv6 PING Size. 3.Click “Start.“...
Page 211: Veriphy
Chapter 5: Maintenance 5.5.3 VeriPHY This section describes how to run the VeriPHY Cable Diagnostics. Press to run the diagnostics. It takes approximately five seconds to run. If all ports are selected, it can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table.
Page 212: Appendix: Glossary Of Web-Based Management Terms
Appendix Appendix: Glossary of Web-Based Management Terms ACE: ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed, different parameter options that are available for individual application.
Page 213 Appendix CCM: CCM is an acronym for Continuity Check Message. It is a OAM frame transmitted from a MEP to its peer MEP and used to implement CC functionality. CDP: CDP is an acronym for Cisco Discovery Protocol. DEI: DEI is an acronym for Drop Eligible Indicator. It is a 1-bit field in the VLAN tag. DES: DES is an acronym for Data Encryption Standard.
Page 214 Appendix DSCP: DSCP is an acronym for Differentiated Services Code Point. It is a field in the header of IP packets for packet classification purposes. EEE: EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802.3az. EPS: EPS is an abbreviation for Ethernet Protection Switching defined in ITU/T G.8031. Ethernet Type: Ethernet Type, or EtherType, is a field in the Ethernet MAC header, defined by the Ethernet networking standard.
Page 215 Appendix IMAP is the protocol that IMAP clients use to communicate with the servers, and SMTP is the protocol used to transport mail to an IMAP server. The current version of the Internet Message Access Protocol is IMAP4. It is similar to Post Office Protocol version 3 (POP3), but offers additional and more complex features.
Page 216 Appendix MEP: MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group (ITU-T Y.1731). Mirroring: For debugging network problems or monitoring network traffic, the switch system can be configured to mirror frames from multiple ports to a mirror port. (In this context, mirroring a frame is the same as copying the frame.) Both incoming (source) and outgoing (destination) frames can be mirrored to the mirror port.
Page 217 Appendix Policer: A policer can limit the bandwidth of received frames. It is located in front of the ingress queue. POP3: POP3 is an acronym for Post Office Protocol version 3. It is a protocol for e-mail clients to retrieve e-mail messages from a mail server.
Page 218 Appendix SNAP: The SubNetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP) fields. SNAP supports identifying protocols by Ethernet type field values; it also supports vendor-private protocol identifier. SNMP: SNMP is an acronym for Simple Network Management Protocol.
Page 219 Appendix UDP provides two services not provided by the IP layer. It provides port numbers to help distinguish different user requests and, optionally, a checksum capability to verify that the data arrived intact. Common network applications that use UDP include the Domain Name System (DNS), streaming media applications such as IPTV, Voice over IP (VoIP), and Trivial File Transfer Protocol (TFTP).
Page 220 About Black Box Black Box provides an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 30 seconds or less.

This manual is also suitable for:

Lgb1108a Lgb1148a

Black Box LGB1126A User Manual

1 Overview

2 System Configuration

3 Configuration

4 Security

5 Maintenance

Appendix: Glossary of Web-Based Management Terms

Quick Links

BLACK BOX

Related Manuals for Black Box LGB1126A

Summary of Contents for Black Box LGB1126A