VigorSwitch P2261 PoE 24+2 Giga Port L2 Managed Switch User’s Guide Version: 1.0 Date: 24/09/2012 Copyright 2012 All rights reserved.
Copyright Information Copyright Declarations Copyright 2012 All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: z Microsoft is a registered trademark of Microsoft Corp.
European Community Declarations Manufacturer: Address: Product: DrayTek Corp. No. 26, Fu Shing Road, HuKou Township, HsinChu Industrial Park, Hsin-Chu County, Taiwan 303 VigorSwitch Series Device The product conforms to the requirements of Electro-Magnetic Compatibility (EMC) Directive 2004/108/EC by complying with the requirements set forth in EN55022/Class A and EN55024/Class A.
Table of Contents Chapter 1: Introduction .....................................................................................................1 1.1 Overview ................................................................................................................................. 1 1.2 Features .................................................................................................................................. 3 1.3 Packing List............................................................
2.3.1 Aggregation – Static Trunk ............................................................................................. 61 2.3.2 Aggregation – LACP – General Setup............................................................................ 63 2.3.3 Aggregation – LACP – System Status............................................................................ 64 2.3.4 Aggregation –LACP – Port Status & Statistics ............................................................... 65 2.3.
2.3.61 QoS – DSCP............................................................................................................... 147 2.3.62 QoS – DSCP-Based QoS........................................................................................... 148 2.3.63 QoS – DSCP Translation............................................................................................ 149 2.3.64 QoS – DSCP Classification ........................................................................................ 150 2.3.
3.2 Q & A ...................................................................................................................................
Chapter 1: Introduction In this user’s manual, it will not only tell you how to install and connect your network system but configure and monitor the 24+2 Gigabit L2 plus Switch through the built-in CLI and web by RS-232 serial interface and Ethernet ports step-by-step. Many explanations in detail of hardware and software functions are shown as well as the examples of the operation for web-based interface and command-line interface (CLI). 1.
Below shows key features of this device: QoS Support Quality of Service by the IEEE 802.1P standard. There are two priority queue and packet transmission schedule. Spanning Tree Support IEEE 802.1D, IEEE 802.1w (RSTP: Rapid Spanning Tree Protocol) standards. VLAN Support Port-based VLAN and IEEE802.1Q Tag VLAN. Support 256 active VLANs and VLAN ID 1~4094. Port Trunking Support static port trunking and port trunking with IEEE 802.3ad LACP.
¾ When one of its hosts joins a multicast address group to which none of its other hosts belong, sends unsolicited group membership reports to that group. ¾ When the last of its hosts in a particular multicast group leaves the group, sends an unsolicited leave group membership report to the all-routers group (244.0.0.2). 1.
z Built-in web-based management and CLI management, providing a more convenient UI for the user z Supports port mirror function with ingress/egress traffic z Supports rapid spanning tree (802.1w RSTP) z Supports multiple spanning tree (802.1s MSTP) z Supports 802.1X port security on a VLAN z Supports IP-MAC-Port Binding for LAN security z Supports user management and only first login administrator can configure the device.
z 1000Mbps LC, SM 50km, SFP Fiber transceiver z 1000Mbps BiDi LC, type 1, SM 20km, SFP Fiber WDM transceiver z 1000Mbps BiDi LC, type 2, SM 20km, SFP Fiber WDM transceiver z 1000Mbps LC, SM 10km, SFP Fiber transceiver with DDM Front View of 1000Base-SX/LX LC, SFP Fiber Transceiver Front View of 1000Base-LX BiDi LC, SFP Fiber Transceiver 1.4 LED Indicators and Connectors Before you use the Vigor device, please get acquainted with the LED indicators and connectors first.
Connector Explanation Interface RESET Description Used to restart the device to default settings. CONSOLE Used to perform telnet command control. LAN P1 – P24 Giga Ethernet Port. SFP (21 – 26) SFP Fiber Port. User Interfaces on the Rear Panel One socket on the rear panel is for AC power input. 1.5 Hardware Installation At the beginning, please do first: ¾ Wear a grounding device to avoid the damage from electrostatic discharge ¾ Be sure you have inserted the power cord to power source 1.5.
Power On The switch supports 100-240 VAC, 50-60 Hz power supply. The power supply will automatically convert the local AC power source to DC power. It does not matter whether any connection plugged into the switch or not when power on, even modules as well. After the power is on, all LED indicators will light up immediately and then all off except the power LED still keeps on. This represents a reset of the system. Firmware Loading After resetting, the bootloader will load the firmware into the memory.
1.5.4 Cabling Requirements To help ensure a successful installation and keep the network performance good, please take a care on the cabling requirement. Cables with worse specification will render the LAN to work poorly. Cabling Requirements for TP Ports For Fast Ethernet TP network connection ¾ The grade of the cable must be Cat. 5 or Cat. 5e with a maximum length of 100 meters. Gigabit Ethernet TP network connection ¾ The grade of the cable must be Cat. 5 or Cat.
802.3/802.3u/802.3z and other 802.1 series protocol specifications, in which the limitations are the timing requirement from physical signals defined by 802.3 series specification of Media Access Control (MAC) and PHY, and timer from some OSI layer 2 protocols such as 802.1d, 802.1q, LACP and so on. The fiber, TP cables and devices’ bit-time delay (round trip) are as follows: 1000Base-X TP, Fiber Round trip Delay: 4096 100Base-TX TP/100Base-FX Fiber Round trip Delay: 512 Cat. 5 TP Wire: 11.12/m Cat.
Case 2: Port-based VLAN -1 The same VLAN members could not be in different switches. Every VLAN members could not access VLAN members each other. The switch manager has to assign different names for each VLAN groups at one switch. Case 3: Port-based VLAN – 2 VLAN1 members could not access VLAN2, VLAN3 and VLAN4 members. VLAN2 members could not access VLAN1 and VLAN3 members, but they could access VLAN4 members. VLAN3 members could not access VLAN1, VLAN2 and VLAN4.
Case 4: The same VLAN members can be at different switches with the same VID VigorSwitch P2261 User’s Guide 11
1.5.5 Configuring the Management Agent of Switch Managing VigorSwitch P2261 through Ethernet Port Before you communicate with the switch, you have to finish the configuration of the IP address or to know the IP address of the switch. Then, follow the procedures listed below. 1. Set up a physical path between the configured the switch and a PC by a qualified UTP Cat. 5 cable with RJ-45 connector. Note: If PC directly connects to the switch, you have to setup the same subnet mask between them.
1.5.6 IP Address Assignment For IP address configuration, there are three parameters needed to be filled in. They are IP address, Subnet Mask, Default Gateway and DNS. IP address: The address of the network device in the network is used for internetworking communication. Its address structure looks is shown below. It is “classful” because it is split into predefined address classes or categories. Each class has its own network range between the network identifier and host identifier in the 32 bits address.
Class D and E: Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for IP broadcast. According to IANA (Internet Assigned Numbers Authority), there are three specific IP address blocks reserved and able to be used for extending internal network. We call it Private IP address and list below: Class A 10.0.0.0 --- 10.255.255.255 Class B 172.16.0.0 --- 172.31.255.
In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.128, contains 126 members in the sub-netted network. Another is that the length of network prefix equals the number of the bit with 1s in that subnet mask. With this, you can easily count the number of IP addresses matched. The following table shows the result. Prefix Length No. of IP matched No.
First, IP Address: as shown above, enter “192.168.1.226”, for instance. For sure, an IP address such as 192.168.1.x must be set on your PC. Second, Subnet Mask: as shown above, enter “255.255.255.0”. Any subnet mask such as 255.255.255.x is allowable in this case. DNS: The Domain Name Server translates human readable machine name to IP address. Every machine on the Internet has a unique IP address. A server generally has a static IP address.
1.6 Typical Applications The 24+2-port Gigabit L2 Managed Switch supported comprehensive fiber types of connection, including LC, BiDi LC for SFP. For more details on the specification of the switch, please refer to Appendix A. The switch is suitable for the following applications. ¾ Central Site/Remote site application is used in carrier or ISP It is a system wide basic reference connection diagram. This diagram demonstrates how the switch connects with other network devices and hosts.
18 ¾ Peer-to-peer application is used in two remote offices ¾ Office Network Connection VigorSwitch P2261 User’s Guide
Chapter 2: Operation of Web-based Management This chapter instructs you how to configure and manage the switch through the web user interface it supports, to access and manage the switch. With this facility, you can easily access and monitor through any one port of the switch all the status of the switch, including MIBs status, each port activity, Spanning tree status, port aggregation status, multicast traffic, VLAN and priority status, even illegal access record and so on.
2.1 Web Management Home Overview After you login, the switch shows you the system information as below. This page is default and tells you the basic information of the system, including “Model Name”, “System Description”, “Location”, “Contact”, “Device Name”, “System Up Time”, “Current Time”, “BIOS Version”, “Firmware Version”, “Hardware-Mechanical Version”, “Serial Number”, “Host IP Address”, “Host MAC Address”, “Device Port”, “RAM Size”, “Flash Size” and “CPU Load”.
2.1.1 The Information of Page Layout On the top side, it shows the front panel of the switch. In the front panel, the linked ports will display green; as to the ports, which are link off, they will be dark. For the optional modules, the slot will show only a cover plate if no module exists and will show a module if a module is present. The image of module depends on the one you inserted. The same, if disconnected, the port will show just dark, if linked, green.
2.2 System 2.2.1 System Information - Information Function name: System Information Function description: Show the basic system information. Parameter description: 22 Model name: The model name of this device. System description: Display what the device’s description. Location: Set the location of the switch where it was located. Contact: For easily managing and maintaining device, you may write down the contact person and phone here for getting help soon.
Host IP address: The IP address of the switch. Subnet Mask: Displays the IP subnet mask assigned to the device. Gateway IP Address: Displays the default gateway IP address assigned to the device. Host MAC address: It is the Ethernet MAC address of the management agent in this switch. Console Baudrate Displays the baudrate of RS232(COM) port. RAM size: The size of the DRAM in this switch. Flash size: The size of the flash memory in this switch.
System Name An administratively assigned name for this managed node. By convention, this is the node's fully-qualified domain name. A domain name is a text string drawn from the alphabet (A-Za-z), digits (0-9), minus sign (-). No space characters are permitted as part of a name. The first character must be an alpha character. And the first or last character must not be a minus sign. The allowed string length is 0 to 255. System Location The physical location of this node(e.g.
2.2.4 NTP & Time Configuration Function name: NTP & Time Configuration Function description: This page configures the switch Time. Time configure is including Time Configuration and NTP Configuration. The switch provides manual and automatic ways to set the system time via NTP. Manual setting is simple and you just input “Year”, “Month”, “Day”, “Hour”, “Minute” and “Second” within the valid value range indicated in each item.
And when the time passes over the ending time, the system time will be decreased one hour after one minute at the time since it passed over. The switch supports valid configurable day light saving time is –5 ~ +5 step one hour. The zero for this parameter means it need not have to adjust current time, equivalent to in-act daylight saving. You don’t have to set the starting/ending date as well.
administrator/guest identity in the field of Authorization in advance before configuring the username and password. Only one administrator is allowed to exist and unable to be deleted. In addition, up to 4 guest accounts can be created. The default setting for user account is: Username: admin Password: admin Parameter description: User Name The name identifying the user. This is also a link to edit the user. Privilege Level The privilege level of the user. The allowed range is 1 to 15.
User Name – The name identifying the user. This is also a link to Add/Edit User. A string identifying the user name that this entry should belong to. The allowed string length is 1 to 32. The valid user name is a combination of letters, numbers and underscores. Password – Type a password of the user. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126. Password (again) – Type the new password again to confirm the setting.
Parameter description: Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them contains more than one. Privilege Levels Every group has an authorization Privilege level. After finished the above settings, click Apply to save the configuration. 2.2.7 IP Configuration – IPv4 IP is an acronym for Internet Protocol. It is a protocol used for communicating data across an internet network.
Configure the switch-managed IP information on this page. z The Configured column is used to view or change the IP configuration. z The Current column is used to show the active IP configuration. Parameter description: DHCP Client Enable the DHCP client by checking this box. If DHCP fails and the configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP address is non-zero, DHCP will stop and the configured IP settings will be used.
Function name: IPv6 Function description: Describe how to configure the switch-managed IPv6 information. The Configured column is used to view or change the IPv6 configuration. And the Current column is used to show the active IPv6 configuration. Configure the switch-managed IP information on this page. z The Configured column is used to view or change the IP configuration. z The Current column is used to show the active IP configuration.
shorthand way of representing multiple 16-bit groups of contiguous zeros; but it can only appear once. It can also represent a legally valid IPv4 address. . For example, '::192.1.2.34'. After finished the above settings, click Apply to save the configuration. 2.2.9 Port – General Setup Port configuration is applied to change the setting of each port. In this configuration function, you can set/reset the following functions. All of them are described in detail below.
media is 1Gbps fiber, it is always 1000Mbps and the duplex is full only. If the media is TP, the Speed/Duplex is comprised of the combination of speed mode, 10/100/1000Mbps, and duplex mode, full duplex and half duplex. The following table summarized the function the media supports. In Auto mode, no default value. In Forced mode, default value depends on your setting.
Enabled: Both link up and link down power savings enabled. After finished the above settings, click Apply to save the configuration. 2.2.10 Port – Traffic Overview Function name: Traffic Overview Function Description: It describes to the Port statistics information and provides overview of general traffic statistics for all switch ports. The ports belong to the currently selected stack unit, as reflected by the page header Parameter Description: 34 Port Display the port number. The number is 1 – 24.
2.2.11 Port - Detailed Statistics The section describes how to provide detailed traffic statistics for a specific switch port. Use the port select box to select which switch port details to display. The selected port belongs to the currently selected stack unit, as reflected by the page header. Function name: Detailed Statistics Function description: The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.
based on their respective frame sizes. Receive and Transmit Queue Counters The number of received and transmitted packets per input and output queue. RX 64 Bytes Number of 64-byte frames in good and bad packets received. RX 65-127 Bytes Number of 65 ~ 127-byte frames in good and bad packets received. RX 128-255 Bytes Number of 128 ~ 255-byte frames in good and bad packets received. RX 256-511 Bytes Number of 256 ~ 511-byte frames in good and bad packets received.
QoS Statistics Function description: The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit. Parameter description: Port The logical port for the settings contained in the same row. Q1 – Qn There are several QoS queues per port. Q0 is the lowest priority queue. Rx/Tx The number of received and transmitted packets per queue.
2.2.13 Port - SFP Information Function name: SFP Information Function description: The section describes that switch could display the SFP module detail information which you connect it to the switch. The information includes: Connector type, Fiber type, wavelength, baud rate and Vendor OUI etc. Parameter description: 38 Connector Type Display the connector type, for instance, UTP, SC, ST, LC and so on. Fiber Type Display the fiber mode, for instance, Multi-Mode, Single-Mode.
Mon1(Bias) Show the Bias current of SFP module. Mon2(TX PWR) Show the transmit power of SFP module. Mon3(RX PWR) Show the receiver power of SFP module. 2.2.14 Port - EEE EEE is a power saving option that reduces the power usage when there is very low traffic utilization (or no traffic). EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted all circuits are powered up. The time it takes to power up the circuits is named wakeup time.
EEE Urgent Queues Queues set will activate transmission of frames as soon as any data is available. Otherwise the queue will postpone the transmission until 3000 bytes are ready to be transmitted. After finished the above settings, click Apply to save the configuration. 2.2.15 Loop Protection – General Setup The loop protection is used to detect the presence of traffic. When switch receives packet’s (looping detection frame) MAC address the same as oneself from port, show Loop detection happens.
Port Configuration Port Display the port number. The number is 1 – 26. Enable When Port No is chosen, and enable port's Loop detection, the port can detect loop happens. When Port-No is chosen, enable port's Loop detection, and the port detects loop happen, port will be locked. If Loop did not happen, port maintains Unlocked. Action Configures the action performed when a loop is detected on a port. Valid values are Shutdown Port, Shutdown Port and Log or Log Only.
Loop Display Whether a loop is currently detected on the port. Time of Last Loop Display the time of the last loop event detected. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. 2.2.17 Trap Event Severity Function name: Trap Event Severity Function description: The function is used to set a Alarm trap and get the Event log.
<1> Alert: Action must be taken immediately. <2> Critical: Critical conditions. <3> Error: Error conditions. <4> Warning: Warning conditions. <5> Notice: Normal but significant conditions. <6> Information: Information messages. <7> Debug: Debug-level messages. After finished the above settings, click Apply to save the configuration. Or, click Reset to cancel the settings just made. 2.2.
Enable: Enable SNMP state operation. Disable: Disable SNMP state operation. Default: Enable. Engine ID SNMPv3 engine ID. syntax: 0-9,a-f,A-F, min 5 octet, max 32 octet, fifth octet can't input 00. IF change the Engine ID that will clear all original user. After finished the above settings, click Apply to save the configuration. 2.2.19 SNMP – General Setup Function name: General Setup Function description: This function is used to configure general settings for SNMP.
SNMPv1 or SNMPv2c. Mode Indicate the Set Community mode operation. Possible modes are: Enabled: Enable Set Community. Disabled: Disable Set Community. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.2.20 SNMP – Communities Function name: Communities Function description: This function is used to configure SNMPv3 communities. The Community and User Name are unique.
Community – Indicates the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string. User Name – The length of “User Name” string is restricted to 1-32, and the allowed content is ASCII characters from 33 to 126. Source IP – Indicates the SNMP access source address.
Security Level Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy. The value of security level cannot be modified if entry already exists. That means it must first be ensured that the value is set correctly. Authentication Protocol Indicates the authentication protocol that this entry should belong to.
2.2.22 SNMP – Groups Function name: Groups Function description: This function is used to configure SNMPv3 group. To create a new group account, please click the Add new group button, and enter the group information then click Apply. Max Group Number: v1: 2, v2: 2, v3:10. Parameter Description: Delete Click it to delete the selected user setting. Security Model Indicates the security model that this entry should belong to. Possible security models are: v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c.
2.2.23 SNMP – Views Function name: Views Function description: This function is used to configure SNMPv3 view. The Entry index key includes OID Subtree and View Name. To create a new view account, please click the Add new view button, and enter the view information then click Apply. Max Group Number: 28. Parameter Description: Delete Click it to delete the selected user setting. View Name A string identifying the view name that this entry should belong to.
After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.2.24 SNMP – Access Function name: Access Function description: This function is used to configure SNMPv3 accesses. The Entry index key are Group Name, Security Model and Security level. To create a new access account, please click the Add new access button, and enter the access information then click Apply.
Security Level Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy. Read View Name The name of the MIB view defines the MIB objects for which this request may request the current values. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126.
2.2.25 SNMP – Trap Function name: Trap Function description: This function is used to configure SNMP trap. To create a new trap account, please click the No number link, and enter the trap information then click Apply. Max Group Number : 6. Parameters description: Delete Click to delete the entry. No Number link for Trap Host configuration. Version Display the version of the trap host. Server IP Display the SNMP Host IP address. UDP Port Display the port number for UDP.
Parameters description: Trap Version You may choose v1, v2c or v3 trap. Server IP Type the SNMP Host IP address. UDP Port Type the port number. Default: 162 Community / Security Name The length of “Community / Security Name” string is restricted to 1-32. Severity Level Indicates what kind of message will send to Security Level. Possible modes are: Info: Send information, warnings and errors. Warning: Send warnings and errors. Error: Send errors. Security Level There are three kinds of choices.
2.2.26 System Log – General Setup Function name: System Log – General Setup Function description: The Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It can be used as well a generalized informational, analysis and debugging messages. It is supported by a wide variety of devices and receivers across multiple platforms.
Notice: Send Emerg, Alert, Crit, Error, Warning, Notice Info: Send Emerg, Alert, Crit, Error, Warning, Notice, Info Debug: Send everything, i.e. all After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.2.27 System Log – Log Function name: System Log – Log Function description: It describes that display the system log information of the switch. Parameters description: ID ID (>= 1) of the system log entry. Level Level of the system log entry.
2.2.28 System Log – Detailed Log Function name: System Log – Detailed Log Function description: It describes that display the detailed log information of the switch Parameters description: 56 ID ID (>= 1) of the system log entry. Message The detailed message of the system log entry. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button.
2.2.29 SMTP General Setup Function name: SMTP General Setup Function description: The function is used to set an Alarm trap when the switch alarm then you could set the SMTP server to send you the alarm mail. Parameters description: Mail Server Specify the IP Address of the server transferring your email. Username Specify the username on the mail server. Password Specify the password on the mail server. Sender Set the mail sender name.
2.2.30 sFlow Agent - Collector Function name: sFlow Agent - Collector Function description: The sFlow Collector configuration for the switch can be monitored and modified here. Up to 1 Collector is supported. This page allows for configuring sFlow collector IP type, sFlow collector IP Address, Port Number, for each sFlow Collector. The "Current " field displays the currently configured sFlow Collector. The "Configured" field displays the new Collector Configuration.
be configured. By default, the port's number is 6343. Time Out It is the duration during which the collector receives samples. Once it is expired the sampler stops sending the samples. It is through the management the value is set before it expires. The value accepted is within the range of 0-2147483647. By default it is set to 0. Datagram Size It is the maximum UDP datagram size to send out the sFlow samples to the receiver. The value accepted is within the range of 200-1500 bytes.
scroll to choice one for your sampler type. By default, The value is “None”. Sampling Rate –Configured sampling rate on the ports. Max Hdr Size – Configured size of the header of the sampled frame. Counter Sampling Counter sampling performs periodic, time-based sampling or polling of counters associated with an interface enabled for sFlow.Attribute associated with counter sampling is polling interval. Polling Interval - Configured polling interval for the counter sampling.
To make it operational the receiver time_out has to remain alive. When operational, the sample rate 'N' is rounded off to the nearest possible value. Max Hdr Size Configures the size of the header of the sampled frame to be copied to the Queue for further processing. The Max header size ranges from 14 to 200 bytes. Default is 128 bytes. Polling Interval Configures the polling interval for the counter sampling. It decides at what regular intervals the counter should be polled for statistics.
Parameters description: Hash Code Contributors Source MAC Address - The Source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the Source MAC address, or uncheck to disable. By default, Source MAC Address is enabled. Destination MAC Address - The Destination MAC Address can be used to calculate the destination port for the frame. Check to enable the use of the Destination MAC Address, or uncheck to disable. By default, Destination MAC Address is disabled.
2.3.2 Aggregation – LACP – General Setup Ports using Link Aggregation Control Protocol (according to IEEE 802.3ad specification) as their trunking method can choose their unique LACP GroupID to form a logic “trunked port”. The benefit of using LACP is that a port makes an agreement with its peer port before it becomes a ready member of a “trunk group” (also called aggregator). LACP is safer than the other trunking method - static trunk.
2.3.3 Aggregation – LACP – System Status Function name: Aggregation – LACP – System Status Function description: The function describes that when you complete to set LACP function on the switch then it provides a status overview for all LACP instances. Parameters description: Aggr ID The Aggregation ID associated with this aggregation instance. For LLAG the id is shown as 'isid:aggr-id' and for GLAGs as 'aggr-id'. Partner System ID The system ID (MAC address) of the aggregation partner.
2.3.4 Aggregation –LACP – Port Status & Statistics Function name: Aggregation –LACP – Port Status & Statistics Function description: The function shows a Port Status and Statistics overview for all LACP instances when you complete to set LACP function on the switch. Parameters description: Port The switch port number. LCAP 'Yes' means that LACP is enabled and the port link is up. 'No' means that LACP is not enabled or that the port link is down.
Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.5 Spanning Tree – Bridge Settings The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers.
Parameters description: Basic Settings Protocol Version The STP protocol version setting. Valid values are STP, RSTP and MSTP. Bridge Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. For MSTP operation, this is the priority of the CIST. Otherwise, this is the priority of the STP/RSTP bridge.
the error-disabled state, and will be removed from the active topology. Port Error Recovery Control whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot. Port Error Recovery Timeout The time to pass before a port in the error-disabled state can be enabled. Valid values are between 30 and 86400 seconds (24 hours).
spanning trees for MSTI's (Intra-region). The name is at most 32 characters. Configuration Revision The revision of the MSTI configuration named above. This must be an integer between 0 and 65535. MSTI Mapping MSTI The bridge instance. The CIST is not available for explicit mapping, as it will receive the VLANs not explicitly mapped. VLANs Mapped The list of VLANs mapped to the MSTI. The VLANs must be separated with comma and/or space. A VLAN can only be mapped to one MSTI.
better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.8 Spanning Tree – CIST Ports When you implement a Spanning Tree protocol on the switch for the bridge instance, you need to configure the CIST Ports.
cleared. (The initial operEdge state when a port is initialized). Auto Edge Controls whether the bridge should enable automatic edge detection on the bridge port. This allows operEdge to be derived from whether BPDU's are received on the port or not. Restricted Role If enabled, causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected.
2.3.9 Spanning Tree – MSTI Ports An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options. It contains MSTI port settings for physical and aggregated ports. The aggregation settings are stack global.
Port The switch port number of the corresponding STP CIST (and MSTI) port. Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network. Lower path cost ports are chosen as forwarding ports in favour of higher path cost ports.
Root Port The switch port currently assigned the root port role. Root Cost Root Path Cost. For the Root Bridge it is zero. For all other Bridges, it is the sum of the Port Path Costs on the least cost path to the Root Bridge. Topology Flag The current state of the Topology Change Flag of this Bridge instance. Topology Change Last The time since last Topology Change occurred. 2.3.
Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. 2.3.12 Spanning Tree – Port Statistics After you complete the STP configuration, you could to let the switch display the STP Statistics. Function name: Spanning Tree – Port Statistics Function description: The function is used to ask switch to display the STP Statistics detail counters of bridge ports in the currently selected switch.
use mouse to click on “Refresh” button. Clear The simple counts will be reset to zero when user use mouse to click on “Clear” button. 2.3.13 IGMP Snooping – General Setup A switch supported IGMP Snooping with the functions of query, report and leave, a type of packet exchanged between IP Multicast Router/Switch and IP Multicast Host, can update the information of the Multicast table when a member (port) joins or leaves an IP Multicast Destination Address.
Unregistered IPMC Flooding enabled Enable unregistered IPMC traffic flooding. IGMP SSM Range SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers run the SSM service model for the groups in the address range. Format: (IP address/ sub mask) Proxy Enabled Enable IGMP Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side. Port Related Configuration Port The switch port number.
2.3.14 IGMP Snooping – VLAN General Setup Function name: IGMP Snooping – VLAN General Setup Function description: The section describes the VLAN configuration setting process integrated with IGMP Snooping function. For each setting page shows up to 99 entries from the VLAN table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table.
used to calculate the Maximum Response Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds; default query response interval is 100 in tenths of seconds (10 seconds). LLQI Last Listener Query Interval. The Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages.
80 VigorSwitch P2261 User’s Guide
Parameters description: Delete Click to delete the entry. Port The logical port for the settings. Filtering Groups The IP Multicast Group that will be filtered. Add new Filtering Group Click to add a new filtering group. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.16 IGMP Snooping – Status After you complete the IGMP Snooping configuration, you could to let the switch display the IGMP Snooping Status.
V2 Leaves Received The number of Received V2 Leaves. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. Clear The simple counts will be reset to zero when user use mouse to click on “Clear” button. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.
Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. 2.3.18 IGMP Snooping- IPv4 SSM Information Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many applications, also known as broadcast applications. SSM is a core network technology of IP multicast targeted for audio and video broadcast application environments.
Parameters description: VLAN ID VLAN ID of the group. Group Group address of the group displayed. Port Switch port number. Mode Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude. Source Address IP Address of the source. Currently, system limits the total number of IP source addresses for filtering to be 128. Type Indicates the Type. It can be either Allow or Deny.
address, it forwards that traffic only to ports on the VLAN that have MLD hosts for that address. It drops that traffic for ports on the VLAN that have no MLD hosts Function name: MLD Snooping – General Setup Function description: The function is used to configure the MLD Snooping basic configuration and the parameters. Parameters description: MLD Snooping Configuration Snooping Enabled Enable the Global MLD Snooping. Unregistered IPMCv6 Flooding enabled Enable unregistered IPMCv6 traffic flooding.
Port Related Configuration Port Switch port number. Router Port Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Fast Leave Enable the fast leave on the port. Throttling Enable to limit the number of multicast groups to which a switch port can belong.
Parameters description: VLAN ID The VLAN ID of the entry. Snooping Enabled Enable the per-VLAN MLD Snooping. Only up to 64 VLANs can be selected. MLD Querier Enable the IGMP Querier in the VLAN. RV Robustness Variable. The Robustness Variable allows tuning for the expected packet loss on a link. The allowed range is 1 to 255, default robustness variable value is 2. QI Query Interval. The Query Interval variable denotes the interval between General Queries sent by the Querier.
2.3.21 MLD Snooping – Port Group Filtering Function name: MLD Snooping – Port Group Filtering Function description: The function is used to set the Port Group Filtering in the MLD Snooping function. On the web page, that you could add a new filtering group and safety policy. Parameters description: 88 Delete Click to delete the entry. Port The logical port for the settings. Filtering Groups The IP Multicast Group that will be filtered. Add new Filtering Group Click to add a new filtering group.
After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.22 MLD Snooping – Status Function name: MLD Snooping – Status Function description: The function is used to display the MLD Snooping Status and detail information. Parameters description: VLAN ID The VLAN ID of the entry. Querier Version Working Querier Version currently. Host Version Working Host Version currently. Querier Status Shows the Querier status is "ACTIVE" or "IDLE".
2.3.23 MLD Snooping – Groups Information Function name: MLD Snooping – Groups Information Function description: The function describes how a user could set the MLD Snooping Groups Information. The "Start from VLAN", and "group" input fields allow the user to select the starting point in the MLD Group Table. Each page shows up to 99 entries from the MLD Group table, default being 20, selected through the "entries per page" input field.
2.3.24 MLD Snooping- IPv6 SSM Information Function name: MLD Snooping- IPv6 SSM Information Function description: The section describes the user to configure the Entries in the MLDv2 Information Table are shown on this page. The MLDv2 Information Table is sorted first by VLAN ID, then by group, and then by Port No. Different source addresses belong to the same group are treated as single entry.
2.3.25 MVR – General Setup The MVR feature enables multicast traffic forwarding on the Multicast VLAN. In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. When a subscriber selects a channel, the set-top box or PC sends an IGMP join message to Switch A to join the appropriate multicast.
2.3.26 MVR - Group Information Function name: MVR - Group Information Function description: The function is to display the MVR Groups detail information on the switch. Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID, and then by group. Parameters description: VLAN ID VLAN ID of the group. Groups Group ID of the group displayed. Port Members Ports under this group. Auto refresh The simple counts will be refreshed automatically on the UI screen.
2.3.27 MVR – Statistics Function name: MVR – Statistics Function description: The function is used to display the MVR detail Statistics after you had configured MVR on the switch. It provides the detail MVR Statistics Information. Parameters description: 94 VLAN ID The Multicast VLAN ID. V1 Reports Received The number of Received V1 Reports. V2 Reports Received The number of Received V2 Reports. V3 Reports Received The number of Received V3 Reports.
2.3.28 LLDP – LLDP General Setup The switch supports the LLDP. For current information on your switch model, The Link Layer Discovery Protocol (LLDP) provides a standards-based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices.
rebooted, an LLDP shutdown frame is transmitted to the neighboring units, signaling that the LLDP information isn't valid anymore. Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization. Valid values are restricted to 1 - 10 seconds. 96 Port The switch port number of the logical LLDP port. Mode Select LLDP mode. Rx only The switch will not send out LLDP information, but LLDP information from neighbour units is analyzed.
Sys Descr Optional TLV: When checked the "system description" is included in LLDP information transmitted. Sys Capa Optional TLV: When checked the "system capability" is included in LLDP information transmitted. Mgmt Addr Optional TLV: When checked the "management address" is included in LLDP information transmitted. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.
2. Repeater 3. Bridge 4. WLAN Access Point 5. Router 6. Telephone 7. DOCSIS cable device 8. Station only 9. Reserved When a capability is enabled, the capability is followed by (+). If the capability is disabled, the capability is followed by (-). Management Address Management Address is the neighbour unit's address that is used for higher layer entities to assist discovery by the network management. This could for instance hold the neighbour's IP address.
Parameters description: Fast start repeat count Fast start repeat count VigorSwitch P2261 User’s Guide Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general.
It should be noted that LLDP-MED and the LLDP-MED Fast Start mechanism is only intended to run on links between LLDP-MED Network Connectivity Devices and Endpoint Devices, and as such does not apply to links between LAN infrastructure elements, including Network Connectivity Devices, or other types of links. Coordinates Location Latitude Latitude SHOULD be normalized to within 0-90 degrees with a maximum of 4 digits.
prefecture). County County, parish, gun (Japan), district. City City, township, shi (Japan) - Example: Copenhagen. City district City division, borough, city district, ward, chou (Japan). Block (Neighbourhood) Neighbourhood, block. Street Street - Example: Poppelvej. Leading street direction Leading street direction - Example: N. Trailing street suffix Trailing street suffix - Example: SW. Street suffix Street suffix - Example: Ave, Platz. House no. House number - Example: 21. House no.
environments that frequently result in voice quality degradation or loss of service. Policies are only intended for use with applications that have specific 'real-time' network policy requirements, such as interactive voice and/or video services. The network policy attributes advertised are: 1. Layer 2 VLAN ID (IEEE 802.1Q-2003) 2. Layer 2 priority value (IEEE 802.1D-2004) 3.
3. Guest Voice - support a separate 'limited feature-set' voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services. 4. Guest Voice Signaling (conditional) - for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media.
eight priority levels (0 through 7), as defined by IEEE 802.1D-2004. A value of 0 represents use of the default priority as defined in IEEE 802.1D-2004. DSCP DSCP value to be used to provide Diffserv node behaviour for the specified application type as defined in IETF RFC 2474. DSCP may contain one of 64 code point values (0 through 63). A value of 0 represents use of the default DSCP value as defined in RFC 2475. Adding a new policy Click to add a new policy.
2.3.31 LLDP – LLDP-MED Neighbours This page provides a status overview of all LLDP-MED neighbours. The displayed table contains a row for each port on which an LLDP neighbour is detected. Function name: LLDP – LLDP-MED Neighbours Function description: This function applies to VoIP devices which support LLDP-MED. Parameters description: Port The port on which the LLDP frame was received.
framework. Within the LLDP-MED Endpoint Device category, the LLDP-MED scheme is broken into further Endpoint Device Classes, as defined in the following. Each LLDP-MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class.
LLDP-MED Capabilities LLDP-MED Capabilities describes the neighbour unit's LLDP-MED capabilities. The possible capabilities are: 1. LLDP-MED capabilities 2. Network Policy 3. Location Identification 4. Extended Power via MDI - PSE 5. Extended Power via MDI - PD 6. Inventory 7. Reserved Application Type Application Type indicating the primary function of the application(s) defined for this network policy, advertised by an Endpoint or Network Connectivity Device.
type is currently unknown. Defined: The network policy is defined. TAG TAG is indicative of whether the specified application type is using a tagged or an untagged VLAN. Can be Tagged or Untagged. Untagged: The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802.1Q-2003. Tagged: The device is using the IEEE 802.1Q tagged frame format. 108 VLAN ID VLAN ID is the VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003.
2.3.32 LLDP – EEE By using EEE power savings can be achieved at the expense of traffic latency. This latency occurs due to that the circuits EEE turn off to save power, need time to boot up before sending traffic over the link. This time is called "wakeup time". To achieve minimal latency, devices can use LLDP to exchange information about their respective tx and rx "wakeup time ", as a way to agree upon the minimum wakeup time they need.
echoed values from the remote link partner it can determine whether or not the remote link partner has received, registered and processed its most recent values. For example, if the local link partner receives echoed parameters that do not match the values in its local MIB, then the local link partner infers that the remote link partners request was based on stale information. 110 Echo Rx Tw The link partner's Echo Rx Tw value. Resolved Tx Tw The resolved Tx Tw for this link.
2.3.33 LLDP – Port Statistics Function name: LLDP – Port Statistics Function description: Two types of counters are shown. Global counters are counters that refer to the whole stack, switch, while local counters refer to per port counters for the currently selected switch. Parameters description: Global Counters Neighbour entries were last changed on It also shows the time when the last entry was last deleted or added. It also shows the time elapsed since the last change was detected.
internal table has run full, the LLDP frame is counted and discarded. This situation is known as "Too Many Neighbours" in the LLDP standard. LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table. Entries are removed from the table when a given port's link is down, an LLDP shutdown frame is received, or when the entry ages out.
Parameters description: Primary Power Supply [W] The switch can have PoE power supplies. It is used as power source, For being able to determine the amount of power the PD may use, it must be defined what amount of power the power sources can deliver. Port This is the logical port number for this row. PoE State The PoE Mode represents the PoE operating mode for the port. Disabled: PoE disabled for the port. Enabled : Enables PoE IEEE 802.3af/at. Priority The Priority represents the ports priority.
Function description: This page allows the user to inspect the current status for all PoE ports.The section show all port Power Over Ethernet Status. Parameters description: Local Port This is the logical port number for this row. PD Class To display the PD Power class that identify with a specified current. The classification current describes the amount of power the PD will require during normal operation.
Set the delay time for PoE power supply. Parameters description: Delay Mode Enable/Disable this function. Delay Time (0-300 sec) Set the delay time for power mode. 2.3.37 PoE – Auto Checking Function name: PoE – Auto Checking Parameters description: Ping Check Check the device with PING command. Ping IP Address Type the IP address of the device.
Interval Time (sec) Set the time interval for PING command. Retry Time Set the retry time for performing the PING command. Failure Log Log the failure status. Failure Action Select the action for device failure. Reboot Tim (sec) Set the time to reboot the device. 2.3.38 PoE – Schedule Function name: PoE –Schedule Parameters description: Port Specify the Port number to apply such function. Status Enable / Disable this function. Start Date Set the starting date for such schedule profile.
static and dynamic entries. The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports. The frames also contain a MAC address (SMAC address), which shows the MAC address of the equipment sending the frame. The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses.
MAC-Based Authentication under 802.1X. Disable No learning is done. Secure Only static MAC entries are learned, all other frames are dropped. Note: Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode, otherwise the management link is lost and can only be restored by using another non-secure port or by connecting to the switch via the serial interface. Static MAC Table Configuration Delete Click to delete the entry.
Type Indicates whether the entry is a static or a dynamic entry. MAC address The MAC address of the entry. VLAN The VLAN ID of the entry. Port Members The ports that are members of the entry. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. Clear The simple counts will be reset to zero when user use mouse to click on “Clear” button. 2.3.
Delete Click it to delete the entry. VLAN ID Indicates the ID of this particular VLAN. VLAN Name Indicates the name of VLAN. VLAN Name can only contain alphabets or numbers. VLAN name should contain at least one alphabet. VLAN name can be edited for the existing VLAN entries or it can be added to the new entries. Port Members A row of check boxes for each port is displayed for each VLAN ID. To include a port in a VLAN, check the box.
Parameters description: Ethertype for Custom S-ports This field specifies the ether type used for Custom S-ports. This is a global setting for all the Custom S-ports. Port This is the logical port number of this row. Port Type Port can be one of the following types: Unaware, Customer port(C-port), Service port(S-port), Custom Service port(S-custom-port) If Port Type is Unaware, all frames are classified to the Port VLAN ID and tags are not removed.
Trunk: all tagged frames with any tag value are transmitted. Access: The tag of any tagged frame will be removed to become an untagged frame. These untagged frames will be transmitted. PVID Configures the VLAN identifier for the port. The allowed values are 1 through 4095. The default value is 1. Note: The port must be a member of the same VLAN as the Port VLAN ID. After finished the above settings, click Apply to save the configuration. The settings will take effect.
2.3.43 VLAN – Switch Status Function name: VLAN – Switch Status Function description: The function is used to gather the information of all VLAN status and report it by the order of Static NAS MVRP MVP Voice VLAN MSTP GVRP Combined. Parameters description: VLAN USER VLAN User module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID.
multicast traffic for subscribers in each VLAN. Multicast traffic for all channels is sent only on a single (multicast) VLAN. Voice VLAN: Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones. MSTP: The 802.1s Multiple Spanning Tree protocol (MSTP) uses VLANs to create multiple spanning trees in a network, which significantly improves network resource utilization while maintaining a loop-free environment. VLAN ID Indicates the ID of this particular VLAN.
CLI/Web/SNMP: These are referred to as static. NAS: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. GVRP: GARP VLAN Registration Protocol (GVRP) allows dynamic registration and deregistration of VLANs on ports on a VLAN bridged network. MVR: MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN. Multicast traffic for all channels is sent only on a single (multicast) VLAN.
UVID Shows UVID (untagged VLAN ID). Port's UVID determines the packet's behaviour at the egress side. Conflicts Shows status of Conflicts whether exists or not. When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration, the following conflicts can occur: Functional Conflicts between features. Conflicts due to hardware limitation. Direct conflict between user modules. Auto refresh The simple counts will be refreshed automatically on the UI screen.
Parameters description: Delete Check this box to delete the entry. Private VLAN ID Indicates the ID of this particular private VLAN. Port Members A row of check boxes for each port is displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked. Adding a New Private VLAN Click to add a new private VLAN ID.
2.3.46 VLAN – Private VLANs – Port Isolation Port Isolation provides for an apparatus and method to isolate ports on layer 2 switches on the same VLAN to restrict traffic flow. The apparatus comprises a switch having said plurality of ports, each port configured as a protected port or a non-protected port. An address table memory stores an address table having a destination address and port number pair.
2.3.47 VLAN – MAC-based VLAN – General Setup MAC address-based VLAN decides the VLAN for forwarding an untagged frame based on the source MAC address of the frame. A most common way of grouping VLAN members is by port, hence the name port-based VLAN. Typically, the device adds the same VLAN tag to untagged packets that are received through the same port. Later on, these packets can be forwarded in the same VLAN.
Port Members A row of check boxes for each port is displayed for each MAC-based VLAN entry. To include a port in a MAC-based VLAN, check the box. To remove or exclude the port from the MAC-based VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked. Add new entry Click it to add a new MAC-based VLAN entry. An empty row is added to the table, and the MAC-based VLAN entry can be configured as needed.
2.3.48 VLAN – MAC-based VLAN – Status Function name: VLAN – MAC-based VLAN – Status Function description: The function is used to show MAC-based VLAN entries configured by various MAC-based VLAN users. Note: NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. Parameters description: MAC Address Indicates the MAC address. VLAN ID Indicates the VLAN ID. Port Members Port members of the MAC-based VLAN entry.
2.3.49 VLAN – Protocol-based VLAN – Protocol Group This section describe Protocol -based VLAN, The Switch support Protocol include Ethernet LLC SNAP Protocol, and LLC. The Logical Link Control (LLC) data communication protocol layer is the upper sub-layer of the Data Link Layer (which is itself layer 2, just above the Physical Layer) in the seven-layer OSI reference model.
following text field will vary depending on the new frame type you selected. Value Valid value that can be entered in this text field depends on the option selected from the preceding Frame Type selection menu. Below is the criteria for three different Frame Types: z For Ethernet: Values in the text field when Ethernet is selected as a Frame Type is called etype. Valid values for etype ranges from 0x0600-0xffff z For LLC: Valid value in this case is comprised of two different sub-values. a.
2.3.50 VLAN – Protocol-based VLAN – Group to VLAN Function name: VLAN – Protocol-based VLAN – Group to VLAN Function description: The function is used to map an already configured Group Name to a VLAN for the selected item. Parameters description: 134 Delete Check this box to delete the entry. Group Name A valid Group Name is a string of at most 16 characters which consists of a combination of alphabets (a-z or A-Z) and integers (0-9), no special character is allowed.
Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.51 Voice VLAN – General Setup Voice VLAN is VLAN configured specially for voice traffic. By adding the ports with voice devices attached to voice VLAN, we can perform QoS-related configuration for voice data, ensuring the transmission priority of voice traffic and voice quality.
security mode or auto detect mode is enabled. In other cases, it will be based on hardware aging time. The actual aging time will be situated between the [age_time; 2 * age_time] interval. Traffic Class Indicates the Voice VLAN traffic class. All traffic on the Voice VLAN will apply this class. Port Configuration Port Switch port number. Mode Indicates the Voice VLAN port mode. When the port mode isn't equal disabled, we must disable MSTP feature before we enable Voice VLAN.
2.3.52 Voice VLAN – QUI Function name: Voice VLAN – QUI Function description: The function is used to Configure VOICE VLAN OUI table. The maximum entry number is 16. Modifying the OUI table will restart auto detection of OUI process. Parameters description: Delete Check this box to delete the entry. Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is "xx-xx-xx" (x is a hexadecimal digit).
of operation, state machines and variables for the registration and de-registration of attribute values. A GARP participation in a switch or an end station consists of a GARP application component, and a GARP Information Declaration (GID) component associated with each port or the switch. The propagation of information between GARP participants for the same application in a bridge is carried out by the GARP Information Propagation (GIP) component.
machine will operate normally in GARP protocol exchanges. z non-participate: In this mode the Applicant state machine will not participate in the protocol operation. The default configuration is normal participant. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.
After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.55 GVRP – General Setup GVRP is an application based on Generic Attribute Registration Protocol (GARP), mainly used to automatically and dynamically maintain the group membership information of the VLANs. The GVRP offers the function providing the VLAN registration service through a GARP application.
GVRP Mode Enable/disable GVRP Mode on this port. The default configuration is Disable. GVRP Role Enable/disable GVRP role on this port. The default configuration is Disable. Join Tx Count Explain Join Tx Count here. Leave Tx Count Explain Leave Tx Count here. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button.
Parameters description: Port The port number for which the configuration below applies. QoS class Controls the default QoS class, i.e., the QoS class for frames not classified in any other way. There is a one to one mapping between QoS class, queue and priority. A QoS class of 0 (zero) has the lowest priority. DP level Controls the default DP level, i.e., the DP level for frames not classified in any other way. PCP Controls the default PCP for untagged frames.
2.3.57 QoS – Port Policing Function name: QoS – Port Policing Function description: The function is used to provide an overview of f QoS Ingress Port Policers for all switch ports. The Port Policing is useful in constraining traffic flows and marking frames above specific rates. Policing is primarily useful for data flows and voice or video flows because voice and video usually maintains a steady rate of traffic. Parameters description: Port The port number for which the configuration below applies.
2.3.58 QoS – Port Scheduler Function name: QoS – Port Scheduler Function description: The function is used to provide an overview of QoS Egress Port Schedulers for all switch ports. Parameters description: 144 Port The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers. Mode Shows the scheduling mode for this port. Weight (Q0 – Qn) Shows the weight for this queue and port.
2.3.59 QoS – Port Shaping Function name: QoS – Port Shaping Function description: The function is to provide an overview of QoS Egress Port Shapers for all switch ports. Parameters description: Port The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers. Shapers (Q0- Qn) Shows "disabled" or actual queue shaper rate - e.g. "800 Mbps". Port Shows "disabled" or actual port shaper rate - e.g. "800 Mbps".
2.3.60 QoS – Tag Remarking Function name: QoS – Tag Remarking Function description: The function is used to provide user to get an overview of QoS Egress Port Tag Remarking for all switch ports. Others ports belong to the currently selected stack unit, as reflected by the page header. Parameters description: 146 Port The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking. Mode Shows the tag remarking mode for this port.
2.3.61 QoS – DSCP Function name: QoS – DSCP Function description: The function is used to set the QoS Port DSCP configuration for the basic QoS Port DSCP Configuration settings for all switch ports. Parameters description: Port The Port column shows the list of ports for which you can configure DSCP ingress and egress settings. Ingress In Ingress settings you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in Ingress: 1.
1. Disable: No Egress rewrite. 2. Enable: Rewrite enable without remapped. 3. Remap: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.62 QoS – DSCP-Based QoS Function name: QoS – DSCP-Based QoS Function description: The function is used to configure the DSCP-Based QoS mode for the basic QoS DSCP-based QoS Ingress Classification settings for all switches.
2.3.63 QoS – DSCP Translation Function name: QoS – DSCP Translation Function description: The function is used to configure the basic QoS DSCP Translation settings for all switches. DSCP translation can be done in Ingress or Egress. Parameters description: DSCP Maximum number of supported DSCP value is 64 and valid DSCP value ranges from 0 to 63. Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map.
2.3.64 QoS – DSCP Classification Function name: QoS – DSCP Classification Function description: The function is used to configure and allows you to map DSCP value to a QoS Class and DPL value. Parameters description: QoS Class Available QoS Class value ranges from 0 to 7. QoS Class (0-7) can be mapped to followed parameters. DPL Drop Precedence Level (0-1) can be configured for all available QoS Classes. DSCP Select DSCP value (0-63) from DSCP menu to map DSCP to corresponding QoS Class and DPL value.
2.3.65 QoS – QoS Control List Function name: QoS – QoS Control List Function description: The function shows the QoS Control List (QCL), which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch. Click on the lowest plus sign to add a new QCE to the list. Parameters description: QCE# Indicates the index of QCE. Port Indicates the list of ports configured with the QCE. Frame Type Indicates the type of frame to look for incoming frames.
VID Indicates (VLAN ID), either a specific VID or range of VIDs. VID can be in the range 1-4095 or 'Any'. PCP It means Priority Code Point. Valid value of PCP are specific (0, 1, 2, 3, 4, 5, 6, 7) or range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any'. DEI It means Drop Eligible Indicator. Valid value of DEI can be any of values between 0, 1 or 'Any'. Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content.
'Any' DEI - Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or 'Any'. SMAC - Source MAC address: 24 MS bits (OUI) or 'Any'. DMAC Type - Destination MAC type: possible values are unicast(UC), multicast(MC), broadcast(BC) or 'Any'. Frame Type - Frame Type can have any of the following values: 1. Any 2. Ethernet 3. LLC 4. SNAP 5. IPv4 6. IPv6 Note: all frame types are explained below: 1. Any - Allow all types of frames. 2.
protocol UDP/TCP Action Parameters Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content. There are three action fields: Class, DPL and DSCP. Class: Classified QoS Class; if a frame matches the QCE it will be put in the queue. DPL: Classified Drop Precedence Level; if a frame matches the QCE then DP level will set to value displayed under DPL column.
2.3.66 QoS – QoS Status Function name: QoS – QoS Status Function description: The function is used to configure and shows the QCL status by different QCL (QoS Control List) users. Each row describes the QCE that is defined. It is a conflict if a specific QCE (QoS Control Entry) is not applied to the hardware due to hardware limitations. The maximum number of QCEs is 256 on each switch. Parameters description: Select the QCL status from this drop down list. User Indicates the QCL user.
DSCP: If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column. Conflict Displays QCE status. It may happen that resources required to add a QCE may not available, in that case it shows conflict status as 'Yes', otherwise it is always 'No'. Please note that conflict can be resolved by releasing the resource required by the QCE and pressing 'Refresh' button. Auto refresh Click to undo any changes made locally and revert to previously saved values.
Enable Enable or disable the storm control status for the given frame type. Rate The rate unit is packets per second (pps). Valid values are: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K or 1024K. , 1024K, 2048K, 4096K, 8192K, 16384K or 32768K. , 1024K, 2048K, 4096K, 8192K, 16384K or 32768K. The 1 kpps is actually 1002.1 pps. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.
Master: Enable Single IP Management and to be a Master Switch. The role is root. User connects to the Master and can control the Slaves in the same SIP group. Slave: Enable Single IP Management and to be a Slave Switch. The role is slave. User connects to the switch what is a slave via Master management GUI. Group Name The parameter lets you set the name of the Single IP group. The available value up to 64 characters describing group name.
Refresh Click to refresh the page immediately. 2.3.70 Easy Port Function name: Easy Port Function description: The function is to provide a convenient way to save and share common configurations. You can use it to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network. You could easy to implement included Voice IP phone, Wireless Access Point and IP Camera…etc.
Access VLAN It is used to set the Access VLAN ID. It means the switch port access VLAN ID (AVID). The allowed range is from 1 to 4095. VLAN Mode It is used to scroll to select the Port Egress Rule. The allowed values are Hybrid, Trunk or Access. This parameter affects VLAN egress processing. If Trunk is selected, a VLAN tag with the classified VLAN ID is inserted in frames transmitted on the port. This mode is normally used for ports connected to VLAN aware switches.
2.3.71 Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Function name: Mirroring Function description: The function is used to monitor the traffic of the network.
After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.3.72 UPnP Function name: UPnP Function description: The function is used to allow devices to connect seamlessly and to simplify the implementation of networks in the home (data sharing, communications, and entertainment) and in corporate environments for simplified installation of computer components. Parameters description: 162 Mode Indicate the UPnP operation mode.
100 to 86400. Apply Click to save changes. Reset Click to undo any changes made locally and revert to previously saved values. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.4 Security 2.4.1 ACL - Ports The switch access control list (ACL) is probably the most commonly used object in the IOS. It is used for packet filtering but also for selecting types of traffic to be analyzed, forwarded, or influenced in some way.
("Deny"). The default value is "Permit". Rate Limiter ID Select which rate limiter to apply on this port. The allowed values are Disabled or the values 1 through 16. The default value is "Disabled". Port Redirect Select which port frames are copied on. The allowed values are Disabled or a specific port number. The default value is "Disabled". Mirror Specify the mirror operation of this port. The allowed values are: Enabled: Frames received on the port are mirrored.
2.4.2 ACL – Rate Limiters Function name: ACL – Rate Limiters Function description: The function is used to configure the switch’s ACL Rate Limiter parameters. The Rate Limiter Level from 1 to 16 that allow user to set rate limiter value and units with pps or kbps. Parameters description: Rate Limiter ID The rate limiter ID for the settings contained in the same row. Rate The rate unit is packets per second (pps), configure the rate as 1, 2, 4, .., 512, 1K, 2K, 4K, ..., 3276700k.
2.4.3 ACL – Access Control List The section describes how to configure Access Control List rule. An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.
IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol. IPv4/UDP: The ACE will match IPv4 frames with UDP protocol. IPv4/TCP: The ACE will match IPv4 frames with TCP protocol. IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames. Action Indicates the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped.
Click the button to add a new ACL, or use the other ACL modification buttons to specify the editing action (i.e., edit, delete, or moving the relative position of entry in the list). Parameters description: ACE Configuration 168 Ingress Port Indicates the ingress port of the ACE. Possible values are: Any: The ACE will match any ingress port. Policy: The ACE will match ingress ports with a specific policy. Port: The ACE will match a specific ingress port.
IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames. Action Indicates the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Rate Limiter Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled. Port Redirect Indicates the port redirect operation of the ACE.
status is "don't-care".) Specific: If you want to filter a specific VLAN ID with this ACE, choose this value. A field for entering a VLAN ID number appears. Tag Priority Specify the tag priority for this ACE. A frame that hits this ACE matches this tag priority. The allowed number range is 0 to 7. The value Any means that no tag priority is specified (tag priority is "don't-care".) After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.4.
and ARP frames. ARP: The ACE will match ARP/RARP frames. IPv4: The ACE will match all IPv4 frames. IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol. IPv4/UDP: The ACE will match IPv4 frames with UDP protocol. IPv4/TCP: The ACE will match IPv4 frames with TCP protocol. IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames. Action Indicates the forwarding action of the ACE.
2.4.5 IP Source Guard – General Setup Function name: IP Source Guard – General Setup Function description: The function is used to configure the IP Source Guard detail parameters of the switch. You could use the IP Source Guard configure to enable or disable with the Port of the switch. Parameters description: IP Source Guard Configuration Mode - Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled.
2.4.6 IP Source Guard – Static Table Function name: IP Source Guard – Static Table Function description: The function is used to configure the Static IP Source Guard Table parameters of the switch. You could use the Static IP Source Guard Table configure to manage the entries. Parameters description: Delete Check to delete the entry. Port The logical port for the settings. VLAN ID The ID number for the settings. IP Address Allowed Source IP address. MAC Address Allowed Source MAC address.
2.4.7 IP Source Guard – Dynamic Table Function name: IP Source Guard – Dynamic Table Function description: The function is used to configure the Dynamic IP Source Guard Table parameters of the switch. You could use the Dynamic IP Source Guard Table configure to manage the entries. Parameters description: 174 Start from Port # Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the IP traffic is permitted. IP Address User IP address of the entry.
2.4.8 ARP Inspection – General Setup Function name: ARP Inspection – General Setup Function description: The function is used to configure the ARP Inspection parameters of the switch. You could use the ARP Inspection configure to manage the ARP table. Parameters description: ARP Inspection Configuration Mode - Enable the Global ARP Inspection or disable the Global ARP Inspection. Translate dynamic static Click to translate all dynamic entries to static entries.
2.4.9 ARP Inspection – Static Table Function name: ARP Inspection – Static Table Function description: The function is used to configure the Static ARP Inspection Table parameters of the switch. You could use the Static ARP Inspection Table configure to manage the ARP entries. Parameters description: Delete Check to delete the entry. Port The logical port for the settings. VLAN ID The VLAN ID number for the settings. MAC Address Allowed Source MAC address in ARP request packets.
2.4.10 ARP Inspection – Dynamic Table Function name: ARP Inspection – Dynamic Table Function description: The function is used to configure the Dynamic ARP Inspection Table parameters of the switch. The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. Parameters description: Start from Port # Switch Port Number for which the entries are displayed. VLAN ID VLAN-ID in which the ARP traffic is permitted.
2.4.11 DHCP Snooping – General Setup Function name: DHCP Snooping – General Setup Function description: The function is used to configure the DHCP Snooping parameters of the switch. The DHCP Snooping can prevent attackers from adding their own DHCP servers to the network. Parameters description: DHCP Snooping Configuration Snooping Mode - Indicates the DHCP snooping mode operation. Possible modes are: Enabled: Enable DHCP snooping mode operation.
2.4.12 DHCP Snooping – Statistics Function name: DHCP Snooping – Statistics Function description: The function is used to show the DHCP Snooping Statistics information of the switch. The statistics show only packet counters when DHCP snooping mode is enabled and relay mode is disabled. And it doesn't count the DHCP packets for DHCP client. Parameters description: Rx and Tx Discover The number of discover (option 53 with value 1) packets received and transmitted.
Rx and Tx Lease Unknown The number of lease unknown (option 53 with value 12) packets received and transmitted. Rx and Tx Lease Active The number of lease active (option 53 with value 13) packets received and transmitted. After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.4.
When DHCP relay information mode operation is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client. It only works when DHCP relay operation mode is enabled. Disabled: Disable DHCP relay information mode operation. Relay Information Policy Indicates the DHCP relay information option policy.
2.4.14 DHCP Relay – Statistics Function name: DHCP Relay – Statistics Function description: The function is used to show the DHCP Relay Statistics information of the switch. The statistics show both of Server and Client packet counters when DHCP Relay mode is enabled. Parameters description: Server Statistics Transmit to Server The number of packets that are relayed from client to server. Transmit Error The number of packets that resulted in errors while being sent to clients.
Receive from Client The number of received packets from server. Receive Agent Option The number of received packets with relay agent information option. Replace Agent Option The number of packets which were replaced with relay agent information option. Keep Agent Option The number of packets whose relay agent information was retained. Drop Agent Option The number of packets that were dropped which were received with relay agent information.
Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached. For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed. It does not involve communication between the switch and the client, and therefore doesn't imply that a client is still present on a port (see Aging Period below).
on the "Configuration →Security →AAA" page) - the client is put on hold in the Unauthorized state. The hold timer does not count during an on-going authentication. In MAC-based Auth mode, the switch will ignore new frames coming from the client during the hold time. The Hold Time can be set to a number between 10 and 1000000 seconds.
Max. Reauth. Count The number of times the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting. The value can only be changed if the Guest VLAN option is globally enabled. Valid values are in the range [1; 255]. Allow Guest VLAN if EAPOL Seen The switch remembers if an EAPOL frame has been received on the port for the life-time of the port.
a special packet containing a success or failure indication. Besides forwarding this decision to the supplicant, the switch uses it to open up or block traffic on the switch port connected to the supplicant. Note: Suppose two backend servers are enabled and that the server timeout is configured to X seconds (using the AAA configuration page), and suppose that the first server in the list is currently down (but not considered dead).
characteristics. In Multi 802.1X, one or more supplicants can get authenticated on the same port at the same time. Each supplicant is authenticated individually and secured in the MAC table using the Port Security module. In Multi 802.1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant, since that would cause all supplicants attached to the port to reply to requests sent from the switch.
attached to a port can be limited using the Port Security Limit Control functionality. RADIUS-Assigned QoS Enabled When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicant's port will be classified to the given QoS Class.
These pages show which modules have (temporarily) overridden the current Port VLAN configuration. RADIUS attributes used in identifying a VLAN ID: RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access-Accept packet. The following criteria are used: • The Tunnel-Medium-Type, Tunnel-Type, and Tunnel-Private-Group-ID attributes must all be present at least once in the Access-Accept packet.
authenticated, and all attached clients on the port are allowed access on this VLAN. The switch will not transmit an EAPOL Success frame when entering the Guest VLAN. While in the Guest VLAN, the switch monitors the link for EAPOL frames, and if one such frame is received, the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode.
2.4.16 NAS – Switch Status Function name: NAS – Switch Status Function description: The function is used to show the each port NAS status information of the switch. The status includes Admin State Port State, Last Source, Last ID, QoS Class, and Port VLAN ID. Parameters description: 192 Port The switch port number. Click to navigate to detailed NAS statistics for this port. Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values.
appended to the VLAN ID. Read more about Guest VLANs here. Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. After finished the above settings, click Apply to save the configuration. The settings will take effect.
2.4.17 NAS – Port Status Function name: NAS – Port Status Function description: The function is used to provide detailed NAS statistics for a specific switch port running EAPOL-based IEEE 802.1X authentication. Parameters description: Port State 194 Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values. Port State The current state of the port. Refer to NAS Port State for a description of the individual states.
2.4.18 AAA – General Setup Function name: AAA – General Setup Function description: The function uses an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage objects that contain settings for using AAA servers. The function describes how to configure AAA setting of TACACS+ or RADIUS server.
enable this feature, but only if more than one server has been configured. TACACS + Authorization and Accounting Configuration Authorization Every CLI commands will be authorized by TACACS+ server when enable. The authorization table on the TACACS+ server is able to configure which CLI command can pass successfully. For example, TACACS+ server is set to accept STP command but deny VLAN command.
TACACS+ Authentication Server Configuration Enabled Enable the TACACS+ Authentication Server by checking this box. IP Address/Hostname The IP address or hostname of the TACACS+ Authentication Server. IP address is expressed in dotted decimal notation. Port The TCP port to use on the TACACS+ Authentication Server. If the port is set to 0 (zero), the default port (49) is used on the TACACS+ Authentication Server.
2.4.19 AAA – RADIUS Overview Function name: AAA – RADIUS Overview Function description: The function shows you an overview of the RADIUS Authentication and Accounting server status to ensure the function is workable. Parameters description: 198 IP Address The IP address and UDP port number (in : notation) of this server. Status The current state of the server. This field takes one of the following values: Disabled: The server is disabled.
2.4.20 AAA – RADIUS Details Function name: AAA – RADIUS Details Function description: The function shows you a detailed statistics of the RADIUS Authentication and Accounting servers. The statistics map closely to those specified in RFC4668 - RADIUS Authentication Client MIB. There are seven counters for receive packets and four counters for transmit packets. Parameters description: RADIUS Authentication Statistics Use the server selection box to switch between the backend servers to show details for.
with unknown types from the server on the authentication port and dropped. 200 Packets Dropped The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason. Access Requests The number of RADIUS Access-Request packets sent to the server. This does not include retransmissions. Access Retransmissions The number of RADIUS Access-Request packets retransmitted to the RADIUS authentication server.
Auto refresh The simple counts will be refreshed automatically on the UI screen. Refresh The simple counts will be refreshed manually when user use mouse to click on “Refresh” button. 2.4.21 Port Security – Limit Control Function name: Port Security – Limit Control Function description: The function shows you how to configure the Port Security settings of the Switch. You can use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses.
3rd party switch or hub, which in turn is connected to a port on this switch on which Limit Control is enabled. The end-host will be allowed to forward if the limit is not exceeded. Now suppose that the end-host logs off or powers down. If it wasn't for aging, the end-host would still take up resources on this switch and will be allowed to forward. To overcome this situation, enable aging. With aging enabled, a timer is started once the end-host gets secured.
described above will be taken. State This column shows the current state of the port as seen from the Limit Control's point of view. The state takes one of four values: Disabled: Limit Control is either globally disabled or disabled on the port. Ready: The limit is not yet reached. This can be shown for all actions. Limit Reached: Indicates that the limit is reached on this port. This state can only be shown if Action is set to None or Trap.
Parameters description: User Module Legend User Module Name The full name of a module that may request Port Security services. Abbr A one-letter abbreviation of the user module. This is used in the Users column in the port status table. Port Status 204 Port The port number for which the status applies. Click the port number to see the status for this particular port. Users Each of the user modules has a column that shows whether that module has enabled Port Security or not.
Limit) MAC addresses (forwarding as well as blocked) and the maximum number of MAC addresses that can be learned on the port, respectively. If no user modules are enabled on the port, the Current column will show a dash (-). If the Limit Control user module is not enabled on the port, the Limit column will show a dash (-). Indicates the number of currently learned MAC addresses (forwarding as well as blocked) on the port. If no user modules are enabled on the port, a dash (-) will be shown.
206 ID no MAC addresses are learned, a single row stating "No MAC addresses attached" is displayed. State Indicates whether the corresponding MAC address is blocked or forwarding. In the blocked state, it will not be allowed to transmit or receive traffic. Time of Addition Shows the date and time when this MAC address was first seen on the port.
2.4.24 Access Management – General Setup Function name: Access Management – General Setup Function description: The function is used to configure access management table of the Switch including HTTP/HTTPS, SNMP, and TELNET/SSH. You can manage the Switch over an Ethernet LAN, or over the Internet. Parameters description: Mode Indicates the access management mode operation. Possible modes are: Enabled: Enable access management mode operation. Disabled: Disable access management mode operation.
After finished the above settings, click Apply to save the configuration. The settings will take effect. 2.4.25 Access Management – Statistics Function name: Access Management – Statistics Function description: The function shows you a detailed statistics of the Access Management including HTTP, HTTPS, SSH, TELNET and SSH. Parameters description: 208 Interface The interface type through which the remote host can access the switch.
Clear The simple counts will be reset to zero when user use mouse to click on “Clear” button. 2.4.26 SSH Function name: SSH Function description: The function uses SSH (Secure SHell) to securely access the Switch. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication. Parameters description: Mode Indicates the SSH mode operation. Possible modes are: Enabled: Enable SSH mode operation. Disabled: Disable SSH mode operation.
2.4.27 HTTPS Function name: HTTP Function description: The function uses HTTPS to securely access the Switch. HTTPS is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication via the browser. Parameters description: Mode Indicates the HTTPS mode operation. Possible modes are: Enabled: Enable HTTPS mode operation. Disabled: Disable HTTPS mode operation. Automatic Redirect Indicates the HTTPS redirect mode operation.
2.4.28 Auth Method Function name: Auth Method Function description: The function is used to configure a user with authenticated when he logs into the switch via one of the management client interfaces. Parameters description: Client The management client for which the configuration below applies. Authentication Method Authentication Method can be set to one of the following values: none: Authentication is disabled and login is not possible.
2.5 Maintenance This section describes all of the switch Maintenance configuration tasks to enhance the performance of local network including Restart Device, Firmware upgrade, Save/Restore, Import/Export, and Diagnostics. 2.5.1 Restart Device Function name: Restart Device Function description: The function is used to restart switch for any maintenance needs. Any configuration files or scripts that you saved in the switch should still be available afterwards. Click Yes to restart the device.
2.5.2 Firmware – Firmware Upgrade Function name: Firmware – Firmware Upgrade Function description: The function is used to upgrade the Firmware. The Switch can be enhanced with more value-added functions by installing firmware upgrades. Click Browser… to select firmware in you device and click Upload. Warning: While the firmware is being updated, web access appears to be defunct. The front LED flashes Green/Off with a frequency of 10 Hz while the firmware update is in progress.
2.5.3 Firmware – Firmware Selection Function name: Firmware – Firmware Selection Function description: Due to the switch supports Dual image for firmware redundancy purpose. You can select what firmware image for your device start firmware or operating firmware. This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. Parameters description: Image The flash index name of the firmware image.
2.5.4 Save/Restore – Factory Defaults Function name: Save/Restore – Factory Defaults Function description: The function is used to save and restore the Switch configuration including reset to Factory Defaults, Save Start, Save Users, Restore Users for any maintenance needs. Any configuration files or scripts will recover to factory default values. Click Yes to reset the Switch configuration to Factory Defaults. Only the IP configuration is retained.
2.5.5 Save/Restore – Save Start Function name: Save/Restore – Save Start Function description: The function is used to save the Switch Start configuration. Click Save to perform the work. You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags.
2.5.6 Save/Restore – Save User Function name: Save/Restore – Save User Function description: The function is used to save users information. Any current configuration files will be saved as XML format. Click Save to perform the work. You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags.
2.5.7 Save/Restore – Restore User Function name: Save/Restore – Restore User Function description: The function is used to restore user information back to the switch. Any current configuration files will be restored via XML format. Click Save to perform the work. You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags.
2.5.8 Export/Import – Export Config Function name: Export/Import – Export Config Function description: The function is used to export the Switch configuration. Any current configuration files will be exported as XML format. Click Save configuration to perform the work. You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags.
2.5.9 Export/Import – Import Config Function name: Export/Import – Import Config Function description: The function is used to import the Switch Configuration for maintenance needs. Any current configuration files will be exported as XML format. Click Browser… to select firmware in you device and click Upload. You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags.
2.5.10 Diagnostics – Ping Diagnostics is used to provide a set of basic system diagnosis. It let users know whether the system is health or needs to be fixed. The basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics. Function name: Diagnostics – Ping Function description: The function allows you to issue ICMP PING packets to troubleshoot IPv6 connectivity issues. Parameters description: IP Address Set the IP Address of device what you want to ping it.
2.5.11 Diagnostics – Ping6 Function name: Diagnostics – Ping6 Function description: The function allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues. Parameters description: IP Address The destination IP Address with IPv6. Ping Length The payload size of the ICMP packet. Values range from 2 bytes to 1452 bytes. Ping Count The count of the ICMP packet. Values range from 1 time to 60 times. Ping Interval The interval of the ICMP packet.
2.5.12 Diagnostics – VeriPHY Function name: Diagnostics – VeriPHY Function description: The function is used for running the VeriPHY Cable Diagnostics. Press to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table. Note that VeriPHY is only accurate for cables of length 7 -140 meters.
This page is left blank.
Chapter 3: Trouble Shooting This section will guide you to solve abnormal situations if you cannot access into the Internet after installing the device and finishing the web configuration. Please follow sections below to check your basic installation status stage by stage. z Checking if the hardware status is OK or not. z Checking if the network connection settings on your computer are OK or not. z Pinging the device from your computer. z Checking if the ISP settings are OK or not.
¾ Check the RS-232 cable is connected well on the console port of the Managed Switch and COM port of PC. ¾ Check if the COM of the PC is enabled. 4. How to configure the Managed Switch? The “Hyperterm” is the terminal program in Win95/98/NT. Users can also use any other terminal programs in Linux/Unix to configure the Managed Switch. Please refer to the user guide of that terminal program.
