1. Manuals
  2. Brands
  3. Vidipac Manuals
  4. Network Router
  5. VSW7242
  6. User manual

Vidipac VSW7242 User Manual

24-port 10/100/1000m with 2 gigabit sfp uplink ports layer 2 full management ethernet swith with 500w poe+
Hide thumbs
Table of Contents

Advertisement

Quick Links

Advertisement

Table of Contents
loading

Summary of Contents for Vidipac VSW7242

  • Page 2: Fcc Warning

    FCC Warning This Equipment has been tested and found to comply with the limits for a Class-A digital device, pursuant to Part 15 of the FCC rules. These limits are designed to provide reasonable protection against harmful interference in a residential installation. This equipment generates, uses, and can radiate radio frequency energy.

  • Page 3: Table Of Contents

    Content 1. Products Overview ...................... 8 1.1 Major Management Features ................... 8 1.2 Product Specification ....................9 1.3 Package Contents ....................12 2. Hardware Description ....................13 3. Preparation for Management ................... 15 3.1 Preparation for Serial Console ................15 3.2 Preparation for Web Interface ................
  • Page 4 4.4.2.6 ARP Inspection ....................79 4.4.3 Security / AAA Authentication Server Configuration........... 82 4.5 Aggregation Configuration ..................86 4.5.1 Static Aggregation ....................86 4.5.2 LACP - Dynamic Aggregation................87 4.6 Loop Protection....................... 89 4.7 Spanning Tree......................91 4.7.1 Spanning Tree / Bridge Setting................91 4.7.2 Spanning Tree / MSTI Mapping................
  • Page 5 4.16.1 Voice VLAN / Configuration ................139 4.16.2 Voice VLAN / OUI Configuration ..............140 4.17 QoS ........................142 4.17.1 QoS / Ingress Port Classification ..............142 4.17.2 QoS / Ingress Port Policer Config ..............143 4.17.3 QoS / Port Scheduler..................144 4.17.4 QoS / Egress Port Shapers................
  • Page 6 5.21 Diagnostic Commands ..................195 5.22 Maintenance Commands................. 196 6. Web Configuration - Monitor, Diagnostic, Maintenance ........198 6.1 Monitor ......................... 198 6.1.1 Monitor / System ....................198 6.1.1.1 Monitor / System / Information..............198 6.1.1.2 CPU Load ......................199 6.1.1.3 System Log Information ..................
  • Page 7 6.1.9.3 LLDP PoE......................266 6.1.9.4 LLDP EEE......................267 6.1.9.5 LLDP Statistics ....................269 6.1.10 Dynamic MAC Table ..................271 6.1.11 VLAN Membership Status ................272 6.1.13 VCL MAC-Based VLAN Status ................276 6.1.14 sFlow ........................ 277 6.2 Diagnostic......................279 6.2.1 Ping........................279 6.2.2 Ping6........................

  • Page 8: Products Overview

    Products Overview VSW7242 is a 26-Port Layer 2 Full Management Gigabit PoE Switch. The EWG-72402VM equips with 24-port 10/100/1000M RJ-45 plus 2 Gigabit SFP Open Slot. The Ethernet Ports support IEEE 802.3at PoE, each port supports up to 30W, the system supports up to 500W power.

  • Page 9: Product Specification

    1.2 Product Specification Hardware Specification Total Port 10/100/1000 Mbps Gigabit SFP Interface Autonegotiation and Auto-MDIX Backpressure for half duplex, Flow Control 802.3x for full duplex Console (RS-232) System (State / Color) Port (State: Link/Act / Color) PoE (State: On / Color) 416MHz Flash 16MB...
  • Page 10 Software Specification IEEE 802.3 - 10Base-T IEEE 802.3u - 100Base-TX IEEE 802.3ab - 1000Base-T IEEE 802.3z - 1000Base-SX/LX IEEE 802.3x - Flow Control IEEE 802.1Q - VLAN IEEE 802.1p - Class of Service IEEE 802.1D - Spanning Tree Standard IEEE 802.1w - Rapid Spanning Tree IEEE 802.1s - Multiple Spanning Tree IEEE 802.3ad - Link Agregation Control Protocol (LACP) IEEE802.1v - Protocol VLAN...
  • Page 11 IEEE 802.1D - Legacy Spanning Tree IEEE 802.1w - Rapid Spanning Tree Spanning tree IEEE 802.1s - Multiple Spanning Tree BPDU Guard, BPDU Filtering IGMP Snooping v1/v2/v3, MLD(IPv6) Snooping v1/v2 Multicast Maximum 8K Multicast Groups IGMP/MLD Querier, Router Port, Proxy, Immediate Leave Port Mirror (1 to 1, 1 to N, N to 1) Traffic Mirroring sFlow...

  • Page 12: Package Contents

    CPU Monitor Per port POE State Enable/Disable Maximum system/port PoE power seting PoE Specification Port power priority setting PD Status monitoring Note: We reserve the right to change the detail parameters listed in manual without earlier inform. Please always see the most updated datasheet for the detail product specification.

  • Page 13: Hardware Description

    2. Hardware Description This section mainly describes the hardware of Full L2 Management Network Switch and gives a physical and functional overview on the certain switch. Front Panel The front panel of the L2 management switch consists of 24 10/100/1000 Base-TX RJ-45 ports and 2 gigabit uplink SFP ports.
  • Page 14 The switch is usually mounted in the 19” rack, the rack is usually installed in IT room or other secured place. The switch supports AC power input, PoE delivery and rackmount mounting. Make sure all the power cables, Ethernet cables, screws and the air circulation are well prepared and installed as below description.

  • Page 15: Preparation For Management

    3. Preparation for Management The switch provides both in-band and out-band configuration methods. Out-band Management: You can configure the switch via RS232 console cable if you don’t attach your admin PC to your network, or if you lose network connection to your switch. It wouldn’t be affected by network performance.

  • Page 16: Preparation For Web Interface

    Figure 3-2 Putty Configuration Figure 3-3 Putty Login Screen 3.2 Preparation for Web Interface The web management page allows you to use a standard web-browser such as Microsoft Internet Explorer, Google Chrome or Mozila Firefox, to configure and interrogate the switch from anywhere on the network.
  • Page 17 3. The switch default IP address is 192.168.2.1. The Switch and the connected PC should locate within the same IP Subnet. 4. Change your computer's IP address to 192.168.2.XX or other IP address which is located in the 192.168.2.x (For example: IP Address: 192.168.2.30; Subnet Mask: 255.255.255.0) subnet.

  • Page 18: Preparation For Telnet/Ssh Interface

    3.3 Preparation for Telnet/SSH Interface If your Window OS is Win XP, Win 2000 or early version, you can access the Telnet console by default command. If your OS is Window 7 or later version, please download the terminal tool, such as HyperTeminal or Putty.
  • Page 19 3. After few seconds, the Telnet/SSH connection is established, the login page of Telnet/SSH is the same as console. The command line of Telnet, SSH and console are all the same.

  • Page 20: Feature Configuration - Web Ui

    4. Feature Configuration - Web UI The switch provides Abundant software features, after login the switch, you can start configuring the settings or monitoring the status. This is one question market on the right top of the screen, you can also click the question mark to get help from the system. Following are the Web UI configuration guide for your reference.

  • Page 21: Ip Configuration

    Buttons: Save: Click to save changes Reset: Click to undo any changes made locally and revert to previously saved values 4.1.2 IP Configuration: Configure the switch-managed IP information on this page. The Configured column is used to view or change the IP configuration. The Current column is used to show the active IP configuration.

  • Page 22: Ipv6 Configuration

    Provide the managed VLAND ID. The allowed range is 1 to 4095. Proxy When DNS proxy is enabled, the switch will relay DNS requests to the current configured DNS server on the switch, and reply as a DNS resolver to the client device on the network. Buttons Save: Click to save changes...

  • Page 23: Ntp Configuration

    Router Provide the IPv6 gateway address of this switch. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros;...

  • Page 24: System Log Configuration

    Provide the NTP IPv4 or IPv6 address of this switch. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'. The symbol '::' is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros;...
  • Page 25 Syslog Level Indicates what kind of message will send to syslog server. Possible modes are: Info: Send information, warnings and errors. Warning: Send warnings and errors. Error: Send errors. Buttons Save: Click to save changes Reset: Click to undo any changes made locally and revert to previously saved values...

  • Page 26: Power Reduction

    4.2 Power Reduction 4.2.1 LED Power Reduction Configuration LEDs Intensity The LEDs power consumption can be reduced by lowering the LEDs intensity. LEDs intensity could for example be lowered during night time, or they could be turn completely off. It is possible to configure 24 different hours of the day, at where the LEDs intensity should be set.

  • Page 27: Eee Configuration

    4.2.2 EEE Configuration: This page allows the user to inspect and configure the current EEE port settings: EEE is a power saving option that reduces the power usage when there is very low traffic utilization (or no traffic). EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted all circuits are powered up.

  • Page 28: Port Configuration

    4.3 Port Configuration: This page displays current port configurations and link status. Some of the Ports' settings can also be configured here. Port This is the port number for this row. Link The current link state is displayed graphically. Green indicates the link is up and red that it is down. Current Link Speed Provides the current link speed of the port.
  • Page 29 Note: There is no standardized way to do SFP auto detect, so here it is done by reading the SFP rom. Due to the missing standardized way of doing SFP auto detect some SFPs might not be detectable. 1000-X force SFP speed to 1000-X. 100-FX force SFP speed to 100-FX.

  • Page 30: Security Configuration

    4.4 Security Configuration: The Security Configuration feature includes 3 sub-titles, Switch, Network and AAA. 4.4.1 Security / Switch The switch settings includes User Database, Privilege Levels, Authentication Method, SSH, HTTPs, Access Management, SNMP and RMON setting. Following are the topic and configuration guide. 4.4.1.1 Security / Switch / Users Configuration This page provides an overview of the current users.

  • Page 31: Security / Switch / Privilege Levels Configuration

    The privilege level of the user. The allowed range is 1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully control of the device. But others value need to refer to each group privilege level. User's privilege should be same or greater than the group privilege level to have the access of that group.

  • Page 32: Security / Switch / Auth Method

    Privilege Levels Every group has an authorization Privilege level for the following sub groups: configuration read-only, configuration/execute read-write, status/statistics read-only, status/statistics read-write (e.g. for clearing of statistics). User Privilege should be same or greater than the authorization Privilege level to have the access to that group.

  • Page 33: Security /Switch / Ssh Configuration

    Authentication Method Authentication Method can be set to one of the following values: none: authentication is disabled and login is not possible. local: use the local user database on the switch for authentication. RADIUS: use a remote RADIUS server for authentication. TACACS+ : use a remote TACACS server for authentication.

  • Page 34: Security / Switch / Https Configuration

    Buttons Save: Click to save changes Reset: Click to undo any changes made locally and revert to previously saved values 4.4.1.5 Security / Switch / HTTPS Configuration The web management page also provides secured management HTTPS login. All the configuration commands will be secured and will be hard for the hackers to sniff the login password and configuration commands.
  • Page 35 type match any one of the access management entries, it will allow access to the switch. Example of the below figure, only the IP Addresses range from 192.168.2.101 to 192.168.2.200 can access the switch's management interface. The available services are HTTP, HTTPS, SNMP, Telnet and SSH.

  • Page 36: Security / Switch / Snmp

    4.4.1.7 Security / Switch / SNMP Simple Network Management Protocol (SNMP) is a protocol used for exchanging management information between network devices. The switch supports SNMP and equips lots of OIDs for remote management. All the OIDs are unique and corresponding to one feature/command. The switch can support SNMP V1, V2c and V3.
  • Page 37 Indicates the SNMPv3 engine ID. The string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed. Change of the Engine ID will clear all original local users. SNMP Trap Configuration Configure SNMP trap on this page.
  • Page 38 Indicates the SNMP trap link-up and link-down mode operation. Possible modes are: Enable: Enable SNMP trap link-up and link-down mode operation. Disabled: Disable SNMP trap link-up and link-down mode operation. Trap Inform Mode Indicates the SNMP trap inform mode operation. Possible modes are: Enable: Enable SNMP trap inform mode operation.
  • Page 39 Delete Check to delete the entry. It will be deleted during the next save. Community Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string.
  • Page 40 Delete Check to delete the entry. It will be deleted during the next save. Engine ID An octet string identifying the engine ID that this entry should belong to. The string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed.
  • Page 41 Privacy Protocol Indicates the privacy protocol that this entry should belong to. Possible privacy protocols are: None: No privacy protocol. DES: An optional flag to indicate that this user uses DES authentication protocol. Privacy Password A string identifying the privacy password phrase. The allowed string length is 8 to 32, and the allowed content is ASCII characters from 33 to 126.
  • Page 42 Group Name A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. Buttons Add new group: Click to add a new group entry Save: Click to save changes Reset:...
  • Page 43 Indicates the view type that this entry should belong to. Possible view types are: Included: An optional flag to indicate that this view sub-tree should be included. excluded: An optional flag to indicate that this view sub-tree should be excluded. In general, if a view entry's view type is 'excluded', there should be another view entry existing with view type as 'included' and it's OID sub-tree should overstep the 'excluded' view entry.

  • Page 44: Rmon Statistics Configuration

    Indicates the security model that this entry should belong to. Possible security models are: Any: Any security model accepted(v1|v2c|usm). V1:Reserved for SNMPv1. V2c: Reserved for SNMPv2c. Usm: User-based Security Model (USM). Security Level : Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: No authentication and no privacy.
  • Page 45 Statistics Contains statistics measured Packets dropped, packets sent, bytes by the probe for each sent (octets), broadcast packets, monitored interface on this multicast packets, CRC errors, undersize device. packets, oversize packets, fragments, jabbers, collisions, and counters for Real-time LAN statistics e.g. packets ranging from 64, 65 to 127, 128 utilization, collisions, CRC errors to 255, 256 to 511, 512 to 1023, and 1024...
  • Page 46 Buttons Add new entry: Click to add a new community entry Save: Click to save changes Reset: Click to undo any changes made locally and revert to previously saved values RMON History Configuration Configure RMON History table on this page. The entry index key is Delete Check to delete the entry.
  • Page 47 Buttons Add new entry: Click to add a new community entry. Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. RMON Alarm Configuration Configure RMON Alarm table on this page. The entry index key is Delete Check to delete the entry.
  • Page 48 Variable Indicates the particular variable to be sampled, the possible variables are: InOctets:The total number of octets received on the interface, including framing characters. InUcastPkts:The number of uni-cast packets delivered to a higher-layer protocol. InNUcastPkts: The number of broad-cast and multi-cast packets delivered to a higher-layer protocol. InDiscards: The number of inbound packets that are discarded even the packets are normal.
  • Page 49 RisingOrFalling Trigger alarm when the first value is larger than the rising threshold or less than the falling threshold (default). Rising Threshold Rising threshold value (-2147483648-2147483647). Rising Index Rising event index (1-65535). Falling Threshold Falling threshold value (-2147483648-2147483647) Falling Index Falling event index (1-65535).

  • Page 50: Security /Network

    Type Indicates the notification of the event, the posible types are: None: The total number of octets received on the interface, including framing characters. Log: The number of uni-cast packets delivered to a higher-layer protocol. Snmptrap: The number of broad-cast and multi-cast packets delivered to a higher-layer protocol. Logandtrap: The number of inbound packets that are discarded even the packets are normal.
  • Page 51 Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port.
  • Page 52 Aging Enabled If checked, secured MAC addresses are subject to aging as discussed under Aging Period. Aging Period If Aging Period is checked, then the aging period is controlled with this input. If other modules are using the underlying port security for securing MAC addresses, they may have other requirements to the aging period.
  • Page 53 Mode Controls whether Limit Control is enabled on this port. Both this and the Global Mode must be set to Enabled for Limit Control to be in effect. Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port. Limit The maximum number of MAC addresses that can be secured on this port.

  • Page 54: Security / Network / Network Access Server Configuration

    State This column shows the current state of the port as seen from the Limit Control's point of view. The state takes one of four values: Disabled: Limit Control is either globally disabled or disabled on the port. Ready: The limit is not yet reached. This can be shown for all actions. Limit Reached: Indicates that the limit is reached on this port.
  • Page 55 The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication. One or more central servers, the backend servers, determine whether the user is allowed access to the network. These backend (RADIUS) servers are configured on the "Configuration→Security→AAA"...
  • Page 56 Reauthentication Period Determines the period, in seconds, after which a connected client must be reauthenticated. This is only active if the Reauthentication Enabled checkbox is checked. Valid values are in the range 1 to 3600 seconds. EAPOL Timeout Determines the time for retransmission of Request Identity EAPOL frames. Valid values are in the range 1 to 65535 seconds.
  • Page 57 The "RADIUS-Assigned VLAN Enabled" checkbox provides a quick way to globally enable/disable RADIUS-server assigned VLAN functionality. When checked, the individual ports' ditto setting determine whether RADIUS-assigned VLAN is enabled on that port. When unchecked, RADIUS-server assigned VLAN is disabled on all ports. Guest VLAN Enabled A Guest VLAN is a special VLAN - typically with limited network access - on which 802.1X-unaware clients are placed after a network administrator-defined timeout.
  • Page 58 Port The port number for which the configuration below applies. Admin State If NAS is globally enabled, this selection controls the port's authentication mode. The following modes are available: Force Authorized In this mode, the switch will send one EAPOL Success frame when the port link comes up, and any client on the port will be allowed network access without authentication.
  • Page 59 Note: Suppose two backend servers are enabled and that the server timeout is configured to X seconds (using the AAA configuration page), and suppose that the first server in the list is currently down (but not considered dead). Now, if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds, then it will never get authenticated, because the switch will cancel on-going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant.
  • Page 60 When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicant's port will be classified to the given QoS Class.

  • Page 61: Security / Network / Access Control List Configuration

    For trouble-shooting VLAN assignments, use the "Monitor→VLANs→VLAN Membership and VLAN Port" pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. Guest VLAN Operation: When a Guest VLAN enabled port's link comes up, the switch starts transmitting EAPOL Request Identity frames.
  • Page 62 on a port unless the frame matches a specific ACE. The settings relate to the currently selected stack unit, as reflected by the page header. Port The logical port for the settings contained in the same row. Policy ID Select the policy to apply to this port. The allowed values are through 255.
  • Page 63 Action Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit". Rate Limiter ID Select which rate limiter to apply on this port. The allowed values are Disabled or the values through 16. The default value is "Disabled". SelectSelectDisabledPort Copy Select which port frames are copied on.
  • Page 64 Rate Limiter ID The rate limiter ID for the settings contained in the same row. Rate The allowed values are: 0-3276700 in pps 0,100,200,300,…,1000000 in kbps. Unit Specify the rate unit. The allowed values are: pps: packets per second. kbps: Kbits per second.
  • Page 65 Click on the lowest plus sign to add a new ACE to the list. The reserved ACEs used for internal protocol, cannot be edited or deleted, the order sequence cannot be changed and the priority is highest. Ingress Port Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port.
  • Page 66 IPv6: The ACE will match all IPv6 standard frames. Action Indicates the forwarding action of the ACE. Permit:: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Rate Limiter Indicates the rate limiter number of the ACE. The allowed range is to 16.
  • Page 67 An ACE consists of several parameters. These parameters vary according to the frame type that you select. First select the ingress port for the ACE, and then select the frame type. Different parameter options are displayed depending on the frame type selected. A frame that hits this ACE matches the configuration that is defined here.
  • Page 68 type. Action Specify the action to take with a frame that hits this ACE. Permit: The frame that hits this ACE is granted permission for the ACE operation. Deny: The frame that hits this ACE is dropped. Rate Limiter Specify the rate limiter in number of base units. The allowed range is 1 to 16. Disabled indicates that the rate limiter operation is disabled.
  • Page 69 MAC Parameters SMAC Filter (Only displayed when the frame type is Ethernet Type or ARP.) Specify the source MAC filter for this ACE. Any: No SMAC filter is specified. (SMAC filter status is "don't-care".) Specific: If you want to filter a specific source MAC address with this ACE, choose this value. A field for entering an SMAC value appears.
  • Page 70 ARP Parameters The ARP parameters can be configured when Frame Type "ARP" is selected. ARP/RARP Specify the available ARP/RARP opcode (OP) flag for this ACE. Any: No ARP/RARP OP flag is specified. (OP is "don't-care".) ARP: Frame must have ARP/RARP opcode set to ARP. RARP: Frame must have ARP/RARP opcode set to RARP.
  • Page 71 Specify whether frames can hit the action according to their sender hardware address field (SHA) settings. 0: ARP frames where SHA is not equal to the SMAC address. 1: ARP frames where SHA is equal to the SMAC address. Any: Any value is allowed ("don't-care"). RARP DMAC Match Specify whether frames can hit the action according to their target hardware address field (THA) settings.
  • Page 72 Specify the Time-to-Live settings for this ACE. zero: IPv4 frames with a Time-to-Live field greater than zero must not be able to match this entry. non-zero: IPv4 frames with a Time-to-Live field greater than zero must be able to match this entry. Any: Any value is allowed ("don't-care").
  • Page 73 ICMP Type Filter Specify the ICMP filter for this ACE. Any: No ICMP filter is specified (ICMP filter status is "don't-care"). Specific: If you want to filter a specific ICMP filter with this ACE, you can enter a specific ICMP value. A field for entering an ICMP value appears.
  • Page 74 destination value. TCP/UDP Destination Range When "Range" is selected for the TCP/UDP destination filter, you can enter a specific TCP/UDP destination range value. The allowed range is 0 to 65535. A frame that hits this ACE matches this TCP/UDP destination value. TCP FIN Specify the TCP "No more data from sender"...

  • Page 75: Switch / Network / Dhcp Configuration

    Ethernet Type Value When "Specific" is selected for the EtherType filter, you can enter a specific EtherType value. The allowed range is 0x600 to 0xFFFF but excluding 0x800(IPv4), 0x806(ARP) and 0x86DD(IPv6). A frame that hits this ACE matches this EtherType value. Buttons to save changes.
  • Page 76 Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. DHCP Relay Configuration Configure DHCP Relay on this page. Relay Mode Indicates the DHCP relay mode operation. Possible modes are: Enabled: Enable DHCP relay mode operation.

  • Page 77: Ip Source Guard Configuration

    Relay Server Indicates the DHCP relay server IP address. A DHCP relay agent is used to forward and to transfer DHCP messages between the clients and the server when they are not in the same subnet domain. Relay Information Mode Indicates the DHCP relay information mode option operation.
  • Page 78 This page provides IP Source Guard related configuration. Mode of IP Source Guard Configuration Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled. Port Mode Configuration Specify IP Source Guard is enabled on which ports.

  • Page 79: Arp Inspection

    Port The logical port for the settings. VLAN ID The vlan id for the settings. IP Address Allowed Source IP address. usedMAC address Allowed Source MAC address. Adding new entry Click to add a new entry to the Static IP Source Gurard table. Specify the Port, VLAN ID, IP address, and IP Mask for the new entry.
  • Page 80 This page provides ARP Inspection related configuration. Mode of ARP Inspection Configuration Enable the Global ARP Inspection or disable the Global ARP Inspection.
  • Page 81 Port Mode Configuration Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.

  • Page 82: Security / Aaa Authentication Server Configuration

    Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings. VLAND ID The vlan id for the settings. MAC Address Allowed Source MAC address in ARP request packets. IP Address Allowed Source IP address in ARP request packets.
  • Page 83 Timeout The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server.If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
  • Page 84 decimal notation. Port The UDP port to use on the RADIUS Authentication Server. If the port is set to 0 (zero), the default port (1812) is used on the RADIUS Authentication Server. Secret The secret - up to 29 characters long - shared between the RADIUS Authentication Server and the switch. RADIUS Accounting Server Configuration The table has one row for each RADIUS Accounting Server and a number of columns, which are: The RADIUS Accounting Server number for which the configuration below applies.
  • Page 85 decimal notation. Port The TCP port to use on the TACACS+ Authentication Server. If the port is set to 0 (zero), the default port (49) is used on the TACACS+ Authentication Server. Secret The secret - up to 29 characters long - shared between the TACACS+ Authentication Server and the switch.

  • Page 86: Aggregation Configuration

    4.5 Aggregation Configuration Link Aggregation is also known as Port Trunking. It allows user using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability. The switch support both Static and Dynamic link aggregation, LACP. The switch also supports different Hash mechanism to forward traffic according to the MAC address or IP, Protocol Port Number.

  • Page 87: Lacp - Dynamic Aggregation

    The TCP/UDP port number can be used to calculate the destination port for the frame. Check to enable the use of the TCP/UDP Port Number, or uncheck to disable. By default, TCP/UDP Port Number is enabled. Aggregation Group Configuration Group ID Indicates the group ID for the settings contained in the same row.
  • Page 88 Port The switch port number. LACP Enabled Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2 GLAGs per stack.

  • Page 89: Loop Protection

    4.6 Loop Protection page allows the user to inspect the current Loop Protection configurations, and possibly This change them as well. The loop protection feature is very important to protect the unexpected network loop, especially when you install the switch on the internet. The incorrect installation, failure media, or hacker attacking may create network loop.
  • Page 90 Port The switch port number of the port. Enable Controls whether loop protection is enabled on this switch port. Action Configures the action performed when a loop is detected on a port. The valid values are: Shutdown Port: Shutdown the port until the Shutdown Time timeout. Shutdown Port and Log: Shutdown the port and log the status.

  • Page 91: Spanning Tree

    4.7 Spanning Tree The switch supports Multiple Spanning Tree Protocol (MSTP), Rapid Spanning Tree Protocol (RSTP) and Legacy Spanning Tree Protocol (STP). The STP and RSTP is combined and defined in IEEE 802.1D-2004, Rapid Spanning Tree Protocol. The RSTP protocol is applied to single network domain no matter how many VLANs in your network.
  • Page 92 Basic Settings Protocol Version The STP protocol version setting. Valid values are STP, RSTP, and MSTP. Bridge Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. MSTP operation, this is the priority of the CIST.

  • Page 93: Spanning Tree / Msti Mapping

    Control whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot. Port Error Recovery Timeout The time to pass before a port in the error-disabled state can be enabled.

  • Page 94: Spanning Tree / Msti Priorities

    The revision of the MSTI configuration named above. This must be an integer between 0 and 65535. MSTI Mapping MSTI The bridge instance. The CIST is not available for explicit mapping, as it will receive the VLANs not explicitly mapped. VLANs Mapped The list of VLANs mapped to the MSTI.

  • Page 95: Spanning Tree / Cist Ports

    Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.7.4 Spanning Tree / CIST Ports This page allows the user to inspect the current STP CIST port configurations, and possibly change them as well.
  • Page 96 Path Cost Controls the path cost incurred by the port. Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network.

  • Page 97: Spanning Tree Msti Ports

    If enabled, causes the port to disable itself upon receiving valid BPDU's. Contrary to the similar bridge setting, the port Edge status does not effect this setting. A port entering error-disabled state due to this setting is subject to the bridge Port Error Recovery setting as well.
  • Page 98 The switch port number of the corresponding STP CIST (and MSTI) port. Path Cost Controls the path cost incurred by the port. The Autosetting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered.

  • Page 99: Mvr (Multicast Vlan Registration)

    4.8 MVR (Multicast VLAN Registration) MVR is shot of Multicast VLAN Registration. The MVR is a protocol for layer 2 network that enables multicast traffic from a source VLAN to be shared with client/subscriber VLANs. MVR is typically used for IPTV-like service.
  • Page 100 MVR Mode Enable/Disable the Global MVR. VLAN ID Specify the Multicast VLAN ID. Mode Enable MVR on the port. Type Specify the MVR port type on the port. Immediate Leave Enable the fast leave on the port.
  • Page 101 Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.

  • Page 102: Ipmc (Ip Multicast)

    4.9 IPMC (IP Multicast) IPMC is short of IP Multicast, the switch support IPv4 and IPv6 multicast forwarding and filtering. The IGMP Snooping defines how to manage IPv4 multicast traffic, the MLD defines how to manage IPv6 multicast traffic. 4.9.1 IGMP Snooping Configuration Internet Group Management Protocol Snooping (IGMP Snooping) is a multicast constraining mechanism that runs on Layer 2 devices to manage and control multicast groups.

  • Page 103: Igmp Snooping Vlan Configuration

    SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range. Leave Proxy Enabled Enable IGMP Leave Proxy. This feature can be used to avoid forwarding unnecessary leave messages to the router side.
  • Page 104 Each page shows up to 99 entries from the VLAN table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table. The "VLAN"...

  • Page 105: Igmp Snooping / Port Group Filtering

    Last Member Query Interval. The Last Member Query Time is the time value represented by the Last Member Query Interval, multiplied by the Last Member Query Count. The allowed range is 31744 tenths of seconds, default last member query interval is 10 in tenths of seconds (1 second). Unsolicited Report Interval.

  • Page 106: Mld Snooping Configuration

    Warning message about the Filtering Group. The range of the IP Multicast is 224.0.0.0 ~239.255.255.255 Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.9.2 MLD Snooping Configuration This section provides MLD Snooping related configuration. The MLD is for IPv6 Multicast Snooping. The difference between the 2 IGMP and MLD is that the IGMP is applied to IPv4 Multicast stream, the MLD is applied to IPv6 Multicast stream.

  • Page 107: Mld Snooping Vlan Configuration

    Proxy Enabled Enable MLD Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side. Router Port Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier.
  • Page 108 MLD Snooping Enabled Enable the per-VLAN MLD Snooping. Only up to 64 VLANs can be selected. MLD Querier Enable the IGMP Querier in the VLAN. Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network.

  • Page 109: Ipmc / Mld Snooping / Port Group Filtering

    4.9.2.3 IPMC / MLD Snooping / Port Group Filtering MLD Snooping Port Group Filtering Configuration Delete Check to delete the entry. It will be deleted during the next save. Port The logical port for the settings. Filtering Groups The IP Multicast Group that will be filtered. Adding New Filtering Group Click to add a new entry to the Group Filtering table.

  • Page 110: Lldp Parameters

    4.10 LLDP Parameters The Link Layer Discovery Protocol (LLDP) is a vendor-neutral link layer protocol. LLDP information is sent by devices from each of their interfaces at a fixed interval, in the form of an Ethernet Frame. Each frame contains one LLDP Data Unit (LLDPDU). Each LLDPDU is a sequence of Type-Length-Value (TLV) structures.
  • Page 111 are restricted to 1 - 10 seconds. LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit, as reflected by the page header. Port The switch port number of the logical LLDP port. Mode Select LLDP mode.

  • Page 112: Lldp Media Configuration

    Sys Name Optional TLV: When checked the "system name" is included in LLDP information transmitted. Sys Descr Optional TLV: When checked the "system description" is included in LLDP information transmitted. Sys Capa Optional TLV: When checked the "system capability" is included in LLDP information transmitted. Mgmt Addr Optional TLV: When checked the "management address"...
  • Page 113 information which are specifically relevant to particular endpoint types (for example only advertise the voice network policy to permitted voice-capable devices), both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy.
  • Page 114 NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich; The associated vertical datum is the North American Vertical Datum of 1988 (NAVD88). This datum pair is to be used when referencing locations on land, not near tidal water (which would use Datum = NAD83/MLLW).
  • Page 115 House no. suffix House number suffix – Example: A, 1/2 Landmark Landmark or vanity address – Example : Columbia University. Additional location info. Additional location info – Example : South Wing. Name Name ( residence and office occupant ) – Example : Flemming Jahn. Zip code Postal /zip code –...
  • Page 116 Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. This format consists of a numerical digit string, corresponding to the ELIN to be used for emergency calling. Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration, along with the associated Layer 2 and Layer 3 attributes, which apply for a set of...
  • Page 117 2. Guest Voice 3. Soft phone Voice 4. Video Conferencing 5. Streaming Veido 6. Control / Singalling ( Conditionally support a separate network policy for the media types above ) A large network may support multiple VoIP policies across the entire organization, and different policies per application type.
  • Page 118 network policies apply as those advertised in the Video Conferencing application policy. indicating whether the specified application type is using a 'tagged' or an 'untagged' VLAN. Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802.1Q-2003.
  • Page 119 Reset: Click to undo any changes made locally and revert to previously saved values.

  • Page 120: Poe Configuration

    4.11 PoE Configuration The function is applied to the PoE Switch model. If your switch is not PoE switch, you will not see this configuration commands. This section allows the user to inspect and configure the current port settings. Power Over Ethernet Configuration Reserved Power determined by There are three modes for configuring how the ports/PDs may reserve power.
  • Page 121 according to the ports priority. If two ports have the same priority the port with the highest port number is shut down. 2. Reserved Power: In this mode the ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver. In this mode the port power is not turned on if the PD requests more power than available from the power supply.
  • Page 122 Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.

  • Page 123: Mac Address Table Configuration

    4.12 MAC Address Table Configuration The MAC Address Table is configured on this page. Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here. Aging Configuration By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging.
  • Page 124 Static MAC Table Configuration The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries. The table is sorted first by VLAN ID and then by MAC address. Delete Check to delete the entry. It will be deleted during the next save. VLAN ID The VLAN ID of the entry.
  • Page 125 Checkmarks indicate which ports are members of the entry. Check or uncheck as needed to modify the entry. Adding a New Static Entry Click to add a new entry to the static MAC table. Specify the VLAN ID, MAC address, and port members for the new entry.

  • Page 126: Vlan (Virtual Lan)

    4.13 VLAN (Virtual LAN) The VLAN is short of Virtual LAN (Local Area Network.) The VLAN technology allows you to divide the physical ports to different logical groups. Each groups is a virtual LAN, the clients within the VLAN is a broadcast domain. While the clients in different VLANs need to communicate, the VLAN Overlapping setting or a additional upper router is needed.
  • Page 127 Indicates the ID of this particular VLAN. VLAN Name Indicates the name of the VLAN. Maximum length of the VLAN Name String is 32. VLAN Name can only contain alphabets or numbers. VLAN name should contain atleast one alphabet. VLAN name can be edited for the existing VLAN entries or it can be added to the new entries.

  • Page 128: Vlan Port Configuration

    The button can be used to undo the addition of new VLANs. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Refreshes : Refreshes the displayed the table starting from the “VLAND ID” input fields. <<...
  • Page 129 Port can be one of the following types: Unaware, Customer port(C-port), Service port(S-port), Custom Service port(S-custom-port) If Port Type is Unaware, all frames are classified to the Port VLAN ID and tags are not removed. Ingress Filtering Enable ingress filtering on a port by checking the box. This parameter affects VLAN ingress processing. If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame, the frame is discarded.

  • Page 130: Private Vlans

    4.14 Private VLANs The Private VLAN feature provides the ability to extend the capabilities of a "standard" VLAN. The additional concepts, Primary VLAN, Community VLAN and Isolated VLAN are introduced in Private VLAN. The Primary VLAN can be considered the master in the master/slave relationship with the other 2 sub-types, Community VLAN and Isolated VLAN.

  • Page 131: Port Isolation Configuration

    Port Members A row of check boxes for each port is displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked.
  • Page 132 A check box is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports. Buttons Save: Click to save changes.

  • Page 133: Vcl

    4.15 VCL 4.15.1 VCL / MAC-Based VLAN Configuration The MAC-based VLAN entries can be configured here. This page allows for adding and deleting MAC-based VLAN entries and assigning the entries to different ports. This page shows only static entries. Delete To delete a MAC-based VLAN entry, check this box and press save.

  • Page 134: Vcl / Protocol-Based Vlan

    Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Refreshes : Refreshes the displayed the table starting from the “VLAND ID” input fields. << : Updates the table starting from the first entry in the VALN Table, i.e. the entry with the lowest VLAND ID.
  • Page 135 Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu. Below is the criteria for three different Frame Types: For Ethernet: Values in the text field when Ethernet is selected as a Frame Type is called etype. Valid values for etype ranges from 0x0600-0xffff For LLC: Valid value in this case is comprised of two different sub-values.
  • Page 136 This page allows you to map a already configured Group Name to a VLAN for the switch. The displayed settings are: Delete To delete a Group Name to VLAN map entry, check this box. The entry will be deleted on the switch during the next Save Group Name A valid Group Name is a string of atmost 16 characters which consists of a combination of alphabets...

  • Page 137: Vcl / Ip Subnet-Based Vlan

    Reset: Click to undo any changes made locally and revert to previously saved values. 4.15.3 VCL / IP Subnet-based VLAN The IP subnet-based VLAN enties can be configured here. This page allows for adding, updating and deleting IP subnet-based VLAN entries and assigning the entries to different ports. This page shows only static entries.
  • Page 138 Adding a New IP subnet-based VLAN Click "Add New Entry" to add a new IP subnet-based VLAN entry. An empty row is added to the table, and the IP subnet-based VLAN entry can be configured as needed. Any IP address/mask can be configured for the IP subnet-based VLAN entry.

  • Page 139: Voice Vlan Configuration

    4.16 Voice VLAN Configuration 4.16.1 Voice VLAN / Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN, then the switch can classify and schedule network traffic. It is recommended that there be two VLANs on a port - one for voice, one for data.

  • Page 140: Voice Vlan / Oui Configuration

    Possible modes are: Disabled: from Voice VLAN. Auto: Enable auto detect mode. It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically. Forced: Force join to Voice VLAN. Port Security the Voice VLAN port security mode. When the function is enabled, all non-telephonic MAC addresses in the Voice VLAN will be blocked for 10 seconds.
  • Page 141 Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is "xx-xx-xx" (x is a hexadecimal digit). Description The description of OUI address. Normally, it describes which vendor telephony device it belongs to. The allowed string length is to 32.

  • Page 142: Qos

    4.17 QoS 4.17.1 QoS / Ingress Port Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports. The settings relate to the currently selected stack unit, as reflected by the page header. The displayed settings are: Port The po t number for which the configuration below applies.

  • Page 143: Qos / Ingress Port Policer Config

    Disabled: Use default QoS class and DP level for tagged frames. Enabled: Use mapped versions of PCP and DEI for tagged frames. Click on the mode in order to configure the mode and/or mapping. DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification. Buttons Save: Click to save changes.

  • Page 144: Qos / Port Scheduler

    Controls the unit of measure for the policer rate as kbps, Mbps, fps or kfps . The default value is "kbps". Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.17.3 QoS / Port Scheduler This page provides an overview of QoS Egress Port Schedulers for all switch ports.

  • Page 145: Qos / Port Tag Remarking

    Port The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers. Shows "disabled" or actual queue shaper rate - e.g. "800 Mbps". Port Shows "disabled" or actual port shaper rate - e.g. "800 Mbps". 4.17.5 QoS / Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports.

  • Page 146: Qos / Port Dscp Configuration

    Port The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking. Mode Shows the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level..

  • Page 147: Qos / Dscp Based Qos Ingress Classification

    2. Classify Classification for a port have 4 different values. Disabled: No Ingress DSCP Classification. DSCP=0: Classify if incoming (or translated if enabled) DSCP is 0. Selected: Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP.
  • Page 148 DSCP Maximum number of supported DSCP values are 64. Trust Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QOs class and Drop Precedence Level. Frames with un- trusted DSCP values are treated as a non-IP frame.

  • Page 149: Qos / Dscp Translation

    4.17.8 QoS / DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches. DSCP translation can be done in Ingress or Egress. The displayed settings are: DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63. Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.

  • Page 150: Qos / Dscp Classification

    2. Remap DP1 Controls the remapping for frames with DP level 1. 1. Remap DP0 Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63. 2. Remap DP1 Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63. Buttons Save: Click to save changes.

  • Page 151: Qos / Control List Configuration

    DSCP Select the classified DSCP value (0-63). Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.17.10 QoS / Control List Configuration QoS Control List Configuration This page shows the QoS Control List(QCL), which is made up of the QCEs. Each row describes a QCE that is defined.
  • Page 152 Indicates the index of QCE. IndicatesPort Indicates the list of ports configured with the QCE. Frame Type Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed.

  • Page 153: Qos / Storm Control Configuration

    Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content. There are three action fields: Class, DPL and DSCP. Class: Classified QoS class.. DPL: Classified Drop Precedence Level. DSCP: Classified DSCP value. Modification Buttons You can modify each QCE (QoS Control Entry) in the table using the following buttons: : Inserts a new QCE before the current row.
  • Page 154 There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate control. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table. The configuration indicates the permitted packet rate for unicast, multicast or broadcast traffic across the switch.

  • Page 155: Mirroring Configuration

    4.18 Mirroring Configuration Configure port Mirroring on this page. To debug network problems, selected traffic can be copied, or mirrored, on a mirror port where a frame analyzer can be attached to analyze the frame flow. The traffic to be copied on the mirror port is selected as follows: All frames received on a given port (also known as ingress or source mirroring).

  • Page 156: Upnp Configuration

    Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 4.19 UPnP Configuration Configure UPnP on this page. Mode Indicates the UPnP operation mode. Possible modes are: Enabled: Enable UPnP mode operation. Disabled: Disable UPnP mode operation.
  • Page 157 Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.

  • Page 158: Sflow Configuration

    4.20 sFlow Configuration Sampled Flow (sFlow) is a traffic monitoring technology mainly used to collect and analyze traffic statistics. The switch supports sFlow feature. The sFlow software agent collects traffic statistics and packet information from the sFlow-enabled interfaces on the switch, encapsulates them into sFlow packets.
  • Page 159 sFlow Ports List of the port numbers on which sFlow is configured. sFlow Instance Configured sFlow instance for the port number. Flow Sampling Packet flow sampling refers to arbitrarily choosing some packets out of a specified number,reading the first "Max Hdr Size" bytes and exporting the sampled datagram for analysis. The attributes associated with the flow sampling are: sampler type, sampling rate, maximum header size.
  • Page 160 Editing Button You can modify each port's sampler configuration the table using the following button: : Edits the port sampler configuration.

  • Page 161: Feature Configuration - Cli

    5. Feature Configuration - CLI The Command Line Interface (CLI) is the user interface to the switch’s embedded software system. You can view the system information, show the status, configure the switch and receive a response back from the system by keying in a command. After login the switch through console CLI, you can see the ">"...
  • Page 162 Parameters: <name>: System name string. (1-255) Example: Contact Name = Orwell System>contact Orwell System Name Syntax: System Name [<name>] Parameters: <name>: System name string. (1-255) Example: Contact Name = poeswitch System>name poeswitch poeswitch:/> (After given system name, the prompt character will be changed automatically.) System Location Syntax:...
  • Page 163 Type the NTP Server address settings by below command: Syntax: IP NTP Server Add <server_index> <ip_addr_string> IP NTP Server Ipv6 Add <server_index> <server_ipv6> IP NTP Server Delete <server_index> Example: poeswitch:/IP>ntp ser add 1 192.168.100.1 poeswitch:/IP>ntp ser add 2 168.95.1.1 Check the NTP Server settings by below command: poeswitch:/IP>ntp conf IP NTP Configuration: =====================...
  • Page 164 (Address, Prefix, IP IPv6 Setup [<ipv6_addr>] [<ipv6_prefix>] [<ipv6_router>] Router) Example: poeswitch:/IP>ipv6 setup 2001:DB8::250:8bff:fee8:f800 48 2001:DB8::250:8bff:fee8:f8ff IPv6 Ping Test Syntax: IP IPv6 Ping6 <ipv6_addr> [(Length <ping_length>)] [(Count <ping_count>)] [(Interval <ping_interval>)] Example: poeswitch:/IP>ipv6 ping6 2001:DB8::250:8bff:fee8:f800 NTP Mode Enable NTP Mode by below command: poeswitch:/IP>ntp mode en NTP Server Address Syntax:...

  • Page 165: Power Reduction

    Syntax: Syslog Level System Log Level [info|warning|error] Information: poeswitch:/System>log level inf Warning: poeswitch:/System>log level war Error: poeswitch:/System>log level err Syntax: Clear Syslog System Log Clear [all|info|warning|error] poeswitch:/System>log clear all poeswitch:/System>log conf System Log Configuration System Log Configuration: ========================= System Log Server Mode : Enabled System Log Server Address : 192.168.2.100 System Log Level...

  • Page 166: Port Configuration

    led_power>main 20 on (20 sec., on_ad_errors enabled) EEE Configuration Syntax: EEE Port EEE Mode [<port_list>] [enable|disable] Configuration Parameters: <port_list>: Port list or 'all', default: All ports enable : Enable EEE disable: Disable EEE Example: Enable Port 1-5 EEE>mode 1-5 en Syntax: Urgent Queue of Port EEE Urgent_queues [<port_list>] [<queue_list>]...

  • Page 167: Port Status

    Example: Port>flow cont 1 en (Enable Flow Control on Port 1) Port>flow cont 1 dis (Disable Flow Control on Port 2) Syntax: Maximum Frame Size Port MaxFrame [<port_list>] [<max_frame>] Example: Set port 1-24's maximum frame size to 9K jumbo frame Port>maxf 1-24 9600 Port Status Port>conf 1-2...

  • Page 168: Security Configuration

    5.4 Security Configuration Feature Command Line Security-Switch Configuration >securi swi Security -Switch Type 'up' to move up one level or '/' to go to root level Group Security/Switch>? Command Groups: --------------- Security Switch Users : User management Security Switch Privilege: Privilege level Security Switch Auth : Authentication Security Switch SSH...
  • Page 169 Security Switch Privilege Level Group <group_name> [<cro>] [<crw>] [<sro>] [<srw>] (cro=Configuration Read-Only, crw=Configuration/Excute Read/Write, sro=Status/Statistics Read-Only, srw=Status/Statistics Read/Write) Example: Set Privilege level of VLAN Group Security/Switch/Privilege>level group VLANs 10 10 10 10 (cro=10, crw=10, sro=10, srw=10) Security/Switch>pri level conf Privilege Level Configuration Table Privilege Level Configuration: ==============================...
  • Page 170 Security/Switch>https redi en Result: Security/Switch>https conf HTTPS Configuration: ==================== HTTPS Mode : Enabled HTTPS Redirect Mode : Enabled Syntax: Access Management Security Switch Access Add <access_id> <start_ip_addr> <end_ip_addr> [web] [snmp ] [telnet] Example: Limit the IP range from the 192.168.2.1 to 192.168.2.10 can access the web UI.
  • Page 171 Type 'up' to move up one level or '/' to go to root level Security/Switch/SNMP/Trap> Syntax: Security Switch SNMP Trap Mode [enable|disable] Security Switch SNMP Trap Version [1|2c|3] Security Switch SNMP Trap Community [<community>] Security Switch SNMP Trap Destination [<ip_addr_string>] Security Switch SNMP Trap IPv6 Destination [<ipv6_addr>] Example: Security/Switch/SNMP/Trap>mode ena...
  • Page 172 --- --------- -------------------------------- -------------- ---- ---- Local default_user NoAuth, NoPriv None None Local orwell NoAuth, NoPriv None None Local andy Auth, NoPriv MD5 None Number of entries: 3 In Security/Switch Group, the system supports 4 types RMON RMON groups, please follow the RMON Syntax to add the entries. Syntax: Security/Switch>rmon ? Statistics:...
  • Page 173 Syntax: Limit Control - Port Security Network Limit Port [<port_list>] [enable|disable] Configuration Security Network Limit Limit [<port_list>] [<limit>] Security Network Limit Action [<port_list>] [none|trap|shut|trap_shut] Security Network Limit Reopen [<port_list>] Example: Security/Network>limit port 1 enabl Security/Network>limit limit 1 5 Security/Network>limit action 1 trap Network Access Server Configuration (also known as IEEE 802.1X) Syntax: NAS System...
  • Page 174 ACL (Access Control List) Syntax: ACL Port Security Network ACL Action [<port_list>] [permit|deny] Configuration [<rate_limiter>] [<port_redirect>] [<mirror>] [<logging>] [<shutdown>] Parameters: <port_list> : Port list or 'all', default: All ports permit : Permit forwarding (default) deny : Deny forwarding <rate_limiter> : Rate limiter number (1-15) or 'disable' <port_redirect>: Port list for copy of frames or 'disable' <mirror>...
  • Page 175 (arp [<sip>] [<dip>] [<smac>] [<arp_opcode>] [<arp_flags>]) | [<sip>] [<dip>] [<protocol>] [<ip_flags>]) | (icmp [<sip>] [<dip>] [<icmp_type>] [<icmp_code>] [<ip_flags>]) | (udp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>]) | (tcp [<sip>] [<dip>] [<sport>] [<dport>] [<ip_flags>] [<tcp_flags>])] [permit|deny] [<rate_limiter>] [<port_redirect>] [<mirror>] [<logging>][<shutdown>] Parameters: <ace_id> : ACE ID (1-256), default: Next available ID <ace_id_next>...
  • Page 176 Example: Add one ACE: Security/Network/ACL>add 2 port 6-10 policy 3 8 ip ACE ID 2 added last Edit one ACE: Security/Network/ACL>add 1 port 1-5 policy 2 8 any ACE ID 1 modified last Result: Type Port Policy Frame Action Rate L. Port C. Mirror Counter ------- -------- -------- ----- ------ -------- -------- -------- ------- User...
  • Page 177 Security Network IP Source Guard Translation Example: Security/Network>ip source guard mode en Security/Network>ip source guard port mode 1-10 en (Port 1-10) Security/Network>ip source guard limit 1-10 2 (limit 2 MAC Address) Syntax: IP Source Guard Security Network IP Source Guard Entry [<port_list>] Static Table add|delete <vid>...

  • Page 178: Authentication Server

    [<ip_addr_string>] [<secret>] [<server_port>] Authentication Server Example: Security>aaa radi 1 en 192.168.2.200 password 1812 Syntax: RADIUS Accounting Security AAA ACCT_RADIUS [<server_index>] Server [enable|disable] [<ip_addr_string>] [<secret>] [<server_port>] Example: Security>aaa ACCT_radi 1 en 192.168.2.200 password 1813 Syntax: TACACS+ Security AAA TACACS+ [<server_index>] [enable|disable] Authentication Server [<ip_addr_string>] [<secret>] [<server_port>] Example:...

  • Page 179: Aggregation Configuration

    5.5 Aggregation Configuration Feature Command Line Static Aggregation Configuration Syntax: Aggregation Group Aggr Add <port_list> [<aggr_id>] Configuration Example: Add port 5-8 to Group 1 >aggr add 5-8 1 >aggr del 1 (Delete the group 1) Syntax: Hash Code Aggr Mode [smac|dmac|ip|port] [enable|disable] Contributors smac = Source MAC Address dmac = Destination MAC Address...

  • Page 180: Spanning Tree

    Loop Protect Transmit [<transmit-time>] Protection Loop Protect Shutdown [<shutdown-time>] Example: >loop protect mode en Transmission Time >loop protect trans 10 (10 seconds) Shutdown Time >loop protect shut 200 (200 seconds) Port Configuration Syntax: Loop Protection - Port Loop Protect Port Mode [<port_list>] [enable|disable] Configuration Loop Protect Port Action [<port_list>] [shutdown|shut_log|log] Loop Protect Port Transmit [<port_list>] [enable|disable]...
  • Page 181 Syntax: Max. Age STP MaxAge [<max_age>] Valid values are in the range 6 to 40 seconds, and MaxAge must be <= (FwdDelay-1)*2. Syntax: Maximum Hop Count STP MaxHops [<maxhops>] Valid values are in the range 6 to 40 hops) Syntax: Transmit Hold Count STP Txhold [<holdcount>] Valid values are in the range 1 to 10 BPDU's per second.)

  • Page 182: Mvr

    Syntax: Port Path Cost STP Msti Port Cost [<msti>] [<port_list>] [<path_cost>] Parameters: <msti> : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) <port_list>: Port list or 'all'. Port zero means aggregations. <path_cost>: STP port path cost (1-200000000) or 'auto' Example: Configure CIST 0 Port Path Cost STP>msti port cost 0 all auto (Path cost = auto) STP>msti port cost 0 all 100000 (Path cost = 100000) Syntax:...

  • Page 183: Ipmc

    Example: MVR>immedi leave 1-10 en MVR Configuration MVR>conf (View the settings of above configuration) MVR Configuration: ================== MVR Mode: Enabled MVR Interface Setting Name Mode Tagging Priority LLQI ---- -------------------------------- ---------- -------- -------- ----- Source2 Dynamic Tagged [Port Setting of Source2(VID-2)] Source Port : 2 Receiver Port: 6,7 Inactive Port: 1,3-5,8-26...

  • Page 184: Lldp Configuration

    Syntax: Leave Proxy Enable IPMC Leave Proxy [mld|igmp] [enable|disable] Example: IPMC>leave proxy igmp en (Enable) IPMC>leave proxy igmp dis (Disable) Syntax: Proxy Enable IPMC Proxy [mld|igmp] [enable|disable] Example: IPMC>proxy igmp en (Enable) IPMC>proxy igmp dis (Disable) Port Related Syntax: IPMC Router [mld|igmp] [<port_list>] [enable|disable] Configuration IPMC Fastleave [mld|igmp] [<port_list>] [enable|disable] (Router Port, Fast...

  • Page 185: Power Over Ethernet Configuration

    Feature Command Line LLDP Parameters LLDP Timers Syntax: LLDP Interval [<interval>] LLDP Hold [<hold>] LLDP Delay [<delay>] LLDP Reinit [<reinit>] Example: LLDP>interval 30 LLDP>hold 4 LLDP>delay 2 LLDP>reini 2 LLDP Mode Syntax: LLDP Mode [<port_list>] [enable|disable|rx|tx] (rx=RX Only, tx=TX Only) Example: Enable LLDP on Ports LLDP>mode 1-10 en (Port 1-10 are enabled) LLDP>mode 1-26 en (Port 1-26 are enabled)

  • Page 186: Mac Address Table Configuration

    PoE Power Supply Syntax: PoE Maximum_Power [<port_list>] [<port_power>] Configuration (Warning: The default Parameters: value is for reference <port_list> : Port list or 'all', default: All ports only. If the value is <port_power>: PoE maximum power for the port (0-15.4 Watt not comfort to your for PoE mode, 0-30.0 Watt for PoE+ mode) product specification,...

  • Page 187: Vlan Configuration

    MAC>age 100 (change aging time to 100 seconds, the aging time range is 10-1000000) MAC>age 0 (0 = Disable Aging time) MAC Learning Syntax: MAC Learning [<port_list>] [auto|disable|secure] Configuration Example: MAC>lear 1-8 sec MAC>lear 9-12 dis MAC>learn 1-12 auto Static MAC Table Syntax: MAC Add <mac_addr>...

  • Page 188: Private Vlan Configuration

    5.14 Private VLAN Configuration Feature Command Line PVLAN Configuration PVLAN Configuration Syntax: PVLAN Configuration [<port_list>] PVLAN Add <pvlan_id> [<port_list>] PVLAN Delete <pvlan_id> PVLAN Lookup [<pvlan_id>] PVLAN Isolate [<port_list>] [enable|disable] Example: PVLAN>add 10 9-12 PVLAN>add 10 1-2 PVLAN>add 20 1-2 PVLAN>add 20 13-18 PVLAN>iso 9-18 en (Enable Isolated Ports) Result:...

  • Page 189: Voice Vlan Configuration

    Example: VCL/ProtoVlan>vlan add 1-8 E4 10 Protocol VLAN Result: VCL/ProtoVlan>conf Configuration Protocol Type Protocol (Value) Group ID ------------- ------------------------ -------- EthernetII ETYPE:0x808 LLC_Other DSAP:0xff; SSAP:0xff LLC_SNAP OUI-00:e0:2b; PID:0x1 EthernetII ETYPE:0x800 Group ID Ports ---------------- ---- ----- IP Subnet-based VLAN Configuration IP Subnet-based Syntax: VCL IPVlan Add [<vce_id>] <ip_addr_mask>...

  • Page 190: Qos Configuration

    ========================= Voice VLAN Mode : Enabled Voice VLAN VLAN ID : 100 Voice VLAN Age Time(seconds) : 86400 Voice VLAN Traffic Class Port Configuration Syntax: Voice VLAN Port Mode [<port_list>] [disable|auto|force] Voice VLAN Security [<port_list>] [enable|disable] Voice VLAN Discovery Protocol [<port_list>] [oui|lldp|both] Example: Voice/VLAN>port mode 1-4 auto Voice/VLAN>security 1-4 en...
  • Page 191 Port Syntax: QoS Port Classification Class [<port_list>] [<class>] Classification QoS Port Classification DPL [<port_list>] [<dpl>] QoS Port Classification PCP [<port_list>] [<pcp>] QoS Port Classification DEI [<port_list>] [<dei>] QoS Port Classification Tag [<port_list>] [enable|disable] QoS Port Classification Map [<port_list>] [<pcp_list>] [<dei_list>] [<class>] [<dpl>] QoS Port Classification DSCP [<port_list>] [enable|disable] Range of the Value:...
  • Page 192 Port Shaping Syntax: Port Shaper: QoS Port Shaper Mode [<port_list>] [enable|disable] QoS Port Shaper Rate [<port_list>] [<bit_rate>] Queue Shaper: QoS Port QueueShaper Mode [<port_list>] [<queue_list>] [enable|disable] QoS Port QueueShaper Rate [<port_list>] [<queue_list>] [<bit_rate>] QoS Port QueueShaper Excess [<port_list>] [<queue_list>] [enable|disable] Parameters: <port_list>: Port list or 'all', default: All ports <bit_rate>...

  • Page 193: Mirroring Configuration

    QoS Storm Multicast [enable|disable] [<packet_rate>] QoS Storm Broadcast [enable|disable] [<packet_rate>] <packet_rate>: Rate in fps (1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1k, 2k, 4k, 8k, 16k, 32k, 64k, 128k, 256k, 512k, 1024k, 2048k, 4096k, 8192k, 16384k, 32768k) Example: QoS/Storm>unic en 32768k QoS/Storm>multi en 4096k...

  • Page 194: Sflow Configuration

    Example: UPnP>mode en UPnP>ttl 5 (Default=4) UPnP>adver 200 (Default=100) Result: UPnP Configuration: =================== UPnP Mode : Enabled UPnP TTL UPnP Advertising Duration : 200 5.20 sFlow Configuration Feature Command Line sFlow Configuration Receiver Syntax: sFlow Receiver [release] [<timeout>] [<ip_addr_host>] Configuration [<udp_port>] [<datagram_size>] Example: sFlow>receiver 10 192.168.2.100 6343 1400...

  • Page 195: Diagnostic Commands

    ==================== Port Rx Flow Samples Tx Flow Samples Counter Samples ---- --------------- --------------- --------------- 5.21 Diagnostic Commands Feature Command Line Ping Ping Test Syntax: IP Ping <ip_addr_string> [(Length <ping_length>)] [(Count <ping_count>)] [(Interval <ping_interval>)] Parameters: <ip_addr_string>: IPv4 host address (a.b.c.d) or a host name string length : PING Length keyword...

  • Page 196: Maintenance Commands

    5.22 Maintenance Commands Feature Command Line Maintenance Commands Restart Device Syntax: System Reboot Example: System>reb System will reboot in a few seconds Factory Defaults Syntax: System Restore Default [keep_ip] Example: Software/Firmware Syntax: Firmware Information (Firmware Version, Firmware Swap Firmware Load <ip_addr_string> <file_name> Firmware Swapping, Parameters of Firmware Load: Firmware Update)
  • Page 197 Note 2: While firmware uploading process is started, please don't shutdown the switch!

  • Page 198: Web Configuration - Monitor, Diagnostic, Maintenance

    6. Web Configuration - Monitor, Diagnostic, Maintenance 6.1 Monitor 6.1.1 Monitor / System 6.1.1.1 Monitor / System / Information The switch system information is provided here. Contact The system contact configured in Configuration | System | Information | System Contact. Name The system name configured in Configuration | System | Information | System Name.

  • Page 199: Cpu Load

    The period of time the device has been operational. Software Version The software version of this switch. Software Date The date when the switch software was produced. Buttons Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. Refresh : Click to refresh the page;...
  • Page 200 The ID (>= 1) of the system log entry. Level The level of the system log entry. The following level types are supported: Info: Information level of the system log. Warning: Warning level of the system log. Error: Error level of the system log. All: All levels.

  • Page 201: System / Detailed Log

    Refresh: Updates the system log entries, starting from the current entry ID. Clear: Flushes all system log entries. |<<: Updates the system log entries, starting from the first available entry ID. <<: Updates the system log entries, ending at the last entry currently displayed. >>: Updates the system log entries, starting from the last entry currently displayed.

  • Page 202: Monitor / Port State

    6.1.2 Monitor / Port State 6.1.2.1 Port State This page provides an overview of the current switch port states. The port states are illustrated as follows: RJ45 ports SFP ports State Disabled Down Link Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs at regular intervals.

  • Page 203: Qos Statistics

    Port The logical port for the settings contained in the same row. Packets The number of received and transmitted packets per port. Bytes The number of received and transmitted bytes per port. Errors The number of frames received in error and the number of incomplete transmissions per port. Drops The number of frames discarded due to ingress or egress congestion.

  • Page 204: Qcl Status

    The displayed counters are: Port The logical port for the settings contained in the same row. There are 8 QoS queues per port. Q0 is the lowest priority queue. Rx/Tx The number of received and transmitted packets per queue. Buttons Refresh : Click to refresh the page immediately.
  • Page 205 User Indicates the QCL user. QCE# Indicates the index of QCE. Frame Type Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed.

  • Page 206: Detailed Port Statistics

    Buttons Select the QCL status from this drop down list. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs at regular intervals. Resolve Conflict: Click to release the resources required to add QCL entry, incase conflict status for any QCL entry is 'yes'.
  • Page 207 Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted (good and bad) packets. Rx and Tx Octets The number of received and transmitted (good and bad) bytes. Includes FCS, but excludes framing bits. Rx and Tx Unicast The number of received and transmitted (good and bad) unicast packets.
  • Page 208 Receive and Transmit Queue Counters The number of received and transmitted packets per input and output queue. Receive Error Counters Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion. Rx CRC/Alignment The number of frames received with CRC or alignment errors. Rx Undersize The number of short frames received with valid CRC.

  • Page 209: Monitor / Security

    Buttons The port select box determines which port is affected by clicking the buttons. : Click to refresh the page immediately. Refresh : Clears the counters for the selected port. Clear : Check this box to enable an automatic refresh of the page at regular Auto refresh intervals.

  • Page 210: Security / Network

    Received Packets Number of received packets from the interface when access management mode is enabled. Allowed Packets Number of allowed packets from the interface when access management mode is enabled. Discarded Packets Number of discarded packets from the interface when access management mode is enabled. Buttons Auto-refresh : Click this box to enable an automatic refresh of the page at regular intervals.
  • Page 211 User Module Legend The legend shows all user modules that may request Port Security services. User Module Name The full name of a module that may request Port Security services. Abbr A one-letter abbreviation of the user module. This is used in the Users column in the port status table. Port Status The table has one row for each port on the switchand a number of columns, which are: Port...
  • Page 212 Buttons Refresh: Click to refresh the page immediately. Auto-refresh : Click this box to enable an automatic refresh of the page at regular intervals. Port Security Port Status This page shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration.
  • Page 213 If at least one user module has decided to block this MAC address, it will stay in the blocked state until the hold time (measured in seconds) expires. If all user modules have decided to allow this MAC address to forward, and aging is enabled, the Port Security module will periodically check that this MAC address still forwards traffic.
  • Page 214 The switch port number. Click to navigate to detailed NAS statistics for this port. Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values. Port State The current state of the port. Refer to NAS Port State for a description of the individual states. Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL-based authentication, and the most recently received frame from a new client for MAC-based authentication.
  • Page 215 The current state of the port. Refer to NAS Port state for a description of the individual states. QoS Class The QoS class assigned by the RADIUS server. The field is blank if no QoS class is assigned. Port VLAN ID The VLAN ID that NAS has put the port in.
  • Page 216 The number of valid EAPOL Logoff Logoff dot1xAuthEapolLogoffFramesRx frames that have been received by the switch. The number of EAPOL frames that Invalid have been received by the switch in dot1xAuthInvalidEapolFramesRx Type which the frame type is not recognized. The number of EAPOL frames that Invalid have been received by the switch in dot1xAuthEapLengthErrorFramesRx...
  • Page 217 following the first response from the supplicant. Indicates that the backend server has communication with the switch. MAC-based: Counts all Access Challenges received from the backend server for this port (left-most table) or client (right-most table). 802.1X-based: Counts the number of times that the switch sends an EAP Request packet...
  • Page 218 802.1X- and MAC-based: Counts the number of times that the switch Auth. receives a failure dot1xAuthBackendAuthFails Failures message. This indicates that the supplicant/client has not authenticated to the backend server. 802.1X-based: Counts the number of times that the switch attempts to send a supplicant's first response packet to the backend server.
  • Page 219 for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based Auth. Last Supplicant/Client Info Name IEEE Name Description dot1xAuthLastEapolFrameSource The MAC address of the last supplicant/client. Address The VLAN ID on which the last frame from the last VLAN ID supplicant/client was received.
  • Page 220 Shows the identity of the supplicant, as received in the Response Identity EAPOL frame. Clicking the link causes the supplicant's EAPOL and Backend Server counters to be shown in the Selected Counters table. If no supplicants are attached, it shows No supplicants attached. This column is not available for MAC-based Auth.
  • Page 221 Check this box to enable an automatic refresh of the page at regular intervals. Click to refresh the page immediately. This button is available in the following modes: • Force Authorized • Force Unauthorized • Port-based 802.1X • Single 802.1X Click to clear the counters for the selected port.
  • Page 222 User Indicates the ACL user. Ingress Port Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port. Port: The ACE will match a specific ingress port. Frame Type Indicates the frame type of the ACE. Possible values are: Any: The ACE will match any frame type.

  • Page 223: Dhcp Snooping Statistics

    Forward packet that matched the specific ACE to CPU. CPU Once Forward first packet that matched the specific ACE to CPU. Counter The counter indicates the number of times the ACE was hit by a frame. Conflict Indicates the hardware status of the specific ACE. The specific ACE is not applied to the hardware due to hardware limitations.
  • Page 224 Receive and Transmit Packets Rx and Tx Discover The number of discover (option 53 with value 1) packets received and transmitted. Rx and Tx Offer The number of offer (option 53 with value 2) packets received and transmitted. Rx and Tx Request The number of request (option 53 with value 3) packets received and transmitted.

  • Page 225: Dhcp Relay Statistics

    The number of lease unassigned (option 53 with value 11) packets received and transmitted. Rx and Tx Lease Unknown The number of lease unknown (option 53 with value 12) packets received and transmitted. Rx and Tx Lease Active The number of lease active (option 53 with value 13) packets received and transmitted. Buttons Auto-refresh : Click this box to enable an automatic refresh of the page at regular intervals.
  • Page 226 Server Statistics Transmit to Server The number of packets that are relayed from client to server. Transmit Error The number of packets that resulted in errors while being sent to clients. Receive from Server The number of packets received from server. Receive Missing Agent Option The number of packets received without agent information options.
  • Page 227 Transmit Error The number of packets that resulted in error while being sent to servers. Receive from Client The number of received packets from server. Receive Agent Option The number of received packets with relay agent information option. Replace Agent Option The number of packets which were replaced with relay agent information option.
  • Page 228 ARP Inspection Table Columns Port Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the ARP traffic is permitted. MAC Address User MAC address of the entry. IP Address User IP address of the entry. Buttons Auto-refresh : Click this box to enable an automatic refresh of the page at regular intervals.
  • Page 229 Refresh: Click to refresh the page immediately. Clear : Flushes all dynamic entries. /<< : Updates the table starting from the first entry in the Dynamic ARP Inspection Tables. >> : Updates the table, starting with the entry after the last entry currently displayed. Network / Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this page.

  • Page 230: Security / Aaa

    Port Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the IP traffic is permitted. IP Address User IP address of the entry. MAC Address Source MAC address. Buttons Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals. Refresh: Click to refresh the page immediately.
  • Page 231 The IP address and UDP port number (in <IP Address>:<UDP Port> notation) of this server. State The current state of the server. This field takes one of the following values: Disabled: The server is disabled. Not Ready: The server is enabled, but IP communication is not yet up and running. Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts.
  • Page 232 This page provides detailed statistics for a particular RADIUS server. RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668-RADIUS.Authentication Client MIB. Use the server select box to switch between the backend servers to show details for. Packet Counters RADIUS authentication server packet counter.
  • Page 233 from the server. The number of RADIUS packets that were radiusAuthClientExtUnk Unknown Types received with unknown types from the server nownTypes on the authentication port and dropped. The number of RADIUS packets that were Radius Auth Client received from the server on the Packets Dropped authentication port and dropped for some Ext-Packets Dropped...
  • Page 234 Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts. Dead (X seconds left): Access attempts were made to this server, but it did not reply within the configured timeout. The server has temporarily been disabled, but will get re-enabled when the dead-time expires.
  • Page 235 length. Bad authenticators or unknown types are not included as malformed access responses. The number of RADIUS packets containing radiusAcctClientExtBadAut invalid authenticators received from the Authenticators henticators server. The number of RADIUS packets of unknown radiusAccClientExtUnknow Unknown Types types that were received from the server on nTypes the accounting port.

  • Page 236: Switch / Snmp / Rmon

    Disabled: The selected server is disabled. Not Ready: The server is enabled, but IP communication is not yet up and running. aReady: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept accounting attempts.
  • Page 237 The displayed counters are: Data Source The port ID which wants to be monitored. Drop The total number of events in which packets were dropped by the probe due to lack of resources. Octets The total number of octets of data (including those in bad packets) received on the network. Pkts The total number of packets (including bad packets, broadcast packets, and multicast packets) received.
  • Page 238 Frag. The number of frames which size is less than 64 octets received with invalid CRC. Jabb. The number of frames which size is larger than 64 octets received with invalid CRC. Coll. The best estimate of the total number of collisions on this Ethernet segment. The total number of packets (including bad packets) received that were 64 octets in length.
  • Page 239 The displayed fields are: History Index Indicates the index of History control entry. Sample Index Indicates the index of the data entry associated with the control entry Sample Start The total number of events in which packets were dropped by the probe due to lack of resources. Drops The total number of events in which packets were dropped by the probe due to lack of resources.
  • Page 240 Undersize The total number of packets received that were less than 64 octets. Oversize The total number of packets received that were longer than 1518 octets. Frag. The number of frames which size is less than 64 octets received with invalid CRC. Jabb.
  • Page 241 Indicates the index of Alarm control entry. Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold. Variable Indicates the particular variable to be sampled Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds, posible sample types are: Rising Threshold Rising threshold value.

  • Page 242: Lacp System Status

    Event Index Indicates the index of the event entry. Log Index Indicates the index of the log entry. Log TIme Indicates Event log time Log Description Indicates the Event description. Buttons Refresh: Click to refresh the page immediately. Auto-refresh : Click this box to enable an automatic refresh of the page at regular intervals.

  • Page 243: Lacp Port Status

    Aggr ID The Aggregation ID associated with this aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id' Partner System ID The system ID (MAC address) of the aggregation partner. Partner Key The Key that the partner has assigned to this aggregation ID. Last changed The time since this aggregation changed.

  • Page 244: Lacp Statistics

    Port The switch port number. LACP 'Yes' means that LACP is enabled and the port link is up. 'No' means that LACP is not enabled or that the port link is down. 'Backup' means that the port could not join the aggregation group but will join if other port leaves.

  • Page 245: Loop Protection

    Port The switch port number. LACP Received Shows how many LACP frames have been received at each port. LACP Transmitted Shows how many LACP frames have been sent from each port. Discarded Shows how many unknown or illegal LACP frames have been discarded at each port. Buttons Auto-refresh: Click this box to enable an automatic refresh of the page at regular intervals.

  • Page 246: Stp Bridge Status

    The currently configured port action. Transmit The currently configured port transmit mode. Loops The number of loops detected on this port. Status The current loop protection status of the port. Loop Whether a loop is currently detected on the port. Time of Last Loop The time of the last loop event detected.

  • Page 247: Stp Port Status

    MSTI The Bridge Instance. This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance. Root ID The Bridge ID of the currently elected root bridge. Root Port The switch port currently assigned the root port role. Root Cost Root Path Cost.

  • Page 248: Stp Port Statistics

    STP port status is: Port The switch port number of the logical STP port. CIST Role The current STP port role of the CIST port. The port role can be one of the following values: AlternatePort BackupPort RootPort DesignatedPort Disabled. CIST State The current STP port state of the CIST port.
  • Page 249 Port The switch port number of the logical STP port. MSTP The number of MSTP Configuration BPDU's received/transmitted on the port. RSTP The number of RSTP Configuration BPDU's received/transmitted on the port. The number of legacy STP Configuration BPDU's received/transmitted on the port. The number of (legacy) Topology Change Notification BPDU's received/transmitted on the port.

  • Page 250: Mvr Status

    6.1.7 MVR Status 6.1.7.1 Statistics This page provides MVR Statistics information. VLAN ID The Multicast VLAN ID. V1 Reports Received The number of Received V1 Reports. V2 Reports Received The number of Received V2 Reports. V3 Reports Received The number of Received V3 Reports. V2 Leaves Received The number of Received V2 Leaves.

  • Page 251: Mvr Group Table

    6.1.7.2 MVR Group Table Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID, and then by group. Navigating the MVR Group Table Each page shows up to 99 entries from the MVR Group table, default being 20, selected through the "entries per page"...

  • Page 252: Monitor / Ipmc / Igmp Snooping

    >>: Updates the table, starting with the entry after the last entry currently displayed. 6.1.8 Monitor / IPMC / IGMP Snooping 6.1.8.1 IGMP Snooping IGMP Snooping Status This page provides IGMP Snooping status. VLAND ID The VLAN ID of the entry. Querier Version Working Querier Version currently.
  • Page 253 The number of Transmitted Queries. Queries Received The number of Received Queries. V1 Reports Received The number of Received V1 Reports. V2 Reports Received The number of Received V2 Reports. V3 Reports Received The number of Received V3 Reports. V2 Leaves Received The number of Received V2 Leaves.
  • Page 254 Navigating the IGMP Group Table Each page shows up to 99 entries from the IGMP Group table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the IGMP Group Table.
  • Page 255 Entries in the IGMP SFM Information Table are shown on this page. The IGMP SFM (Souce-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table resses belong to is sorted first by VLAN ID, then by group, and then by Port No. Diffrent source add the same group are treated as single entry.

  • Page 256: Mld Snooping Status

    Switch port number. Mode Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude. Source Address IP Address of the source. Currently, system limits the total number of IP source addresses for filtering to be 128.
  • Page 257 Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Show the Querier status is "ACTIVE" or "IDLE". "DISABLE" denotes the specific interface is administratively disabled. Queries Transmitted The number of Transmitted Queries. Queries Received The number of Received Queries. V1 Reports Received The number of Received V1 Reports.
  • Page 258 Entries in the MLD Group Table are shown on this page. The MLD Group Table is sorted first by VLAN ID, and then by group. Navigating the MLD Group Table Each page shows up to 99 entries from the MLD Group table, default being 20, selected through the "entries per page"...
  • Page 259 Navigating the MLD SFM Information Table Each page shows up to 64 entries from the MLD SFM Information table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the MLD SFM Information Table.

  • Page 260: Monitor / Lldp

    Type Indicates the Type. It can be either Allow or Deny. Buttons Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. Refresh: Refreshes the displayed table starting from the input fields. |<<: Updates the table starting from the first entry in the MLD SFP Information Table. >>: Updates the table, starting with the entry after the last entry currently displayed.

  • Page 261: Lldp Med Neighbours

    System Capabilities System Capabilities describes the neighbour unit's capabilities. The possible capabilities are: 1. Other 2. Repeater 3. Bridge 4. WAN Access Point 5. Router 6. Telephone 7. DOCSIS cable device 8. Station only 9. Reserved When a capability is enabled, the capability is followed by (+). If the capability is disabled, the capability is followed by (-).
  • Page 262 Port The port on which the LLDP frame was received. Device Type LLDP-MED Devices are comprised of two primary Device Types: Network Connectivity Devices and Endpoint Devices. LLDP-MED Network Connectivity Device Definition LLDP-MED Network Connectivity Devices, as defined in TIA-1057, provide access to the IEEE 802 based LAN infrastructure for LLDP-MED Endpoint Devices.
  • Page 263 Endpoints (Class I), and any LLDP-MED Endpoint Device claiming compliance as a Communication Device (Class III) will also support all aspects of TIA-1057 applicable to both Media Endpoints (Class II) and Generic Endpoints (Class I). LLDP-MED Generic Endpoint (Class I) The LLDP-MED Generic Endpoint (Class I) definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA-1057, however do not support IP media or act as an end-user communication appliance.
  • Page 264 LLDP-MED Capabilities describes the neighbour unit's LLDP-MED capabilities. The possible capabilities are: 1. LLDP-MED capabilities 2. Network Policy 3. Location Identification 4. Extended Power via MDI-PSE 5. Extended Power via MDI-PD 6. Inventory 7. Reserved Application Type Application Type indicating the primary function of the application(s) defined for this network policy, advertised by an Endpoint or Network Connectivity Device.
  • Page 265 8. Video Signalling - for use in network topologies that require a separate policy for the video signalling than for the video media. Policy Policy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device.

  • Page 266: Lldp Poe

    6.1.9.3 LLDP PoE This page provides a status overview for all LLDP PoE neighbours. The displayed table contains a row for each port on which an LLDP PoE neighbour is detected. The columns hold the following information: Local Port for this switch on which the LLDP frame was received. port Power Type The Power Type represents whether the device is a Power Sourcing Entity (PSE) or Power Device...

  • Page 267: Lldp Eee

    The maximum allowed value is 102.3 W. If the device indicates value higher than 102.3 W, it is represented as "reserved" Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. Refresh: Click to refresh the page. 6.1.9.4 LLDP EEE By using EEE power savings can be achieved at the expense of traffic latency.
  • Page 268 The link parther's fallback receive Tw. A receiving link partner may inform the transmitter of an alternate desired Tw_sys_tx. Since a receiving link partner is likely to have discrete levels for savings, this provides the transmitter with additional information that it may use for a more efficient allocation. Systems that do not implement this option default the value to be the same as that of the Receive Tw_sys_tx.

  • Page 269: Lldp Statistics

    Green - Switch and link partner have agreed upon wakeup time. Buttons Refresh: Click to refresh the page immediately. Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. 6.1.9.5 LLDP Statistics This page provides an overview of all LLDP traffic. Two types of counters are shown.
  • Page 270 Shows the number of LLDP frames dropped due to the entry table being full. Total Neighbours Entries Aged Out Shows the number of entries deleted due to Time-To-Live expiring. Local Counters The displayed table contains a row for each port. The columns hold the following information: Local Port The port on which LLDP frames are received or transmitted.

  • Page 271: Dynamic Mac Table

    Buttons Refresh: Click to refresh the page immediately. Clear: Clears the local counters. All counters (including global counters) are cleared upon reboot. Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. 6.1.10 Dynamic MAC Table Entries in the MAC Table are shown on this page.

  • Page 272: Vlan Membership Status

    Indicates whether the entry is a static or a dynamic entry. MAC address The MAC address of the entry. VLAN The VLAN ID of the entry. Port Members The ports that are members of the entry. Buttons Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. Refresh: Refreshes the displayed table starting from the "Start from MAC address"...
  • Page 273 NAS : NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. MVRP : Multiple VLAN Registration Protocol (MVRP) allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network. Voice VLAN : Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones.
  • Page 274 Navigating the VLAN Monitor page Each page shows up to 99 entries from the VLAN table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table.
  • Page 275 NAS : NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. MVRP : Multiple VLAN Registration Protocol (MVRP) allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network. Voice VLAN : Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones.

  • Page 276: Vcl Mac-Based Vlan Status

    Shows UVID (untagged VLAN ID). Port's UVID determines the packet's behaviour at the egress side. Conflicts Shows status of Conflicts whether exists or not. When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration, the following conflicts can occur: Functional Conflicts between features.

  • Page 277: Sflow

    CLI/Web/SNMP : These are referred to as static. NAS : NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. MAC Address Indicates the MAC address. VLAN ID Indicates the VLAN ID. Port Members Port members of the MAC-based VLAN entry. Buttons : Refreshes the displayed table.
  • Page 278 Packet flow sampling refers to arbitrarily choosing some packets out of a specified number,reading the first "Max Hdr Size" bytes and exporting the sampled datagram for analysis. The attributes associated with the flow sampling are: sampler type, sampling rate, maximum header size.

  • Page 279: Diagnostic

    6.2 Diagnostic This section provides some convenient tool for user to do switch diagnostic from remote site. 6.2.1 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues. Type the IP Addree, ping length (default = 56 bytes), ping count (default=5) and ping interval (default =1).

  • Page 280: Veriphy Cable Diagnostic

    transmitted, and the sequence number and roundtrip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received, or until a timeout occurs. ICMPv6 Ping Output PING6 server ::10.10.132.20 64 bytes from ::10.10.132.20: icmp_seq=0, time=0ms 64 bytes from ::10.10.132.20: icmp_seq=1, time=0ms 64 bytes from ::10.10.132.20: icmp_seq=2, time=0ms 64 bytes from ::10.10.132.20: icmp_seq=3, time=0ms...
  • Page 281 Port The port where you are requesting VeriPHY Cable Diagnostics. Cable Status Port: Port number. Pair: The status of the cable pair. The status of the cable pair. OK - Correctly terminated pair Open - Open pair Short - Shorted pair Short A - Cross-pair short to pair A Short B - Cross-pair short to pair B Short C - Cross-pair short to pair C...

  • Page 282: Maintenance

    6.3 Maintenance The section allows user to maintain the switch, such as Reset Factory Default, Firmware upgrading, Configuration Save/Restore and Restart the device. 6.3.1 Restart Device You can restart the switch on this page. After restart, the switch will boot normally. Yes: Click to restart device.

  • Page 283: Software Upload

    Note: Restoring factory default can also be performed by making a physical loopback between port 1 and port 2 within the first minute from switch reboot. In the first minute after boot, 'loopback' packets will be transmitted at port 1. If a 'loopback' packet is received at port 2 the switch will do a restore to default 6.3.3 Software Upload 6.3.3.1 Firmware Update This page facilitates an update of the firmware controlling the switch.

  • Page 284: Image Select

    6.3.3.2 Image Select There are 2 image saved within the switch. This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. The web page displays two tables with information about the active and alternate firmware images. Note In case the active firmware image is the alternate image, only the "Active Image"...

  • Page 285: Configuration

    Cancel: Cancel activating the backup image. Navigates away from this page. 6.3.4 Configuration You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags: Header tags: <?xml version="1.0"?> and <configuration>. These tags are mandatory and must be present at the beginning of the file.
  • Page 286 Save: Click to save the configuration file. Upload: Click to upload the configuration file.

  • Page 287: Revision History

    Revision History Edition Date Modifications V1.1 15-Nov. 2012 Add Command Line Interface Configuration Guide in chapeter 5. Modify the Format of the chapters. Move the Monitor, Diagnostic and Maintenance to chapter 6 from chapter 4. Add more description for the key features in chapter 4, such as IPMC, SSH, HTTPS, RMON, MSTP, MVR, VLAN, Private VLAN, Access Management, Loop Protection, sFlow, Firmware...

Table of Contents