1. Manuals
  2. Brands
  3. Stephen Manuals
  4. Network Router
  5. STES2026
  6. Configuration manual manual

Stephen STES2026 Configuration Manual Manual

Layer 2 managed ethernet switch
Hide thumbs
Table of Contents

Advertisement

Quick Links

Download this manual
Stephen Technologies Co.,Limited
STES2026 Layer 2 managed Ethernet Switch
Configuration Guide Manual
VER:1.0.1
www.stephen-tele.com

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the STES2026 and is the answer not in the manual?

Questions and answers

Related Manuals for Stephen STES2026

Summary of Contents for Stephen STES2026

  • Page 1 Stephen Technologies Co.,Limited STES2026 Layer 2 managed Ethernet Switch Configuration Guide Manual VER:1.0.1 www.stephen-tele.com...

  • Page 2: About This Manual

    This manual applies to STES2026 Ethernet Switch. Related Manuals The related manuals are listed in the following table. É STES2026 Ethernet Switch Installation Manu ˚ É STES2026 Ethernet Switch Configuration Guide Manu ˚ Intended Audience The manual is intended for the following readers: Network engineers...
  • Page 3 Stephen Technologies Co.,Limited italic Command arguments are in italic. Items (keywords or arguments) in square brackets [ ] are optional. { x | y | ... } Alternative items are grouped in braces and separated by vertical bars. One is selected.
  • Page 4 Stephen Technologies Co.,Limited VI. Symbols Eye-catching symbols are also used in the manual to highlight the points worthy of special attention during the operation. They are defined as follows: Caution: Means reader be extremely careful during the operation. Note: Means a complementary description.

  • Page 5: Table Of Contents

    Stephen Technologies Co.,Limited Chapter 1 Product Overview ............... 1 1.1 Product Overview ....................1 1.2 Function Features....................1 Chapter 2 Logging in Switch ............... 3 2.1 Setting up Configuration Environment via the Console Port ........ 3 2.2 Setting up Configuration Environment through Telnet ......... 5 2.2.1 Connecting a PC to the Switch through Telnet..........
  • Page 6 Stephen Technologies Co.,Limited Chapter 7 VLAN Configuration..............35 7.1 VLAN Overview....................35 7.2 Configuring VLAN....................35 7.2.1 Selecting VLAN mode................35 7.2.2 Configuring 802.1Q VLAN ............... 36 7.2.3 Configuring port VALN ................38 Chapter 8 MAC Address Table Management ......... 40 8.1 MAC Address Table Management Overview............
  • Page 7 Stephen Technologies Co.,Limited Chapter 12 RADIUS Protocol Configuration .......... 73 12.1 RADIUS Protocol Overview ................73 12.2 Implementing RADIUS on Ethernet Switch............74 12.3 Configuring RADIUS Protocol................74 12.3.1 Enable/disable radius client service ............74 12.3.2 Setting radius client ip address ..............75 12.3.3 Setting a Real-time Accounting Interval..........

  • Page 8: Chapter 1 Product Overview

    Chapter 1 Product Overview 1.1 Product Overview STES2026 Ethernet Switch is a type of box-shaped L2 wire speed Ethernet Switch, applied on the access layer of the medium- and small-sized enterprise networks, IP Metropolitan Area Network (MAN) and Ethernet residential areas ˜...
  • Page 9 Stephen Technologies Co.,Limited Supports MAC binding and MAC filter. Management Supports Command Line Interface configuration Supports Local and remote configuration through Telnet on Ethernet port Maintenance Supports SNMP management (SupportsRMON MIB Group 1, 2, 3 and 9) Supports PING Supports the remote maintenance via Telnet Loading and Supports to load and upgrade software via Xmodem.

  • Page 10: Chapter 2 Logging In Switch

    Stephen Technologies Co.,Limited Chapter 2 Logging in Switch 2.1 Setting up Configuration Environment via the Console Port Step 1: As shown in the figure below, to set up the local configuration environment, connect the serial port of a PC (or a terminal) to the Console port of the switch with the Console cable.
  • Page 11 Stephen Technologies Co.,Limited Figure 2-2 Setting up new connection Figure 2-3 Configuring the port for connection www.stephen-tele.com...

  • Page 12: Setting Up Configuration Environment Through Telnet

    Stephen Technologies Co.,Limited Figure 2-4 Setting communication parameters Step 3: The switch is powered on. Display self-test information of the switch and prompt you to press Enter to show the command line prompt such as switch>. Step 4: Input a command to configure the switch or view the operation state. Input a “?” for an immediate help.
  • Page 13 Stephen Technologies Co.,Limited Step 2: To set up the configuration environment, connect the Ethernet port of the PC to that of the switch via the LAN. Figure 2-5 Setting up configuration environment through telnet Step 3: Run Telnet on the PC and input the IP address of the VLAN connected to the PC port.

  • Page 14: Setting Up Configuration Environment Through Web Browser

    Stephen Technologies Co.,Limited 2.3 Setting up Configuration Environment through web browser After you have correctly configured IP address for an switch via Console port, you can login this switch and configure it. This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity.

  • Page 15: Chapter 3 Command Line Interface

    Stephen Technologies Co.,Limited Chapter 3 Command Line Interface 3.1 Command Line Interface SPEED series switches provide a series of configuration commands and command line interfaces for configuring and managing the switch. The command line interface has the following characteristics: Local configuration via the Console port.

  • Page 16: Features And Functions Of Command Line

    Stephen Technologies Co.,Limited Normal EXEC Show the basic Enter right user information name and Switch> exit mode about operation password and statistics Show the basic Switch# Enter <enable> Exit returns to information and right normal EXEC privileged about operation password...
  • Page 17 Stephen Technologies Co.,Limited show Show running system information. telnet Telnet to other host or switch. terminal Set terminal line parameters. upload Upload file for software upgrade or upload user config. Display who is connected to the switch. write Save current running configuration to flash.

  • Page 18: Displaying Characteristics Of Command Line

    Stephen Technologies Co.,Limited 6) Input the first letters of a keyword of a command and press <Tab> key. If no other keywords are headed by this letters, then this unique keyword will be displayed automatically. 3.3.2 Displaying Characteristics of Command Line Command line interface provides the following display characteristics: For users’...

  • Page 19: Common Command Line Error Messages

    Stephen Technologies Co.,Limited Retrieve the next Down cursor key < > Retrieve the next history history command or <Ctrl+N> command, if there is any. Down 3.3.4 Common Command Line Error Messages All the input commands by users can be correctly executed, if they have passed the grammar check.
  • Page 20 Stephen Technologies Co.,Limited Backspace Move the cursor a character backward Leftwards cursor key Move the cursor a character backward < > or <Ctrl+B> Rightwards cursor key Move the cursor a character forward < > or <Ctrl+F> Up cursor key < > or Retrieve the history command.

  • Page 21: Chapter 4 Basic Configuration

    Stephen Technologies Co.,Limited Chapter 4 Basic Configuration 4.1 Console Connection The CLI program provides two different command levels — normal access level (Normal Exec) and privileged access level (Privileged Exec). The commands available at the Normal Exec level are a limited subset of those available at the Privileged Exec level and allow you to only display information and use basic utilities.
  • Page 22 Stephen Technologies Co.,Limited Figure 4-1 User Authentication Window On entering a valid password and user name, WEB management interface will be presented to the user as shown in Figure 4-2: www.stephen-tele.com...

  • Page 23: Setting Console Baud Rate

    Stephen Technologies Co.,Limited Figure 4-2 WEB Management Interface The navigation tree displayed on the left side of the browser window should be used for choosing appropriate configuration screens. It is organized into folders for configuration of different features supported by the switch. The right side of the browser window shows the corresponding configuration screens.

  • Page 24: Creating User And Setting Password

    Stephen Technologies Co.,Limited Command Purpose Step 1 config terminal Enter global configuration mode. serial speed rate Step 2 Setting console baud rate. Rate : 19200 ˆ2400 ˆ38400 ˆ9600. By default ,rate is 9600. Step 3 exit Return to privileged EXEC mode.

  • Page 25: Setting System Service

    Stephen Technologies Co.,Limited login-password Step 3 user login-password (optional) Change login password. user-name <CR> Input new login password for user abc please. New Password: Confirm Password: Step 4 user enable-password (optional) Set or change enable password. user-name <CR> Input new enable password for user abc please.

  • Page 26: Setting System Contact/Name/Location Information For Snmp

    Stephen Technologies Co.,Limited Step 6 exit Return to privileged EXEC mode. Step 7 show services Verify your entries. Step 8 write (Optional) Save your entries in the configuration file. 4.6 Setting system contact/name/location information for SNMP I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set system contact/name/location information.

  • Page 27: Setting System Management Ip Address

    Stephen Technologies Co.,Limited 4.7 Setting system management IP Address I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set system management IP address. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 Ip address ip-addrss mask Setting system management IP address.

  • Page 28: Setting Default Gateway

    Stephen Technologies Co.,Limited click Apply. 4.8 Setting default gateway I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set system management IP address. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 gateway ip-addrss Setting system management IP address.

  • Page 29: Restore System To Default Configuration

    Stephen Technologies Co.,Limited 4.9 Restore system to default configuration you can use remove command to resume the startup-configuration to default configuration, after that you must reboot the system. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to restore system to default configuration.

  • Page 30: Reboot System

    Stephen Technologies Co.,Limited 4.10 Reboot system I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to restart the system. Command Purpose Step 1 reboot Reboot the system. II. WEB configuration: Click Switch Information, Switch Configuration, Specify Reset (reset), then click Apply.

  • Page 31: Chapter 5 Port Configuration

    Chapter 5 Port Configuration 5.1 Ethernet Port Overview STES2026 Ethernet Switches provides 24 h 10/100Mbps electrical ports and two Gigabit optical ports. The 10/100Mbps electrical ports support MDI/MDI-X auto-sensing and can work in half duplex, full duplex or auto-negotiation mode. They can negotiate with other network devices to choose optimum duplex mode and speed.

  • Page 32: Setting The Duplex Attribute And Speed Of The Ethernet Port

    Stephen Technologies Co.,Limited Step 3 exit Return to privileged EXEC mode. show port port-number Step 4 Verify your entries. Step 5 write (Optional) Save your entries in the configuration file. By default, the port is enabled. To disable a port, use port state port-number disable global configuration command.
  • Page 33 Stephen Technologies Co.,Limited I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to setting the duplex attribute and speed of the Ethernet port. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 port speed portnumber...

  • Page 34: Enabling/Disabling Flow Control For The Ethernet Port

    Stephen Technologies Co.,Limited 5.2.3 Enabling/Disabling Flow Control for the Ethernet Port After enabling flow control in both the local and the peer switch, if congestion occurs in the local switch, the switch will inform its peer to pause packet sending. Once the peer switch receives this message, it will pause packet sending, and vice versa.

  • Page 35: Setting The Ethernet Port Broadcast Suppression

    Stephen Technologies Co.,Limited Step 5 write (Optional) Save your entries in the configuration file. To disable flow control, use the l2-control port port-number flow-control disable back-pressure disable global configuration command. II. WEB configuration: Click Port Controls, Select Port, Specify Flow Control and Back Pressure state, then click Apply.

  • Page 36: Setting Port Mirroring

    Stephen Technologies Co.,Limited Beginning in privileged EXEC mode, follow these steps to Set the Ethernet Port Broadcast Suppression. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 misc broadcast filter-mode Setting Broadcast Suppression {five-percent|ten-percent|fifteen-percent |twenty-percent|twenty-five-percent|disable} Step 3 exit Return to privileged EXEC mode.
  • Page 37 Stephen Technologies Co.,Limited I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set port mirroring. Command Purpose Step 1 config terminal Enter global configuration mode. mirror analysis-port Step 2 Set target port port-number Step 3 mirror monitored-port Setting source port.

  • Page 38: Setting Rate Limits

    Stephen Technologies Co.,Limited 5.2.6 Setting rate limits This function allows the network manager to control the maximum rate for traffic transmitted or received on an interface. Rate limiting is configured on interfaces at the edge of a network to limit traffic into or outof the switch. Traffic that falls within the rate limit is transmitted, while packets that exceed the acceptable amount of traffic are dropped.
  • Page 39 Stephen Technologies Co.,Limited Click Port Controls, Select Port, Specify Ingress Bandwidth and Egress Bandwidth, then click Apply. www.stephen-tele.com...

  • Page 40: Chapter 6 Link Aggregation Configuration

    Stephen Technologies Co.,Limited Chapter 6 Link Aggregation Configuration 6.1 Overview Link aggregation means aggregating several ports together implement outgoing/incoming payload balance among the member ports and enhance the connection reliability. In terms of load sharing, link aggregation may be load sharing aggregation and non-load sharing aggregation.
  • Page 41 Stephen Technologies Co.,Limited To delete a trunk, use the channel-group delete group-number global configuration command. II. WEB configuration: Click Channel Group, Enter TrunkID, Specify channel group port member, then click Apply. www.stephen-tele.com...

  • Page 42: Chapter 7 Vlan Configuration

    Stephen Technologies Co.,Limited Chapter 7 VLAN Configuration 7.1 VLAN Overview Virtual Local Area Network (VLAN) groups the devices of a LAN logically but not physically into segments to implement the virtual workgroups. IEEE issued the IEEE 802.1Q in 1999, which was intended to standardize VLAN implementation solutions. Through VLAN technology, network managers can logically divide the physical LAN into different broadcast domains.

  • Page 43: Configuring 802.1Q Vlan

    Stephen Technologies Co.,Limited Command Purpose Step 1 config terminal Enter global configuration mode. vlan mode set { 8021q | Step 2 Selecting VLAN mode. port | disable } Disable indicate the switch runs no VLAN mode. Step 3 exit Return to privileged EXEC mode.
  • Page 44 Stephen Technologies Co.,Limited Beginning in privileged EXEC mode, follow these steps to configure a VLAN. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 vlan static add vid vid Create a VLAN. Vid:1~4096 port-list Port-list: port-number+u|m, ‘u’ indicate untag port and ‘m’...

  • Page 45: Configuring Port Valn

    Stephen Technologies Co.,Limited 8 Setting VLAN port pvid Click 802.1q-based Vlan, VLAN/GVRP Port, Select Port, Specify PVID , then click Apply. 7.2.3 Configuring port VALN Configuring port VLAN include: Creating/deleting a port VLAN. www.stephen-tele.com...
  • Page 46 Stephen Technologies Co.,Limited Modifying an exist port VLAN. You can use the following command to configuring port VALN. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to configuring port VALN. Command Purpose Step 1 config terminal Enter global configuration mode.

  • Page 47: Chapter 8 Mac Address Table Management

    Stephen Technologies Co.,Limited Chapter 8 MAC Address Table Management 8.1 MAC Address Table Management Overview An Ethernet Switch maintains a MAC address table for fast forwarding packets. A table entry includes the MAC address of a device and the port ID of the Ethernet switch connected to it.

  • Page 48: Mac Address Table Configuration

    Stephen Technologies Co.,Limited Figure 8-1 The Ethernet switch forwards packets with MAC address table The Ethernet switch also provides the function of MAC address aging. If the switch receives no packet for a period of time, it will delete the related entry from the MAC address table.
  • Page 49 Stephen Technologies Co.,Limited will affect the switch operation performance. If aging time is set too long, the Ethernet switch will store a great number of out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.

  • Page 50: Setting Mac Binding

    Stephen Technologies Co.,Limited 8.2.2 Setting MAC binding Administrators can disable system learn MAC auto and manually add, modify, or delete the entries in MAC address table according to the actual needs. Setting MAC binding include: Disabling learn MAC auto. Add static MAC.
  • Page 51 Stephen Technologies Co.,Limited Step 4 show fdb mac_learning Verify your entries. show static [port Verify your entries. port-number] Step 5 write (Optional) Save your entries in the configuration file. To enable learning MAC auto, use the fdb mac_learning enable port port-number global configuration command.

  • Page 52: Setting Mac Filter

    Stephen Technologies Co.,Limited 8.2.3 Setting MAC filter I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set MAC filter. Command Purpose Step 1 config terminal Enter global configuration mode. fdb add filter mac-address Step 2 Setting MAC filter.
  • Page 53 Stephen Technologies Co.,Limited www.stephen-tele.com...

  • Page 54: Chapter 9 Stp Configuration

    Stephen Technologies Co.,Limited Chapter 9 STP Configuration 9.1 STP Overview The switch supports STP (spanning tree protocol).STP is a Layer 2 link management protocol that provides path redundancy while preventing loops in the network. For a Layer 2 Ethernet network to function properly, only one active path can exist between any two stations. Multiple active paths among end stations cause loops in the network.

  • Page 55: Spanning-Tree Topology And Bpdus

    Stephen Technologies Co.,Limited and how well it is located to pass traffic. The path cost value represents the media speed. 9.2 Spanning-Tree Topology and BPDUs The stable, active spanning-tree topology of a switched network is controlled by these elements: The unique bridge ID (switch priority and MAC address) associated with each VLAN on each switch.
  • Page 56 Stephen Technologies Co.,Limited For each VLAN, the switch with the highest switch priority (the lowest numerical priority value) is elected as the root switch. If all switches are configured with the default priority (32768), the switch with the lowest MAC address in the VLAN becomes the root switch. The switch priority value occupies the most significant bits of the bridge ID, as shown in Table 8-1.

  • Page 57: Bridge Id, Switch Priority, And Extended System Id

    Stephen Technologies Co.,Limited Figure 9-1 Spanning-Tree Port States in a Switch All paths that are not needed to reach the root switch from anywhere in the switched network are placed in the spanning-tree blocking mode. 9.3 Bridge ID, Switch Priority, and Extended System ID The IEEE 802.1D standard requires that each switch has an unique bridge identifier (bridge...

  • Page 58: Spanning-Tree Interface States

    Stephen Technologies Co.,Limited 9.4 Spanning-Tree Interface States Propagation delays can occur when protocol information passes through a switched LAN. As a result,topology changes can take place at different times and at different places in a switched network. When an interface transitions directly from nonparticipation in the spanning-tree topology to the forwarding state, it can create temporary data loops.

  • Page 59: Blocking State

    Stephen Technologies Co.,Limited Figure 9-2 Spanning-Tree Interface States When you power up the switch, spanning tree is enabled by default, and every interface in the switch,VLAN, or network goes through the blocking state and the transitory states of listening and learning.Spanning tree stabilizes each interface at the forwarding or blocking state.

  • Page 60: Learning State

    Stephen Technologies Co.,Limited Discards frames received on the interface Discards frames switched from another interface for forwarding Does not learn addresses Receives BPDUs 9.4.3 Learning State A Layer 2 interface in the learning state prepares to participate in frame forwarding. The interface enters the learning state from the listening state.

  • Page 61: How A Switch Or Port Becomes The Root Switch Or Root Port

    Stephen Technologies Co.,Limited 9.5 How a Switch or Port Becomes the Root Switch or Root Port If all switches in a network are enabled with default spanning-tree settings, the switch with the lowest MAC address becomes the root switch. In Figure 9-3, Switch A is elected as the root switch because the switch priority of all the switches is set to the default (32768) and Switch A has the lowest MAC address.

  • Page 62: Spanning-Tree Address Management

    Stephen Technologies Co.,Limited automatically disables one interface but enables it if the other one fails. If one link is high-speed and the other is low-speed, the low-speed link is always disabled. If the speeds are the same, the port priority and port ID are added together, and spanning tree disables the link with the lowest value.

  • Page 63: Configuring Stp Features

    Stephen Technologies Co.,Limited unreachable for 5 minutes or more during a reconfiguration, the address-aging time is accelerated so that station addresses can be dropped from the address table and then relearned. The accelerated aging is the same as the forward-delay parameter value when the spanning tree reconfigures.

  • Page 64: Configure The Time Parameters Of A Switch

    Stephen Technologies Co.,Limited For priority, the range is 1 to 65535; the default is 32768. The lower the number, the more likely the switch will be chosen as the root switch. Caution: In the process of spanning tree root election, of two or more switches with the lowest Bridge priorities, the one has a smaller MAC address will be elected as the root.
  • Page 65 Stephen Technologies Co.,Limited Therefore the protocol adopts a state transition mechanism. It takes a Forward Delay interval for the root port and designated port to transit from the learning state to forwarding state. The Forward Delay guarantees a period of time during which the new configuration BPDU can be propagated throughout the network.
  • Page 66 Stephen Technologies Co.,Limited temporarily, while too long a Forward Delay may prolong the network connection resuming. The default value is recommended. A suitable Hello Time ensures the switch to detect the link fault on the network but occupy moderate network resources. The default value is recommended. If you set too long a Hello Time, when there is packet dropped over a link, the switch may consider it as link fault and the network device will recalculate the spanning tree accordingly.However, for too short a Hello...

  • Page 67: Configure Port Priority

    Stephen Technologies Co.,Limited 9.9.4 Configure Port Priority If a loop occurs, spanning tree uses the port priority when selecting an interface to put into the forwarding state. You can assign higher priority values (lower numerical values) to interfaces that you want selected first and lower priority values (higher numerical values) that you want selected last.

  • Page 68: Enable/Disable Stp On The Device

    Stephen Technologies Co.,Limited Click Spanning Tree, Spanning Tree Port Parameters, Select Port, Specify Priority, then click Apply. 9.9.5 Enable/Disable STP on the Device You can use the following command to enable STP on the device. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to enable stp on the device.

  • Page 69: Enable/Disable Stp On A Port

    Stephen Technologies Co.,Limited Only if STP has been enabled on the device will other STP configurations take effect. By default, STP is disabled. II. WEB configuration: Click Spanning Tree, Spanning Tree State, Specify Spanning Tree Protocol state, then click Apply.
  • Page 70 Stephen Technologies Co.,Limited To disable STP on a port, use spanning-tree port port-number disable global configuration command. Note that redundant route may be generated after STP is disabled. By default, STP is enabled on all the ports after it is enabled on the device.

  • Page 71: Chapter 10 Qos Configuration

    Stephen Technologies Co.,Limited Chapter 10 QoS Configuration Class of Service (CoS) allows you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with two priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
  • Page 72 Stephen Technologies Co.,Limited higher priority queue to be processed before lower priority queues are serviced, or use Weighted Round-Robin (WRR) queuing that specifies a relative weight of each queue. WRR uses a predefined relative weight for each queue that determines the percentage of service time the switch services each queue before moving on to the next queue.
  • Page 73 Stephen Technologies Co.,Limited www.stephen-tele.com...

  • Page 74: Chapter 11 802.1X Configuration

    Stephen Technologies Co.,Limited Chapter 11 802.1x Configuration 11.1 802.1x Overview 11.1.1 802.1x Standard Overview IEEE 802.1x (hereinafter simplified as 802.1x) is a Port Based Network Access Control protocol. IEEE issued it in 2001 and suggested the related manufacturers should use the protocol as the standard protocol for LAN user access authentication.

  • Page 75: System Architecture

    Stephen Technologies Co.,Limited 11.1.2 802.1x System Architecture The system using the 802.1x is the typical C/S (Client/Server) system architecture. It contains three entities, which are illustrated in the following figure: Supplicant System,Authenticator System and Authentication Sever System. The LAN access control device needs to provide the Authenticator System of 802.1x.The devices at the user side such as the computers need to be installed with the 802.1x client...

  • Page 76: Authentication Process

    Stephen Technologies Co.,Limited 11.1.3 802.1x Authentication Process 802.1x configures EAP frame to carry the authentication information. The Standard defines the following types of EAP frames: EAP-Packet: Authentication information frame, used to carry the authentication information. EAPoL-Start: Authentication originating frame, actively originated by the Supplicant.

  • Page 77: Enabling/Disabling 802.1X

    Stephen Technologies Co.,Limited 11.2.1 Enabling/Disabling 802.1x The following command can be used to enable/disable the 802.1x on globally. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to enable/disable 802.1x. Command Purpose Step 1 config terminal Enter global configuration mode.

  • Page 78: Setting Port Authentication State

    Stephen Technologies Co.,Limited 11.2.2 Setting port authentication state The following command can be used to set port authentication state. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set port authentication state. Command Purpose Step 1 config terminal Enter global configuration mode.

  • Page 79: Setting Supplicant Number On A Port

    Stephen Technologies Co.,Limited 11.2.3 Setting Supplicant Number on a Port The following commands are used for setting number of users allowed by 802.1x on specified port. When no port is specified, all the ports accept the same number of supplicants.

  • Page 80: Chapter 12 Radius Protocol Configuration

    Stephen Technologies Co.,Limited Chapter 12 RADIUS Protocol Configuration 12.1 RADIUS Protocol Overview I. What is RADIUS Remote Authentication Dial-In User Service, RADIUS for short, is a kind of distributed information switching protocol in Client/Server architecture. RADIUS can prevent the network from interruption of unauthorized access and it is often used in the network environments requiring both high security and remote user access.

  • Page 81: Implementing Radius On Ethernet Switch

    Stephen Technologies Co.,Limited authentication and needs to input username and password again, otherwise he will be rejected to access. 12.2 Implementing RADIUS on Ethernet Switch By now, we understand that in the above-mentioned RADIUS framework, SPEED Series Ethernet Switches, serving as the user access device or NAS, is the client end of RADIUS. In other words, the RADIUS concerning client-end is implemented on SPEED Series Ethernet Switches.

  • Page 82: Setting Radius Client Ip Address

    Stephen Technologies Co.,Limited To disable radius client service ,use global configuration radiusclient service disable command. II. WEB configuration: Click 802.1x Authentication, Radius Client, Specify Radius service state, then click Apply. 12.3.2 Setting radius client ip address I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to setting radius client ip address.

  • Page 83: Setting A Real-Time Accounting Interval

    Stephen Technologies Co.,Limited Click 802.1x Authentication, Radius Client, Specify Client IP address, then click Apply. 12.3.3 Setting a Real-time Accounting Interval To implement real-time accounting, it is necessary to set a real-time accounting interval.After the attribute is set, NAS will transmit the accounting information of online users to the RADIUS server regularly.

  • Page 84: Setting Ip Address Of Radius Server

    Stephen Technologies Co.,Limited II. WEB configuration: Click 802.1x Authentication, Radius Client, Specify Client accounting intervlal, then click Apply. 12.3.4 Setting IP Address of RADIUS Server addresses RADIUS servers, including primary/second authentication/authorization servers and accounting servers. You can use the following commands to configure the IP address for RADIUS servers.

  • Page 85: Setting Port Of Radius Server

    Stephen Technologies Co.,Limited Step 5 show radiusserver Verify your entries. slave_ipaddress Step 6 write (Optional) Save your entries in the configuration file. By default, all the IP addresses of primary/second authentication/authorization and accounting servers are 0.0.0.0. II. WEB configuration: Click 802.1x Authentication, Radius Server, Specify Master Server address and Slave Radius Server address, then click Apply.
  • Page 86 Stephen Technologies Co.,Limited I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to setting port for radius server. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 radiusserver master_port Setting port for master radius server.

  • Page 87: Setting Radius Packet Encryption Key

    Stephen Technologies Co.,Limited 12.3.6 Setting RADIUS Packet Encryption Key RADIUS client (switch system) and RADIUS server use MD5 algorithm to encrypt the exchanged packets. The two ends verify the packet through setting the encryption key.Only when the keys are identical can both ends to accept the packets from each other end and give response.
  • Page 88 Stephen Technologies Co.,Limited Step 4 show radiusserver master_key Verify your entries. Step 5 show radiusserver slave_key Verify your entries. Step 6 write (Optional) Save your entries in the configuration file. By default, the keys of RADIUS authentication/authorization and accounting packets are all “test”.

  • Page 89: Chapter 13 Snmp Configuration

    Stephen Technologies Co.,Limited Chapter 13 SNMP Configuration 13.1 SNMP Overview By far, the Simple Network Management Protocol (SNMP) has gained the most extensive application in the computer networks. SNMP has been put into use and widely accepted as an industry standard in practice. It is used for ensuring the transmission of the management information between any two nodes.
  • Page 90 Stephen Technologies Co.,Limited Figure 13-1 Architecture of the MIB tree The MIB (Management Information Base) is used to describe the hierarchical architecture of the tree and it is the set defined by the standard variables of the monitored network device. In the above figure, the managed object B can be uniquely specified by a string of numbers {1.2.1.1}.

  • Page 91: Configure Snmp

    Stephen Technologies Co.,Limited 13.3 Configure SNMP The main configuration of SNMP includes: Set community Name Set the Destination Address of Trap Set Trap parameters 13.3.1 Setting Community Name SNMP V1 and SNMPV2C adopt the community name authentication scheme. The SNMP message incompliant with the community name accepted by the device will be discarded.

  • Page 92: Setting The Destination Address Of Trap

    Stephen Technologies Co.,Limited 13.3.2 Setting the Destination Address of Trap You can use the following commands to set or delete the destination address of the trap. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set the Destination Address of Trap.

  • Page 93: Setting Trap Parameters

    Stephen Technologies Co.,Limited 13.3.3 Setting Trap Parameters You can use the following commands to set trap parameters. I. CLI configuration: Beginning in privileged EXEC mode, follow these steps to set trap parameters. Command Purpose Step 1 config terminal Enter global configuration mode.
  • Page 94 Stephen Technologies Co.,Limited II. WEB configuration: Click SNMP Management, Trap Target Configuration, Select Entry, Specify MP Model ˆ Security Model ˆSecurity Level, then click Apply. www.stephen-tele.com...

  • Page 95: Chapter 14 Igmp Snooping Configuration

    Stephen Technologies Co.,Limited Chapter 14 IGMP Snooping Configuration 14.1 IGMP Snooping Overview 14.1.1 IGMP Snooping Principle IGMP Snooping (Internet Group Management Protocol Snooping) is a multicast control mechanism running on the Layer 2 Ethernet switch and it is used for multicast group management and control.
  • Page 96 Stephen Technologies Co.,Limited Figure 14-6 Multicast packet transmission without IGMP Snooping When IGMP Snooping runs, the packets are not broadcast on Layer 2. See the following figure: Figure 13-7 Multicast packet transmission when IGMP Snooping runs www.stephen-tele.com...

  • Page 97: Implement Igmp Snooping

    Stephen Technologies Co.,Limited 14.1.2 Implement IGMP Snooping I. Related concepts of IGMP Snooping To facilitate the description, this section first introduces some related switch concepts of IGMP Snooping: Router Port: The port of the switch, directly connected to the multicast router.
  • Page 98 Stephen Technologies Co.,Limited Figure 14-8 Implement IGMP Snooping 1) IGMP general query message: Transmitted by the multicast router to the multicast group members to query which multicast group contains member. When an IGMP general query message arrives at a router port, the Ethernet switch will reset the aging timer of the port.

  • Page 99: Igmp Snooping Configuration

    Stephen Technologies Co.,Limited received the report message to it. If the corresponding MAC multicast group exists but does not contains the port received the report message, the switch adds the port into the multicast group and starts the port aging timer.

  • Page 100: Configuring Aging Time Of Multicast Group Member

    Stephen Technologies Co.,Limited Beginning in privileged EXEC mode, follow these steps to enable IGMP snooping. Command Purpose Step 1 config terminal Enter global configuration mode. Step 2 sys igmp-snooping enable Enable IGMP Snooping Step 3 exit Return to privileged EXEC mode.

  • Page 101: Igmp Snooping Configuration Example

    Stephen Technologies Co.,Limited 14..3 IGMP Snooping Configuration Example 14.3.1 Enable IGMP Snooping I. Networking requirements To implement IGMP Snooping on the switch, first enable it. The switch is connected with the router via the router port, and with user PC through the non-router ports.
  • Page 102 However, Stephen Technologies Co.,LTD assumes no responsibility for any errors in this document. Furthermore, Stephen Technologies Co.,LTD, assumes no responsibility for the use or misuse of the information in this document and for any patent infringements that may arise from the use of this document.

Table of Contents