Page 1 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P User’s Manual SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Layer 2 Managed Switches...
Page 2: Fcc Warning
WEEE as unsorted municipal waste and have to collect such WEEE separately. Revision PLANET 8 / 24-Port 10/100Mbps with 2 / 4 Gigabit TP / SFP Combo Managed Security Switch User's Manual FOR MODELS: SGSD-1022 / SGSD-1022P / SGSW-2840 / SGSW-2840P REVISION: 1.0 (AUGUEST.2008) Part No: EM-SGSD-SGSW (2080-A34050-000)
Page 3: Table Of Contents
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P TABLE OF CONETNTS 1. INTRODUTION ........................23 1.1 Packet Contents ............................23 1.2 Product Description ...........................23 1.3 How to Use This Manual ..........................25 1.4 Product Features............................25 1.5 Product Specification ..........................28 2. INSTALLATION ........................30 2.1 Hardware Description ..........................30...
Page 4 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2 System.................................54 4.2.1 System Information..............................55 4.2.2 Switch Information ...............................56 4.2.3 Bridge Extension Configuration ...........................57 4.2.4 IP Configuration ..............................58 4.2.5 Jumbo Frames..............................60 4.2.6 File Management ..............................60 4.2.6.1 Copy Operation............................60 4.2.6.2 Delete ..............................66 4.2.6.3 Set Startup ..............................66...
Page 5 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.3.3.2 SNMPv3 Remote Engine ID ........................102 4.3.3.3 SNMPv3 Users ............................103 4.3.3.4 SNMPv3 Remote Users ..........................106 4.3.3.5 SNMPv3 Groups............................108 4.3.3.6 SNMPv3 View............................111 4.4 Port Management .............................113 4.4.1 Port Information ..............................113 4.4.2 Port Configuration..............................
Page 6 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7.2.2 Displaying Interface Settings for MSTP ....................169 4.7.2.3 MSTP Port Configuration.........................170 4.8 VLAN Configuration ..........................172 4.8.1 IEEE 802.1Q VLANs ............................173 4.8.1.1 VLAN Basic Information ..........................177 4.8.1.2 GVRP Status ............................178 4.8.1.3 VLAN Current Table..........................179 4.8.1.4 VLAN Static List............................180...
Page 7 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9.3.5 MVR Group IP Information ........................224 4.10 Quality of Service ...........................225 4.10.1 Priority ................................226 4.10.1.1 Port Priority Configuration ........................227 4.10.1.2 Traffic Classes ............................228 4.10.1.3 Queue Mode............................230 4.10.1.4 Queue Scheduling ..........................231 4.10.2 Layer 3/4 Priority Settings..........................232 4.10.2.1 Mapping Layer 3/4 Priorities to CoS Values ..................232...
Page 8 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.5.2 AAA TACACS+ Group Settings......................261 4.11.5.3 AAA Accounting Settings ........................262 4.11.5.4 AAA Accounting Update.........................264 4.11.5.5 AAA Accounting 802.1X Port Settings....................264 4.11.5.6 AAA Accounting Exec Command Privileges ..................265 4.11.5.7 AAA Accounting EXEC Settings......................266 4.11.5.8 AAA Accounting Summary ........................267...
Page 9 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.13.5 ACL Port Binding..........................314 4.11.14 IP Filter ................................316 4.11.14.1 Web IP Filter ............................316 4.11.14.2 SNMP IP Filter .............................317 4.11.14.3 Telnet IP Filter ............................318 4.11.15 DHCP Snooping.............................320 4.11.15.1 DHCP Snooping Configuration ......................321 4.11.15.2 DHCP Snooping VLAN Configuration ....................321...
Page 10 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.2.10 Exec Commands .............................345 5.2.11 Configuration Commands ..........................346 5.2.12 Command Line Processing..........................347 5.3 Command Groups ............................348 5.4 General Commands ..........................349 enable..................................349 disable .................................350 configure................................351 show history ................................351 reload ..................................352 prompt .................................353 end ..................................353...
Page 11 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P copy..................................373 delete ..................................376 dir ..................................377 whichboot ................................378 boot system .................................378 5.6 Line Commands ............................379 line..................................380 login..................................380 password ................................381 timeout login response ............................382 exec-timeout................................383 password-thresh ..............................383 silent-time ................................384 databits................................384 parity..................................385 speed ..................................386 stopbits ................................386...
Page 12 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P sntp poll ................................400 show sntp ................................401 clock timezone..............................401 calendar set.................................402 show calendar ..............................403 5.10 Switch Cluster Commands........................403 cluster..................................404 cluster commander ..............................404 cluster ip-pool ..............................405 cluster member..............................405 rcommand ................................406 show cluster ................................406 show cluster members............................407...
Page 13 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P radius-server auth-port ............................429 radius-server acct-port............................429 radius-server key..............................429 radius-server retransmit............................430 radius-server timeout............................430 show radius-server ..............................431 5.13.4 TACACS+ Client ..............................432 tacacs-server host ...............................432 tacacs-server port..............................433 tacacs-server key ..............................433 tacacs-server retransmit ............................434 tacacs-server timeout ............................434 show tacacs-server..............................435...
Page 14 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip ssh crypto zeroize............................455 ip ssh save host-key............................456 show ip ssh................................456 show ssh ................................457 show public-key..............................458 5.12.9 802.1X Port Authentication ..........................459 dot1x system-auth-control ...........................460 dot1x default................................460 dot1x max-req ..............................460 dot1x port-control ..............................461 dot1x operation-mode ............................461...
Page 15 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P web-auth................................482 web-auth re-authenticate (Port)...........................483 web-auth re-authenticate (IP) ..........................483 show web-auth ..............................484 show web-auth interface............................484 show web-auth summary.............................485 5.13.4 DHCP Snooping Commands ...........................486 ip dhcp snooping ..............................486 ip dhcp snooping vlan............................488 ip dhcp snooping trust ............................488 ip dhcp snooping verify mac-address ........................489...
Page 16 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show access-group ............................. 511 5.15 Interface Commands..........................511 interface................................512 description ................................512 speed-duplex...............................513 negotiation................................514 capabilities................................515 flowcontrol ................................516 shutdown ................................517 broadcast byte-rate .............................517 switchport broadcast ............................518 clear counters..............................519 show interfaces status ............................519 show interfaces counters.............................520 show interfaces switchport ..........................522...
Page 17 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P spanning-tree forward-time..........................544 spanning-tree hello-time ............................544 spanning-tree max-age............................545 spanning-tree priority............................546 spanning-tree pathcost method ...........................546 spanning-tree transmission-limit ..........................547 spanning-tree mst-configuration ..........................547 mst vlan ................................548 mst priority................................549 name ...................................549 revision ................................550 max-hops................................551 spanning-tree spanning-disabled.........................551 spanning-tree cost ...............................552...
Page 18 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P switchport allowed vlan............................572 switchport forbidden vlan.............................573 5.21.4 Displaying VLAN Information...........................574 show vlan ................................574 5.21.5 Configuring IEEE 802.1Q Tunneling ........................576 dot1q-tunnel system-tunnel-control ........................577 switchport dot1q-tunnel mode ..........................577 switchport dot1q-tunnel tpid..........................578 show dot1q-tunnel ...............................579 5.21.6 Configuring Private VLANs ..........................580...
Page 19 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lldp notification..............................602 lldp mednotification..............................603 lldp basic-tlv management-ip-address .........................603 lldp basic-tlv port-description ..........................604 lldp basic-tlv system-capabilities..........................605 lldp basic-tlv system-description..........................605 lldp basic-tlv system-name ..........................606 lldp dot1-tlv proto-ident ............................606 lldp dot1-tlv proto-vid ............................607 lldp dot1-tlv pvid ..............................607 lldp dot1-tlv vlan-name ............................608...
Page 20 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show map ip dscp..............................629 show map ip port ..............................629 show map ip precedence.............................630 show map ip tos ..............................631 show map access-list ............................632 5.24 Quality of Service Commands ......................632 class-map ................................633 match...................................634 policy-map ................................635...
Page 21 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip igmp max-groups .............................654 ip igmp max-groups action ..........................655 show ip igmp filter..............................655 show ip igmp profile.............................656 show ip igmp throttle interface..........................657 5.25.5 Multicast VLAN Registration Commands......................658 mvr (Global Configuration) ..........................658 mvr (Interface Configuration)..........................659...
Page 22 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 8. POWER OVER ETHERNET OVERVIEW ................675 What is PoE?..............................675 The PoE Provision Process...........................677 Stages of powering up a PoE link ........................677 Line Detection................................677 Classification ................................678 Start-up ..................................678 Operation..................................678 Power Disconnection Scenarios ..........................678 9.
Page 23: Introdution
Full-Functioned / Advanced Features Layer 2 Managed Switch for Enterprise and Campus Networking The PLANET SGSD-1022 / SGSW-2840 is a 8 / 24-Port 10/100Mbps Fast Ethernet Switch with 2 / 4-Port Gigabit TP/ SFP Combo interfaces, which boasts high performance switch architecture. That is capable of providing non-blocking switch fabric and wire-speed throughput as high as 12.8 Gbps, which greatly simplifies the tasks of upgrading the LAN for catering to...
Page 24 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Robust Layer 2 Features The SGSW-2840 can be programmed for basic switch management functions such as port speed configuration, Port aggregation, VLAN, Spanning Tree protocol, QoS, bandwidth control and IGMP Snooping. It provides IEEE 802.1Q Tagged VLAN and the VLAN groups allowed on the SGSW-2840 will be maximally up to 256.
Page 25: How To Use This Manual
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 1.3 How to Use This Manual This User Manual is structured as follows: Section 2, INSTALLATION The section explains the functions of the Switch and how to physically install the Managed Switch.
Page 26 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P SGSW-2840P ■ 24-Port 10/100Mbps Fast Ethernet ports with IEEE 802.3af PoE Injector ■ 4 10/100/1000Mbps TP and SFP shared combo interfaces ■ RS-232 DB9 console interface for basic management and setup Layer 2 Features ■...
Page 27 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IP TCP/UDP port number ■ Supports for strict priority and Weighted Round Robin (WRR) CoS policies ■ Supports QoS and bandwidth control on each port ■ Traffic-policing policies on the switch port Multicast ■...
Page 28: Product Specification
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 1.5 Product Specification Product SGSD-1022 SGSD-1022P SGSW-2840 SGSW-2840R SGSW-2840P Hardware Specification 10/100Mbps Copper 8-Port 10/ 100Base-TX RJ-45 24-Port 10/ 100Base-TX RJ-45 Ports Auto-MDI/MDI-X Auto-MDI/MDI-X 1000Mbps Copper Ports SFP/mini-GBIC Slots 2, shared with Port-9 and Port-10...
Page 29 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IGMP Snooping IGMP (v1/v2) Snooping, up to 256 multicast Groups Access Control List IP-Based ACL / MAC-Based ACL, up to 256 entries RFC-1213 MIB-II RFC-2863 Interface MIB RFC-2665 EtherLike MIB RFC-1493 Bridge MIB...
Page 30: Installation
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 2. INSTALLATION This section describes the hardware features and installation of the Managed Switch on the desktop or rack mount. For easier management and control of the switch, familiarize yourself with its display indicators, and ports. Front panel illustrations in this chapter display the unit LED indicators.
Page 31: Led Indications
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ■ Gigabit TP interface 10/100/1000Base-T Copper, RJ-45 Twist-Pair: Up to 100 meters. ■ Gigabit SFP slots 1000Base-SX/LX mini-GBIC slot, SFP (Small Factor Pluggable) transceiver module: From 550 meters (Multi-mode fiber), up to 10/30/50/70/120 kilometers (Single-mode fiber).
Page 32 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ■ 10/100/1000Base-T interfaces (Port-9 and Port-10) and SFP interfaces Color Function Lights: To indicate the link through that port is successfully established with speed 1000Mbps Blink: To indicate that the switch is actively sending or receiving data over that port.
Page 33 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ■ 10/100/1000Base-T interfaces (Port-9 and Port-10) and SFP interfaces Color Function Lights: To indicate the link through that port is successfully established with speed 1000Mbps Blink: To indicate that the switch is actively sending or receiving data over that port.
Page 34 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Color Function Lights: To indicate the link through that port is successfully established with speed 1000Mbps Blink: To indicate that the switch is actively sending or receiving data over that port.
Page 35: Switch Rear Panel
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ■ 10/100/1000Base-T interfaces (Port-25 to Port-28) and SFP interfaces Color Function Lights: To indicate the link through that port is successfully established with speed 1000Mbps Blink: To indicate that the switch is actively sending or receiving data over that port.
Page 36 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P SGSW-2840 Rear Panel Figure 2-11 Rear panel of SGSW-2840 SGSW-2840R Rear Panel Figure 2-12 Rear panel of SGSW-2840R Figure 2-13 Rear panel of SGSW-2840 SGSW-2840P Rear Panel Figure 2-14 Rear panel of SGSW-2840P ■...
Page 37 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P power cord into an electric service outlet then the power will be ready. The device is a power-required device, it means, it will not work till it is powered. If your networks should active all the time, please consider using UPS (Uninterrupted Power Supply) for your device.
Page 38: Install The Switch
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 2.2 Install the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch. Please read the following topics and perform the procedures in the order being presented. To install your Managed Switch on a desktop or shelf, simply complete the following steps.
Page 39: Rack Mounting
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 2.2.2 Rack Mounting To install the Managed Switch in a 19-inch standard rack, please follows the instructions described below. Step1: Place the Managed Switch on a hard flat surface, with the front panel positioned towards the front side.
Page 40 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 2-18 Mounting SGSD-1022 in a Rack Figure 2-19 Mounting SGSW-2840 in a Rack Step6: Proceeds with the steps 4 and steps 5 of session 2.2.1 Desktop Installation to connect the network cabling and supply...
Page 41: Installing The Sfp Transceiver
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 2.2.3 Installing the SFP transceiver The sections describe how to insert an SFP transceiver into an SFP slot. The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port without having to power down the Managed Switch.
Page 42 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Connect the fiber cable Attach the duplex LC connector on the network cable into the SFP transceiver. Connect the other end of the cable to a device – switches with SFP installed, fiber NIC on a workstation or a Media Converter..
Page 43: Switch Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3. SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Managed Switch. It describes the types of management applications and the communication and management protocols that deliver data between your management device (work-station or personal computer) and the system.
Page 44: Management Access Overview
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3.2 Management Access Overview The Managed Switch gives you the flexibility to access and manage it using any or all of the following methods: An administration console Web browser interface An external SNMP-based network management application The administration console and Web browser interface support are embedded in the Managed Switch software and are available for immediate use.
Page 45 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 3-1 Console management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal-emulation program (such as HyperTerminal) to the Managed Switch console (serial) port.
Page 46: Web Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3.4 Web Management The Managed Switch provides a browser interface that lets you configure and manage the switch remotely. After you set up your IP address for the switch, you can access the Managed Switch's Web interface applications directly in your Web browser by entering the IP address of the Managed Switch.
Page 47: Protocols
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3.6 Protocols The Managed Switch supports the following protocols: Virtual terminal protocols, such as Telnet Simple Network Management Protocol (SNMP) 3.6.1 Virtual Terminal Protocols A virtual terminal protocol is a software program, such as Telnet, that allows you to establish a management session from a Macintosh, a PC, or a UNIX workstation.
Page 48: Web Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4. WEB CONFIGURATION This section introduces the configuration and functions of the Web-Based management. About Web-based Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer.
Page 49 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Logging on the switch Use Internet Explorer 6.0 or above Web browser. Enter the factory-default IP address to access the Web interface. The factory-default IP Address as following: http://192.168.0.100 When the following login screen appears, please enter the default username "admin" with password “admin” (or the username/password you have changed via console) to login the main screen of Managed Switch.
Page 50 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-1-3 Default main page Now, you can use the Web management interface to continue the switch management or manage the Managed Switch by Web interface. The Switch Menu on the left of the web page let you access all the commands and statistics the Managed Switch provides.
Page 51: Main Web
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.1 Main WEB PAGE The SGSD / SGSW Managed Switch provides a Web-based browser interface for configuring and managing it. This interface allows you to access the Managed Switch using the Web browser of your choice. This chapter describes how to use the Managed Switch’s Web browser interface to configure and manage it.
Page 52 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Panel Display The web agent displays an image of the Managed Switch’s ports. The Mode can be set to display different information for the ports, including Active (i.e., up or down), Duplex (i.e., half or full duplex, or Flow Control (i.e., with or without flow control).
Page 53 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The following Main functions can be configured here: System SNMP Port Management Address Table Spanning Tree VLAN Multicast Security Cluster...
Page 54: System
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2 System Use the System menu items to display and configure basic administrative details of the Managed Switch. Under System the following topics are provided to configure and view the system information: This section has the following items: ■...
Page 55: System Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.1 System Information Use the System Information screen to display descriptive information about the Managed Switch, or for quick system identification. You can easily identify the system by displaying the device name, location and contact information. The System...
Page 56: Switch Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.2 Switch Information Use the Switch Information page to display hardware/firmware version numbers for the main board and management software, as well as the number of ports of the system. The Switch Information screen in Figure 4-2-2 appears.
Page 57: Bridge Extension Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.3 Bridge Extension Configuration The Bridge MIB includes extensions for managed devices that support Multicast Filtering, Traffic Classes, and Virtual LANs. You can access these extensions to display default settings for the key variables, or to configure the global setting for GARP VLAN Registration Protocol (GVRP).
Page 58: Ip Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.4 IP Configuration This section describes how to configure an IP interface for management access over the network. The IP address for the stack is obtained via DHCP by default. To manually configure an address, you need to change the Managed Switch’s default settings to values that are compatible with your network.
Page 59 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Subnet Mask This mask identifies the host address bits used for routing to specific subnets. (Default: 255.255.255.0) • Gateway IP address IP address of the gateway router between this device and management stations that exist on other network segments.
Page 60: Jumbo Frames
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.5 Jumbo Frames The Managed Switch provides more efficient throughput for large sequential data transfers by supporting jumbo frames up to 9216 bytes. Compared to standard Ethernet frames that run only up to 1.5 KB, using jumbo frames significantly reduces the per-packet overhead required to process protocol encapsulation fields.
Page 61 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-2-6 default Copy Operation screenshot The page includes the following fields: Object Description • File Transfer Method The configuration copy operation includes these options: -file to file – Copies a file within the switch directory, assigning it a new name.
Page 62 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example 1: Save Current Configuration setting To save all applied changes and set the current configuration as startup configuration. The startup-configuration file will be load automatically across a system reboot. Click System, File Management, Copy Operation.
Page 63 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example 2: Downloading System Software from a Server When downloading runtime code, you can specify the destination file name to replace the current image, or first download the file using a different name from the current runtime code file, and then set the new file as the startup file.
Page 64 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • If you download to a new destination file, go to the System / File / Set Start-Up menu, mark the operation code file used at startup, and click Apply. • To start the new firmware, reboot the system via the System / Reset menu.
Page 65 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P configuration file. To use the new settings, reboot the system via the System / Reset menu. Example 4: Saving or Restoring Configuration Settings You can upload/download configuration settings to/from a TFTP server. The configuration files can be later downloaded to restore the Managed Switch’s settings.
Page 66: Delete
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.6.2 Delete To delete a file, select the file name from the given list by checking the tick box and then click Apply. The File Delete screen in Figure 4-2-13 appears.
Page 67 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Name The name of a file stored on the switch. • Type Indicates either an operation code file, or a configuration file.
Page 68: Line
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.7 Line You can access the onboard configuration program by attaching a VT100 compatible device to the Managed Switch’s serial console port. Management access through the console port is controlled by various parameters, including a password, timeouts, and basic communication settings.
Page 69 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Range: 0-65535 seconds; Default: 600 seconds • Password Threshold Sets the password intrusion threshold, which limits the number of failed logon attempts. When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time (set by the Silent Time parameter) before allowing the next logon attempt.
Page 70: Telnet Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.7.2 Telnet Settings You can access the onboard configuration program over the network using Telnet (i.e., a virtual terminal). Management access via Telnet can be enabled / disabled and other various parameters set, including the TCP port number, timeouts, and a password.
Page 71: System Log Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.8 Log The switch allows you to control the logging of error messages, including the type of events that are recorded in switch memory, logging to a remote System Log (syslog) server, and displays a list of recent event messages. This section has the following options: ■...
Page 72 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-2-17 System Logs screenshot Click System / Log / System Logs. Specify System Log Status, set the level of event messages to be logged to RAM and flash memory, then click Apply.
Page 73: Remote Log Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.8.2 Remote Log Configuration The Remote Logs page allows you to configure the logging of messages that are sent to syslog servers or other management stations. You can also limit the event messages sent to only those messages below a specified level.
Page 74: Displaying Log Messages
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Range: 16-23, Default: 23 • Logging Trap Limits log messages that are sent to the remote syslog server for all levels up to the specified level. For example, if level 3 is specified, all messages from level 0 to level 3 will be sent to the remote server.
Page 75: Smtp E-Mail Alert
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.8.4 SMTP E-Mail Alert To alert system administrators of problems, the Managed Switch can use SMTP (Simple Mail Transfer Protocol) to send email messages when triggered by logging events of a specified level. The messages are sent to specified SMTP servers on the network and can be retrieved using POP or IMAP clients.
Page 76 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P For example, using Level 7 will report all events from level 7 to level 0. (Default: Level 7) • SMTP Server List Specifies a list of up to three recipient SMTP servers.
Page 77: Upnp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.9 UPNP Universal Plug and Play (UPnP) is a set of protocols that allows devices to connect seamlessly and simplifies the deployment of home and office networks. UPnP achieves this by issuing UPnP device control protocols designed upon open, Internet-based communication standards.
Page 78: Reset
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • TTL Value Sets the time-to-live (TTL) value for UPnP messages transmitted by the device. Range: 1-255; Default: 4 4.2.10 Reset Reset the Managed Switch. The Managed Switch’s configuration will not be saved automatically; you have to save the configuration manually before system reboot.
Page 79: Sntp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.11 SNTP Simple Network Time Protocol (SNTP) allows the Managed Switch to set its internal clock based on periodic updates from a time server (SNTP or NTP). Maintaining an accurate time on the Managed Switch enables the system log to record meaningful dates and times for event entries.
Page 80: Clock Time Zone
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.11.2 Clock Time Zone SNTP uses Coordinated Universal Time (or UTC, formerly Greenwich Mean Time, or GMT) based on the time at the Earth's prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 81: Lldp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.12 LLDP Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details...
Page 82 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default: 30 seconds This attribute must comply with the following rule: (Transmission Interval * Hold Time Multiplier) ≤65536, and Transmission Interval >= (4 * Delay Interval) • Hold Time Multiplier Configures the time-to-live (TTL) value sent in LLDP advertisements as shown in the formula below.
Page 83: Lldp Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default: 5 seconds This parameter only applies to SNMP applications which use data stored in the LLDP MIB for network monitoring or management. Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a notification are included in the transmission.
Page 84 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Admin Status Enables LLDP message transmit and receive modes for LLDP Protocol Data Units. Options: Tx only Rx only TxRx Disabled Default: TxRx •...
Page 85 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P MIB. Since there are typically a number of different addresses associated with a Layer 3 device, an individual LLDP PDU may contain more than one management address TLV. Every management address TLV that reports an address that is accessible on a...
Page 86: Lldp Trunk Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.12.3 LLDP Trunk Configuration Use the LLDP Trunk Configuration to specify the message attributes for individual interfaces, including whether messages are transmitted, received, or both transmitted and received, whether SNMP notifications are sent, and the type of information advertised.
Page 87 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification-events missed due to throttling or transmission loss. • TLV Type Configures the information included in the TLV field of advertised messages. -Port Description – The port description is taken from the ifDescr object in RFC 2863, which includes information about the manufacturer, the product name, and the version of the interface hardware/software.
Page 88 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -Network Policy – This option advertises network policy configuration information, aiding in the discovery and diagnosis of VLAN configuration mismatches on a port. Improper network policy configurations frequently result in voice quality degradation or complete service disruption.
Page 89: Lldp Local Device Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.12.4 LLDP Local Device Information Use the LLDP Local Device Information screen to display information about the switch, such as its MAC address, chassis ID, management IP address, and port information.
Page 90 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Supported • System Capabilities The primary function(s) of the system which are currently enabled. Refer to the preceding table. Enabled • Management Address The management address protocol packet includes the IPv4 address of the switch.
Page 91: Remote Port Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-2-31 Interface Settings page screenshot The page includes the following fields: Object Description • Port Description A string that indicates the port’s description. If RFC 2863 is implemented, the ifDescr object should be used for this field.
Page 92: Lldp Remote Information Detail
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P system. • Port ID A string that contains the specific identifier for the port from which this LLDPDU was transmitted. • Port Name A string that indicates the port’s description. If RFC 2863 is implemented, the ifDescr object should be used for this field.
Page 93 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (See Table 4-2-1, “Chassis ID Subtype,) • Chassis ID An octet string indicating the specific identifier for the particular chassis in this system. • Port Type Indicates the basis for the identifier that is listed in the Port ID field.
Page 94: Lldp Device Statistics
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.12.7 LLDP Device Statistics Use the LLDP Device Statistics screen to general statistics for LLDP-capable devices attached to the switch, and for LLDP protocol messages transmitted or received on all local interfaces.
Page 95: Lldp Device Statistics Details
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.2.12.8 LLDP Device Statistics Details Use the LLDP Device Statistics Details screen to display detailed statistics for LLDP-capable devices attached to specific interfaces on the Managed Switch. Figure 4-2-35 LLDP Device Statistics Details page screenshot...
Page 96: Simple Network Management Protocol
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.3 Simple Network Management Protocol Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers. SNMP is typically used to configure these devices for proper operation in a network environment, as well as to monitor them to evaluate performance or detect potential problems.
Page 97: Snmp Agent Status
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P AuthPriv user defined user defined user defined user defined Provides user authentication via MD5 or SHA algorithms and data privacy using DES 56-bit encryption The predefined default groups and view can be deleted from the system. You can then define customized groups and views for the SNMP clients that require access.
Page 98: Snmp Trap Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-3-2 SNMP Configuration page screenshot Click SNMP, Configuration. Add new community strings as required, select the access rights from the Access Mode drop-down list, then click Add. The page includes the following fields:...
Page 99 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P If you specify an SNMP Version 3 host, then the “Trap Manager Community String” is interpreted as an SNMP user name. If you use V3 authentication or encryption options (authNoPriv or authPriv), the user name must first be defined in the SNMPv3 Users page.
Page 100 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Click SNMP, Configuration. Enter the IP address and community string for each management station that will receive trap messages, specify the UDP port, trap version, trap security level (for v3 clients), trap inform settings (for v2c/v3 clients), and then click Add.
Page 101: Snmpv3
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Traps community string is submitted during the SNMP access authentication process. (Default: Enabled) • Enable Link-up and Issues a notification message whenever a port link is established or broken. Link-down Traps...
Page 102: Snmpv3 Remote Engine Id
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Engine ID A SNMPv3 engine is an independent SNMP agent that resides on the Managed Switch • Default Sets the default • Save Saves the setting 4.3.3.2 SNMPv3 Remote Engine ID...
Page 103: Snmpv3 Users
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.3.3.3 SNMPv3 Users Each SNMPv3 user is defined by a unique name. Users must be configured with a specific security level and assigned to a group. The SNMPv3 group restricts users to a specific read, write, and notify view.
Page 104 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Add / Remote SNMPv3 new users Click SNMP, SNMPv3, Users. Click New to configure a user name. In the New User page, define a name and assign it to a group, then click Add to save the configuration and return to the User Name list.
Page 105 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (This is the default for SNMPv3.) SNMP communications use authentication, but the data is not -AuthNoPriv encrypted (only available for the SNMPv3 security model). -AuthPriv SNMP communications use both authentication and encryption (only available for the SNMPv3 security model).
Page 106: Snmpv3 Remote Users
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Once the new SNMPv3 user be successed add and be assign to a snmp group, this entry will shows in the users table. Figure 4-3-9 SNMPv3 Users page screenshot 4.3.3.4 SNMPv3 Remote Users Each SNMPv3 user is defined by a unique name.
Page 107 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • User Name The name of user connecting to the SNMP agent. (Range: 1-32 characters) • Group Name The name of the SNMP group to which the user is assigned.
Page 108: Snmpv3 Groups
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.3.3.5 SNMPv3 Groups A SNMPv3 group sets the access policy for its assigned users, restricting them to specific read, write, and notify views. You can use the pre-defined default groups or create new groups to map a set of SNMP users to SNMP views.
Page 109 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Notify View The configured view for notifications. (Range: 1-64 characters) EXAMPLE: Add a new SNMPv3 Group In the New Group page, define a name, assign a security model and level, and then select read and write views. Click Add to save the new group and return to the Groups list.
Page 110 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P coldStart 1.3.6.1.6.3.1.1.5.1 A coldStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializing itself and that its configuration may have been altered. warmStart 1.3.6.1.6.3.1.1.5.2 A warmStart trap signifies that the SNMPv2 entity, acting in an agent role, is reinitializingitself such that its configuration is unaltered.
Page 111: Snmpv3 View
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.3.3.6 SNMPv3 View SNMPv3 views are used to restrict user access to specified portions of the MIB tree. The predefined view “defaultview” includes access to the entire MIB tree. Figure 4-3-13 SNMPv3 Views page screenshot...
Page 112 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-3-14 SNMPv3 View-Edit page screenshot...
Page 113: Port Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.4 Port Management Use the Port Menu to display or configure the Managed Switch's ports. This section has the following items: Port Information Displays port connection status Port Configuration Configures port connection settings...
Page 114 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Name Interface label. • Type Indicates the port type. The possible type such as: 100BASE-TX 1000BASE-T 1000BASE-SFP • Admin Status Shows if the interface is enabled or disabled.
Page 115: Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.4.2 Port Configuration You can use the Port Configuration page to enable/disable an interface, set auto-negotiation and the interface capabilities to advertise, or manually fix the speed, duplex mode, and flow control.
Page 116 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P auto-negotiation disabled) • Flow Control Allows automatic or manual selection of flow control (that is, with auto-negotiation disabled). Flow control can eliminate frame loss by “blocking” traffic from end stations or segments connected directly to the switch when its buffers fill.
Page 117: Port Broadcast Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Check the Link mode of the SFP port if the link failed. To co-works with some fiber-NICs or Gigabit Media Converters, set the Link mode to “1000 Force” is needed. 4.4.3 Port Broadcast Control Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured.
Page 118 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Threshold Multiplied by one another, the scale and level set the broadcast threshold. For example, to set a threshold of 500 Kbytes per second, choose 100K under Scale and 5 under Level.
Page 119: Port Mirroring
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.4.4 Port Mirroring The Managed Switch can unobtrusively mirror traffic from any port to a monitor port. You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity.
Page 120 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-4-5 Mirror Port Configuration page screenshot The page includes the following fields: Object Description • Mirror Sessions Displays a list of current mirror sessions. • Source Port The port whose traffic will be monitored.
Page 121 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-4-7 Mirror Port Configuration page screenshot...
Page 122: Rate Limit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.4.5 Rate Limit This function allows the network manager to control the maximum rate for traffic received on a port or transmitted from a port. Rate limiting is configured on ports at the edge of a network to limit traffic coming in and out of the network. Packets that exceed the acceptable amount of traffic are dropped.
Page 123: Output Rate Limit Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Rate Limit Scale and 5 under Rate Limit Level. 4.4.5.2 Output Rate Limit Port Configuration Use the rate limit configuration pages to apply output rate limiting. Figure 4-4-9 Output Rate Limit Port Configuration page screenshot Click Port, Rate Limit, Output Port Configuration.
Page 124: Port Statistics
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.4.6 Port Statistics You can display standard statistics on network traffic from the Interfaces Group and Ethernet-like MIBs, as well as a detailed breakdown of traffic based on the RMON MIB. Interfaces and Ethernet-like statistics display errors on the traffic passing through each port.
Page 125 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-4-11 Port Statistics page screenshot RMON groups 2, 3 and 9 can only be accessed using SNMP management software such as HP OpenView. The page includes the following fields: Object Description •...
Page 126 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Received Errors The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol. • Transmit Octets The total number of octets transmitted out of the interface, including framing characters.
Page 127 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The number of outbound packets which were chosen to be discarded eventhough Transmit Discarded Packets no errors had been detected to prevent their being transmitted. One possible reason for discarding such a packet could be to free up buffer space.
Page 128 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Received Frames The total number of frames (bad, broadcast and multicast) received. The total number of good frames received that were directed to the broadcast Broadcast Frames address. Note that this does not include multicast packets.
Page 129: Link Aggregation
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5 Link Aggregation Ports can be combined into an aggregate connection. Trunks can be manually set up or dynamically configured using IEEE 802.3-2005 (formerly IEEE 802.3ad) Link Aggregation Control Protocol (LACP). The additional ports dramatically increase the throughput across any connection, and provide redundancy by taking over the load if a port in the trunk should fail.
Page 130: Trunk Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • When configuring static trunks on switches of different types, they must be compatible with the Cisco EtherChannel standard. • The ports at both ends of a trunk must be configured in an identical manner, including communication mode (i.e., speed, duplex mode and flow control), VLAN assignments, and CoS settings.
Page 131 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Trunk Indicates if a port is a member of a trunk. To create trunks and select port members, see “Creating Trunk Groups”...
Page 132: Trunk Broadcast Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5.3 Trunk Broadcast Control Use the Trunk Broadcast Control page to configure the Broad storm control in the Port Trunk interface. Figure 4-5-3 Trunk Broadcast Control page screenshot The page includes the following fields:...
Page 133: Trunk Membership
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5.4 Trunk Membership When configuring static trunks, you may not be able to link switches of different types, depending on the manufacturer's implementation. However, note that the static trunks on this switch are Cisco EtherChannel compatible.
Page 134 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-5-5 Trunk Membership page screenshot Click Port, Trunk Membership. Enter a trunk ID of 1-12 in the Trunk field, select any of the switch ports from the scroll-down port list, and click Add.
Page 135 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-5-6 Trunk Membership page screenshot Figure 4-5-7 Trunk Membership page screenshot Figure 4-5-8 Trunk Membership page screenshot...
Page 136: Lacp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5.5 LACP Dynamic Link Aggregation Control Protocol (LACP) configured ports can automatically negotiate a trunked link with LACP-configured ports on another device. You can configure any number of ports on the switch as LACP, as long as they are not already configured as part of a static trunk.
Page 137: Lacp Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5.5.1 LACP Configuration Select any of the switch ports from the list and click Add or Remove. Figure 4-5-11 LACP Configuration page screenshot Click Port, LACP, Configuration. Select any of the switch ports from the scroll-down port list and click Add.
Page 138: Lacp Aggregation Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-5-12 LACP Configuration page screenshot Figure 4-5-13 LACP Configuration page screenshot 4.5.5.2 LACP Aggregation Port Dynamically Creating a Port Channel • Ports assigned to a common port channel must meet the following criteria: •...
Page 139 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-5-14 Aggregation Port page screenshot Figure 4-5-15 Aggregation Port page screenshot Click Port, LACP, Aggregation Port. Set the System Priority, Admin Key, and Port Priority for the Port Actor. You can optionally configure these settings for the Port Partner. (Be aware that these settings only affect the...
Page 140 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P After you have completed setting the port LACP parameters, click Apply. The page includes the following fields: Set Port Actor - This menu sets the local side of an aggregate link; i.e., the ports on this switch.
Page 141: Displaying Lacp Port Counters
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.5.5.3 Displaying LACP Port Counters You can display statistics for LACP protocol messages. Figure 4-5-16 LACP Port Counter Information page screenshot The page includes the following fields: Object Description • LACPDUs Sent Number of valid LACPDUs transmitted from this channel group.
Page 142 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-5-17 LACP Port Internal Information page screenshot The page includes the following fields: Object Description • Oper Key Current operational value of the key for the aggregation port. • Admin Key Current administrative value of the key for the aggregation port.
Page 143: Displaying Lacp Status For The Remote Side
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P been allocated to the correct Link Aggregation Group, the group has been associated with a compatible Aggregator, and the identity of the Link Aggregation Group is consistent with the System ID and operational Key information transmitted.
Page 144 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Partner Admin Port Current administrative value of the port number for the protocol Partner. Number Partner Oper Port Operational port number assigned to this aggregation port by the port’s protocol Number partner.
Page 145: Address Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.6 Address Table Switches store the addresses for all known devices. This information is used to pass traffic directly between the inbound and outbound ports. All the addresses learned by monitoring traffic are stored in the dynamic address table. You can also manually configure static addresses that are bound to a specific port.
Page 146: Dynamic Addresses
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Table • Interface Port or trunk associated with the device assigned a static address. • MAC Address Physical address of a device mapped to this interface. • VLAN ID of configured VLAN (1-4094).
Page 147 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-6-3 Dynamic Addresses page screenshot Click Address Table, Dynamic Addresses. Specify the search type (i.e., mark the Interface, MAC Address, or VLAN checkbox), select the method of sorting the displayed addresses, and then click Query.
Page 148: Address Aging
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.6.3 Address Aging You can set the aging time for entries in the Dynamic Address Table. Figure 4-6-4 Dynamic Addresses page screenshot The page includes the following fields: Object Description • Aging Status Enables/disables the function.
Page 149: Spanning Tree
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7 Spanning Tree Spanning Tree Protocol The Spanning Tree Algorithm (STA) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices (that is, an STA-compliant switch, bridge or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
Page 150 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P designed to support independent spanning trees based on VLAN groups. Using multiple spanning trees can provide multiple forwarding paths and enable load balancing. One or more VLANs can be grouped into a Multiple Spanning Tree Instance (MSTI).
Page 151 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The IEEE 802.1D Spanning Tree Protocol and IEEE 802.1W Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network. When multiple links between switches are detected, a primary link is established.
Page 152 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Creating a Stable STP Topology It is to make the root port a fastest link. If all switches have STP enabled with default settings, the switch with the lowest MAC address in the network will become the root switch. By increasing the priority (lowering the priority number) of the best switch, STP can be forced to select the best switch as the root switch.
Page 153 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Switch Blocking Listening Disable Learning Forwarding STP Port State Transitions You can modify each port state by using management software. When you enable STP, every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up.
Page 154 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Priority A relative priority for each switch – lower 32768 numbers give a higher priority and a greater chance of a given switch being elected as the root bridge Hello Time...
Page 155 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P the Root Bridge, the set Hello Time will be used if and when your Switch becomes the Root Bridge. The Hello Time cannot be longer than the Max. Age. Otherwise, a configuration error will occur.
Page 156 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P LAN 1 Portcast = 19 Port 3 Bridge ID = 15 Port 1 Port 2 Portcast = 4 Portcast = 4 Portcast = 4 Portcast = 4 Port 1 Port 1...
Page 157: Spanning Tree Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7.1 STA STP uses a distributed algorithm to select a bridging device (STP-compliant switch, bridge or router) that serves as the root of the spanning tree network. It selects a root port on each bridging device (except for the root device) which incurs the lowest path cost when forwarding a packet from that device to the root device.
Page 158 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Max Age The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure. All device ports (except for designated ports) should receive configuration messages at regular intervals.
Page 159: Sta Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7.1.2 STA Configuration Configuring Global Settings Global settings apply to the entire Managed Switch. Command Usage ■ Spanning Tree Protocol Uses RSTP for the internal state machine, but sends only 802.1D BPDUs. This creates one spanning tree instance for the entire network.
Page 160 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: ■ Basic Configuration of Global Settings Object Description • Spanning Tree State Enables/disables STA on this switch. (Default: Enabled) • Spanning Tree Type Specifies the type of spanning tree used on this switch: STP: Spanning Tree Protocol (IEEE 802.1D);...
Page 161 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Hello Time Interval (in seconds) at which the root device transmits a configuration message. -Default: -Minimum: -Maximum: The lower of 10 or [(Max. Message Age / 2) -1] •...
Page 162 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Path Cost Method The path cost is used to determine the best path between devices. The path cost method is used to determine the range of values that can be assigned to each interface.
Page 163: Sta Port Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (Maximum length: 32 characters) • Maximum Hop Count The maximum number of hops allowed in the MST region before a BPDU is discarded. (Range: 1-40; Default: 20) The MST name and revision number are both required to uniquely identify an MST region.
Page 164 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P - Discarding Port receives STA configuration messages, but does not forward packets. - Learning Port has transmitted configuration messages for an interval set by the Forward Delay parameter without receiving contradictory information.
Page 165: Sta Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7.1.4 STA Port Configuration Configuring Interface Settings You can configure RSTP and MSTP attributes for specific interfaces, including port priority, path cost, link type, and edge port. You may use a different priority or path cost for ports of the same media type to indicate the preferred path, link type to indicate a point-to-point connection or shared-media connection, and edge port to indicate if the attached device can support fast forwarding.
Page 166 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Priority Defines the priority used for this port in the Spanning Tree Protocol. If the path cost for all ports on a switch are the same, the port with the highest priority (i.e., lowest value) will be configured as an active link in the Spanning...
Page 167 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P By default, the system automatically detects the speed and duplex mode used on each port, and configures the path cost according to the values shown below. Path cost “0” is used to indicate auto-configuration mode. When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65,535, the default is set to 65,535.
Page 168: Mstp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.7.2 MSTP 4.7.2.1 Configuring Multiple Spanning Trees MSTP generates a unique spanning tree for each instance. This provides multiple pathways across the network, thereby balancing the traffic load, preventing wide-scale disruption when a bridge node in a single instance fails, and allowing for faster convergence of a new topology for the failed instance.
Page 169: Displaying Interface Settings For Mstp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 Default: 32768 Figure 4-7-9 MSTP VLAN Configuration page screenshot The page includes the following fields: • VLANs in MST VLANs assigned to this instance.
Page 170: Mstp Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-7-10 MSTP Port Information page screenshot 4.7.2.3 MSTP Port Configuration Configuring Interface Settings for MSTP You can configure the STA interface settings for an MST Instance using the MSTP Port Configuration and MSTP Trunk Configuration pages.
Page 171 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • STA State Displays current state of this port within the Spanning Tree. (See “Displaying Interface Settings” on page 3-156 for additional information.) -Discarding –...
Page 172: Vlan Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8 VLAN Configuration VLAN Description A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN.
Page 173: Ieee 802.1Q Vlans
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1 IEEE 802.1Q VLANs In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains.
Page 174 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ports and work normally. Any port can be configured as either tagging or untagging. The untagging feature of IEEE 802.1Q VLAN allow VLAN to work with legacy switches that don’t recognize VLAN tags in packet headers. The tagging feature allows VLAN to span multiple 802.1Q-compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work...
Page 175 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Adding an IEEE802.1Q Tag Original Ethernet Dest. Addr. Src. Addr. Length/E. type Data Old CRC Dest. Addr. Src. Addr. E. type Length/E. type Data New CRC New Tagged Packet Priority VLAN ID ■...
Page 176 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P VLANs, and any intermediate network devices or the host at the other end of the connection supports VLANs. Then assign ports on the other VLAN-aware network devices along the path that will carry this traffic to the same VLAN(s), either manually or dynamically using GVRP.
Page 177: Vlan Basic Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P security boundaries in the network and disable GVRP on the boundary ports to prevent advertisements from being propagated, or forbid those ports from joining restricted VLANs. If you have host devices that do not support GVRP, you should configure static or untagged VLANs for the switch ports connected to these devices (as described in “Adding Static Members to VLANs...
Page 178: Gvrp Status
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.2 GVRP Status GARP VLAN Registration Protocol (GVRP) defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network. VLANs are dynamically configured based on join messages issued by host devices and propagated throughout the network.
Page 179: Vlan Current Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.3 VLAN Current Table This page shows the current port members of each VLAN and whether or not the port supports VLAN tagging. Ports assigned to a large VLAN group that crosses several switches should use VLAN tagging. However, if you just want to create a small port-based VLAN for one or two switches, you can disable tagging.
Page 180: Vlan Static List
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.4 VLAN Static List Creating VLANs Use the VLAN Static List to create or remove VLAN groups. To propagate information about VLAN groups used on this Managed Switch to external network devices, you must specify a VLAN ID for each of these groups.
Page 181: Vlan Static Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.5 VLAN Static Table Adding Static Members to VLANs (VLAN Index) Use the VLAN Static Table to configure port members for the selected VLAN index. Assign ports as tagged if they are connected to 802.1Q VLAN compliant devices, or untagged they are not connected to any VLAN-aware devices.
Page 182 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-8-5 VLAN Static Table page screenshot The page includes the following fields: Object Description VLAN ID of configured VLAN. Range :1-4093, no leading zeros Name Name of the VLAN. Range: 1 to 32 characters Status Enables or disables the specified VLAN.
Page 183 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -Untagged: Interface is a member of the VLAN. All packets transmitted by the port will be untagged, that is, not carry a tag and therefore not carry VLAN or CoS information. Note that an interface must be assigned to at least one group as an untagged port.
Page 184: Static Membership By Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.6 Static Membership by Port Adding Static Members to VLANs (Port Index) Use this page to assign VLAN groups to the selected interface as a tagged member. Command Sequence – Select an interface from the scroll-down box (Port or Trunk).
Page 185: Vlan Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.1.7 VLAN Port Configuration Configuring VLAN Behavior for Interfaces You can configure VLAN behavior for specific interfaces, including the default VLAN identifier (PVID), accepted frame types, ingress filtering, GVRP status, and GARP timers.
Page 186 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Object Description • PVID VLAN ID assigned to untagged frames received on the interface. (Default: 1) If an interface is not a member of VLAN 1 and you assign its PVID to this VLAN, the interface will automatically be added to VLAN 1 as an untagged member.
Page 187 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • GARP Leave Timer* The interval a port waits before leaving a VLAN group. This time should be set to more than twice the join time. This ensures that after a Leave or LeaveAll message has been issued, the applicants can rejoin before the port actually leaves the group.
Page 188: Q-In-Q Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.2 Q-in-Q VLAN ■ IEEE 802.1Q Tunneling (Q-in-Q) IEEE 802.1Q Tunneling (QinQ) is designed for service providers carrying traffic for multiple customers across their networks. QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs.
Page 189 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Layer 2 Flow for Packets Coming into a Tunnel Access Port A QinQ tunnel port may receive either tagged or untagged packets. No matter how many tags the incoming packet has, it is treated as tagged packet.
Page 190 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P to memory. Then the egress process transmits the packet. Packets entering a QinQ uplink port are processed in the following manner: If incoming packets are untagged, the PVID VLAN native tag is added.
Page 191: Q Tunnel Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Interface to a QinQ Tunnel” on page 3-185.) Create a Service Provider VLAN, also referred to as an SPVLAN (see “Creating VLANs”). Configure the QinQ tunnel access port to 802.1Q Tunnel mode (see “Adding an Interface to a QinQ Tunnel”).
Page 192: Q Tunnel Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.2.2 802.1Q Tunnel Port Configuration Adding an Interface to a QinQ Tunnel Follow the guidelines in the preceding section to set up a QinQ tunnel on the Managed Switch. Use the VLAN Port Configuration or VLAN Trunk Configuration screen to set the access port on the edge switch to 802.1Q Tunnel mode.
Page 193 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Port Port number. • Mode Set the VLAN membership mode of the port. • None The port operates in its normal VLAN mode.
Page 194: Private Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.3 Private VLAN Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This Managed Switch supports two types of private VLANs: primary / secondary associated groups stand-alone isolated VLANs.
Page 195: Private Vlan Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.3.1 Private VLAN Information Displaying Current Private VLANs The Private VLAN Information page displays information on the Private VLANs configured on the Managed Switch, including primary, community, and isolated VLANs, and their assigned interfaces.
Page 196: Private Vlan Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.3.2 Private VLAN Configuration Configuring Private VLANs The Private VLAN Configuration page is used to create/remove primary, community, or isolated VLANs. Figure 4-8-11.Private VLAN Configuration page screenshot The page includes the following fields:...
Page 197: Private Vlan Association
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.3.3 Private VLAN Association Each Community VLAN must be associated with a primary VLAN. Figure 4-8-12. Private VLAN Association page screenshot The page includes the following fields: Object Description • Primary VLAN ID ID of primary VLAN (2-4094).
Page 198: Private Vlan Port Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.3.4 Private VLAN Port Information Use these menus to display the interfaces associated with Private VLANs. Figure 4-8-13. Private VLAN Port Information page screenshot The page includes the following fields: Object Description •...
Page 199: Private Vlan Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • Trunk Shows if a port is a member or a trunk. 4.8.3.5 Private VLAN Port Configuration Use these menus to set the private VLAN interface type, and associate the interfaces with a private VLAN.
Page 200 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P If PVLAN type is “Promiscuous,” then specify the associated Primary VLAN. • Community VLAN Conveys traffic between community ports, and from community ports to their designated promiscuous ports. Set PVLAN Port Type to “Host,” and then specify the associated Community VLAN.
Page 201: Protocol Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.4 Protocol VLAN The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 202: Protocol Vlan Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.8.4.1 Protocol VLAN Configuration Use the Protocol VLAN Configuration menu to create or remove protocol groups. Figure 4-8-15. Protocol VLAN Configuration page screenshot The page includes the following fields: ■ Special Protocol...
Page 203: Protocol Vlan Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ■ Programmable Protocol Object Description • Programmable The following options are available: Protocol • Frame Type The following frame types are available: Ethernet LLC_other RFC_1042 SNAP_8021H • Protocol Type User defined.
Page 204 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-8-16. Protocol VLAN Port Configuration page screenshot The page includes the following fields: Object Description • Interface Port or Trunk identifier. • Query Use this button to display the current protocol settings, and to select an interface for configuration.
Page 205: Multicast
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9 Multicast Multicasting is used to support real-time applications such as video conferencing or streaming audio. A multicast server does not have to establish a separate connection with each client. It merely broadcasts its service to the network, and any hosts that want to receive the multicast register with their local multicast switch/router.
Page 206: Igmp Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P When the Managed Switch is configured to use IGMPv3 snooping, the snooping version may be downgraded to version 2 or version 1, depending on the version of the IGMP query packets detected on each VLAN.
Page 207 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Unknown multicast traffic is flooded to all ports in the VLAN for several seconds when first received. If a multicast router port exists on the VLAN, the traffic will be filtered by subjecting it to IGMP snooping.
Page 208: Igmp Immediate Leave
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (Default: Disabled) • IGMP Query Count Sets the maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.
Page 209: Multicast Router Port Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P immediate leave should only be enabled on an interface if it is connected to only one IGMP-enabled device, either a service host or a neighbor running IGMP snooping. • Immediate leave is only effective if IGMP snooping is enabled, and IGMPv2 or IGMPv3 snooping is used.
Page 210: Static Multicast Router Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-9-3 Multicast Router Port Information page screenshot The page includes the following fields: Object Description • VLAN ID ID of configured VLAN Range: 1-4094. • Multicast Router List Multicast routers dynamically discovered by this switch or those that are statically assigned to an interface on this Managed Switch.
Page 211: Ip Multicast Registration Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-9-4 Static Multicast Router Port Configuration page screenshot The page includes the following fields: Object Description • Interface Activates the Port or Trunk scroll down list. • VLAN ID Selects the VLAN to propagate all multicast traffic coming from the attached multicast router.
Page 212: Igmp Member Port Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-9-5 IP Multicast Registration Table page screenshot The page includes the following fields: Object Description • VLAN ID Selects the VLAN for which to display port members. (Range: 1-4094) • Multicast IP Address The IP address for a specific multicast service.
Page 213 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P After you have completed adding ports to the member list, click Apply. Figure 4-9-6 IGMP Member Port Table page screenshot The page includes the following fields: Object Description • Interface Activates the Port or Trunk scroll down list.
Page 214: Igmp Filter And Throttling
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9.2 IGMP Filter and Throttling In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and IGMP throttling limits the number of simultaneous multicast groups a port can join.
Page 215: Igmp Filter Profile Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • IGMP Filter Enables IGMP filtering and throttling globally for the switch. (Default: Disabled) • IGMP Profile Creates IGMP profile numbers. (Range: 1-4294967295) 4.9.2.2 IGMP Filter Profile Configuration...
Page 216: Igmp Filter / Throttling Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description • Profile ID Selects an existing profile number to configure. After selecting an ID number, click the Query button to display the current configuration.
Page 217 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-9-10 IGMP Filter and Throttling Port Configuration page screenshot The page includes the following fields: Object Description • Profile Selects an existing profile number to assign to an interface. • Max Multicast Groups Sets the maximum number of multicast groups an interface can join at the same time.
Page 218: Multicast Vlan Registration (Mvr)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9.3 Multicast VLAN Registration (MVR) Multicast VLAN Registration (MVR) is a protocol that controls access to a single network-wide VLAN most commonly used for transmitting multicast traffic (such as television channels or video-on-demand) across a service provider’s network. Any multicast traffic entering an MVR VLAN is sent to all attached subscribers.
Page 219: Mvr Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Only IGMP version 2 or 3 hosts can issue multicast join or leave messages. For multicast streams that will run for a long term and be associated with a stable set of hosts, you can statically bind the multicast group to the participating interfaces (see “Assigning Static Multicast Groups to Interfaces”).
Page 220: Mvr Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P satisfied. (Running status is true as long as MVR Status is enabled, and the specified MVR VLAN exists.) • MVR VLAN Identifier of the VLAN that serves as the channel for streaming multicast services using MVR.
Page 221 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Immediate leave does not apply to multicast groups which have been statically assigned to a port. Figure 4-9-12 MVR Port Configuration page screenshot The page includes the following fields: Object Description •...
Page 222: Mvr Port Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9.3.3 MVR Port Information You can display information about the interfaces attached to the MVR VLAN. Figure 4-9-13 Port Information page screenshot The page includes the following fields: Object Description • Type Shows the MVR port type.
Page 223 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage • Any multicast groups that use the MVR VLAN must be statically assigned to it under the MVR Configuration menu (see “Configuring Global MVR Settings”. • The IP address range from 224.0.0.0 to 239.255.255.255 is used for multicast streams. MVR group addresses cannot fall within the reserved IP multicast address range of 224.0.0.x.
Page 224: Mvr Group Ip Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.9.3.5 MVR Group IP Information You can display the multicast groups assigned to the MVR VLAN either through IGMP snooping or static configuration. Figure 4-9-15 MVR Group IP Table page screenshot...
Page 225: Quality Of Service
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10 Quality of Service This Managed Switch prioritizes each packet based on the required level of service, using four priority queues with strict priority, Weighted Round Robin, or hybrid queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application.
Page 226: Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Service Policy Defines service policy settings for ports VoIP Voice over IP Configuration Sets a Voice VLAN ID and enables VoIP traffic detection Port Configuration Configures port VoIP traffic mode, security, and priority...
Page 227: Port Priority Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.1.1 Port Priority Configuration You can specify the default port priority for each interface on the Managed Switch. All untagged packets entering the Managed Switch are tagged with the specified default port priority, and then sorted into the appropriate egress queue at the output port.
Page 228: Traffic Classes
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.1.2 Traffic Classes IEEE 802.1p CoS Priority This Managed Switch processes Class of Service (CoS) priority tagged traffic by using four egress queues for each port, with service schedules based on Weighted Round Robin (WRR). Up to eight separate traffic priority levels are defined in IEEE 802.1p.
Page 229 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (Range: 0-7, where 7 is the highest priority) • Traffic Class Output queue buffer. (Range: 0-3, where 3 is the highest CoS priority queue) The default priority levels are assigned according to recommendations in the IEEE 802.1p standard. However, you can map the priority levels to the Managed Switch's output queues in any way that benefits application traffic for your own network.
Page 230: Queue Mode
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.1.3 Queue Mode Selecting the Queue Mode You can set the Managed Switch to service the queues based on a strict rule that requires all traffic in a higher priority queue to...
Page 231: Queue Scheduling
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.1.4 Queue Scheduling The Managed Switch uses the Weighted Round Robin (WRR) algorithm to determine the frequency at which it services each egress queue. The traffic classes are mapped to one of the four egress queues provided for each port. You can assign a weight to each of these queues (and thereby to the corresponding traffic priorities).
Page 232: Layer 3/4 Priority Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2 Layer 3/4 Priority Settings 4.10.2.1 Mapping Layer 3/4 Priorities to CoS Values This Managed Switch supports several common methods of prioritizing layer 3/4 traffic to meet application requirements. Traffic priorities can be specified in the IP header of a frame, using the priority bits in the Type of Service (TOS) octet or the number of the TCP port.
Page 233: Ip Dscp Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.3 IP DSCP Priority The DSCP is six bits wide, allowing coding for up to 64 different forwarding behaviors. The DSCP retains backward compatibility with the three precedence bits so that non-DSCP compliant, TOS-enabled devices, will not conflict with the DSCP mapping.
Page 234: Mapping Ip Precedence Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.4 Mapping IP Precedence Priority The Type of Service (TOS) octet in the IPv4 header includes three precedence bits defining eight different priority levels ranging from highest priority (7) for network control packets to lowest priority (0) for routine traffic. Bits 6 and 7 are used for network control, and the other bits for various application types.
Page 235: Ip Precedence Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IP Precedence priority settings apply to all interfaces. 4.10.2.6 IP Precedence Priority Figure 4-10-8 IP Precedence Priority page screenshot The page includes the following fields: Object Description IP Precedence Priority Shows the IP Precedence to CoS map.
Page 236: Ip Tos Priority Status
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Precedence Pv4 Packet Header Type of Service Octet The four TOS bits provide 15 different priority values, however only five values have a defined meaning. The following table lists the defined IP TOS values and the default mapping to CoS queues on the switch. (All the TOS values not defined are mapped to CoS queue 0.)
Page 237: Ip Tos Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.9 IP TOS Priority Figure 4-10-10 IP TOS Priority page screenshot The page includes the following fields: Object Description Shows the IP TOS to CoS map. IP TOS Priority Table Class of Queue Service Maps an IP TOS value to a CoS queue.
Page 238: Ip Port Priority Status
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.11 IP Port Priority Status Figure 4-10-11 IP Port Priority Status page screenshot The page includes the following fields: Object Description IP Port Priority Status Enables or disables the IP port priority.
Page 239: Ip Port Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.12 IP Port Priority Figure 4-10-12 IP Port Priority page screenshot The page includes the following fields: Object Description IP Port Priority Table Shows the IP port to CoS queue map.
Page 240: Acl Cos Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.2.14 ACL CoS Priority Figure 4-10-13 ACL CoS Priority page screenshot The page includes the following fields: Object Description Port Port identifier. Name Name of a configured ACL. Type Type of ACL (IP or MAC).
Page 241: Diffserv
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.3 DiffServ The commands described in this section are used to configure Quality of Service (QoS) classification criteria and service policies. Differentiated Services (DiffServ) provides policy-based management mechanisms used for prioritizing network resources to meet the requirements of specific traffic types on a per hop basis.
Page 242: Configuring A Diffserv Class Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.3.1 Configuring a DiffServ Class Map A class map is used for matching packets to a specified class. Command Usage • To configure a Class Map, follow these steps: Open the Class Map page, and click Add Class.
Page 243 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-10-16 Class Map page screenshot Class Configuration Figure 4-10-17 Class Configuration page screenshot The page includes the following fields: Object Description Class Name Name of the class map. (Range: 1-16 characters)
Page 244 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Match Class Settings Figure 4-10-18 Match Class Settings page screenshot The page includes the following fields: Object Description Class Name List of class maps ACL List Name of an access control list. Any type of ACL can be specified, including standard or extended IP ACLs and MAC ACLs.
Page 245: Policy Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.3.2 Policy Map Creating QoS Policies This function creates a policy map that can be attached to multiple interfaces. Command Usage • To configure a Policy Map, follow these steps: Create a Class Map as described Open the Policy Map page, and click Add Policy.
Page 246 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Modify Name and Configures the name and a brief description of a policy map. Description (Range: 1-16 characters for the name; 1-64 characters for the description) Edit Classes Opens the “Policy Rule Settings”...
Page 247 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Policy Configuration Figure 4-10-23 Policy Configuration page screenshot The page includes the following fields: Object Description Policy Name Name of policy map. (Range: 1-16 characters) Description A brief description of a policy map.
Page 248 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Class Name Name of class map. Shows the service provided to ingress traffic by setting a CoS or DSCP value in a Action matching packet (as specified in Match Class Settings).
Page 249: Service Policy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.3.3 Service Policy Attaching a Policy Map to Ingress Queues This function binds a policy map to the ingress queue of a particular interface. Command Usage • You must first define a class map, then define a policy map, and finally bind the service policy to the required interface.
Page 250: Voice Vlans
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.4 Voice VLANs When IP telephony is deployed in an enterprise network, it is recommended to isolate the Voice over IP (VoIP) network traffic from other data traffic. Traffic isolation can provide higher voice quality by preventing excessive packet delays, packet loss, and jitter.
Page 251: Voip Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Voice VLAN ID Sets the Voice VLAN ID for the network. Only one Voice VLAN is supported and it must already be created on the switch. (Range: 1-4094) Vioce VLAN Aging Time The time after which a port is removed from the Voice VLAN when VoIP traffic is no longer received on the port.
Page 252 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P - None The Voice VLAN feature is disabled on the port. The port will not detect VoIP traffic nor be added to the Voice VLAN. - Auto The port will be added as a tagged member to the Voice VLAN when VoIP traffic is detected on the port.
Page 253: Telephony Oui Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.10.4.3 Telephony OUI Configuration VoIP devices attached to the Managed Switch can be identified by the manufacturer’s Organizational Unique Identifier (OUI) in the source MAC address of received packets. OUI numbers are assigned to manufacturers and form the first three octets of device MAC addresses.
Page 254: Security
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11 Security This section is to control the access of the Managed Switch, includes the user access and management control. The Security page contains links to the following main topics: User Authentication Client Security 4.11.1 User Authentication...
Page 255 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-1 User Accounts page screenshot The page includes the following fields: Object Description Account List Displays the current list of user accounts and associated access levels. (Defaults: admin, and guest) New Account Displays configuration settings for a new account.
Page 256: Configuring Local / Remote Logon Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.2 Configuring Local / Remote Logon Authentication Use the Authentication Settings menu to restrict management access based on specified user names and passwords. You can manually configure access rights on the Managed Switch, or you can use a remote access authentication server based on RADIUS or TACACS+ protocols.
Page 257 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • RADIUS and TACACS+ logon authentication assign a specific privilege level for each user name/password pair. The user name, password, and privilege level must be configured on the authentication server. The encryption methods used for the authentication process must also be configured or negotiated between the authentication server and logon client.
Page 258: Radius Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.3 RADIUS Settings This page is to configure the RADIUS server connection session parameters. The RADIUS Settings screen in Figure 4-11-3 appears. Figure 4-11-3 Authentication \ RADIUS Settings screenshot The page includes the following fields:...
Page 259: Tacacs Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.4 TACACS Settings This page is to configure the TACACS server connection session parameters. The TACACS Settings screen in Figure 4-11-4 appears. Figure 4-11-4 Authentication \ TACACS Settings screenshot The page includes the following fields:...
Page 260: Aaa Authorization And Accounting
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.5 AAA Authorization and Accounting Authentication, authorization, and accounting (AAA) provides a framework for configuring access control on the Managed Switch. The three security functions can be summarized as follows: • Authentication — Identifies users that request access to the network.
Page 261: Radius Group Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.5.1 RADIUS Group Settings The AAA RADIUS Group Settings screen defines the configured RADIUS servers to use for accounting and authorization. Figure 4-11-5 AAA \ AAA RADIUS Group Settings screenshot Click Security, AAA, Radius Group Settings.
Page 262: Aaa Accounting Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-6 AAA \ AAA RADIUS Group Settings screenshot The page includes the following fields: Object Description Group Name Defines a name for the TACACS+ server group. (1-255 characters) Server Spefies the TACACS+ server to use for the group. (Range: 1) 4.11.5.3 AAA Accounting Settings...
Page 263 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-7 AAA \ AAA RADIUS Group Settings screenshot Click Security, AAA, Accounting, Settings. To configure a new accounting method, specify a method name and a group name, then click Add.
Page 264: Aaa Accounting Update
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Group Name Specifies the accounting server group. (Range: 1-255 characters) The group names “radius” and “tacacs+” specifies all configured RADIUS and TACACS+ hosts (see “Configuring Local/Remote Logon Authentication” ). Any other group name refers to a server group configured on the RADIUS or TACACS+ Group Settings pages.
Page 265: Aaa Accounting Exec Command Privileges
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-9 AAA \ AAA RADIUS Group Settings screenshot Click Security, AAA, Accounting, 802.1X Port Settings. Enter the required accounting method and click Apply. The page includes the following fields: Object...
Page 266: Aaa Accounting Exec Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-10 AAA \ AAA RADIUS Group Settings screenshot Click Security, AAA, Accounting, Command Privilges. Enter a defined method name for console and Telnet privilege levels. Click Apply. The page includes the following fields:...
Page 267: Aaa Accounting Summary
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-11 AAA \ AAA RADIUS Group Settings screenshot Click Security, AAA, Accounting, Exec Settings. Enter a defined method name for console and Telnet connections, and click Apply. The page includes the following fields:...
Page 268: Aaa Accounting Summary
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-12 AAA \ AAA RADIUS Group Settings screenshot The page includes the following fields: 4.11.5.9 AAA Accounting Summary Object Description Accounting Type Displays the accounting service. Method List Displays the user-defined or default accounting method.
Page 269: Authorization Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Object Description User Name Displays a registered user name. Interface Displays the receive port number through which this user accessed the switch. Time Elapsed Displays the length of time this entry has been active.
Page 270: Aaa Authorization Exec Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The group name “tacacs+” specifies all configured TACACS+ hosts (see “Configuring Local/Remote Logon Authentication”). Any other group name refers to a server group configured on the TACACS+ Group Settings page. Authorization is only supported for TACACS+ servers.
Page 271: Https Setting
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Authorization Type Displays the authorization service. Method List Displays the user-defined or default authorization method. Group List Displays the authorization server group. Interface Displays the console or Telnet interface to which the authorization method applies.
Page 272 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-15 Settings screenshot Click Security, HTTPS Settings. Enable HTTPS and specify the port number, then click Apply. The page includes the following fields: Object Description HTTPS Status Allows you to enable/disable the HTTPS server feature on the switch.
Page 273: Configure Secure Shell
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.7 SSH 4.11.7.1 Configure Secure Shell The Berkley-standard includes remote access tools originally designed for Unix systems. Some of these tools have also been implemented for Microsoft Windows and other environments. These tools, including commands such as rlogin (remote login), rsh (remote shell), and rcp (remote copy), are not secure from hostile attacks.
Page 274 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Import Client’s Public Key to the Switch – Use the copy tftp public-key command to copy a file containing the public key for all the SSH client’s granted management access to the switch. (Note that these clients must be configured locally on the switch via the User Accounts page as described.) The clients are subsequently authenticated using these keys.
Page 275: Ssh Server Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P acceptable. If the specified algorithm is supported by the switch, it notifies the client to proceed with the authentication process. Otherwise, it rejects the request. The client sends a signature generated using the private key to the switch.
Page 276: Ssh Host-Key Settings
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P (Range: 1-120 seconds; Default: 120 seconds) SSH Authentication Specifies the number of authentication attempts that a client is allowed before authentication fails and the client has to restart the authentication process.
Page 277 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Public-Key of Host-Key The public key for the host. -RSA (Version 1): The first field indicates the size of the host key (e.g., 1024), the second field is the encoded public exponent (e.g.,...
Page 278 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-18 Settings screenshot...
Page 279: X Port Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.8 802.1X Port Authentication Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data.
Page 280: Understanding Ieee 802.1X Port-Based Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.8.1 Understanding IEEE 802.1X Port-Based Authentication The IEEE 802.1X standard defines a client-server-based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports. The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN.
Page 281 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P information from the client, verifying that information with the authentication server, and relaying a response to the client. The switch includes the RADIUS client, which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol (EAP) frames and interacting with the authentication server.
Page 282 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
Page 283: Displaying 802.1X Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P state. 4.11.8.2 Displaying 802.1X Information The 802.1X protocol provides client authentication. Figure 4-11-19 Settings screenshot The page includes the following fields: Object Description 802.1X System The global settings for 802.1X. Authentication Control 4.11.8.3 802.1X Configuration...
Page 284: X Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Object Description Sets the global setting for 802.1X. 802.1X System Authentication Control (Default: Disabled) 4.11.8.4 802.1X Port Configuration When 802.1X is enabled, you need to configure the parameters for the authentication process that runs between the client and the switch (i.e., authenticator), as well as the client identity lookup process that runs between the switch and authentication...
Page 285 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default: 5 Mode Sets the authentication mode to one of the following options: Requires a dot1x-aware client to be authorized by the -Auto authentication server. Clients that are not dot1x-aware will be denied access.
Page 286: Displaying 802.1X Statistics
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Trunk Indicates if the port is configured as a trunk port. 4.11.8.5 Displaying 802.1X Statistics This Managed Switch can display statistics for dot1x protocol exchanges for any port. Figure 4-11-22 Settings screenshot Select Security, 802.1X, Statistics.
Page 287: Windows Platform Radius Server Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Authenticator. Rx EAP Resp/Id The number of EAP Resp/Id frames that have been received by this Authenticator. Rx EAP Resp/Oth The number of valid EAP Response frames (other than Resp/Id frames) that have been received by this Authenticator.
Page 288 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Configure ports attribute of 802.1X, the same as “802.1X Port Configuration”. Figure 4-11-24 802.1x Port Configuration Create user data. That step are different of “Local Authenticate”, the establishment of the user data needs to be created on the Radius Server PC.
Page 289: X Client Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Enter ” Active Directory Users and Computers”, create legal user data, the next, right-click a user what you created to enter properties, and what to be noticed: Figure 4-11-26 TsInternetUser Properties screen Set the Ports Authenticate Status to “Force Authorized”...
Page 290 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Click “Properties” to open up the Properties setting window. Select “Authentication” tab. Select “Enable network access control using IEEE 802.1X” to enable 802.1x authentication. Select “MD-5 Challenge” from the drop-down list box for EAP type.
Page 291 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Click “OK”. When client has associated with the Managed Switch, a user authentication notice appears in system tray. Click on the notice to continue. Enter the user name, password and the logon domain that your account belongs.
Page 292: Client Security
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.9 Client Security This Managed Switch supports many methods of segregating traffic for clients attached to each of the data ports, and for ensuring that only authorized clients gain access to the network. Private VLANs and port-based authentication using IEEE 802.1X are commonly used for these purposes.
Page 293: Port Security
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.10 Port Security Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port.
Page 294 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-23 Settings screenshot Click Security, Port Security. Set the action to take when an invalid address is detected on a port, mark the checkbox in the Status column to enable security for a port, set the maximum number of MAC addresses allowed on a port, and click Apply.
Page 295 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Trunk Trunk number if port is a member This example selects the target port, sets the port security action to send a trap and disable the port, sets the maximum MAC addresses allowed on the port, and then enables port security for the port.
Page 296: Web Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-25 Settings screenshot 4.11.11 Web Authentication Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentications are infeasible or impractical. The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries.
Page 297: Web Authentication Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.11.1 Web Authentication Configuration Web authentication is configured on a per-port basis, however there are four configurable parameters that apply globally to all ports on the Managed Switch. Figure 4-11-26 Settings screenshot Click Security, Web Authentication, Configuration.
Page 298: Web Authentication Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.11.2 Web Authentication Port Configuration Web authentication is configured on a per-port basis. The following parameters are associated with each port. Figure 4-11-27 Settings screenshot Click Security, Web Authentication, Port Configuration.
Page 299: Re-Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-28 Settings screenshot The page includes the following fields: Object Description Interface Indicates the port to query. IP Address Indicates the IP address of each connected host. Status Indicates the authorization status of each connected host.
Page 300 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Interface Indicates the port to query. Indicates the IP address of the host selected for re-authentication. Host IP...
Page 301: Network Access (Mac Address Authentication)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.12 Network Access (MAC Address Authentication) Some devices connected to switch ports may not be able to support 802.1X authentication due to hardware or software limitations. This is often true for devices such as network printers, IP phones, and some wireless access points. This switch enables network access from these devices to be controlled by authenticating device MAC addresses with a central RADIUS server.
Page 302: Network Access Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.12.1 Network Access Configuration MAC address authentication is configured on a per-port basis, however there are two configurable parameters that apply globally to all ports on the switch. Figure 4-11-30 Settings screenshot...
Page 303 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-31 Settings screenshot The page includes the following fields: Object Description Enables MAC authentication on a port. Mode (Default: None) Maximum MAC Count Sets the maximum number of MAC addresses that can be authenticated on a port.
Page 304: Network Access Mac Address Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The VLAN settings specified by the first authenticated MAC address are implemented for a port. Other authenticated MAC addresses on the port must have the same VLAN configuration, or they are treated as authentication failures.
Page 305 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Object Description The number of MAC addresses currently in the secure MAC address table. Network Access MAC Address Count Query By Specifies parameters to use in the MAC address query. Port Specifies a port interface.
Page 306: Access Control Lists
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.13 Access Control Lists Access Control Lists (ACL) provide packet filtering for IP frames (based on address, protocol, Layer 4 protocol port number or TCP control code) or any frames (based on MAC address or Ethernet type). To filter incoming packets, first create an access list, add the required rules, and then bind the list to a specific port.
Page 307 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-33 Settings screenshot Select Security, ACL, Configuration. Enter an ACL name in the Name field, select the list type (IP Standard, IP Extended, or MAC), and click Add to open the configuration page for the new list.
Page 308: Configure A Standard Acl
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.13.2 Configure a Standard ACL Figure 4-11-34 Settings screenshot Specify the action (i.e., Permit or Deny). Select the address type (Any, Host, or IP). If you select “Host,” enter a specific address.
Page 309: Extended Acl
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-35 Settings screenshot Figure 4-11-36 Settings screenshot 4.11.13.3 Extended ACL Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses. Select the address type (Any, Host, or IP).
Page 310 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Action An ACL can contain any combination of permit or deny rules. (Default: Permit rules) Source/Destination Specifies the source or destination IP address. Use “Any” to include all possible Address Type addresses, “Host”...
Page 311: Mac Acl
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.13.4 MAC ACL Egress MAC ACLs only work for destination-mac-known packets, not for multicast, broadcast, or destination-mac-unknown packets. Figure 4-11-37 Settings screenshot Specify the action (i.e., Permit or Deny). Specify the source and/or destination addresses.
Page 312 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P fields. (Options: Any, Host, MAC; Default: Any) Source/Destination MAC Source or destination MAC address. Address Source/Destination Bit Hexadecimal mask for source or destination MAC address. Mask VLAN ID. (Range: 1-4094) Ethernet Type This option can only be used to filter Ethernet II formatted packets.
Page 313 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-39 Settings screenshot...
Page 314: Acl Port Binding
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.13.5 ACL Port Binding After configuring the Access Control Lists (ACL), you can bind the ports that need to filter traffic to the appropriate ACLs. You can assign one IP access list to any port – IP ingress or MAC ingress.
Page 315 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-41 Settings screenshot...
Page 316: Ip Filter
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.14 IP Filter You can create a list of up to 16 IP addresses or IP address groups that are allowed management access to the Managed Switch through the web interface, SNMP, or Telnet.
Page 317: Snmp Ip Filter
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Click Security, IP Filter. Enter the IP addresses or range of addresses that are allowed management access to an interface, and click Add Web IP Filtering Entry to update the filter list.
Page 318: Telnet Ip Filter
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Object Description SNMP IP Filter Configures IP address(es) for the SNMP group. Start IP Address A single IP address, or the starting address of a range. End IP Address The end address of a range.
Page 319 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P End IP Address The end address of a range. Add/Remove Filtering Adds/removes an IP address from the list. Entry...
Page 320: Dhcp Snooping
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.15 DHCP Snooping The addresses assigned to DHCP clients on unsecure ports can be carefully controlled using the dynamic bindings registered with DHCP Snooping (or using the static bindings configured with IP Source Guard). DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server.
Page 321: Dhcp Snooping Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P If a DHCP packet is from server is received on a trusted port, it will be forwarded to both trusted and untrusted ports in the same VLAN. • If the DHCP snooping is globally disabled, all dynamic bindings are removed from the binding table.
Page 322: Information Option Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • When DHCP snooping is enabled globally on the switch, and enabled on the specified VLAN, DHCP packet filtering will be performed on any untrusted ports within the VLAN. • When the DHCP snooping is globally disabled, DHCP snooping can still be configured for specific VLANs, but the changes will not take effect until DHCP snooping is globally re-enabled.
Page 323 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P DHCP snooping is disabled. The request packet contains a valid relay agent address field. DHCP reply packets received by the relay agent (that is, this switch) are handled in the following way: When the relay agent receives a DHCP reply packet with Option 82 information, it first ensures that the packet is destined for it, and then removes the Option 82 field from the packet.
Page 324: Dhcp Snooping Port Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P address (when DHCP snooping is enabled), and unicast the packet to the DHCP server. (This is the default policy.) 4.11.15.4 DHCP Snooping Port Configuration Configures switch ports as trusted or untrusted.
Page 325: Ip Source Guard
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.16 IP Source Guard IP Source Guard is a security feature that filters IP traffic on network interfaces based on manually configured entries in the IP Source Guard table, or dynamic entries in the DHCP Snooping table when enabled (see “DHCP...
Page 326 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-11-49 IP Source Guard Port Configuration page screenshot The page includes the following fields: Object Description Configures the switch to filter inbound traffic based source IP address, or source Filter Type IP address and corresponding MAC address.
Page 327: Static Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.11.16.2 Static Configuration Add a static address to the source-guard binding table. Table entries include a MAC address, IP address, lease time, entry type (Static, Dynamic), VLAN identifier, and port identifier. All static entries are configured with an infinite lease time, which is indicated with a value of zero in the table.
Page 328: Dynamic Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Static Binding Table The total number of static entries in the table. Counts Port Switch port number. SGSW-2840/SGSW-2840P Range: 1-28 SGSD-1022/SGSD-1022P Range: 1-10...
Page 329 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Query by Select an interface to display the source-guard binding. Options: Port VLAN MAC Address IP Address Dynamic Binding Table Counts Displays the number of IP addresses in the source-guard binding table.
Page 330: Cluster
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.12 Cluster Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 331 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-12-1 Cluster Configuration page screenshot The page includes the following fields: Object Description Cluster Status Enables or disables clustering on the switch. (Default: Enabled) Cluster Commander Enables or disables the switch as a cluster Commander.
Page 332: Cluster Member Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.12.2 Cluster Member Configuration Adds Candidate switches to the cluster as Members. Figure 4-12-2 Cluster Member Configuration page screenshot The page includes the following fields: Object Description Member ID Specify a Member ID number for the selected Candidate switch.
Page 333: Cluster Candidate Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 4-12-3 Cluster Member Information page screenshot The page includes the following fields: Object Description Member ID The ID number of the Member switch. (Range: 1-36) Role Indicates the current status of the switch in the cluster.
Page 334 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The page includes the following fields: Object Description Role Indicates the current status of Candidate switches in the network. MAC Address The MAC address of the Candidate switch. Description The system description string of the Candidate switch.
Page 335: Power Over Ethernet (Sgsd-1022P / Sgsw-2840P)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.13 Power Over Ethernet (SGSD-1022P / SGSW-2840P) Providing up to 8/24 PoE, in-line power interface, the SGSD-1022P / SGSW-2840P PoE Switch can easily build a power central-controlled IP phone system, IP Camera system, AP group for the enterprise. For instance, 8 camera / AP can be easily installed around the corner in the company for surveillance demands or build a wireless roaming environment in the office.
Page 336: Power Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4.13.2 Power Management: In a power over Ethernet system, operating power is applied from a power source (PSU-power supply unit) over the LAN infrastructure to powered devices (PDs), which are connected to ports. Under some conditions, the total output power required by PDs can exceed the maximum available power provided by the PSU.
Page 337 PD’s power consumption lower than the power limit value. For SGSW-2840P, the total PoE power reservation from Port-1~24 is up to 260W For SGSD-1022, the total PoE power reservation from Port-1~8 is up to 110W PD Classifications A PD may be classified by the PSE based on the classification information provided by the PD.
Page 338 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Class Usage Range of maximum power used by the PD Default 0.44 to 12.95 Watts Optional 0.44 to 3.84 Watts Optional 3.84 to 6.49 Watts Optional 6.49 to 12.95 Watts Not Allowed Reserved for Future Use Table 4.13-1 Device class...
Page 339: Command Line Interface
After connecting to the system through the console port, the login screen displays: User Access Verification Username: admin Password: CLI session with the SGSD-1022 is opened. To end the CLI session, enter [Exit]. Console# 5.1.3 Telnet Connection Telnet operates over the IP transport protocol. In this environment, your management station and any network device you want to manage over the network must have a valid IP address.
Page 340 Enter the necessary commands to complete your desired tasks. When finished, exit the session with the “quit” or “exit” command. After entering the Telnet command, the login screen displays: Username: admin Password: CLI session with the SGSD-1022 is opened. To end the CLI session, enter [Exit]. Vty-0#...
Page 341: Entering Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P You can open up to four sessions to the device via Telnet. 5.2 Entering Commands This section describes how to enter CLI commands. 5.2.1 Keywords and Arguments A CLI command is a series of keywords and arguments. Keywords identify a command, and arguments specify configuration parameters.
Page 342: Showing Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P using the “?” character to list keywords or parameters. 5.2.5 Showing Commands If you enter a “?” at the command prompt, the system will display the first level of keywords for the current command class (Normal Exec or Privileged Exec) or configuration class (Global, ACL, Interface, Line or VLAN Database).
Page 343 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P privilege Shows current privilege level Device process process protocol-vlan Protocol-VLAN information public-key Public key information queue Priority queue information radius-server RADIUS server information running-config Information on the running configuration snmp Simple Network Management Protocol statistics...
Page 344: Partial Keyword Lookup
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.2.6 Partial Keyword Lookup If you terminate a partial keyword with a question mark, alternatives that match the initial letters are provided. (Remember not to leave a space between the command and question mark.) For example “s?” shows all the keywords starting with “s.”...
Page 345: Exec Commands
“super”. To enter Privileged Exec mode, enter the following user names and passwords: Username: admin Password: [admin login password] CLI session with the SGSD-1022 is opened. To end the CLI session, enter [Exit]. Console# Username: guest Password: [guest login password] CLI session with the SGSD-1022 is opened.
Page 346: Configuration Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.2.11 Configuration Commands Configuration commands are privileged level commands used to modify switch settings. These commands modify the running configuration only and are not saved when the switch is rebooted. To store the running configuration in non-volatile storage, use the copy running-config startup-config command.
Page 347: Command Line Processing
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Policy Map policy map Console(config-pmap) Server Group aaa group server radius Console(config-sg-radius) aaa group server tacacs+ Console(config-sg-tacacs+) VLAN vlan database Console(config-vlan) Table 5-2 Configuration Modes For example, you can use the following commands to enter interface configuration mode, and then return to Privileged Exec...
Page 348: Command Groups
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.3 Command Groups The system commands can be broken down into the functional groups shown below. Command Group Description General Basic commands for entering privileged access mode, restarting thesystem, or quitting...
Page 349: General Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Quality of Service Configures Differentiated Services Configures IGMP multicast filtering, query parameters, specifies ports attached to a Multicast Filtering multicast router, and enables multicast VLAN registration IP Interface Configures IP address for the switch...
Page 350: Disable
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. Enter level 15 to access Privileged Exec mode. Default Setting Level 15 Command Mode Normal Exec Command Usage “admin”...
Page 351: Configure
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console#disable Console> Related Commands enable configure This command activates Global Configuration mode. You must enter this mode to modify any settings on the switch. You must also enter Global Configuration mode prior to enabling some of the other configuration modes, including Interface Configuration, Line Configuration, VLAN Database Configuration, and Multiple Spanning Tree Configuration.
Page 352: Reload
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 1 show history Configuration command history: 4 interface vlan 1 3 exit 2 interface vlan 1 1 end Console# The ! command repeats commands from the Execution command history buffer when you are in Normal Exec or Privileged Exec Mode, and commands from the Configuration command history buffer when you are in any of the configuration modes.
Page 353: Prompt
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P System will be restarted, continue <y/n>? y prompt This command customizes the CLI prompt. Use the no form to restore the default prompt. Syntax prompt string no prompt string - Any alphanumeric string to use for the CLI prompt. (Maximum length: 255 characters)
Page 354: Quit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P session: Console(config)# exit Console#exit Press ENTER to start session User Access Verification Username: quit This command exits the configuration program. Default Setting None Command Mode Normal Exec, Privileged Exec Command Usage The quit and exit commands can both exit the configuration program.
Page 355: System Management Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.5 System Management Commands These commands are used to control system logs, passwords, user names, browser configuration options, and display or configure a variety of other system information. Command Group Function...
Page 356: Banner Information Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# 5.5.2 Banner Information Commands These commands are used to configure and manage administrative information about the switch, its exact data center location, details of the electrical and network circuits that supply the switch, as well as contact information for the network administrator and system manager.
Page 357 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P company name and presses the enter key, the script prompts for the next piece of information, and so on, until all information has been entered. Pressing enter without inputting information at any prompt during the script’s operation will leave the field empty.
Page 358: Banner Configure Company
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P banner configure company This command is used to configure company information displayed in the banner. Use the no form to restore the default setting. Syntax banner configure company name no banner configure company name - The name of the company.
Page 359: Banner Configure Department
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Input strings cannot contain spaces. The banner configure dc-power-info command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity.
Page 360: Banner Configure Equipment-Location
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P banner configure equipment-info manufacturer-id mfr-id floor floor-id row row-id rack rack-id shelf-rack sr-id manufacturer mfr-name no banner configure equipment-info [floor | manufacturer | manufacturer-id | rack | row | shelf-rack] mfr-id -The name of the device model number.
Page 361: Banner Configure Ip-Lan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity. Example Console(config)# banner configure equipment-location 710_Network_Path,_Indianapolis Console(config)# banner configure ip-lan This command is used to configure the device IP address and subnet mask information displayed in the banner.
Page 362: Banner Configure Manager-Info
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting None Command Mode Global Configuration Command Usage Input strings cannot contain spaces. The banner configure lp-number command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity.
Page 363: Banner Configure Mux
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# banner configure manager-info name Albert_Einstein phone-number 123-555-1212 name2 Lamar phone-number 123-555-1219 Console(config)# banner configure mux This command is used to configure the mux information displayed in the banner. Use the no form to restore the default setting.
Page 364: Show Banner
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Input strings cannot contain spaces. The banner configure note command interprets spaces as data input boundaries. The use of underscores ( _ ) or other unobtrusive non-letter characters is suggested for situations where whitespace is necessary for clarity.
Page 365: System Status Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.5.3 System Status Commands This section describes commands used to display system information. Command Function Mode show startup-config Displays the contents of the configuration file (stored in flashmemory) that is used to start up the system...
Page 366 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P System Management Commands Example Console# show startup-config building startup-config, please wait..!<stackingDB>00</stackingDB> !<stackingMac>01_00-30-4f-10-22-bc_01</stackingMac> phymap 00-30-4f-10-22-bc SNTP server 0.0.0.0 0.0.0.0 0.0.0.0 broadcast byte-rate 1000 level 5 snmp-server community public ro snmp-server community private rw...
Page 367: Show Running-Config
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P spanning-tree MST configuration interface ethernet 1/1 switchport allowed vlan add 1 untagged switchport native vlan 1 switchport allowed vlan add 4093 tagged interface vlan 1 ip address DHCP line console line vty...
Page 368 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -SNMP community strings -Users (names, access levels, and encrypted passwords) -Event log settings -VLAN database (VLAN ID, name and state) -VLAN configuration settings for each interface -Spanning tree settings -Interface settings...
Page 369: Show System
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P vlan 1 name DefaultVlan media ethernet state active VLAN 4093 media ethernet state active spanning-tree MST configuration interface ethernet 1/1 switchport allowed vlan add 1 untagged switchport native vlan 1 switchport allowed vlan add 4093 tagged...
Page 370: Show Users
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# show system System Description: PLANET 8+2G Managed Switch SGSD-1022 System OID String: 1.3.6.1.4.1.10456.1.1482 System Information System Up Time: 0 days, 0 hours, 57 minutes, and 56.69 seconds System Name: R&D 5...
Page 371: Show Version
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P admin 15 None guest 0 None steve 15 RSA Online users: Line Username Idle time (h:m:s) Remote IP addr. ----------- -------- ----------------- -------------- console admin 0:14:14 VTY 0 admin 0:00:00 192.168.1.19...
Page 372: Frame Size Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Main Power Status: Loader Version: 1.0.0.2 Boot ROM Version: 0.0.1.1 Operation Code Version: 0.0.3.5 Console# 5.5.4 Frame Size Commands This section describes commands used to configure the Ethernet frame size on the switch.
Page 373: File Management Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#jumbo frame Console(config)# 5.5.5 File Management Commands Managing Firmware Firmware can be uploaded and downloaded to or from a TFTP server. By saving runtime code to a file on a TFTP server, that file can later be downloaded to the switch to restore operation.
Page 374 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P file - Keyword that allows you to copy to/from a file. running-config -Keyword that allows you to copy to/from the current running configuration. startup-config - The configuration used for system initialization.
Page 375 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P server: Console#copy file tftp Choose file type: 1. config: 2. opcode: <1-2>: 1 Source file name: startup TFTP server ip address: 10.1.0.99 Destination file name: startup.01 TFTP completed. Success. Console# The following example shows how to copy the running configuration to a startup file.
Page 376: Delete
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Private password: ******** Success. Console#reload System will be restarted, continue <y/n>? y This example shows how to copy a public-key used by SSH from a TFTP server. Note that public key authentication via SSH is only supported for users configured locally on the switch: Console#copy tftp public-key TFTP server IP address: 192.168.1.19...
Page 377 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# Related Commands delete public-key This command displays a list of files in flash memory. Syntax dir {{boot-rom: | config: | opcode:} [:filename]} The type of file or image to display includes: boot-rom - Boot ROM (or diagnostic) image file.
Page 378: Whichboot
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -------------------------------------------------------------------------- Total free space: 3276800 Console# whichboot This command displays which files were booted when the system powered up. Command Mode Privileged Exec Example This example shows the information displayed by the whichboot command. See the table under the dir command for a description of the file information displayed by this command.
Page 379: Line Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage A colon (:) is required after the specified unit number and file type. If the file contains an error, it cannot be set as the default file.
Page 380: Line
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P speed* Sets the terminal baud rate stopbits* Sets the number of the stop bits transmitted per byte disconnect Terminates a line connection show line Displays a terminal line's parameters NE, PE Table 5-13 Line Commands * These commands only apply to the serial port.
Page 381: Password
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P local -Selects local password checking. Authentication is based on the user name specified with the username command. Default Setting login local Command Mode Line Configuration Command Usage There are three authentication modes provided by the switch itself at login: -login selects authentication by a single global password as specified by the password line configuration command.
Page 382: Timeout Login Response
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P user can enter an incorrect password before the system terminates the line connection and returns the terminal to the idle state. The encrypted password is required for compatibility with legacy password settings (i.e., plain text or encrypted) when reading the configuration file during system bootup or when downloading the configuration file from a TFTP server.
Page 383: Exec-Timeout
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P silent-time exec-timeout exec-timeout This command sets the interval that the system waits until user input is detected. Use the no form to restore the default. Syntax exec-timeout [seconds] no exec-timeout seconds - Integer that specifies the number of seconds.
Page 384: Silent-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Line Configuration Command Usage When the logon attempt threshold is reached, the system interface becomes silent for a specified amount of time before allowing the next logon attempt. (Use the silent-time command to set this interval.) When this threshold is reached for Telnet, the Telnet logon interface shuts down.
Page 385: Parity
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P form to restore the default value. Syntax databits {7 | 8} no databits 7 - Seven data bits per character. 8 - Eight data bits per character. Default Setting 8 data bits per character...
Page 386: Speed
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-line)# speed This command sets the terminal line’s baud rate. This command sets both the transmit (to terminal) and receive (from terminal) speeds. Use the no form to restore the default setting.
Page 387: Disconnect
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P disconnect This command terminates an SSH, Telnet, or console connection. Syntax disconnect session-id session-id – The session identifier for an SSH, Telnet or console connection. (Range: 0-4) Command Mode Privileged Exec Command Usage Specifying session identifier “0”...
Page 388: Event Logging Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Password Threshold: 3 times Interactive Timeout: 65535 sec Login Timeout: Disabled Silent Time: Disabled Baudrate: 9600 Databits: Parity: None Stopbits: VTY Configuration: Password Threshold: 3 times Interactive Timeout: 300 sec Login Timeout: 1 sec console# 5.7 Event Logging Commands...
Page 389: Logging History
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting None Command Mode Global Configuration Command Usage The logging process controls error messages saved to switch memory or sent to remote syslog servers. You can use the logging history command to control the type of error messages that are stored in memory. You can use the logging trap command to control the type of error messages that are sent to specified syslog servers.
Page 390: Logging Host
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P emergencies System unusable * There are only Level 2, 5 and 6 error messages for the current firmware release. Default Setting Flash: errors (level 3 - 0) RAM: warnings (level 7 -0)
Page 391: Logging Facility
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P logging facility This command sets the facility type for remote logging of syslog messages. Use the no form to return the type to the default. Syntax [no] logging facility type type - A number that indicates the facility used by the syslog server to dispatch log messages to an appropriate service.
Page 392: Clear Log
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P default. Example Console(config)#logging trap 4 Console(config)# clear log This command clears messages from the log buffer. Syntax clear log [flash | ram] flash - Event history stored in flash memory (i.e., permanent memory).
Page 393 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P None Command Mode Privileged Exec Example The following example shows that system logging is enabled, the message level for flash memory is “errors” (i.e., default level 3 - 0), the message level for RAM is “informational” (i.e., default level 7 -0).
Page 394: Show Log
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Table 4-17 show logging trap - display description Field Description Syslog logging Shows if system logging has been enabled via the logging on command. REMOTELOG status Shows if remote logging has been enabled via the logging trap command.
Page 395: Smtp Alert Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P [0] 00:00:37 2001-01-01 "System coldStart notification." level: 6, module: 5, function: 1, and event no.: 1 Console# 5.8 SMTP Alert Commands These commands configure SMTP event handling, and forwarding of alert messages to the specified SMTP servers and email recipients.
Page 396: Logging Sendmail Level
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P server configured by this command. If it fails to send mail, the switch selects the next server in the list and tries to send mail again. If it still fails, the system will repeat the process at a periodic interval. (A trap will be triggered if the switch cannot successfully open a connection.)
Page 397: Logging Sendmail Destination-Email
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage You may use an symbolic email address that identifies the switch, or the address of an administrator responsible for the switch. Example This example will set the source email marcl@planet.com.tw.
Page 398: Show Logging Sendmail
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Global Configuration Example Console(config)#logging sendmail Console(config)# show logging sendmail This command displays the settings for the SMTP event handler. Command Mode Normal Exec, Privileged Exec Example Console#show logging sendmail SMTP servers 1.
Page 399: Sntp Client
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P calendar set Sets the system date and time show calendar Displays the current date and time setting NE, PE Table 5-19 Time Commands sntp client This command enables SNTP client requests for time synchronization from NTP or SNTP time servers specified with the sntp servers command.
Page 400: Sntp Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P sntp server This command sets the IP address of the servers to which SNTP time requests are issued. Use the this command with no arguments to clear all time servers from the current list.
Page 401: Show Sntp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#sntp poll 60 Console(config)# Related Commands sntp client show sntp This command displays the current time and configuration settings for the SNTP client, and indicates whether or not the local time has been properly updated.
Page 402: Calendar Set
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage This command sets the local time zone relative to the Coordinated Universal Time (UTC, formerly Greenwich Mean Time or GMT), based on the earth’s prime meridian, zero degrees longitude. To display a time corresponding to your local time, you must indicate the number of hours and minutes your time zone is east (before) or west (after) of UTC.
Page 403: Show Calendar
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show calendar This command displays the system clock. Default Setting None 4-62 Command Mode Normal Exec, Privileged Exec Example Console#show calendar 15:12:43 April 1 2004 Console# 5.10 Switch Cluster Commands Switch Clustering is a method of grouping switches together to enable centralized management through a single unit. Switches that support clustering can be grouped together regardless of physical location or switch type, as long as they are connected to the same local network.
Page 404: Cluster
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P management station. Cluster Member switches can be managed through only using a Telnet connection to the Commander. From the Commander CLI prompt, use the rcommand (see page 4-66) to connect to the Member switch.
Page 405: Cluster Ip-Pool
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage Once a switch has been configured to be a cluster Commander, it automatically discovers other cluster-enabled switches in the network. These “Candidate” switches only become cluster Members when manually selected by the administrator through the management station.
Page 406: Rcommand
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P cluster. Syntax cluster member mac-address mac-address id member-id no cluster member id member-id mac-address - The MAC address of the Candidate switch. member-id - The ID number to assign to the Member switch. (Range: 1-36)
Page 407: Show Cluster Members
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Privileged Exec Example Console#show cluster Role: commander Interval heartbeat: 30 Heartbeat loss count: 3 Number of Members: 1 Number of Candidates: 2 Console# show cluster members This command shows the current switch cluster members.
Page 408: Snmp Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console#show cluster candidates Cluster Candidates: Role Mac Description ACTIVE MEMBER 00-30-4f-23-49-c0 24/48 L2/L4 IPV4/IPV6 GE Switch CANDIDATE 00-40-4f-0b-47-a0 24/48 L2/L4 IPV4/IPV6 GE Switch Console# 5.11 SNMP Commands Controls access to this switch from management stations using the Simple Network Management Protocol (SNMP), as well as the error types sent to trap managers.
Page 409: Snmp-Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P snmp-server This command enables the SNMPv3 engine and services for all management clients (i.e., versions 1, 2c, 3). Use the no form to disable the server. Syntax [no] snmp-server Default Setting...
Page 410: Snmp-Server Community
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P public, and the privilege is read-only 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables...
Page 411: Snmp-Server Contact
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Example Console(config)#snmp-server community alpha rw Console(config)# snmp-server contact This command sets the system contact string. Use the no form to remove the system contact information. Syntax snmp-server contact string no snmp-server contact string - String that describes the system contact information.
Page 412: Snmp-Server Host
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#snmp-server location WC-19 Console(config)# Related Commands snmp-server contact snmp-server host This command specifies the recipient of a Simple Network Management Protocol notification operation. Use the no form to remove the specified host.
Page 413 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P SNMP notifications, you must enter at least one snmp-server host command. In order to enable multiple hosts, you must issue a separate snmp-server host command for each host. The snmp-server host command is used in conjunction with the snmp-server enable traps command. Use the snmp-server enable traps command to enable the sending of traps or informs and to specify which SNMP notifications are sent globally.
Page 414: Snmp-Server Enable Traps
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#snmp-server host 10.1.19.23 batman Console(config)# Related Commands snmp-server enable traps snmp-server enable traps This command enables this device to send Simple Network Management Protocol traps or informs (i.e., SNMP notifications). Use the no form to disable SNMP notifications.
Page 415: Snmp-Server Engine-Id
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P snmp-server engine-id This command configures an identification string for the SNMPv3 engine. Use the no form to restore the default. Syntax snmp-server engine-id {local | remote {ip-address}} engineid-string no snmp-server engine-id {local | remote {ip-address}} local - Specifies the SNMP engine on this switch.
Page 416: Snmp-Server View
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Privileged Exec Example This example shows the default engine ID. Console#show snmp engine-id Local SNMP engineID: 8000002a8000000000e8666672 Local SNMP engineBoots: 1 Remote SNMP engineID IP address 80000000030004e2b316c54321 192.168.1.19 Console#...
Page 417: Show Snmp View
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The predefined view “defaultview” includes access to the entire MIB tree. Example This view includes MIB-2. Console(config)#snmp-server view mib-2 1.3.6.1.2.1 included Console(config)# This view includes the MIB-2 interfaces table, ifDescr. The wild card is used to select all the index values in this table.
Page 418: Snmp-Server Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Field Description View Name Name of an SNMP view. Subtree OID A branch in the MIB tree. View Type Indicates if the view is included or excluded. Storage Type The storage type for this entry.
Page 419: Show Snmp Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#snmp-server group r&d v3 auth write daily Console(config)# No view is defined. Maps to the defaultview. show snmp group Four default groups are provided – SNMPv1 read-only access and read/write access, and SNMPv2c read-only access and read/write access.
Page 420: Snmp-Server User
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Row Status: active Group Name: private Security Model: v1 Read View: defaultview Write View: defaultview Notify View: none Storage Type: volatile Row Status: active Group Name: private Security Model: v2c Read View: defaultview...
Page 421 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P groupname -Name of an SNMP group to which the user is assigned. (Range: 1-32 characters) remote - Specifies an SNMP engine on a remote device. ip-address -The Internet address of the remote device.
Page 422: Show Snmp User
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show snmp user This command shows information on SNMP users. Command Mode Privileged Exec Example Console#show snmp user EngineId: 800000ca030030f1df9ca00000 User Name: steve Authentication Protocol: md5 Privacy Protocol: des56 Storage Type: nonvolatile...
Page 423: Authentication Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.12 Authentication Commands You can configure this switch to authenticate users logging into the system for management access using local or RADIUS authentication methods. You can also enable port-based authentication for network client access using IEEE 802.1X.
Page 424: Enable Password
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The device has two predefined privilege levels: 0: Normal Exec, 15: Privileged Exec. nopassword - No password is required for this user to log in. {0 | 7} - 0 means plain password, 7 means encrypted password.
Page 425: Authentication Sequence
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax enable password [level level]{0 | 7} password no enable password [level level] level level - Level 15 for Privileged Exec. (Levels 0-14 are not used.) {0 | 7} - 0 means plain password, 7 means encrypted password.
Page 426: Authentication Login
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P authentication login This command defines the login authentication method and precedence. Use the no form to restore the default. Syntax authentication login {[local] [radius] [tacacs]} no authentication login local - Use local password.
Page 427: Radius Client
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P no authentication enable local - Use local password only. radius - Use RADIUS server password only. tacacs - Use TACACS server password. Default Setting Local Command Mode Global Configuration Command Usage RADIUS uses UDP while TACACS+ uses TCP.
Page 428: Radius-Server Host
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P radius-server key Sets the RADIUS encryption key radius-server retransmit Sets the number of retries radius-server timeout Sets the interval between sending authentication requests show radius-server Shows the current RADIUS settings Table 5-30 RADIUS Client Commands radius-server host This command specifies primary and backup RADIUS servers and authentication parameters that apply to each server.
Page 429: Radius-Server Auth-Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P radius-server auth-port This command sets the RADIUS server port used for authentication messages. Use the no form to restore the default. Syntax radius-server auth-port port_number no radius-server auth-port port_number - RADIUS server UDP port used for authentication messages. (Range: 1-65535)
Page 430: Radius-Server Retransmit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P length: 48 characters) Default Setting None Command Mode Global Configuration Example Console(config)#radius-server key green Console(config)# radius-server retransmit This command sets the number of retries. Use the no form to restore the default.
Page 431: Show Radius-Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#radius-server timeout 10 Console(config)# show radius-server This command displays the current settings for the RADIUS server. Default Setting None Command Mode Privileged Exec Example Console# show radius-server Global Settings: Communication Key with RADIUS Server:...
Page 432: Tacacs+ Client
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.13.4 TACACS+ Client Terminal Access Controller Access Control System (TACACS+) is a logon authentication protocol that uses software running on a central server to control access to TACACS-aware devices on the network. An authentication server contains a database of multiple user name/password pairs with associated privilege levels for each user or group that require management access to a switch.
Page 433: Tacacs-Server Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# tacacs-server 1 host 192.168.1.25 Console(config)# tacacs-server port This command specifies the TACACS+ server network port. Use the no form to restore the default. Syntax tacacs-server port port_number no tacacs-server port port_number - TACACS+ server TCP port used for authentication messages.
Page 434: Tacacs-Server Retransmit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# tacacs-server retransmit This command sets the number of retries. Use the no form to restore the default. Syntax tacacs-server retransmit number_of_retries no tacacs-server retransmit number_of_retries -Number of times the switch will try to authenticate logon access via the TACACS+ server. (Range:...
Page 435: Show Tacacs-Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show tacacs-server This command displays the current settings for the TACACS+ server. Default Setting None Command Mode Privileged Exec Example Console# show tacacs-server Remote TACACS+ server configuration: Global Settings: Communication Key with TACACS+ Server:...
Page 436: Aaa Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.12.5 AAA Commands Authentication, Authorization, and Accounting (AAA) provides a framework for configuring access control on the Managed Switch. The AAA functions require the use of configured RADIUS or TACACS+ servers in the network.
Page 437: Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#aaa group server radius tps Console(config-sg-radius)# server This command adds a security server to an AAA server group. Use the no form to remove the associated server from the group. Syntax [no] server {index | ip-address} index - Specifies a server index and the sequence to use for the group.
Page 438: Aaa Accounting Exec
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P group -Specifies the server group to use. -radius - Specifies all RADIUS hosts configured with the radius-server host command described on page 4-88. -tacacs+ - Specifies all TACACS+ hosts configured with the tacacs-server host command described on page 4-93.
Page 439: Aaa Accounting Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage This command runs accounting for Exec service requests for the local console and Telnet connections. Note that the default and method-name fields are only used to describe the accounting method(s) configured on the specified RADIUS or TACACS+ servers, and do not actually send any information to the servers about the methods to use.
Page 440: Aaa Accounting Update
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)# aaa accounting commands 15 default start-stop group tacacs+ Console(config)# aaa accounting update This command enables the sending of periodic updates to the accounting server. Use the no form to disable accounting updates.
Page 441: Accounting Exec
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P None Command Mode Interface Configuration Example Console(config)# interface ethernet 1/2 Console(config-if)# accounting dot1x tps Console(config-if)# accounting exec This command applies an accounting method to local console or Telnet connections. Use the no form to disable accounting on the line.
Page 442: Aaa Authorization Exec
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax accounting commands level {default | list-name} no accounting commands level level -The privilege level for executing commands. (Range: 0-15) default -Specifies the default method list created with the aaa accounting commands command (page 4-100).
Page 443: Authorization Exec
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)# aaa authorization exec default group tacacs+ Console(config)# authorization exec This command applies an authorization method to local console or Telnet connections. Use the no form to disable authorization on the line.
Page 444 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P exec -Displays Exec accounting records. statistics - Displays accounting records. user-name -Displays accounting records for a specifiable username. interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28)
Page 445: Web Server Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.12.6 Web Server Commands This section describes commands used to configure web browser management access to the Managed Switch. Command Function Mode ip http port Specifies the port to be used by the web browser interface...
Page 446: Ip Http Secure-Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting Enabled Command Mode Global Configuration Example Console(config)#ip http server Console(config)# Related Commands Ip http port ip http secure-server This command enables the secure hypertext transfer protocol (HTTPS) over the Secure Socket Layer (SSL), providing secure access (i.e., an encrypted connection) to the switch’s web interface.
Page 447: Ip Http Secure-Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Web Browser Operating System Internet Explorer 5.0 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP Netscape 6.2 or later Windows 98,Windows NT (with service pack 6a), Windows 2000, Windows XP, Solaris 2.6...
Page 448: Telnet Server Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# ip http secure-port 1000 Console(config)# Related Commands ip http secure-server 5.12.7 Telnet Server Commands Command Function Mode ip telnet server Allows the switch to be monitored or configured from Telnet;...
Page 449: Secure Shell Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# 5.12.8 Secure Shell Commands This section describes the commands used to configure the SSH server. However, note that you also need to install a SSH client on the management station when using this protocol to configure the switch.
Page 450 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P To use the SSH server, complete these steps: Generate a Host Key Pair – Use the ip ssh crypto host-key generate command to create a host public/private key pair. Provide Host Public Key to Clients – Many SSH client programs automatically import the host public key during the initial connection setup with the switch.
Page 451: Ip Ssh Server
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Public Key Authentication – When an SSH client attempts to contact the switch, the SSH server uses the host key pair to negotiate a session key and encryption method. Only clients that have a private key corresponding to the public keys stored on the switch can access it.
Page 452: Ip Ssh Timeout
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P sessions and SSH sessions. The SSH server uses DSA or RSA for key exchange when the client first establishes a connection with the switch, and then negotiates with the client to select either DES (56-bit) or 3DES (168-bit) for data encryption.
Page 453: Ip Ssh Authentication-Retries
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P exec-timeout show ip ssh ip ssh authentication-retries This command configures the number of times the SSH server attempts to reauthenticate a user. Use the no form to restore the default setting.
Page 454: Delete Public-Key
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#ip ssh server-key size 512 Console(config)# delete public-key This command deletes the specified user’s public key. Syntax delete public-key username [dsa | rsa] username – Name of an SSH user. (Range: 1-8 characters) dsa –...
Page 455: Ip Ssh Crypto Zeroize
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Some SSH client programs automatically add the public key to the known hosts file as part of the configuration process. Otherwise, you must manually create a known hosts file and place the host public key in it.
Page 456: Ip Ssh Save Host-Key
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip ssh save host-key This command saves host key from RAM to flash memory. Syntax ip ssh save host-key [dsa | rsa] dsa – DSA key type. rsa – RSA key type.
Page 457: Show Ssh
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show ssh This command displays the current SSH server connections. Command Mode Privileged Exec Example Console# show ssh Connection Version State Username Encryption Session-Started admin ctos aes128-cbc-hmac-md5 stoc aes128-cbc-hmac-md5 Console# Field...
Page 458: Show Public-Key
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3des-cbc-hmac-md5 blowfish-cbc-hmac-md5 Terminology: DES – Data Encryption Standard (56-bit key) 3DES – Triple-DES (Uses three iterations of DES, 112-bit key) aes – Advanced Encryption Standard (160 or 224-bit key) blowfish – Blowfish (32-448 bit key) cbc –...
Page 459: X Port Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5443583616519999233297817660658309586108259132128902337654680172627257141 3428762941301196195566782595664104869574278881462065194174677298486546861 5717739390164779355942303577413098022737087794545240839717526463580581767 16709574804776117 DSA: ssh-dss AAAB3NzaC1kc3MAAACBAPWKZTPbsRIB8ydEXcxM3dyV/yrDbKStIlnzD/Dg0h2Hxc YV44sXZ2JXhamLK6P8bvuiyacWbUW/a4PAtp1KMSdqsKeh3hKoA3vRRSy1N2XFfAKxl5fwFfv JlPdOkFgzLGMinvSNYQwiQXbKTBH0Z4mUZpE85PWxDZMaCNBPjBrRAAAAFQChb4vsdfQGNIjw bvwrNLaQ77isiwAAAIEAsy5YWDC99ebYHNRj5kh47wY4i8cZvH+/p9cnrfwFTMU01VFDly3IR 2G395NLy5Qd7ZDxfA9mCOfT/yyEfbobMJZi8oGCstSNOxrZZVnMqWrTYfdrKX7YKBw/Kjw6Bm iFq7O+jAhf1Dg45loAc27s6TLdtny1wRq/ow2eTCD5nekAAACBAJ8rMccXTxHLFAczWS7EjOy DbsloBfPuSAb4oAsyjKXKVYNLQkTLZfcFRu41bS2KV5LAwecsigF/+DjKGWtPNIQqabKgYCw2 o/dVzX4Gg+yqdTlYmGA7fHGm8ARGeiG4ssFKy4Z6DmYPXFum1Yg0fhLwuHpOSKdxT3kk475S7 Console# 5.12.9 802.1X Port Authentication The Managed Switch supports IEEE 802.1X (dot1x) port-based access control that prevents unauthorized access to the network by requiring users to first submit credentials for authentication.
Page 460: Dot1X System-Auth-Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P dot1x timeout tx-period Sets the time period during an authentication session that the switch waits before re-transmitting an EAP packet dot1x intrusion-action Sets the port response to intrusion when authentication fails...
Page 461: Dot1X Port-Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P count – The maximum number of requests (Range: 1-10) Default Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x max-req 2 Console(config-if) dot1x port-control This command sets the dot1x mode on a port interface. Use the no form to restore the default.
Page 462: Dot1X Re-Authenticate
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P no dot1x operation-mode [multi-host max-count] single-host – Allows only a single host to connect to this port. multi-host – Allows multiple host to connect to this port. max-count – Keyword for the maximum number of hosts. count – The maximum number of hosts that can connect to a port.
Page 463: Dot1X Re-Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P intrusion-action on page 4-124). Example Console#dot1x re-authenticate Console# dot1x re-authentication This command enables periodic re-authentication globally for all ports. Use the no form to disable re-authentication. Syntax [no] dot1x re-authentication Command Mode...
Page 464: Dot1X Timeout Re-Authperiod
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P no dot1x timeout quiet-period seconds -The number of seconds. (Range: 1-65535) Default 60 seconds Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout quiet-period 350 Console(config-if)# dot1x timeout re-authperiod This command sets the time period after which a connected client must be re-authenticated.
Page 465: Dot1X Intrusion-Action
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P no dot1x timeout tx-period seconds -The number of seconds. (Range: 1-65535) Default 30 seconds Command Mode Interface Configuration Example Console(config)#interface eth 1/2 Console(config-if)#dot1x timeout tx-period 300 Console(config-if)# dot1x intrusion-action This command sets the port’s response to a failed authentication, either to block all traffic, or to assign all traffic for the port to a guest VLAN.
Page 466: Show Dot1X
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show dot1x This command shows general port authentication related settings on the switch or a specific interface. Syntax show dot1x [statistics] [interface interface] statistics - Displays dot1x status for each port.
Page 467 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -Port-control - Shows the dot1x mode on a port as auto, force-authorized, or force-unauthorized. -Supplicant - MAC address of authorized client. -Current Identifier – The integer (0-255) used by the Authenticator to identify the current authentication session.
Page 468: Management Ip Filter Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P reauth-enabled: Enable reauth-period: 1800 quiet-period: tx-period: supplicant-timeout: server-timeout: reauth-max: max-req: Status Authorized Operation mode Single-Host Max count Port-control Auto Supplicant Current 00-30-4F-49-5e-dc Identifier Intrusion action Guest VLAN Authenticator State Machine State...
Page 469: Show Management
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P snmp-client -Adds IP address(es) to the SNMP group. telnet-client -Adds IP address(es) to the Telnet group. start-address - A single IP address, or the starting address of a range. end-address -The end address of a range.
Page 470: Client Security Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console# show management all-client Management IP Filter HTTP-Client: Start IP address End IP address 192.168.1.19 192.168.1.19 192.168.1.25 192.168.1.30 SNMP-Client: Start IP address End IP address 192.168.1.19 192.168.1.19 192.168.1.25 192.168.1.30 TELNET-Client:...
Page 471: Port Security Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P DHCP Snooping* Filters untrusted DHCP messages on unsecure ports by buildingand maintaining a DHCP snooping binding table IP Source Guard* Filters IP traffic on unsecure ports for which the source address cannot be...
Page 472: Network Access (Mac Address Authentication)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Interface Configuration (Ethernet) Command Usage If you enable port security, the switch stops learning new MAC addresses on the specified port when it has reached a configured maximum number. Only incoming traffic with source addresses already stored in the dynamic or static address table will be accepted.
Page 473: Network-Access Mode
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P network-access Sets a maximum for authenticated MAC addresses on an max-mac-count interface mac-authentication Determines the port response when a connected host fails MAC intrusion-action authentication. mac-authentication Sets a maximum for mac-authentication autenticated MAC...
Page 474: Network-Access Max-Mac-Count
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P assignments are not restored. The RADIUS server may optionally return a VLAN identifier list. VLAN identifier list is carried in the “Tunnel-Private-Group-ID” attribute. The VLAN list can contain multiple VLAN identifiers in the format “1u,2t,” where “u”...
Page 475: Mac-Authentication Max-Mac-Count
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax mac-authentication intrusion-action [block traffic | pass traffic] no mac-authentication intrusion-action Default Setting Block Traffic Command Mode Interface Configuration Example Console(config-if)#mac-authentication intrusion-action block-traffic Console(config-if)# mac-authentication max-mac-count Use this command to set the maximum number of MAC addresses that can be authenticated on a port via 802.1X authentication or MAC authentication.
Page 476: Network-Access Guest-Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P When enabled, the VLAN identifiers returned by the RADIUS server will be applied to the port, providing the VLANs have already been created on the switch. GVRP is not used to create the VLANs.
Page 477: Mac-Authentication Reauth-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P mac-authentication reauth-time Use this command to set the time period after which a connected MAC address must be re-authenticated. Use the no form of this command to restore the default value.
Page 478: Show Network-Access
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting None Command Mode Privileged Exec Example Console#clear network-access mac-address-table interface ethernet 1/1 Console# show network-access Use this command to display the MAC authentication settings for port interfaces. Syntax show network-access [interface interface] interface - Specifies a port interface.
Page 479: Show Network-Access Mac-Address-Table
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Guest VLAN : Disabled Console# show network-access mac-address-table Use this command to display secure MAC address table entries. Syntax show network-access mac-address-table [static | dynamic] [address mac-address [mask]] [interface interface] [sort {address | interface}] static - Specifies static address entries.
Page 480: Web Authentication
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# 5.13.3 Web Authentication Web authentication allows stations to authenticate and access the network in situations where 802.1X or Network Access authentication methods are infeasible or impractical. The web authentication feature allows unauthenticated hosts to request and receive a DHCP assigned IP address and perform DNS queries.
Page 481: Web-Auth Quiet-Period
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax web-auth login-attempts count no web-auth login-attempts count -The limit of allowed failed login attempts. (Range: 1-3) Default Setting 3 login attempts Command Mode Global Configuration Example Console(config)#web-auth login-attempts 2 Console(config)#...
Page 482: Web-Auth System-Auth-Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 3600 seconds Command Mode Global Configuration Example Console(config)#web-auth session-timeout 1800 Console(config)# web-auth system-auth-control This command globally enables web authentication for the switch. Use the no form to restore the default. Syntax...
Page 483: Web-Auth Re-Authenticate (Port)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config-if)#web-auth Console(config-if)# web-auth re-authenticate (Port) This command ends all web authentication sessions connected to the port and forces the users to re-authenticate. Syntax web-auth re-authenticate interface interface interface - Specifies a port interface.
Page 484: Show Web-Auth
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Privileged Exec Example Console#web-auth re-authenticate interface ethernet 1/2 192.168.1.5 Console# show web-auth This command displays global web authentication parameters. Syntax show web-auth Default Setting None Command Mode Privileged Exec Example Console#show web-auth...
Page 485: Show Web-Auth Summary
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Privileged Exec Command Usage The session timeout displayed by this command is expressed in seconds. Example Console#show web-auth interface ethernet 1/2 Web Auth Status : Enabled Host Summary IP address Web-Auth-State Remaining-Session-Time 1.1.1.1 Authenticated 295...
Page 486: Dhcp Snooping Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.13.4 DHCP Snooping Commands DHCP snooping allows a switch to protect a network from rogue DHCP servers or other devices which send port-related information to a DHCP server. This information can be useful in tracking an IP address back to a physical port. This section describes commands used to configure DHCP snooping.
Page 487 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P identifier, and port identifier. When DHCP snooping is enabled, the rate limit for the number of DHCP messages that can be processed by the switch is 100 packets per second. Any DHCP packets in excess of this limit are dropped.
Page 488: Ip Dhcp Snooping Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip dhcp snooping vlan This command enables DHCP snooping on the specified VLAN. Use the no form to restore the default setting. Syntax [no] ip dhcp snooping vlan vlan-id vlan-id -ID of a configured VLAN (Range: 1-4094)
Page 489: Ip Dhcp Snooping Verify Mac-Address
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage A trusted interface is an interface that is configured to receive only messages from within the network. An untrusted interface is an interface that is configured to receive messages from outside the network or firewall.
Page 490: Ip Dhcp Snooping Information Option
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage If MAC address verification is enabled, and the source MAC address in the Ethernet header of the packet is not same as the client’s hardware address in the DHCP packet, the packet is dropped.
Page 491: Ip Dhcp Snooping Information Policy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Use the ip dhcp snooping information option command (page 4-150) to specify how to handle DHCP client request packets which already contain Option 82 information. Example Example This enables the DHCP Snooping Information Option.
Page 492: Show Ip Dhcp Snooping Binding
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Privileged Exec Example Console#show ip dhcp snooping Global DHCP Snooping status: disable DHCP Snooping Information Option Status: disable DHCP Snooping Information Policy: replace DHCP Snooping is configured on the following VLANs:...
Page 493: Ip Source-Guard
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Function Mode ip source-guard Configures the switch to filter inbound traffic based on source IPaddress, or source IP address and corresponding MAC address ip source-guard binding Adds a static address to the source-guard binding table...
Page 494: Ip Source-Guard Binding
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • If the IP source guard is enabled, an inbound packet’s IP address (sip option) or both its IP address and corresponding MAC address (sip-mac option) will be checked against the binding table. If no matching entry is found, the packet will be dropped.
Page 495: Show Ip Source-Guard
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage • Table entries include a MAC address, IP address, lease time, entry type (Static-IP-SG-Binding, Dynamic-DHCP-Binding), VLAN identifier, and port identifier. • All static entries are configured with an infinite lease time, which is indicated with a value of zero by the show ip source-guard command.
Page 496: Show Ip Source-Guard Binding
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Eth 1/1 DISABLED Eth 1/2 DISABLED Eth 1/3 DISABLED Eth 1/4 DISABLED Eth 1/5 SIP Eth 1/6 DISABLED show ip source-guard binding This command shows the source guard binding table. Syntax...
Page 497: Ip Acls
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Table 5-46 Access Control Lists 5.14.1 IP ACLs The commands in this section configure ACLs based on IP addresses, TCP/UDP port number, protocol type, and TCP control code. To configure IP ACLs, first create an access list containing the required permit or deny rules, and then bind the access list to one or more ports.
Page 498: Permit, Deny (Standard Acl)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • When you create a new ACL or enter configuration mode for an existing ACL, use the permit or deny command to add new rules to the bottom of the list. To create an ACL, you must add at least one rule to the list.
Page 499: Permit, Deny (Extended Acl)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-std-acl)#permit host 10.1.1.21 Console(config-std-acl)#permit 168.92.16.0 255.255.240.0 Related Commands access-list ip permit, deny (Extended ACL) This command adds a rule to an Extended IP ACL. The rule sets a filter condition for packets with specific source or destination IP addresses, protocol types, source or destination protocol ports, or TCP control codes.
Page 500 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Extended ACL Command Usage All new rules are appended to the end of the list. Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The binary mask uses 1 bits to indicate “match”...
Page 501: Show Ip Access-List
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P This permits all TCP packets from class C addresses 192.168.1.0 with the TCP control code set to “SYN.” Console(config-ext-acl)#permit tcp 192.168.1.0 255.255.255.0 any control-flag 2 Console(config-ext-acl)# Related Commands access-list ip show ip access-list This command displays the rules for configured IP ACLs.
Page 502: Ip Access-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip access-group This command binds a port to an IP ACL. Use the no form to remove the port. Syntax [no] ip access-group acl_name {in | out} acl_name – Name of the ACL. (Maximum length: 16 characters) in –...
Page 503: Map Access-List Ip
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# Related Commands ip access-group map access-list ip This command sets the output queue for packets matching an ACL rule. The specified CoS value is only used to map the matching packet to an output queue; it is not written to the packet itself. Use the no form to remove the CoS mapping.
Page 504: Show Map Access-List Ip
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show map access-list ip This command shows the CoS value mapped to an IP ACL for the current interface. (The CoS value determines the output queue for packets matching an ACL rule.)
Page 505: Access-List Mac
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show map access-list mac Shows CoS value mapped to an access list for an interface Table 5-49 MAC ACL Commands access-list mac This command adds a MAC access list and enters MAC ACL configuration mode. Use the no form to remove the specified ACL.
Page 506 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The default is for Ethernet II packets. [no]{permit | deny} eth2 {any | host source | source address-bitmask} {any | host destination | destination address-bitmask} [cos cos-value] [vid vid vid-bitmask] [ethertype protocol] [no]{permit | deny} 802.3...
Page 507: Show Mac Access-List
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Ethernet type is 0800. Console(config-mac-acl)#permit any host 00-e0-29-94-34-de ethertype 0800 Console(config-mac-acl)# Related Commands access-list mac show mac access-list This command displays the rules for configured MAC ACLs. Syntax show mac access-list [acl_name] acl_name – Name of the ACL. (Maximum length: 16 characters)
Page 508: Show Mac Access-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Interface Configuration (Ethernet) Command Usage A port can only be bound to one ACL. If a port is already bound to an ACL and you bind it to a different ACL, the switch will replace the old binding with the new one.
Page 509: Show Map Access-List Mac
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P [no] map access-list mac acl_name cos cos-queue acl_name – Name of the MAC ACL. (Maximum length: 16 characters) cos-queue – Port CoS queue. (Range: 0-3) Default Setting None Command Mode Interface Configuration (Ethernet) Command Usage You must configure an ACL before you can map a CoS queue to the rule.
Page 510: Acl Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# show map access-list mac Access-list to COS of Eth 1/5 Access-list jerry cos 0 Console# Related Commands map access-list mac 5.14.3 ACL Information Command Function Mode show access-list Show all ACLs and associated rules...
Page 511: Show Access-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IP extended access-list A6: deny tcp any any control-flag 2 permit any any Console# show access-group This command shows the port assignments of ACLs. Command Mode Privileged Executive Example Console# show access-group...
Page 512: Interface
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P broadcast byte-rate Configures the broadcast storm control threshold Enables broadcast storm control on an interface switchport broadcast clear counters Clears statistics on an interface Displays status for the specified interface NE, PE...
Page 513: Speed-Duplex
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P string - Comment or a description to help you remember what is attached to this interface. (Range: 1-64 characters) Default Setting None Command Mode Interface Configuration (Ethernet, Port Channel) Example Example The following adds a description to port 24.
Page 514: Negotiation
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P When using the negotiation command to enable auto-negotiation, the optimal settings will be determined by the capabilities command. To set the speed/duplex mode under auto-negotiation, the required mode must be specified in the capabilities list for an interface.
Page 515: Capabilities
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-if)# Related Commands capabilities speed-duplex capabilities This command advertises the port capabilities of a given interface during autonegotiation. Use the no form with parameters to remove an advertised capability, or the no form without parameters to restore the default values.
Page 516: Flowcontrol
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# interface ethernet 1/5 Console(config-if)# capabilities 100half Console(config-if)# capabilities 100full Console(config-if)# capabilities flowcontrol Console(config-if)# Related Commands negotiation speed-duplex flowcontrol flowcontrol This command enables flow control. Use the no form to disable flow control.
Page 517: Shutdown
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-if)#no negotiation Console(config-if)# Related Commands negotiation capabilities (flowcontrol, symmetric) shutdown This command disables an interface. To restart a disabled interface, use the no form. Syntax [no] shutdown Default Setting All interfaces are enabled.
Page 518: Switchport Broadcast
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage • When broadcast traffic exceeds the specified threshold, packets above that threshold are dropped. • The scale and level are multiplied by one another to set the broadcast threshold. For...
Page 519: Clear Counters
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P clear counters This command clears statistics on an interface. Syntax clear counters interface interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12)
Page 520: Show Interfaces Counters
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Displaying Connection Status”. Example Console# show interfaces status ethernet 1/5...
Page 521 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Shows the counters for all interfaces. Command Mode Normal Exec, Privileged Exec Command Usage If no interface is specified, information on all interfaces is displayed. For a description of the items displayed by this command, see “Showing Port...
Page 522: Show Interfaces Switchport
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show interfaces switchport This command displays the administrative and operational status of the specified interfaces. Syntax show interfaces switchport [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) •...
Page 523 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 802.1Q-tunnel Mode: NORMAL 802.1Q-tunnel TPID: 8100(Hex) Console# Field Description Broadcast Threshold Shows if broadcast storm suppression is enabled or disabled; if enabled it also shows the threshold level LACP Status Shows if Link Aggregation Control Protocol has been enabled or...
Page 524: Link Aggregation Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.16 Link Aggregation Commands Ports can be statically grouped into an aggregate link (i.e., trunk) to increase the bandwidth of a network connection or to ensure fault recovery. Or you can use the Link Aggregation Control Protocol (LACP) to automatically negotiate a trunk link between this switch and another network device.
Page 525: Channel-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Dynamically Creating a Port Channel – Ports assigned to a common port channel must meet the following criteria: Ports must have the same LACP system priority. Ports must have the same port admin key (Ethernet Interface).
Page 526 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax [no] lacp Default Setting Disabled Command Mode Interface Configuration (Ethernet) Command Usage The ports on both ends of an LACP trunk must be configured for full duplex, and auto-negotiation. A trunk formed with another switch using LACP will automatically be assigned the next available port-channel ID.
Page 527: Lacp System-Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Flow control Disabled status: Port security: Disabled Max MAC count: Current status: Created by: LACP Link status: Operation speed-duplex: 100full Flow control type: None Member Ports: Eth1/11, Eth1/12, Eth1/13, Console# lacp system-priority Default Setting This command configures a port's LACP system priority.
Page 528: Lacp Admin-Key (Ethernet Interface)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#interface ethernet 1/5 Console(config-if)#lacp actor system-priority 3 Console(config-if)# lacp admin-key (Ethernet Interface) This command configures a port's LACP administration key. Use the no form to Default Setting restore the Syntax...
Page 529: Lacp Admin-Key (Port Channel)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lacp admin-key (Port Channel) This command configures a port channel's LACP administration key string. Use the Default Setting no form to restore the Syntax lacp {actor | partner} admin-key key [no] lacp {actor | partner} admin-key key -The port channel admin key is used to identify a specific link aggregation group (LAG) during local LACP setup on this switch.
Page 530: Show Lacp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Interface Configuration (Ethernet) Command Usage Setting a lower value indicates a higher effective priority. If an active port link goes down, the backup port with the highest priority is selected to replace the downed link. However, if two or more ports have the same LACP port priority, the port with the lowest physical port number will be selected as the backup port.
Page 531 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P LACPDUs Sent : 21 LACPDUs Received : 21 Marker Sent : 0 Marker Received : 0 LACPDUs Unknown Pkts : 0 LACPDUs Illegal Pkts : 0 Field Description LACPDUs Sent Number of valid LACPDUs transmitted from this channel group.
Page 532 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Oper Key : 4 Admin State : defaulted, aggregation, long timeout, LACP-activity Oper State : distributing, collecting, synchronization, aggregation, long timeout, LACP-activity Field Description Oper Key Current operational value of the key for the aggregation port.
Page 533 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Partner Admin System ID: 32768, 00-00-00-00-00-00 Partner Oper System ID: 32768, 00-01-F4-78-AE-C0 Partner Admin Port Number: 2 Partner Oper Port Number: 2 Port Admin Priority: 32768 Port Oper Priority: 32768 Admin Key:...
Page 534 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 4 32768 00-30-4F-8F-2C-A7 Console# Field Description Channel group A link aggregation group configured on this switch. System Priority* LACP system priority for this channel group. System MAC Address* System MAC address.
Page 535: Mirror Port Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.17 Mirror Port Commands This section describes how to mirror traffic from a source port to a target port. Command Function Mode port monitor Configures a mirror session show port monitor...
Page 536: Show Port Monitor
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-if)#port monitor ethernet 1/6 both Console(config-if)# show port monitor This command displays mirror information. Syntax show port monitor [interface] interface -ethernet unit/port (source port) unit - Stack unit. (Range: 1) port - Port number. (Range: 1-28) Default Setting Shows all sessions.
Page 537: Rate-Limit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P by the hardware to verify conformity. Non-conforming traffic is dropped. Command Function Mode rate-limit Configures the maximum input or output rate for a port Table 5-60 Rate Limit Commands rate-limit This command define the rate limit for a specific interface. Use the no form to restore the default status of disabled.
Page 538: Mac-Address-Table Static
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Function Mode mac-address-table static Maps a static address to a port in a VLAN clear mac-address-table Removes any learned entries from the forwarding database dynamic show mac-address-table Displays entries in the bridge-forwarding database...
Page 539: Clear Mac-Address-Table Dynamic
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#mac-address-table static 00-30-4F-94-34-de interface ethernet 1/1 vlan 1 delete-on-reset Console(config)# clear mac-address-table dynamic This command removes any learned entries from the forwarding database and clears the transmit and receive counts for any static or system configured entries.
Page 540: Mac-Address-Table Aging-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The MAC Address Table contains the MAC addresses associated with each interface. Note that the Type field may include the following types: -Learned - Dynamic address entries -Permanent - Static entry -Delete-on-reset - Static entry to...
Page 541: Show Mac-Address-Table Aging-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#mac-address-table aging-time 100 Console(config)# show mac-address-table aging-time This command shows the aging time for entries in the address table. Default Setting None Command Mode Privileged Exec Example Console#show mac-address-table aging-time Aging time: 100 sec.
Page 542: Spanning-Tree
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P mst priority Configures the priority of a spanning tree instance name Configures the name for the multiple spanning tree revision Configures the revision number for the multiple spanning tree max-hops Configures the maximum number of hops allowed in the region...
Page 543: Spanning-Tree Mode
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example This shows how to enable the Spanning Tree Algorithm for the switch: Console(config)#spanning-tree Console(config)# spanning-tree mode This command selects the spanning tree mode for this switch. Use the no form to restore the default.
Page 544: Spanning-Tree Forward-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P careful when switching between spanning tree modes. Changing modes stops all spanning-tree instances for the previous mode and restarts the system in the new mode, temporarily disrupting user traffic. Example Example...
Page 545: Spanning-Tree Max-Age
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage This command sets the time interval (in seconds) at which the root device transmits a configuration message. Example Console(config)#spanning-tree hello-time 5 Console(config)# Related Commands spanning-tree forward-time...
Page 546: Spanning-Tree Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P spanning-tree forward-time spanning-tree hello-time spanning-tree priority This command configures the spanning tree priority globally for this switch. Use the no form to restore the default. Syntax spanning-tree priority priority no spanning-tree priority priority -Priority of the bridge.
Page 547: Spanning-Tree Transmission-Limit
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Long method Command Mode Global Configuration Command Usage The path cost method is used to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media. Note that path cost (page 4-211) takes precedence over port priority (page 4-213).
Page 548: Mst Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#spanning-tree mst configuration Console(config-mstp)# Related Commands mst vlan mst priority name revision max-hops mst vlan This command adds VLANs to a spanning tree instance. Use the no form to remove the specified VLANs. Using the no form without any VLAN parameters to remove all VLANs.
Page 549: Mst Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-mstp)# mst priority This command configures the priority of a spanning tree instance. Use the no form to restore the default. Syntax mst instance_id priority priority no mst instance_id priority instance_id - Instance identifier of the spanning tree. (Range: 0-4094) priority - Priority of the a spanning tree instance.
Page 550: Revision
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode MST Configuration Command Usage The MST region name and revision number (page 4-210) are used to designate a unique MST region. A bridge (i.e., spanning-tree compliant device such as this switch) can only belong to one MST region. And all bridges in the same region must be configured with the same MST instances.
Page 551: Max-Hops
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P max-hops This command configures the maximum number of hops in the region before a BPDU is discarded. Use the no form to restore the default. Syntax max-hops hop-number hop-number -Maximum hop number for multiple spanning tree. (Range: 1-40)
Page 552: Spanning-Tree Cost
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P spanning-tree cost This command configures the spanning tree path cost for the specified interface. Use the no form to restore the default. Syntax spanning-tree cost cost no spanning-tree cost (Range: 0 for auto-configuration, 1-65535 for short path cost method23, 1-200,000,000 for long path cost method) Port Type IEEE 802.1D-1998...
Page 553: Spanning-Tree Port-Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Gigabit Ethernet Full Duplex 10,000 Trunk 5,000 Table 5-65 Default STA Path Costs Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command is used by the Spanning Tree Algorithm to determine the best path between devices. Therefore, lower values should be assigned to ports attached to faster media, and higher values assigned to ports with slower media.
Page 554: Spanning-Tree Edge-Port
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Related Commands spanning-tree cost spanning-tree edge-port This command specifies an interface as an edge port. Use the no form to restore the default. Syntax [no] spanning-tree edge-port Default Setting Disabled Command Mode...
Page 555: Spanning-Tree Link-Type
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting Disabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This command is used to enable/disable the fast spanning-tree mode for the selected port. In this mode, ports skip the Discarding and Learning states, and proceed straight to Forwarding.
Page 556: Spanning-Tree Mst Cost
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P connected to two or more bridges. When automatic detection is selected, the switch derives the link type from the duplex mode. A full-duplex interface is considered a point-to-point link, while a half-duplex interface is assumed to be on a shared link.
Page 557: Spanning-Tree Mst Port-Priority
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Use the no spanning-tree mst cost command to specify auto-configuration mode. Path cost takes precedence over interface priority. Example Console(config)#interface ethernet ethernet 1/5 Console(config-if)#spanning-tree mst 1 cost 50 Console(config-if)# Related Commands spanning-tree mst port-priority Use the spanning-tree pathcost method command on page 4-206 to set the path cost method.
Page 558: Spanning-Tree Protocol-Migration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Related Commands spanning-tree mst cost spanning-tree protocol-migration This command re-checks the appropriate BPDU format to send on the selected interface. Syntax spanning-tree protocol-migration interface interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number.
Page 559 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P None Command Mode Privileged Exec Command Usage Use the show spanning-tree command with no parameters to display the spanning tree configuration for the switch for the Common Spanning Tree (CST) and for every interface in the tree.
Page 560: Show Spanning-Tree Mst Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Admin status: enable Role: root State: forwarding External admin path cost: 10000 Internal admin cost: 10000 External oper path cost: 10000 Internal oper path cost: 10000 Priority: 128 Designated cost: 200000 Designated port: 128.24...
Page 561 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 0 1,3-4094 Console#...
Page 562: Vlan Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21 VLAN Commands A VLAN is a group of ports that can be located anywhere in the network, but communicate as though they belong to the same physical segment. This section describes commands used to create VLAN groups, add port members, specify how VLAN tagging is used, and enable automatic VLAN registration for the selected interface.
Page 563: Bridge-Ext Gvrp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P bridge-ext gvrp This command enables GVRP globally for the switch. Use the no form to disable it. Syntax [no] bridge-ext gvrp Default Setting Disabled Command Mode Global Configuration Command Usage GVRP defines a way for switches to exchange VLAN information in order to register VLAN members on ports across the network.
Page 564: Switchport Gvrp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Global GVRP Status: Disabled GMRP: Disabled Console# switchport gvrp This command enables GVRP for a port. Use the no form to disable it. Syntax [no] switchport gvrp Default Setting Disabled Command Mode...
Page 565: Garp Timer
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P GVRP configuration: Enabled Console# garp timer This command sets the values for the join, leave and leaveall timers. Use the no form to restore the timers’ default values. Syntax garp timer {join | leave | leaveall} timer_value no garp timer {join | leave | leaveall} {join | leave | leaveall} - Which timer to set.
Page 566: Show Garp Timer
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#interface ethernet 1/1 Console(config-if)#garp timer join 100 Console(config-if)# Related Commands show garp timer show garp timer This command shows the GARP timers for the selected interface. Syntax show garp timer [interface] interface •...
Page 567: Editing Vlan Groups
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21.2 Editing VLAN Groups Command Function Mode vlan database Enters VLAN database mode to add, change, and delete VLANs vlan Configures a VLAN, including VID, name and state Table 5-68 Editing VLAN Groups vlan database This command enters VLAN database mode.
Page 568: Configuring Vlan Interfaces
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P name - Keyword to be followed by the VLAN name. -vlan-name -ASCII string from 1 to 32 characters. media ethernet - Ethernet media type. state - Keyword to be followed by the VLAN state. -active -VLAN is operational. -suspend - VLAN is suspended.
Page 569: Interface Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P switchport ingress-filtering Enables ingress filtering on an interface switchport native vlan Configures the PVID (native VLAN) of an interface switchport allowed vlan Configures the VLANs associated with an interface switchport gvrp...
Page 570: Switchport Acceptable-Frame-Types
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P trunk - Specifies a port as an end-point for a VLAN trunk. A trunk is a direct link between two switches, so the port transmits tagged frames that identify the source VLAN. Note that frames belonging to the port’s default VLAN (i.e., associated with the PVID) are also transmitted as tagged frames.
Page 571: Switchport Ingress-Filtering
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-if)#switchport acceptable-frame-types tagged Console(config-if)# Related Commands switchport mode switchport ingress-filtering This command enables ingress filtering for an interface. Syntax [no] switchport ingress-filtering Although this command is available, the switch has ingress filtering permanently set to enabled.
Page 572: Switchport Native Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P switchport native vlan This command configures the PVID (i.e., default VLAN ID) for a port. Use the no form to restore the default. Syntax switchport native vlan vlan-id no switchport native vlan vlan-id -Default VLAN ID for a port.
Page 573: Switchport Forbidden Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Interface Configuration (Ethernet, Port Channel) Command Usage A port, or a trunk with switchport mode set to hybrid, must be assigned to a VLAN as untagged. If a trunk has switchport mode set to trunk (i.e., 1Q Trunk), then you can only assign an interface to VLAN groups as a tagged member.
Page 574: Displaying Vlan Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P VLANs for that same interface. Example The following example shows how to prevent port 1 from being added to VLAN 3: Console(config)#interface ethernet 1/1 Console(config-if)#switchport forbidden vlan add 3 Console(config-if)# 5.21.4 Displaying VLAN Information...
Page 575 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Name: DefaultVlan Status: Active Ports/Port Eth1/ 1(S) Eth1/ 2(S) Eth1/ 3(S) Eth1/ 4(S) Eth1/ 5(S) Channels: Eth1/ 6(S) Eth1/ 7(S) Eth1/ 8(S) Eth1/ 9(S) Eth1/10(S) Eth1/11(S) Eth1/12(S) Eth1/13(S) Eth1/14(S) Eth1/15(S) Eth1/16(S) Eth1/17(S) Eth1/18(S) Eth1/19(S) Eth1/20(S)
Page 576: Configuring Ieee 802.1Q Tunneling
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21.5 Configuring IEEE 802.1Q Tunneling IEEE 802.1Q tunneling (QinQ tunneling) uses a single Service Provider VLAN (SPVLAN) for customers who have multiple VLANs. Customer VLAN IDs are preserved and traffic from different customers is segregated within the service provider’s network even when they use the same customer-specific VLAN IDs.
Page 577: Dot1Q-Tunnel System-Tunnel-Control
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P dot1q-tunnel system-tunnel-control This command sets the switch to operate in QinQ mode. Use the no form to disable QinQ operating mode. Syntax [no] dot1q-tunnel system-tunnel-control Default Setting Disabled Command Mode Global Configuration Command Usage QinQ tunnel mode must be enabled on the switch for QinQ interface settings to be functional.
Page 578: Switchport Dot1Q-Tunnel Tpid
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P more tag layers) is retained in the inner tag, and the service provider’s tag added to the outer tag. • plink port receives a packet from the service provider, the outer service provider’s tag is stripped off, and the packet passed onto the VLAN indicated by the inner tag.
Page 579: Show Dot1Q-Tunnel
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#interface ethernet 1/1 Console(config-if)#switchport dot1q-tunnel tpid 9100 Console(config-if)# Related Commands show interfaces switchport show dot1q-tunnel This command displays information about QinQ tunnel ports. Command Mode Privileged Exec Example Console(config)#dot1q-tunnel system-tunnel-control...
Page 580: Configuring Private Vlans
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21.6 Configuring Private VLANs Private VLANs provide port-based security and isolation between ports within the assigned VLAN. This switch supports two types of private VLANs: primary/ secondary associated groups, and stand-alone isolated VLANs. A primary VLAN contains...
Page 581: Private-Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P To configure isolated VLANs, follow these steps: Use the private-vlan command to designate an isolated VLAN that will contain a single promiscuous port and one or more isolated ports. Use the switchport mode private-vlan command to configure one port as promiscuous (i.e., having access to all ports in the isolated VLAN) one or more ports as host (i.e., isolated port).
Page 582: Private Vlan Association
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#vlan database Console(config-vlan)#private-vlan 2 primary Console(config-vlan)#private-vlan 3 community Console(config)# private vlan association Use this command to associate a primary VLAN with a secondary (i.e., community) VLAN. Use the no form to remove all associations for the specified primary VLAN.
Page 583: Switchport Private-Vlan Host-Association
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting Normal VLAN Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage To assign a promiscuous port to a primary VLAN, use the switchport private-vlan mapping command. To assign a host port to a community VLAN, use the private-vlan host association command.
Page 584: Switchport Private-Vlan Isolated
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P switchport private-vlan isolated Use this command to assign an interface to an isolated VLAN. Use the no form to remove this assignment. Syntax switchport private-vlan isolated isolated-vlan-id no switchport private-vlan isolated isolated-vlan-id - ID of isolated VLAN.
Page 585: Show Private-Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show private-vlan Use this command to show the private VLAN configuration settings on this switch. Syntax show private-vlan [community | isolated | primary] community – Displays all community VLANs, along with their associated primary VLAN and assigned host interfaces.
Page 586: Configuring Protocol-Based Vlans
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21.7 Configuring Protocol-based VLANs The network devices required to support multiple protocols cannot be easily grouped into a common VLAN. This may require non-standard devices to pass traffic between different VLANs in order to encompass all the devices participating in a specific protocol.
Page 587 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Example The following creates protocol group 1, and specifies the IPX protocol type. Protocol VLAN group 2 is created with protocol-type IPv6 (86DD) and frame-type ethernet specified:...
Page 588: Show Protocol-Vlan Protocol-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The following example maps the traffic entering Port 1 which matches the protocol type specified in protocol group 1 to VLAN 2. Console(config)#interface ethernet 1/1 Console(config-if)#protocol-vlan protocol-group 1 vlan 2 Console(config-if)# show protocol-vlan protocol-group This command shows the frame and protocol type associated with protocol groups.
Page 589: Show Interfaces Protocol-Group
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show interfaces protocol-group This command shows the mapping from protocol groups to VLANs for the selected interfaces. Syntax show interfaces protocol-vlan protocol-group [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number.
Page 590: Configuring Voice Vlans
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.21.8 Configuring Voice VLANs The switch allows you to specify a Voice VLAN for the network and set a CoS priority for the VoIP traffic. VoIP traffic can be detected on switch ports by using the source MAC address of packets, or by using LLDP (IEEE 802.1AB) to discover connected VoIP devices.
Page 591: Voice Vlan Aging
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P command). Example The following example enables VoIP traffic detection and specifies the Voice VLAN ID as 1234. Console(config)#voice vlan 1234 Console(config)# voice vlan aging This command sets the Voice VLAN membership time out. Use the no form to restore the default.
Page 592: Switchport Voice Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P • address-mask - Identifies a range of MAC addresses. (Range: 80-00-00-00-00-00 to FF-FF-FF-FF-FF-FF) • description - User-defined text that identifies the VoIP devices. (Range: 1-32 characters) Default Setting None Command Mode...
Page 593: Switchport Voice Vlan Rule
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P the switchport voice vlan command (page 4-251). When OUI is selected, be sure to configure the MAC address ranges in the Telephony OUI list. Example The following example sets port 1 to Voice VLAN auto mode.
Page 594: Switchport Voice Vlan Security
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P switchport voice vlan security This command enables security filtering for VoIP traffic on a port. Use the no form to disable filtering on a port. Syntax [no] switchport voice vlan security...
Page 595: Show Voice Vlan
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The following example sets the CoS priority to 5 on port 1. Console(config)#interface ethernet 1/1 Console(config-if)#switchport voice vlan priority 5 Console(config-if)# show voice vlan This command displays the Voice VLAN settings on the switch and the OUI Telephony list.
Page 596: Lldp Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 00-98-76-54-32-10 FF-FF-FF-FF-FF-FF Marc' phone Console# 5.22 LLDP Commands Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.1ab standard, and can include details...
Page 597 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lldp basic-tlv Configures an LLDP-enabled port to advertise themanagement management-ip-address address for this device lldp basic-tlv port-description Configures an LLDP-enabled port to advertise its port description lldp basic-tlv Configures an LLDP-enabled port to advertise its system...
Page 598: Lldp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P for remote devices show lldp info statistics Shows statistical counters for all LLDP-enabled interfaces * Vendor-specific options may or may not be advertised by neighboring devices. Table 5-75 LLDP Commands lldp This command enables LLDP globally on the switch.
Page 599: Lldp Medfaststartcount
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#lldp holdtime-multiplier 10 Console(config)# lldp medFastStartCount This command specifies the amount of MED Fast Start LLDPDUs to transmit during the activation process of the LLDP-MED Fast Start mechanism. Syntax lldp medfaststartcount packets seconds - Amount of packets. (Range: 1-10 packets; Default: 4 packets)
Page 600: Lldp Refresh-Interval
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P management. Information about changes in LLDP neighbors that occur between SNMP notifications is not transmitted. Only state changes that exist at the time of a notification are included in the transmission. An SNMP agent should therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification-events missed due to throttling or transmission loss.
Page 601: Lldp Tx-Delay
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P seconds - Specifies the delay before attempting to re-initialize LLDP. (Range: 1 - 10 seconds) Default Setting 2 seconds Command Mode Global Configuration Command Usage When LLDP is re-initialized on a port, all information in the remote systems LLDP MIB associated with this port is deleted.
Page 602: Lldp Admin-Status
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lldp admin-status This command enables LLDP transmit, receive, or transmit and receive mode on the specified port. Use the no form to disable this feature. Syntax lldp admin-status {rx-only | tx-only | tx-rx} no lldp admin-status rx-only - Only receive LLDP PDUs.
Page 603: Lldp Mednotification
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P therefore periodically check the value of lldpStatsRemTableLastChangeTime to detect any lldpRemTablesChange notification-events missed due to throttling or transmission loss. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp notification Console(config-if)# lldp mednotification This command enables the transmission of SNMP trap notifications about LLDP-MED changes. Use the no form to disable LLDP-MED notifications.
Page 604: Lldp Basic-Tlv Port-Description
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax [no] lldp basic-tlv management-ip-address Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage • The management address protocol packet includes the IPv4 address of the switch. If no management address is available, the address should be the MAC address for the CPU or for the port sending this advertisement.
Page 605: Lldp Basic-Tlv System-Capabilities
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv port-description Console(config-if)# lldp basic-tlv system-capabilities This command configures an LLDP-enabled port to advertise its system capabilities. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-capabilities...
Page 606: Lldp Basic-Tlv System-Name
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#interface ethernet 1/1 Console(config-if)#lldp basic-tlv system-description Console(config-if)# lldp basic-tlv system-name This command configures an LLDP-enabled port to advertise the system name. Use the no form to disable this feature. Syntax [no] lldp basic-tlv system-name...
Page 607: Lldp Dot1-Tlv Proto-Vid
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv proto-ident Console(config-if)# lldp dot1-tlv proto-vid This command configures an LLDP-enabled port to advertise port related VLAN information. Use the no form to disable this feature.
Page 608: Protocol-Vlan Protocol-Group (Configuring Interfaces)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot1-tlv pvid Console(config-if)# lldp dot1-tlv vlan-name This command configures an LLDP-enabled port to advertise its VLAN name. Use the no form to disable this feature.
Page 609: Lldp Dot3-Tlv Mac-Phy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P if this interface is currently a link aggregation member. Example Console(config)#interface ethernet 1/1 Console(config-if)#no lldp dot3-tlv link-agg Console(config-if)# lldp dot3-tlv mac-phy This command configures an LLDP-enabled port to advertise its MAC and physical layer capabilities. Use the no form to disable this feature.
Page 610: Lldp Dot3-Tlv Poe
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage Refer to “Frame Size Commands” on page 4-32 for information on configuring the maximum frame size for this switch. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp dot3-tlv max-frame Console(config-if)# lldp dot3-tlv poe This command configures an LLDP-enabled port to advertise its Power-over-Ethernet (PoE) capabilities.
Page 611: Lldp Medtlv Inventory
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises extended Power-over-Ethernet capability details, such as power availability from the switch, and power state of the switch, including whether the switch is operating from primary or backup power (the Endpoint Device could use this information to decide to enter power conservation mode).
Page 612: Lldp Medtlv Med-Cap
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P this feature. Syntax [no] lldp medtlv location Default Setting Enabled Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage This option advertises location identification details. Example Console(config)#interface ethernet 1/1 Console(config-if)#lldp medtlv location...
Page 613: Lldp Medtlv Network-Policy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P lldp medtlv network-policy This command configures an LLDP-MED-enabled port to advertise its network policy configuration. Use the no form to disable this feature. Syntax [no] lldp medtlv network-policy Default Setting Enabled...
Page 614 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P LLDP Enable : Yes LLDP Transmit interval : 30 LLDP Hold Time Multiplier : 4 LLDP Delay Interval : 2 LLDP Reinit Delay : 2 LLDP Notification Interval : 5 LLDP MED fast start counts : 4...
Page 615: Show Lldp Info Local-Device
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show lldp info local-device This command shows LLDP global and interface-specific configuration settings for this device. Syntax show lldp info local-device [detail interface] • detail - Shows detailed information. • interface •...
Page 616: Show Lldp Info Remote-Device
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show lldp info remote-device This command shows LLDP global and interface-specific configuration settings for remote devices attached to an LLDP-enabled port. Syntax show lldp info remote-device [detail interface] detail - Shows detailed information.
Page 617 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Syntax show lldp info statistics [detail interface] detail - Shows detailed information. interface ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12)
Page 618: Queue Mode
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.23 Class of Service Commands The commands described in this section allow you to specify which data packets have greater precedence when traffic is buffered in the switch due to congestion. This switch supports CoS with four priority queues for each port. Data packets in a port’s high-priority queue will be transmitted before those in the lower-priority queues.
Page 619: Switchport Priority Default
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P servicing lower priority queues. • wrr - Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights 1, 2, 4, 8 for queues 0 -3 respectively. • hybrid -Services the highest priority queue (3) according to strict priority queuing, after which the 3 lower priority queues (0, 1, 2) are processed according to their WRR weightings.
Page 620: Queue Bandwidth
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage • The precedence for priority mapping is IP Port, IP Precedence or IP DSCP, and default switchport priority. • The default priority applies for an untagged frame received on a port set to accept all frame types (i.e, receives both untagged and tagged frames).
Page 621: Queue Cos-Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example This example shows how to assign WRR weights to priority queues 0 - 2: Console(config)#queue bandwidth 6 9 12 Console(config)# Related Commands queue mode show queue bandwidth queue cos-map This command assigns class of service (CoS) values to the priority queues (i.e., hardware output queues 0 - 3). Use the no form set the CoS map to the default values.
Page 622: Show Queue Mode
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config-if)#queue cos-map 0 0 Console(config-if)#queue cos-map 1 1 Console(config-if)#queue cos-map 2 2 Console(config-if)#exit Console#show queue cos-map ethernet 1/1 Information of Eth 1/1 Traffic Class : 0 1 2 3 4 5 6 7...
Page 623: Show Queue Cos-Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console# show queue bandwidth Queue ID Weight -------- ----- Console# show queue cos-map This command shows the class of service priority map. Syntax show queue cos-map [interface] interface • ethernet unit/port -unit - Stack unit. (Range: 1) -port - Port number. (Range: 1-28) •...
Page 624 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.23.2 Priority Commands (Layer 3 and 4) This section describes commands used to configure Layer 3 and Layer 4 traffic priority on the switch Command Function Mode map ip dscp Configures IP DSCP to CoS queue mapping...
Page 625 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Mode Global Configuration Command Usage • The command map ip dscp enables the feature on the switch. The command map ip dscp dscp-value cos cos-queue maps DSCP values to port CoS queues.
Page 626: Map Ip Precedence
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The following example shows how to map HTTP traffic to CoS queue 0, then enable the feature globally on the switch. Console(config)#map ip port 80 cos 0 Console(config)#map ip port Console(config)# map ip precedence Use this command to enable and set IP precedence priority mapping.
Page 627 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#map ip precedence Console(config)# map ip tos Use this command to enable and set IP TOS priority mapping (i.e., IP Type of Service priority mapping). Use the no form to Default Setting...
Page 628: Map Access-List Ip
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#map ip tos 0 cos 1 Console(config)#map ip tos map access-list ip This command sets the output queue for packets matching an IP ACL rule. Use the no form to remove the CoS queue mapping.
Page 629: Show Map Ip Dscp
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage You must configure an ACL before you can map a CoS queue to the rule. Example Console(config)#interface ethernet 1/2 Console(config-if)#map access-list mac steve cos 0 Console(config-if)# show map ip dscp This command shows the IP DSCP priority map.
Page 630: Show Map Ip Precedence
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show map ip port Command Mode Privileged Exec Example The following shows that FTP traffic has been mapped to CoS value 2: Console# show map ip port TCP Port Mapping Status: Disabled Port no.
Page 631 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Related Commands map ip precedence show map ip tos Use this command to show the IP ToS priority map. Syntax show map ip tos Command Mode Privileged Exec Class of Service Commands...
Page 632: Show Map Access-List
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show map access-list This command shows the CoS queue mapped to an ACL for the current interface. Syntax show map access-list {ip | mac} [interface] ip - Specifies IP ACLs. mac - Specifies MAC ACLs.
Page 633: Class-Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show policy-map Displays the QoS policy maps which define classification criteria for incoming traffic, and may include policers for bandwidth limitations show policy-map interface Displays the configuration of all classes configured for all...
Page 634: Match
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Global Configuration Command Usage • First enter this command to designate a class map and enter the Class Map configuration mode. Then use the match command to specify the criteria for ingress traffic that will be classified under this class map.
Page 635: Policy-Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#class-map rd_class#3 match-any Console(config-cmap)#match access-list test-packets Console(config-cmap)# policy-map This command creates a policy map that can be attached to multiple interfaces, and enters Policy Map configuration mode. Use the no form to delete a policy map and return to Global configuration mode.
Page 636 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P the no form to delete a class map and return to Policy Map configuration mode. Syntax [no] class class-map-name class-map-name -Name of the class map. (Range: 1-16 characters) Default Setting None...
Page 637: Police
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting None Command Mode Policy Map Class Configuration Example This example creates a policy called “rd_policy,” uses the class command to specify the previously defined “rd_class,” uses the set command to classify the service that incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.
Page 638: Service-Policy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P uses the set command to classify the service that incoming packets will receive, and then uses the police command to limit the average bandwidth to 100,000 Kbps, the burst rate to 1522 bytes, and configure the response to drop any violating packets.
Page 639: Show Class-Map
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show class-map This command displays the QoS class maps which define matching criteria used for classifying traffic. Syntax show class-map [class-map-name] class-map-name -Name of the class map. (Range: 1-16 characters) Default Setting Displays all class maps.
Page 640: Show Policy-Map Interface
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Example Console#show policy-map Policy Map rd_policy class rd_class set ip dscp 3 Console#show policy-map rd_policy class rd_class Policy Map rd_policy class rd_class set ip dscp 3 Console# show policy-map interface This command displays the service policy assigned to the specified interface.
Page 641: Multicast Filtering Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.25 Multicast Filtering Commands This switch uses IGMP (Internet Group Management Protocol) to query for any attached hosts that want to receive a specific multicast service. It identifies the ports containing hosts requesting a service and sends data out to those ports only. It then propagates the service request up to any neighboring multicast switch/router to ensure that it will continue to receive the multicast service.
Page 642: Ip Igmp Snooping Vlan Static
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P [no] ip igmp snooping Default Setting Enabled Command Mode Global Configuration Example The following example enables IGMP snooping. Console(config)#ip igmp snooping Console(config)# ip igmp snooping vlan static This command adds a port to a multicast group. Use the no form to remove the port.
Page 643: Ip Igmp Snooping Leave-Proxy
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P no ip igmp snooping version 1 - IGMP Version 1 2 - IGMP Version 2 3 - IGMP Version 3 Default Setting IGMP Version 2 Command Mode Global Configuration Command Usage All systems on the subnet must support the same version.
Page 644: Ip Igmp Snooping Immediate-Leave
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)# ip igmp snooping immediate-leave This command immediately deletes a member port of a multicast service if a leave packet is received at that port and immediate-leave is enabled for the parent VLAN. Use the no form to restore the default.
Page 645: Show Mac-Address-Table Multicast
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P See “Configuring IGMP Snooping and Query Parameters” on page 3-239 for a description of the displayed items. Example The following shows the current IGMP snooping configuration: . Console#show ip igmp snooping...
Page 646: Ip Igmp Snooping Querier
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ---- --------------- ------------ ------ 1 224.1.2.3 Eth1/11 IGMP Console# 5.25.2 IGMP Query Commands (Layer 2) This section describes commands used to configure Layer 2 IGMP query on the switch. Command Function...
Page 647: Ip Igmp Snooping Query-Count
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P ip igmp snooping query-count This command configures the query count. Use the no form to restore the default. Syntax ip igmp snooping query-count count no ip igmp snooping query-count count - The maximum number of queries issued for which there has been no response before the switch takes action to drop a client from the multicast group.
Page 648: Ip Igmp Snooping Query-Max-Response-Time
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#ip igmp snooping query-interval 100 Console(config)# ip igmp snooping query-max-response-time This command configures the query report delay. Use the no form to restore the default. Syntax ip igmp snooping query-max-response-time seconds no ip igmp snooping query-max-response-time seconds -The report delay advertised in IGMP queries.
Page 649: Static Multicast Routing Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Default Setting 300 seconds Command Mode Global Configuration Command Usage The switch must use IGMPv2 or v3 snooping for this command to take effect. Example The following shows how to configure the default timeout to 300 seconds:...
Page 650: Show Ip Igmp Snooping Mrouter
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Global Configuration Command Usage Depending on your network connections, IGMP snooping may not always be able to locate the IGMP querier. Therefore, if the IGMP querier is a known multicast router/switch connected over the network to an interface (port or trunk) on your router, you can manually configure that interface to join all the current multicast groups.
Page 651: Igmp Filtering And Throttling Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.25.4 IGMP Filtering and Throttling Commands In certain switch applications, the administrator may want to control the multicast services that are available to end users. For Example , an IP/TV service based on a specific subscription plan. The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and IGMP throttling limits the number of simultaneous multicast groups a port can join.
Page 652: Ip Igmp Profile
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The IGMP filtering feature operates in the same manner when MVR is used to forward multicast traffic. Example Console(config)#ip igmp filter Console(config)# ip igmp profile This command creates an IGMP filter profile number and enters IGMP profile configuration mode. Use the no form to delete a profile number.
Page 653: Range
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage Each profile has only one access mode; either permit or deny. When the access mode is set to permit, IGMP join reports are processed when a multicast group falls within the controlled range.
Page 654: Ip Igmp Max-Groups
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P interface. Syntax [no] ip igmp filter profile-number profile-number - An IGMP filter profile number. (Range: 1-4294967295) Default Setting None Command Mode Interface Configuration Command Usage The IGMP filtering profile must first be created with the ip igmp profile command before being able to assign it to an interface.
Page 655: Ip Igmp Max-Groups Action
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P throttling settings of the first port member in the trunk. Example Console(config)#interface ethernet 1/1 Console(config-if)#ip igmp max-groups 10 Console(config-if)# ip igmp max-groups action This command sets the IGMP throttling action for an interface on the switch.
Page 656: Show Ip Igmp Profile
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P -port - Port number. (Range: 1-28) • port-channel channel-id (Range: 1-12) Default Setting None Command Mode Privileged Exec Example Console#show ip igmp filter IGMP filter enabled Console#show ip igmp filter interface ethernet 1/1...
Page 657: Show Ip Igmp Throttle Interface
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Deny range 239.1.1.1 239.1.1.1 range 239.2.3.1 239.2.3.100 Console# show ip igmp throttle interface This command displays the interface settings for IGMP throttling. Syntax show ip igmp throttle interface [interface] interface • ethernet unit/port -unit - Stack unit.
Page 658: Multicast Vlan Registration Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.25.5 Multicast VLAN Registration Commands This section describes commands used to configure Multicast VLAN Registration (MVR). A single network-wide VLAN can be used to transmit multicast traffic (such as television channels) across a service provider’s network. Any multicast traffic entering an MVR VLAN is sent to all subscribers.
Page 659: Mvr (Interface Configuration)
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Global Configuration Command Usage • Use the mvr group command to statically configure all multicast group addresses that will join the MVR VLAN. Any multicast data associated an MVR group is sent from all source ports, and to all receiver ports that have registered to receive data from that multicast group.
Page 660 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P multicast group. (Range: 224.0.1.0 -239.255.255.255) Default Setting The port type is not defined. Immediate leave is disabled. No receiver port is a member of any configured multicast group. Command Mode Interface Configuration (Ethernet, Port Channel) Command Usage •...
Page 661: Show Mvr
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console(config)#interface ethernet 1/5 Console(config-if)#mvr type source Console(config-if)#exit Console(config)#interface ethernet 1/6 Console(config-if)#mvr type receiver Console(config-if)#mvr immediate Console(config-if)#exit Console(config)#interface ethernet 1/7 Console(config-if)#mvr type receiver Console(config-if)#mvr group 225.0.0.5 Console(config-if)# show mvr This command shows information about the global MVR configuration settings when entered without any keywords, the interfaces attached to the MVR VLAN using the interface keyword, or the multicast groups assigned to the MVR VLAN using the members keyword.
Page 662 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console# show mvr MVR Status:enable MVR running status:TRUE MVR multicast vlan:1 MVR Max Multicast Groups:255 MVR Current multicast groups:10 Console# Field Description MVR Status Shows if MVR is globally enabled on the switch.
Page 663 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P interface. Immediate Leave Shows if immediate leave is enabled or disabled. Table 5-91 show mvr interface - display description The following shows information about the interfaces associated with multicast groups assigned to the MVR VLAN:...
Page 664: Ip Interface Commands
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 5.26 IP Interface Commands An IP addresses may be used for management access to the switch over your network. The IP address for this switch is obtained via DHCP by default. You can manually configure a specific IP address, or direct the device to obtain an address from a BOOTP or DHCP server.
Page 665: Ip Default-Gateway
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Requests will be broadcast periodically by this device in an effort to learn its IP address. (BOOTP and DHCP values can include the IP address, default gateway, and subnet mask). You can start broadcasting BOOTP or DHCP requests by entering an ip dhcp restart command, or by rebooting the switch.
Page 666: Ip Dhcp Restart
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P show ip redirects ip dhcp restart This command submits a BOOTP or DHCP client request. Default Setting None Command Mode Privileged Exec Command Usage This command issues a BOOTP or DHCP client request for any IP interface that has been set to BOOTP or DHCP mode via the ip address command.
Page 667: Show Ip Redirects
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Console#show ip interface IP address and netmask: 192.168.1.54 255.255.255.0 on VLAN 1, and address mode: User specified. Console# Related Commands show ip redirects show ip redirects This command shows the default gateway configured for this device.
Page 668 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Command Usage Use the ping command to see if another site on the network can be reached. • The following are some results of the ping command: -Normal response - The normal response occurs in one to ten seconds, depending on network traffic.
Page 669: Cli Configuration (To Be Continued)
Console(config)# snmp-server location WC 9 Console(config)# snmp-server contact Ted Console(config)# exit Console# show system System Description: Layer2+ Fast Ethernet Standalone Switch SGSD-1022 System OID String: 1.3.6.1.4.1.259.6.10.103 System Information System Up Time: 0 days, 0 hours, 57 minutes, and 56.69 seconds System Name: R&D 5...
Page 670: Switch Information
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Switch Information Console# show version Serial Number: 0012CF422DC0 Service Tag: Hardware Version: EPLD Version: 0.00 Number of Ports: Main Power Status: Loader Version: 1.0.0.2 Boot ROM Version: 0.0.1.1 Operation Code Version: 0.0.3.5...
Page 671: Ip Address Configuration
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IP Address Configuration Manual IP Configuration Console#config Console(config)# interface vlan 1 Console(config-if)# ip address 192.168.1.1 255.255.255.0 Console(config-if)# exit Console(config)# ip default-gateway 192.168.1.253 Console(config)# Using DHCP/BOOTP If your network provides DHCP/BOOTP services, you can configure the switch to be dynamically configured by these services.
Page 672: Setting The System Clock
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P SMTP servers 1. 192.168.1.4 SMTP minimum severity level: 4 SMTP destination email addresses 1. supports@planet.com.tw SMTP source email address: kentk@planet.com.tw SMTP status: Enabled Console# Setting the System Clock Console(config)#sntp server 10.1.0.19 137.82.140.80 128.250.36.2...
Page 673: Switch Operation
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 7. SWITCH OPERATION 7.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc. This in-formation comes from the learning process of Ethernet Switch.
Page 674: Auto-Negotiation
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 7.5 Auto-Negotiation The STP ports on the Switch have built-in "Auto-negotiation". This technology automatically sets the best possible bandwidth when a connection is established with another network device (usually at Power On or Reset). This is done by detect the modes and speeds at the second of both device is connected and capable of, both 10Base-T and 100Base-TX devices can connect with the port in either Half- or Full-Duplex mode.
Page 675: Power Over Ethernet Overview
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 8. POWER OVER ETHERNET OVERVIEW What is PoE? Based on the global standard IEEE 802.3af, PoE is a technology for wired Ethernet, the most widely installed local area network technology adopted today. PoE allows the electrical power necessary for the operation of each end-device to be carried by data cables rather than by separate power cords.
Page 676 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Figure 1 - Power Supplied over the Spare Pins The data pairs are used. Since Ethernet pairs are transformer coupled at each end, it is possible to apply DC power to the center tap of the isolation transformer without upsetting the data transfer.
Page 677: The Poe Provision Process
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P References: IEEE Std 802.3af-2003 (Amendment to IEEE Std 802.3-2002, including IEEE Std 802.3ae-2002), 2003 Page(s):0_1-121 White Paper on Power over Ethernet (IEEE802.3af) http://www.poweroverethernet.com/articles.php?article_id=52 Microsemi /PowerDsine http://www.microsemi.com/PowerDsine/ Linear Tech http://www.linear.com/ The PoE Provision Process While adding PoE support to networked devices is relatively painless, it should be realized that power cannot simply be transferred over existing CAT-5 cables.
Page 678: Classification
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The signature resistor lies in the PD's PoE front-end, isolated from the rest of the the PD's circuitries till detection is certified. Classification Once a PD is detected, the PSE may optionally perform classification, to determine the maximal power a PD is to consume. The PSE induces 15.5-20.5 VDC, limited to 100 mA, for a period of 10 to 75 ms responded by a certain current consumption by the...
Page 679 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P functionality - the PSE shutdowns power to a disconnected port within 300 to 400ms. The upper boundary is a physical human limit for disconnecting one PD and reconnecting another. DC Disconnect DC Disconnect detection involves measurement of current.
Page 680: Trouble Shooting
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P 9. TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual.
Page 681: Appendex A
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P APPENDEX A A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI-X BI_DA+ BI_DB+ BI_DA- BI_DB- BI_DB+ BI_DA+ BI_DC+ BI_DD+ BI_DC- BI_DD- BI_DB- BI_DA- BI_DD+ BI_DC+ BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard.
Page 682 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P The standard cable, RJ-45 pin assignment The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded. The following shows the pin allocation and color...
Page 683: Appendex B : Glossary
User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P APPENDEX B : GLOSSARY Bandwidth Utilization The percentage of packets received over time as compared to overall bandwidth. BOOTP Boot protocol used to load the operating system for devices connected to the network.
Page 684 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P IEEE 802.1D Specifies a general method for the operation of MAC bridges, including the Spanning Tree Protocol. IEEE 802.1Q VLAN Tagging—Defines Ethernet frame tags which carry VLAN information. It allows switches to assign end-stations to different virtual LANs, and defines a standard way for VLANs to communicate across switched networks.
Page 685 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Management Information Base (MIB) An acronym for Management Information Base. It is a set of database objects that contains information about a specific device. Multicast Switching A process whereby the switch filters incoming multicast frames for services no attached host has registered for, or forwards them to all ports contained within the designated multicast VLAN group.
Page 686 User’s Manual of SGSD-1022 / SGSD-1022P SGSW-2840 / SGSW-2840P Serial Line Internet Protocol, a standard protocol for point-to-point connections using serial lines. Spanning Tree Protocol (STP) A technology that checks your network for any loops. A loop can often occur in complicated or back-up linked network systems.
Page 687: Ec Declaration Of Conformity
EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 10/100Mbps + 4 Gigabit TP / SFP Managed Security Switch *Model Number: SGSW-2840 * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address: 11F, No 96, Min Chuan Road Hsin Tien, Taipei, Taiwan , R.
Page 688 For the following equipment: *Type of Product: 8-Port 10/100Mbps Fast Ethernet + 2 Gigabit TP/ SFP combo Managed Ethernet Switch *Model Number: SGSD-1022 * Produced by: Manufacturer‘s Name : Planet Technology Corp. Manufacturer‘s Address: 11F, No 96, Min Chuan Road Hsin Tien, Taipei, Taiwan , R.

This manual is also suitable for:

Sgsw-2840p Sgsd-1022p Sgsw-2840

Planet Networking & Communication SGSD-1022 User Manual

1 Introdution

2 Installation

3 Switch Management

4 Web Configuration

System

5 Command Line Interface

Quick Links

Related Manuals for Planet Networking & Communication SGSD-1022

Summary of Contents for Planet Networking & Communication SGSD-1022