VigorSwitch G2280 24 Ports + 4 Combo UTP/SFP Ports L2 Managed Gigabit Switch User’s Guide Version: 1.2 Firmware Version: V2.3.
Copyrights © All rights reserved. This publication contains information that is protected by copyright. No part may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language without written permission from the copyright holders. Trademarks The following trademarks are used in this document: Microsoft is a registered trademark of Microsoft Corp. Windows, Windows 95, 98, Me, NT, 2000, XP, Vista, 7, 8, 10 and Explorer are trademarks of Microsoft Corp.
Table of Contents Part I Introduction ..............................................................................................................1 I-1 Introduction ................................................................................................................................... 2 I-1-1 Key Features ....................................................................................................................... 2 I-1-2 Specifications .................................................
II-5-3 Voice VLAN ...................................................................................................................... 40 II-5-3-1 Properties .................................................................................40 II-5-3-2 Telephony OUI Setting ..................................................................41 II-5-3-3 Port Setting ...............................................................................42 II-5-4 MAC VLAN ................................................
II-9-7 MST Port Setting .............................................................................................................. 89 II-10 MAC Address Table.................................................................................................................. 91 II-10-1 Static MAC Setting ......................................................................................................... 91 II-10-2 Dynamic Address Setting .................................................................
III-11-3-2 Per Port Option82 Property Settings ............................................. 125 III-11-4 Option82 Circuit ID ...................................................................................................... 126 III-12 IP Source Guard ................................................................................................................... 127 III-12-1 Port Settings ................................................................................................................
VI-3 SNMP ..................................................................................................................................... 163 VI-3-1 View............................................................................................................................... 164 VI-3-2 Group ............................................................................................................................ 165 VI-3-3 Community ..............................................................
Part I Introduction VigorSwitch G2280 User’s Guide 1
I-1 Introduction VigorSwitch G2280, 24 Ports + 4 Combo UTP/SFP Ports L2 Managed Gigabit Switch, is a standard switch that meets all IEEE 802.3/u/x/z Gigabit, Fast Ethernet specifications. The switch has 24 10/100/1000Mbps TP ports. It supports telnet, http, https, SSH and SNMP interface for switch management. The network administrator can login the switch to monitor, configure and control each port’s activity. In addition, the switch implements the QoS (Quality of Service), VLAN, and Trunking.
I-1-2 Specifications The VigorSwitch G2280, a standalone off-the-shelf switch, provides the comprehensive features listed below for users to perform system network administration and efficiently and securely serve your network.
I-1-3 Packing List Before you start installing the switch, verify that the package contains the following: VigorSwitch G2280 AC Power Cord Quick Start Guide Rubber feet Rack mount kit Please notify your sales representative immediately if any of the aforementioned items is missing or damaged. I-1-4 LED Indicators and Connectors Before you use the Vigor device, please get acquainted with the LED indicators and connectors first.
(RJ 45 LNK/ACT) SFP LNK/ACT Blinking The system is sending or receiving data through the port. Off The port is disconnected or the link is failed. On (Green) The device is connected with 1000Mbps. On (Amber) The device is connected with 10/100Mpps. Blinking The system is sending or receiving data through the port. Off The port is disconnected or the link is failed. Connector Explanation Interface Description RJ 45 LNK/ACT Port 1 ~ 24 Port 1 to Port 24 can be used for Ethernet connection.
I-2 Installation I-2-1 Network Connection Use a Cat. 5e twisted-pair cable to connect a PoE device to the port (1~24) of this switch. The switch will supply power to PoE Device over the twisted-pair cable. Please note that Power Device must comply with IEEE 802.3af/at. Other PCs, servers and network devices can be connected to the switch using a standard ‘straight through’ twisted pair cable. I-2-2 Rack-Mounted Installation The switch can be installed easily by using rack mount kit. 1.
I-2-3 Connection via Console Cable You can perform debugging, configuration and firmware upgrade, through the console connection. To connect VigorSwitch to a PC via console cable, please 1. Connect the RJ45 connector of console cable to the console port on Vigor device. 2. Connect the DB9 connector of the console cable to the RS232 port on the PC. To connect VigorSwitch to a notebook, please 1. Connect the DB9 connector of the console cable to the DB9 connector of USB to RS232 cable first. 2.
Console Port Configuration 1. Open Hyper Terminal on the PC. 2. Open the following dialog to configure COM1 Properties as Baud rate: Data bits: Stop bits: Parity: Flow control: 115200 8 1 None None Or, you can make configuration via PuTTY utility. 1. Make sure the PuTTY utility has been installed on your PC. Execute PuTTY. 2. Configure the settings as the following figures.
VigorSwitch G2280 User’s Guide 9
3. Click Open.
I-2-4 Typical Applications The VigorSwitch implements 24 Gigabit Ethernet TP ports with auto MDIX and four slots for the removable module supporting comprehensive fiber types of connection, including LC and BiDi-LC SFP modules. The switch is suitable for the following applications: Case 1: All switch ports are in the same local area network. Every port can access each other. (*The switch image is sample only.
Case 3: Port-based VLAN - 2 VLAN1 members could not access VLAN2, VLAN3 and VLAN4 members. VLAN2 members could not access VLAN1 and VLAN3 members, but they could access VLAN4 members. VLAN3 members could not access VLAN1, VLAN2 and VLAN4. VLAN4 members could not access VLAN1 and VLAN3 members, but they could access VLAN2 members.
Case 5: Desktop Installation 1. Install the switch on a level surface that can support the weight of the unit and the relevant components. 2. Plug the switch with the female end of the provided power cord and plug the male end to the power outlet. Case 6: Rack-mount Installation The switch may be standalone, or mounted in a rack. Rack mounting facilitate to an orderly installation when you are going to install series of networking devices. Procedures to Rack-mount the switch: 1.
Case 8: Peer-to-peer application is used in two remote offices Case 9: Office network 14 VigorSwitch G2280 User’s Guide
I-2-5 Installing Network Cables Crossover or straight-through cable: All the ports on the switch support Auto-MDI/MDI-X functionality. Both straight-through or crossover cables can be used as the media to connect the switch with PCs as well as other devices like switches, hubs or router. Category 3, 4, 5 or 5e, 6 UTP/STP cable: To make a valid connection and obtain the optimal performance, an appropriate cable that corresponds to different transmitting/receiving speed is required.
Default system account is "admin", with password "admin" in default. Switch IP address is "192.168.1.224" by default with DHCP client enabled. I-2-8 IP Address Assignment For IP address configuration, there are three parameters needed to be filled in. They are IP address, Subnet Mask, Default Gateway and DNS. IP address: The address of the network device in the network is used for internetworking communication. Its address structure looks is shown below.
IP address range between 192.0.0.0 and 223.255.255.255. Each class C network has a 24-bit network prefix followed 8-bit host address. There are 2,097,152 (2^21)/24 networks able to be defined with a maximum of 254 (2^8 –2) hosts per network. Class D and E: Class D is a class with first 4 MSB (Most significance bit) set to 1-1-1-0 and is used for IP Multicast. See also RFC 1112. Class E is a class with first 4 MSB set to 1-1-1-1 and is used for IP broadcast.
In this diagram, you can see the subnet mask with 25-bit long, 255.255.255.128, contains 126 members in the sub-netted network. Another is that the length of network prefix equals the number of the bit with 1s in that subnet mask. With this, you can easily count the number of IP addresses matched. The following table shows the result. Prefix Length No. of IP matched No.
For assigning an IP address to the switch, you just have to check what the IP address of the network will be connected with the switch. Use the same network address and append your host address to it. First, IP Address: as shown above, enter “192.168.1.224”, for instance. For sure, an IP address such as 192.168.1.x must be set on your PC. Second, Subnet Mask: as shown above, enter “255.255.255.0”. Choose a subnet mask suitable for your network. Note: The DHCP Setting is enabled in default.
I-3 Accessing Web Page of VigorSwitch 1. Open any browser (e.g., Firefox) and type “192.168.1.224” as URL. 2. Please type “admin/admin” as the Username/Password and click Login. 3. Now, the Main Screen will appear. Info 20 The DHCP Setting is enabled in default. Therefore, if a DHCP server presented on network connected to VigorSwitch, checking before accessing VigorSwitch is essential.
I-4 Dashboard Click Dashboard from the main menu on the left side of the main page. A web page with default selections will be displayed on the screen.
I-5 Status I-5-1 Port Bandwidth Utilization This page offers the traffic statistics inlcuding data information and data of interframe gap for each port (GE1 to GE28). In which, data of interframe gap can be displayed or hidden by choose Enable / Disable for IFG. I-5-2 LLDP Statistics This page offers the statistics of LLDP packets (in, out and error) of each port (GE1 to GE28).
I-5-3 GVRP Statistics GVRP (Generic Attribute Registration Protocol) is used automatically for exchanging information for VLAN membership between switches. This page counts the GVRP information received on each port. I-5-4 MLD Snooping Statistics This page counts the MLD messages received or transmitted on the network.
This page is left blank.
Part II Switch LAN VigorSwitch G2280 User’s Guide 25
II-1 General Setup General setup is used to configure settings for the switch network interface and offers how the switch connects to a remote server to get services. II-1-1 IP Address Use the IP Address screen to configure the switch IP address and the default gateway device. The gateway field specifies the IP address of the gateway (next hop) for outgoing traffic. The switch needs an IP address for it to be managed over the network. The factory default IP address is 192.168.1.224.
enter subnet mask in this field. Gateway It is available when Static is selected as Mode. Enter the IP address of the gateway in dotted decimal notation. If static mode is enabled, enter gateway address in this field. DNS Server 1 It is available when Static is selected as Mode. If static mode is enabled, enter primary DNS server address in this field. DNS Server 2 It is available when Static is selected as Mode. If static mode is enabled, enter secondary DNS server address in this field.
If static mode is enabled, enter primary DNS server address in this field. DNS Server 2 It is available when Auto Configuration is set as Disable. If static mode is enabled, enter secondary DNS server address in this field. DHCPv6 Client It is available when Auto Configuration is set as Enable. Enable this feature if there is a DHCPv6 server on your network for assigning IPv6 Address, instead of using Router Advertisement. Apply Apply the settings to the switch.
II-2 Port Setting Port Setting is used to configure settings for the switch ports, trunk, Layer 2 protocols and other switch features. Available settings are explained as follows: Item Description Ports Use the drop down list to selelct one or more LAN port(s). Enable State Enable –Click it to enable the port. Disable – Click it to disable the port. Speed Port speed capabilities: Auto: Auto speed with all capabilities. Auto-10M: Auto speed with 10M ability only.
30 Duplex Port duplex capabilities: Auto: Auto duplex with all capabilities. Half: Auto speed with 10/100M ability only. Full: Auto speed with 10/100/1000M ability only. Flow Control A concentration of traffic on a port decreases port bandwidth and overflows buffer memory causing packet discards and frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE802.
II-3 Mirror This section provides ability to mirror packets coming in or going out on any port to a destination port. Through the packet duplication in the destination port, this feature is convinent for system administrator to monitor / understand the traffic operation. Session ID 1 to 4 can be enabled simultaneously and operate independently. Available settings are explained as follows: Item Description Session ID Select the session ID (profile 1 to 4) of mirror operation you wish to configure.
II-4 Link Aggregation LAG means Link Aggregation Group which groups some physical ports together to make a single high-bandwidth data path. Thus it can implement traffic load sharing among the member ports in a group to enhance the connection reliability. II-4-1 LAG Setting This page allows to configure Load Balance Algorithm for Link Aggregation. Available settings are explained as follows: 32 Item Description Load Balance Algorithm Select your Load balance algorithm.
II-4-2 LAG Management There are eight LAG profiles allowed to group different physical ports (GE1 to GE28). The system will assign certain port(s) as Active Member and Standby Member according to the GE selections. Available settings are explained as follows: Item Description Description Display the port description. Port Type Display the type of the LAG. Link Status Display LAG port link status. Active Member Display active member ports of the LAG.
II-4-3 LAG Port Setting This page defines port setting for each LAG profile (LAG1 to LAG8), including data speed and enabling/disabling the flow control. Available settings are explained as follows: 34 Item Description LAG Use the drop down list to selelct one or more LAG profiles. Enable Enable –Click it to enable the profile. Disable – Click it to disable the profile. Speed Port speed capabilities: Auto: Auto speed with all capabilities. Auto-10M: Auto speed with 10M ability only.
frame losses. Flow Control is used to regulate transmission of signals to match the bandwidth of the receiving port. The switch uses IEEE802.3x flow control in full duplex mode and backpressure flow control in half duplex mode. IEEE802.3x flow control is used in full duplex mode to send a pause signal to the sending port, causing it to temporarily stop sending signals when the receiving port memory buffers fill.
II-4-5 LACP Port Setting This section provides few detailed configuration regarding to Ports under LACP protocol. Available settings are explained as follows: 36 Item Description Ports Use the drop down list to specify LAN Port. Priority Enter a port priority number for the port. Timeout The timeout option decides how local switch of LAG connection determines connection to be lost.
II-5 VLAN Management A virtual local area network, virtual LAN or VLAN, is a group of hosts with a common set of requirements that communicate as if they were attached to the same broadcast domain, regardless of their physical location. A VLAN has the same attributes as a physical local area network (LAN), but it allows for end stations to be grouped together even if they are not located on the same network switch.
New Name - Type a name for such VLAN profile. OK - Apply the settings to the switch. Cancel - Close the page and return to previous page. - Delete the selected VALN ID. II-5-2 Interface Settings This page allows a user to configure interface setting related to VLAN. Available settings are explained as follows: 38 Item Description Port Select Select LAN ports to configure VLAN Settings. Interface VLAN Mode Select the VLAN mode of the interface. Hybrid – Support all functions as defined in IEEE 802.
the VLAN group that the tag defines. For port under Access Mode, VLAN ID provided as PVID would automatically be selected as the untagged VLAN. Accepted Type Specify the acceptable-frame-type of the specified interfaces. It’s only available with Hybrid mode. All - Accept frames regardless it's tagged with 802.1q or not. Tag Only - Accept frames only with 802.1q tagged. Untag Only - Accept frames untagged.
II-5-3 Voice VLAN With such feature, a VLAN will be created temporarily and when the specified OUI device delivers protocol packets related to “VoIP”, VigorSwitch will guide these packets into the specified Voice LAN with specified priorioty tag to speed up the packet transmission. Such voice VLAN is only active inside VigorSwitch for packet transmission. After these packets leave VigorSwitch, the Voice VLAN tag will be removed immediately.
II-5-3-2 Telephony OUI Setting This page allows a user to add, edit or delete OUI MAC addresses. Default has 8 pre-defined OUI MAC. Available settings are explained as follows: Item Description OUI Address Type OUI address. Description Enter a description of the specified MAC address to the voice VLAN OUI table. Add Click it to create a new voice OUI based on the settings configured above. Modify - Modify OUI setting for voice VLAN. - Click it to remove the selected OUI entry.
II-5-3-3 Port Setting This page allows a user to specify LAN port(s) as Voice LAN port. Available settings are explained as follows: 42 Item Description Port Use the drop down list to specify one or more LAN ports. State Enabled – Click it to enable the port settings for Voice LAN. Disabled – Click it to disable the port settings for Voice LAN. Cos Mode If Remark CoS/802.1p is enabled in Voice VLAN>>Properties, settings in this page shall be applied. Otherwise, this option will not take effect.
II-5-4 MAC VLAN II-5-4-1 MAC Group The MAC VLAN allows you to statically assign a VLAN ID to a host with specific MAC address(es). VigorSwitch allows you configure multiple groups with configured MAC address and mask to be active on ports and to be bound with VLAN ID. This page allows the network administrator to define groups with specific MAC addresses for later binding with VLAN and Port.
Available settings are explained as follows: 44 Item Description Ports Select the ports you wish to be bound with specified MAC address group. Group ID Choose the group ID you have created in earlier section, which specified a group of host by MAC address and its mask. VLAN Enter the VLAN ID that you wish to be bound with. Add Click it to create a new MAC group binding profile based on the settings configured above.
II-5-5 Protocol VLAN VigorSwitch offers protocol VLANs which allows Network Administrator to filter out untagged traffic of certain protocol and then assign them a specific VLAN ID. II-5-5-1 Protocol Group Up to eight protocol groups can be defined, each of them can have a unique filtering criteria such as frame type and protocol value. Available settings are explained as follows: Item Description Group ID It is a number for identification while bounding with VLAN/Port.
Edit - Modify setting for selected group. - Click it to remove the group. II-5-5-2 Group Binding This page is for setting up the ports and protocol group that we would like to filter, and the VLAN ID we would like to assign. Available settings are explained as follows: 46 Item Description Ports Use the drop-down list to select one or more ports for applying protocol-based VLAN.
Interface VLAN Mode for the GE ports first. Otherwise, the following error message will appear. Edit - Modify setting for the selected group. - Click it to remove the selected group.
II-5-6 Surveillance VLAN Surveillance VLAN can be configured for VigorSwitch to identify the packets coming from an IP camera automatically and assign those traffics to a specific VLAN ID and CoS/802.1p value, this helps you to prioritize those traffics and improve video quality. II-5-6-1 Property This page is for setting up the VLAN to which the video traffic should be assigned and to enable/disable Surveillance VLAN on each port.
State –Set it to enable surveillance VLAN function of interface. Mode –Select port surveillance VLAN mode. Auto: Surveillance VLAN auto detect packets that match OUI table and add received port into surveillance VLAN ID tagged member. Manual: User need add interface to VLAN ID tagged member manually. QoS Policy - Select port QoS Policy mode. Video Packet: QoS attributes are applied to packets with OUI in the source MAC address.
Available settings are explained as follows: Item Description OUI Address Enter OUI MAC address of monitored IP camera. It can’t be edited in edit dialog. Description Enter a description of the specified MAC address to the surveillance VLAN OUI table. Add Click it to create a new voice OUI based on the settings configured above. Edit - Modify OUI setting for surveillance VLAN. - Click it to remove the selected OUI entry.
II-5-7 GVRP II-5-7-1 Property This page allows the network administrator to configure registration mode (e.g., Normal, Fixed or Forbidden) of GVRP (GARP VLAN Registration Protocol) for each GE port. Such function can eliminate unnecessary network traffic and prevent any attempt to transmit information to unregistered users. Available settings are explained as follows: Item Description State Enabled – Click it to enable the port settings for such VLAN.
VLAN Creation –Select Enabled or Disabled. Mode – There are three modes to be specified. Normal – Default setting. All packets can pass through the selected GE port. Fixed – The selected GE port only sends static VLAN information to neighboring device and allows static VLAN packet to pass through. Forbidden – The selected GE port only allows default VLAN packet to pass through. II-5-7-2 Membership This page display information about membership for GVRP.
II-6 EEE This page allows a user to enable or disable port EEE (Energy Efficient Ethernet) function. Available settings are explained as follows: Item Description Port Select one or multiple ports to configure (GE1 to GE28). Enable Enable –Click it to enable the EEE function. Disable - Click it to disable the EEE function. Apply Apply the settings to the switch. Modify VigorSwitch G2280 User’s Guide - Click it to modify port setting status.
II-7 Multicast IP multicast is a technique for one-to-many communication over an IP infrastructure in a network. To avoid the incoming data broadcasting to all GE ports, multicast is useful to transfer the data/message to specified GE ports for IGMP snooping. When VigorSwitch receives a message “subscribed” by the client, it must decide to transfer the data to specified GE ports according to the location of the client (subscribed member).
and VLAN ID. Apply VigorSwitch G2280 User’s Guide Apply the settings to the switch.
II-7-2 IGMP Snooping IGMP snooping is the process of listening to Internet Group Management Protocol (IGMP) network traffic. The feature allows a network switch to listen in on the IGMP conversation between hosts and routers. By listening to these conversations the switch maintains a map of which links need which IP multicast streams. Multicasts may be filtered from the links which do not need them and thus controls which ports receive specific multicast traffic.
Disable - Click it to disable IGMP function. IGMP Snooping Version Set the IGMP snooping version. v2 - Only support process IGMP v2 packet. v3 (BISS) - Support v3 basic and v2. IGMP Snoopign Report Suppression Click Enable to allow the switch to handle IGMP reports between router and host, suppressing bandwidth used by IGMP. Apply Apply the settings to the switch. Modify - Click it to modify IGMP settings for selected profile.
query. Query Response Interval – It specifies the maximum allowed time before sending a responding report in units of 1/10 second. Last Member Query Counter – After quering for specified times (defined here) and still not receiving any response from the subscribed member, VigorSwitch will stop transmitting data to the related GE port(s). Last Member Query Interval – The maximum time interval between counting each member query message with no responses from any subscribed member.
Apply Apply the settings to the switch. II-7-2-3 IGMP Static Group The IGMP static group is allowed to assign a VLAN/port as a specific IPv4 multicast member. Every IPv4 multicast stream that belongs to the specified group IP address will be forwarded to the specified port/VLAN member. Available settings are explained as follows: Item Description VLAN ID Use the drop down list to specify a VLAN profile as IGMP Static Group. Group IP Address It is an identifier for the group member.
II-7-2-4 IGMP Group Table This page shows currently known and dynamically learned by IGMP snooping or shows the assigned IPv4 multicast address group in operation. Available settings are explained as follows: 60 Item Description VLAN ID Display the VLAN of this multicast group belongs to. Group IP Address Display the multicast address of this multicast group. Member Ports Display the port(s) where subscribing member of this multicast group belongs to.
II-7-2-5 IGMP Router Table This page shows the IGMP querier router known to this switch. Available settings are explained as follows: Item Description VLAN ID Use the drop down list to specify a VLAN profile (created in Switch LAN>>VLAN Management>>Create Vlan) that the MLD querier belongs to. Type Static - Specify LAN Port (GE/LAG) to send out query to remote host. Forbidden - Use the drop down list to specify forbidden LAN Port (GE/LAG).
II-7-2-6 Forward All This page is allowed to determine which port(s) would like to receive the data (multicast packets) that forwarded by VigorSwitch. Available settings are explained as follows: Item Description Available VLAN To display all of the available VLAN, the State must be set as Enabled in MLD Setting first. Use the drop down list to specify a VLAN profile (created in Switch LAN>>VLAN Management>>Create Vlan) that multicast packets will be forwarded to.
II-7-2-7 Throttling The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy. The Throttling page is used for configuring the maximum number (0~255) of IGMP group that a user on a switch port can join.
II-7-2-8 Filtering Profile The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy. The filtering profile page allows to configure up to 128 IP-group (for multicast servie) profiles (starting and ending point within an IP range shall be specified).
II-7-2-9 Filtering Binding This page allows the network administrator to select a filtering profile for LAN/GE port to process multicast traffic. Available settings are explained as follows: Item Description Ports Use the drop down list to specify LAN Port (GE/LAG). Profile ID Use the drop down list to choose the filtering profile for the select port/interface. Enable – Check this box first to make profile ID selection be available for choosing. Apply Apply the settings to the switch.
66 VigorSwitch G2280 User’s Guide
II-7-3 MVR Multicast VLAN Registration (MVR) can route packets received in a multicast source VLAN to one or more destination VLANs. LAN users are in the destination VLANs and the multicast server is in the source VLAN. MVR can continuously send multicast stream for traffic in the multicast VLAN, but isolate the streams from the source VLANs for bandwidth and security reasons. In general, MVR is able to: Identify the MVR IP multicast streams and their associated IP multicast group.
data and client ports grouped under MVR server. Group Start Enter an IP address. Any multicast data sent to this IP address will be sent to all source ports on Vigor switch; and all receiver ports will accept /receive data from that multicast address. Group Count Select a number to configure a contiguous series of MVR group addresses (the range for count is 1 to 128; the default is 1).
Disabled – Disable the function of immediate leave. Apply Edit Apply the settings to the switch. - Click it to modify port setting (role and immediate leave). II-7-3-3 Group Address This page allows the network administrator to configure IP address and specify port member for VLAN selected in MVR>>Property page. Available settings are explained as follows: Item Description VLAN ID Display the ID number of the VLAN. Group Address Define a range of IP address(es) with the format of “xxx.xxx.xxx.
II-7-4 MLD Snooping MLD snooping does the same thing as IGMP snooping. The difference is that IGMP snooping acts on IPv4 packets; MLD snooping acts on IPv6 packets. MLD snooping is the process of listening to Multicast Listener Discovery network traffic. It can examine IPv6 packets and forward these packets to designate location via VLAN port members.
Disabled – Click it to disable the MLD snooping function. Version VigorSwitch supports two versions of MLD snooping. MLDv1 – When it is selected, VigorSwitch will detect packets controlled by MLDv1 and bridge the traffic to IPv6 destination defined with multicast address(es). MLDv2 - When it is selected, VigorSwitch will detect packets controlled by MLDv1 and forward the traffic to destination defined with multicast address(es).
Query Robustness – Set a number which allows tuning for the expected packet loss on a subnet. Query Interval – Specify the time interval for VigorSwitch to send out general MLD query to the host (responsible for responding). Later, based on the response, VigorSwitch can forward the traffic through ports in VLAN. Query Response Interval – Specify the time interval for VigorSwitch to receive the query response from the host. If time is up and no response received, the packets will be blocked and discarded.
address will be transferred to all interfaces defined in Member Ports. Specify the IPv6 multicast address you wish to assign for the static group (defined in VLAN ID). Member Ports Use the drop down list to specify interaces (GE/LAG) for receiving the packets from group IP address. Add Click it to display the result based on the settings configured above.
II-7-4-3 MLD Group Table This page shows currently known and dynamically learned by MLD snooping or shows the assigned IP6 multicast address group in operation. Available settings are explained as follows: 74 Item Description VLAN ID Display the name of VLAN configured in MLD Static Group. Group IP Address Display the IP adderss defined in MLD Static Group. Member Ports Display all of the interfaces defined in MLD Static Group. Type Display if it is dynamically learned or statically assigned.
II-7-4-4 MLD Router Table This page is allowed to configure VLAN profile by specifying static/forbidden ports for the router (MLD querier). Available settings are explained as follows: Item Description VLAN ID Use the drop down list to specify a VLAN profile (created in Switch LAN>>VLAN Management>>Create Vlan) that the MLD querier belongs to. Type Static - Specify LAN Port (GE/LAG) to send out query to remote host. Forbidden - Use the drop down list to specify forbidden LAN Port (GE/LAG).
II-7-4-5 Forward All This page is allowed to determine which port(s) would like to receive the data (multicast packets) that forwarded by VigorSwitch. Available settings are explained as follows: 76 Item Description Available VLAN To display all of the available VLAN, the State must be set as Enabled in MLD Setting first. Use the drop down list to specify a VLAN profile (created in Switch LAN>>VLAN Management>>Create Vlan) that multicast packets will be forwarded to.
above. Edit - Click it to modify port setting (static port and forbidden port). - Click it to remove the selected entry. II-7-4-6 Throttling The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy.
II-7-4-7 Filtering Profile The administrator can configure the user on a switch port (GE/LAG port) belonging to which multicast group and restrict the number of multicast group that the user on the switch can join. Then the administrator is able to control the network service (e.g, IP/TV service) that the user can enjoy. The filtering profile page allows to configure up to 128 IP-group (for multicast servie) profiles (starting and ending point within an IP range shall be specified).
II-7-4-8 Filtering Binding This page allows the network administrator to select a filtering profile for LAN/GE port to process multicast traffic. Available settings are explained as follows: Item Description Ports Use the drop down list to specify LAN Port (GE/LAG). Profile ID Use the drop down list to choose the filtering profile for the select port/interface. Enable – Check this box first to make profile ID selection be available for choosing. Apply Apply the settings to the switch.
80 VigorSwitch G2280 User’s Guide
II-8 Jumbo Frame This page allows a user to configure switch port jumbo frame settings. Available settings are explained as follows: Item Description Jumbo Frame (Bytes) Enter Jumbo frame size. The valid range is 1526 bytes – 9216 bytes. Apply Apply the settings to the switch.
II-9 STP The Spanning Tree Protocol (STP) is a network protocol that ensures a loop-free topology for any bridged Ethernet local area network. Bridge Protocol Data Units (BPDUs) are frames that contain information about the Spanning Tree Protocol (STP). Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC (01:80:C2:00:00:00, or 01:00:0C:CC:CC:CD for Per VLAN Spanning Tree).
PathCost Method Specify the path cost method. Long - Specifies that the default port path costs are within the range: 1~200,000,000. Short - Specifies that the default port path costs are within the range: 1~65,535. Apply Apply the settings to the switch. II-9-2 Port Setting This page allows the user to configure and display Spanning Tree Protocol (STP) port settings.
full-duplex and “does not” directly connect to another switch or host. 84 BPDU Filter Yes – Drop all BPDU packets and no BPDU will be sent. BPDU Guard Yes – BPDU Guard further protects your switch by turning this port into error state and shutdown if any BPDU received from this port. Check it to enable such function. Apply Apply the settings to the switch. After clicking it, the settings configured above will be shown on the table below.
II-9-3 Bridge Setting This page allows the network administrator to configure required information to negotiate with other VigorSwitch for determining the bridge switch. Available settings are explained as follows: Item Description Priority Specify the bridge priority. The valid range is from 0 to 61440, and the value should be the multiple of 4096.
II-9-4 Port Advanced Setting This page allows user to edit general setting of STP CIST port and browser CIST port status. Available settings are explained as follows: 86 Item Description Port Display the interface number for GE and LAG. Indentifier(Priority/ID) Display the spanning tree port identifier. Path Cost Conf/Oper Display current path cost of given port. Designated Root Bridge Display the identifier of designated root bridge. Root Path Cost Display the operational root path cost.
II-9-5 Statistics This page displays STP statistics. Available settings are explained as follows: Item Description Port Display the port number (GE / LAG). Configure BPDUs Rx. Display the counts of the received CONFIG BPDU. TCN BPDUs Rx. Display the counts of the received TCN BPDU. Configure BPDUs Tx. Display the counts of the transmitted CONFIG BPDU. TCN BPDUs Rx Display the counts of the transmitted TCN BPDU.
II-9-6 MST Instance MSTP allows traffic of different VLAN to be mapped into different MST Instances. VigorSwitch supports up to 16 independent MST instances (0~15) with which the VLAN can be associated. Available settings are explained as follows: Item Description MSTI Display the index number of MST Instance. Each MSTI can have one or multiple VLANs. Edit - Click it to modify the priority setting for the selected GE port / LAG port.
Priority – The switch priority for this MST instance. A lower number gives the switch higher chance to be chosen as the root bridge. Bridge Identifiter – Display the priority of MSTI instance number + MAC address of the switch. Designated Root Bridge – Display the Bridge Identifier of the root bridge. Root Port – Display the port toward the root. Root Path Cost – Display the path cost toward the root. Remaining Hop – Display the remaining hop count in BPDU. OK – Save the modifications.
MSTI – Display the selected MST instance. Path Cost – Set path cost value for the port. A port with lowest value will be used as the forwarding port by spanning tree. Default value was set according to the bandwidth of the port. Priority – Among the ports with same path cost, port with lower priority will have higher chance to be used as the forwarding port by spanning tree. Use the drop down list to choose desired priority value.
II-10 MAC Address Table This section allows user to view the dynamic MAC address entries in the MAC table, change related setting, and assign MAC address into MAC table. II-10-1 Static MAC Setting This section allows user to manually assign MAC address into MAC table. The configuration result will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description MAC Address Enter the MAC address that will be forwarded.
II-10-2 Dynamic Address Setting This page allows a user to configure aging time for dynamic MAC address. Available settings are explained as follows: Item Description Aging Time Enter the Dynamic MAC address aging out value (5-32767 seconds). Apply Apply the settings to the switch. II-10-3 Dynamic Learned This page displays the MAC address and port number automatically learned by VigorSwitch.
VLAN Display the VLAN group to which the MAC address belongs. Type Display whether the MAC address is Dynamic (learned by the Switch) or Static Unicast (manually entered in the Static MAC Forwarding screen). Port Display the port to which this MAC address belongs. Add to Static Click this button to add any port into the static MAC table.
II-11 Blocked Port Recover This page is used for configuring settings to recover the port which is being blocked by the following functions after a defined period of time. Available settings are explained as follows: 94 Item Description Recovery Interval The port being blocked will be able to receive and send traffic after the time period configured here. BPDU Guard Enable – Recover the port being blocked by BPDU Guard after the time set in Recovery Interval.
Part III Security VigorSwitch G2280 User’s Guide 95
III-1 RADIUS This page allows the network administrator to add and configure multiple RADIUS servers. Available settings are explained as follows: 96 Item Description Use Default Parameters Retries - The retry time before this server being considered not-reachable. Timeout for Reply – Set the time (in seconds) before this server being considered lost connection. Key String – Enter the string used to encrypt and authenticate with RADIUS server. Apply - Save the settings.
under Edit- Click it to modify the priority setting for the selected GE port / LAG port.
III-2 TACACS+ This page allows the network administrator to add and configure multiple TACACS+ server. Available settings are explained as follows: Item Description Use Default Parameters Timeout –Set the time (in seconds) before this server being considered lost connection. Key String – Enter the string used to encrypt and authenticate with TACACS+ server. Apply - Save the settings.
III-3 Management Access Authentication III-3-1 Method Profile This page allows a user to create method list for applying on management service. Available settings are explained as follows: Item Description Method Profile Name – Enter a name for creating a method. Optional Methods – Available methods include Local, RADIUS and TACACS+. Selected Methods – The method listed in this field will be applied for such method profile. Add – Click it to add a method from Optional Method onto Selected Method.
III-3-2 Application Authentication This page allows the network administrator to select the customized Method List to apply to any management service, for management access control. Available settings are explained as follows: Item Description Application There are five methods to be configured with different profile respectively. 100 Console/Telnet/SSH/HTTP/HTTPS Selected Profile Specify one of customized method profiles to apply to any management service, for management access control.
III-4 Management Access Control III-4-1 Management Access Control Profile (ACL) This page allows a user to add, edit, and delete Management Access Control profiles. Available settings are explained as follows: Item Description ACL Name Enter a name to create a profile for ACL. Once a profile is created, it will be displayed on this page. Add Click it to create a new ACL profile after entering the ACL name. ACL Profile Name Display the name of the ACL profile.
III-4-2 Management Access Control Entries (ACE) This page allows a user to add, edit, or remove Access Control Entries (ACE) of the Management Access Control profiles. However, only the ACE of inactive profiles can be modified, and before configuring ACE, at least one ACL profile should be created. Available settings are explained as follows: Item Description ACL Profile Name Use the drop-down list to select the inactive ACL profile you would like to modify.
- click it to remove the selected entry.
III-5 802.1X/MAC Authentication The authentication manager allows you to configure securely access from any host connected to physical ports. You may apply multiple ways of authentication to each port. III-5-1 Properties III-5-1-1 Global Settings VigorSwitch G2280 supports 802.1x and MAC-based authentication methods. In Global Settings page, you can specify authentication type, enable Guest VLAN function, specify a VID and select format for MAC address entry.
III-5-1-2 Port Authentication Setting This page allows the network administrator to configure detailed authentication settings for each port. Available settings are explained as follows: Item Description Apply Settings to Ports Select physical port(s) for applying settings. Note that port authentication will not be effective if none of them were enabled. Authentication Types Enabled Select 802.1x and/or MAC-based authenticate method for host connecting to this port.
Reject - Switch will reject the host if it does not receive the VLAN information from RADIUS server. Apply The modification made above can be applied on to the selected GE port immediately. III-5-2 Port Control/Settings This page allows the network administrator to controls port setting, based on 802.1X, for ethernet port authentication. Available settings are explained as follows: 106 Item Description Ports Select the ports to modify the port control settings.
Reauthentication Period Enter a time period. When the time is up, the host shall return to initial state and prepare to pass authentication procedure again. Default is 3600 seconds. Inactivate Timeout When there is no packet coming from the authenticated host, the system will start the inactive timer. After inactive timeout, the host will be unauthorized and corresponding session will be deleted. In Multiple Hosts mode (configured in 802.
III-5-3 MAC-Based Local Account This page allows the network administrator to create profiles by entering MAC address of the hosts to be authenticated. Available settings are explained as follows: Item Description MAC Address Enter the MAC address of the host. Port Control Specify a control type for the host. Force Authorized – Click it to forcefully authenticate the host specified above. Force Unauthorized - The host specified above will not be authenticated by VigorSwitch.
III-5-4 Authenticated Hosts This page displays information related to the host authenticated by VigorSwitch.
III-6 Port Security This page allows the network administrator to configure security settings for each port interface (GE port /LAG group). When port security is enabled for each interface, releated action will be performed once detecting that the number of MAC address exceeds the limit. Available settings are explained as follows: Item Description State Enable or disable port security function on the switch. Enabled - Enable the port security function. Disabled - Disable the port security function.
VigorSwitch G2280 User’s Guide 111
III-7 Protected Ports This page allows the network administrator to configure protected port setting to prevent the selected ports from communication with each other. Protected port is only allowed to communicate with unprotected port. For example, GE1 and GE3 are selected in Port List and Enable is clicked as Protected, then users behind GE1 and GE3 are separated and can not communicate with each other.
III-8 Storm Control Storm Control helps to suppress possible broadcast, unknown multicast or unknown unicast storm by applying a rate limit on those packets. III-8-1 Properties This page allows a user to configure general settings for Storm Control. Available settings are explained as follows: Item Description Storm Control Mode Select the mode of storm control. Packet/sec – Storm control rate will be calculated by packet-based. Kbits/sec - Storm control rate will be calculated by octet-based.
III-8-2 Port Setting This page allows the network administrator to configure port settings for Storm Control. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port profile (GE1 to GE28). Storm Control Disable – Disable the storm control configuration for the selected port profile.
VigorSwitch G2280 User’s Guide 115
III-9 DoS A Denial of Service (DoS) attack is a hacker attempt to make a device unavailable to its users. DoS attacks saturate the device with external communication requests, so that it cannot respond to legitimate traffic. These attacks usually lead to a device CPU overload. The DoS protection feature is a set of predefined rules that protect the network from malicious attacks. The DoS Security Suite Setting enables activating the security suite.
Ping packets that length are larger than 65535 bytes. Disabled – Disable the item function. Enabled - Enable the item function. IPv6 Min Fragments Check the minimum size of IPv6 fragments, and drop the packets smaller than the minimum size. The valid range is from 0 to 65535 bytes, and default value is 1240 bytes. Disabled – Disable the item function. Enabled - Enable the item function. ICMP Fragments Drop the fragmented ICMP packets. Disabled – Disable the item function.
Disabled – Disable the item function. Enabled - Enable the item function. Apply Apply the settings to the switch. III-9-2 DoS Port Setting This page allows a user to configure and display the state of DoS protection for interfaces. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port profile (GE1 to GE28) or profiles.
III-10 Dynamic ARP Inspection Dynamic ARP inspection (DAI) can prevent ARP spoofing attacks by validating ARP packet in a network. It can intercept, record, and discard ARP packets with invalid IP-to-MAC address bindings; and then protect the network against malicious attacks. III-10-1 Properties III-10-1-1 Global Property Settings This page allows a user to configure global property settings for the fuction of Dynamic ARP Inspection.
III-10-1-2 Per Port Property Settings This page allows a user to configure detailed settings of DAI for each port (GE/LAG). Available settings are explained as follows: 120 Item Description Ports Use the drop down list to select the port (GE1 to GE28, LAG1 to LAG8) or ports for applying DAI function. Trust Enable – Enable the function of DAI for the port(s) selected above.
III-10-2 Statistics This page displays all statistics recorded by Dynamic ARP Inspection function.
III-11 DHCP Snooping DHCP snooping is able to validate DHCP messages obtained from untrusted sources and filter out invalid message. For DHCP snooping to function properly, it is suggested to connect DHCP servers to VigorSwitch through trusted interfaces; because untrusted DHCP messages will be forwarded to trusted interfaces only. III-11-1 Properties III-11-1-1 Global Property Settings This page allows a user to configure global property settings for the fuction of DHCP snooping Inspection.
III-11-1-2 Per Port Property Settings This page allows a user to configure detailed settings of DHCP Snooping for each port (GE/LAG). Any device that is not in the service provider network will be regarded as an untrusted source (such as a customer switch). Host ports are untrusted sources. In VigorSwitch, you can assign a source as trusted device by configuring the trust state of its connecting port.
III-11-2 Statistics This page displays all statistics recorded by DHCP snooping function. III-11-3 Option82 Property You can use information settings including Remote ID and Circuit ID for Option82 Property, also known as the DHCP relay agent, to protect VigorSwitch against spoofing attacks. III-11-3-1 Global Option82 Property Settings This page allows a user setting string as remote ID for DHCP option82. For example, use a switch-configured hostname or specify an ASCII text string as remote ID.
User Defined – Check it and manually enter ASCII text string in the entry box. Apply Apply the settings to the switch. III-11-3-2 Per Port Option82 Property Settings This page allows a user to configure detailed settings of DHCP Snooping, Option82 for each port (GE/LAG). Available settings are explained as follows: Item Description Ports Use the drop down list to select the port (GE1 to GE28, LAG1 to LAG8) or ports for applying DHCP snooping, Option82 Property function.
III-11-4 Option82 Circuit ID This page allows a user setting string as circuit ID for DHCP option82 setting. Circuit ID shall be combined with VLAN name (or VLAN ID number) and interface name (GE/LAG port). Available settings are explained as follows: Item Description Ports Use the drop down list to select the port (GE1 to GE28, LAG1 to LAG8) or ports for applying DHCP snooping, Option82 Property function. VLAN Choose a number as VLAN ID which is easy to be identified for a packet containing with it.
III-12 IP Source Guard By using the source IP address filtering function, IP source guard can prevent a malicious host from feigning a legal host with its IP address and performing malicious attack. III-12-1 Port Settings IP source guard is a port-based feature. Therefore, it is necessary to configure detailed settings for each GE/LAG port interface separately.
III-12-2 IMPV Binding This page allows the network administrator to set the filtering conditions (binding type, MAC address, IPv4 address) for packets through the specified LAN port. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port (GE1 to GE28, LAG1 to LAG8) or ports for applying IMPV Binding function. VLAN Choose a number as VLAN ID which is easy to be identified for a packet containing with it. It is optional setting.
- click it to remove the selected entry. III-12-3 Save Database This page allows the network administrator to configure the DHCP Snooping database. Available settings are explained as follows: Item Description Type None – Do not save the database. Flash – Save the database to flash memory. TFTP – Save the database to a TFTP server. Filename Enter a filename if TFTP is used. Address Type Specify the address type if TFTP is used. Hostname – Use hostname as server address. IPv4 – Use IPv4 address.
130 Server Address Enter an IP address or hostname of TFTP sever if TFTP is used. Write Delay Set a value from 15 to 86400. After the database is changed, the transfer work will be delayed for the value set. The default value is 300 (seconds). Timeout Set a value from 0 to 86400. Stop the transfer process if it is not finished after waiting for the set value. Set a value. The default value is 300 (seconds). Apply Apply the settings to the switch.
Part IV ACL Configuration VigorSwitch G2280 User’s Guide 131
IV-1 Create ACL An Access Control List (ACL) is a sequential list of permit or deny conditions that apply to IP addresses, MAC addresses, or other more specific criteria. This switch tests ingress packets against the conditions in an ACL one by one. A packet will be accepted as soon as it matches a permit rule, or dropped as soon as it matches a deny rule. If no rules match, the frame is accepted.
IV-1-2 IPv4 The function is used to show the Access Control List (ACL) based on Layer 2 to Layer 4 filtering, the IPv4. The ACL is composed by many Access Control Element (ACE) rules. You may create a new ACL here; then add multiple ACEs. Available settings are explained as follows: Item Description ACL Profile Name Enter a name for creating a new ACL profile. Add Add a new ACL entry using given ACL name. Action - click it to remove the selected entry.
Available settings are explained as follows: Item Description ACL Profile Name Enter a name for creating a new ACL profile. Add Add a new ACL entry using given ACL name. Action 134 - click it to remove the selected entry.
IV-2 Create ACE Since ACL based on MAC, IPv4 and/or IPv4 has been created on the section of IV-1, now you can add multiple ACE rules for each ACL. IV-2-1 MAC This page shows ACE based on MAC address. You may choose ACL, permit, and deny particular packet or frame, even shutdown the port. You may provide filtering/matching criteria for one or more of packet characteristic (such as Source/Destination MAC, Ethertype, VLAN, 802.1p) for this ACE to identify the packet.
address. Ethertype Specify ethernet type for filtering. Select Any. Or, enter the value with the format of “0x600 ~ 0xFFF”. VLAN Specify VLAN profile for filtering. Select Any. Or, enter a VLAN number. The packets coming from the VLAN specified here will be filtered by Vigor device. 802.1p Specify the 802.1p priority value for filtering. Select Any, or a number from 0 to 7. Add Click it to create a new ACE rule. Modify - click it to modify the settings for the selected entry.
contained ACE rules, start with the one with lower sequence number to match the packet first. Action Select the action applied to the packet matched this ACE. Permit or deny the packets into switch core, or shutdown the port for stopping further transmission. Permit Deny Shutdown Protocol Specify the protocol for filtering. Any – All packets will be filtered. Select – Choose one of the protocol (e.g., ICMP, IP in IP, TCP, EGP, IGP…) from the drop down list.
IV-2-3 IPv6 This page allows the network administrator to create ACE based on IPv6 address. Available settings are explained as follows: 138 Item Description ACL Profile Name Use the drop down list to selected one of the user defined ACL profiles. Sequence Assign a sequence number to this ACE. The sequence is used to identify which one of ACEs in an ACL is firstly used to match ingress packets.
DSCP – All IP traffic is mapped to queues based on the DSCP field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue. IP Precedence - All IP traffic is mapped to queues based on the IP Precedence field in the IP header. If traffic is not IP traffic, it is mapped to the lowest priority queue. Source Port / Destination Port Specify the source and destination port number for filtering the packets. Any – All packets will be filtered.
IV-3 ACL Binding This section allows you to bind Access Control Lists created in previous section to an interface (physical port or aggregation). A physical port can only be bound with one of the IPv4 and IPv6 ACL, not both. Available settings are explained as follows: 140 Item Description Ports Use the drop down list to select the port profiles (GE1 to GE28) for binding ACL.
Part V QoS Configuration VigorSwitch G2280 User’s Guide 141
V-1 General QoS (Quality of Service) functions to provide different quality of service for various network applications and requirements and optimize the bandwidth resource distribution so as to provide a network service experience of a better quality. V-1-1 Properties V-1-1-1 QoS General Setting This page allows the network administrator to specify Ingress Trust Mode for basic QoS mode.
V-1-1-2 Trust Ports This page allows the network administrator to enable the trust mode of basic QoS on each port. Port that is trust disabled will be sent with lowest priority queue. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port profile (GE1 to GE28) or profiles.
V-1-2 Port Settings This page allows the network administrator to configure port settings for QoS. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port profile (GE1 to GE28) or profiles. Ingress Default CoS Specify the default CoS priority value for those ingress frames without given trust QoS tag (802.
V-1-3 Queue Settings VigorSwitch supports multiple queues for each interface. The higher numbered queue represents the higher priority. The following lists the types of supported priority queue: Strict Priority (SP) - Egress traffic from the higher priority queue will be transmitted first, lower priority queue shall wait until all traffic in SP queue is transmitted. Weighted Round Robin (WRR) - The number of packets sent from the queue is proportional to the weight of the queue.
V-1-4 CoS Mapping This section allows user to configure how ingress frames with CoS/802.1p tag map to QoS queues, and QoS queues to CoS/802.1p on egress frames. Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only. Available settings are explained as follows: Item Description CoS to Queue Mapping (for Ingress) – Settings for incoming packets. Class of Service Display the class of service value (0 to 7).
V-1-5 DSCP Mapping This section allows user to configure how ingress packets with DSCP tag map to QoS queues, and QoS queues to DSCP on egress packets. Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only. Available settings are explained as follows: Item Description DSCP to Queue Mapping (for Ingress) – Settings for the incoming packets. DSCP Display the DSCP value (0 to 7).
V-1-6 IP Precedence Mapping This section allows user to configure how ingress packets with IP Precedence tag map to QoS queues, and QoS queues to IP Precedence on egress packets. Actual effectiveness is based on how QoS is configured in previous QoS section. This page provides settings for user to configure mapping only. Available settings are explained as follows: Item Description IP Precedence to Queue Mapping (for Ingress) - Settings for the incoming packets..
V-2 Bandwidth Use the bandwidth setting pages to define values that determine how much traffic the switch can receive and send on specific port or queue. V-2-1 Ingress Rate Limit This page allows a user to configure ingress port rate limit. The ingress rate limit is the number of bits per second that can be received from the ingress interface. Excess bandwidth above this limit is discarded. The configuration result for each port will be displayed on the table listed on the lower side of this web page.
V-2-2 Egress Shaping Rate This page allows a user to configure egress port rate limit. The egress rate limit is the number of bits per second that can be received from the egress interface. Excess bandwidth above this limit is discarded. Available settings are explained as follows: Item Description Egress Shapping Rate Ports Use the drop down list to select the port profile (GE1 to GE28) or profiles. State Disable – Disable egress bandwidth control. Enable - Enable egress bandwidth control.
V-2-3 Egress Shaping Per Queue This page allows user to configure the maximum egress bandwidth not only by port but also by specific QoS queues. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description Egress Shapping Per Queue Port Use the drop down list to select the port profile (GE1 to GE28) or profiles.
This page is left blank.
Part VI System Maintenance VigorSwitch G2280 User’s Guide 153
VI-1 TR-069 This page allows a user setting TR-069 parameters that VigorSwitch can be managed by VigorACS. 154 Item Description ACS Settings TR-069 –Click Enable to activate the settings on this page. URL / Username / Password –Such data must be typed according to the ACS (Auto Configuration Server) you want to link. Please refer to Auto Configuration Server user’s manual for detailed information.
maintaining the binding in the Gateway. Please type a number as the minimum period. The default setting is “60 seconds”. Maximum Keep Alive Period – If STUN is enabled, the CPE must send binding request to the server for the purpose of maintaining the binding in the Gateway. Please type a number as the maximum period. A value of “-1” indicates that no maximum period is specified. Apply Apply the settings to the switch. Clear Clear current modification of this page.
VI-2 LLDP LLDP is a one-way protocol; there are no request/response sequences. Information is advertised by stations implementing the transmit function, and is received and processed by stations implementing the receive function. The LLDP category contains LLDP and LLDP-MED pages. VI-2-1 Properties This page allows a user configuring general settings for LLDP. Available settings are explained as follows: 156 Item Description LLDP State Enable – Enable LLDP protocol on this switch.
VI-2-2 LLDP Port Setting This page allows a user to select specified port or all ports to configure LLDP state. Available settings are explained as follows: Item Description Ports Use the drop down list to select the port (GE1 to GE28) or ports for device check. State Disable – Disable the transmission of LLDP PDUs. TX&RX – Transmit and receive LLDP PDUs both. TX Only – Transmit LLDP PDUs only. RX Only - Receive LLDP PDUs only.
VI-2-3 LLDP Local Device This page displays information for LLDP Local Device. Available settings are explained as follows: Item Description Device Summary Display a summary of the LLDP information for this switch. Chassis ID Subtype - Display the type of chassis ID, such as the MAC address. Chassis ID - Display Identifier of chassis. Where the chassis ID subtype is a MAC address, the MAC address of the switch is displayed. System Name - Display model name of switch.
VI-2-4 MED Network Policy This page allows the network administrator to set MED (Media Endpoint Discovery) network policy. Available settings are explained as follows: Item Description Policy ID Choose a number for configuring the policy profile. Available selections include 1 to 32. Enable Policy Enable – Click it to enable such function. Application There are several applications which can be used for MED network.
VI-2-5 LLDP MED Port Settings This page allows the network administrator to configure TLV (Type / Length / Value) settings for each port. Available settings are explained as follows: 160 Item Description Ports Choose the port(s) for configuring TLV settings. State Enable – Click it to enable LLDP MED on the selected port. Available Optional TLV Available TLV items will be shown in this field.
VI-2-6 LLDP Remote Device This page allows the network administrator to view the information sent from neighboring devices by LLDP protocol. Available settings are explained as follows: Item Description Local Port Display the number of the local port to which the neighbor is connected. Chassis ID Subtype Display the type of chassis ID (for example, MAC address). Chassis ID Display the identifier of the 802 LAN neighboring device’s chassis. Port ID Subtype Display the type of port identifier.
VI-2-7 LLDP Overloading This page allows user to review current size, overall size of LLDP packet and whether it is to exceed maximum allowed size of single LLDP packet. Available settings are explained as follows: 162 Item Description Port Display the name of the port. Total(Bytes) Display the total number of bytes of LLDP information in each packet. Left to Send(Bytes) Display the total number of available bytes left for additional LLDP information in each packet.
VI-3 SNMP Simple Network Management Protocol (SNMP) is an "Internet-standard protocol for managing devices on IP networks". Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks and more. SNMP is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. SNMP is a component of the Internet Protocol Suite as defined by the Internet Engineering Task Force (IETF).
VI-3-1 View This page allows the network administrator to create MIB views (Management information base) and then include or exclude OID (Object Identifier) in a view. Available settings are explained as follows: 164 Item Description View Name Enter a name of the MIB view. OID Subtree Enter an OID string to be included or excluded from the MIB view. Type Determine to include or exclude the selected MIBs. Apply Apply the settings to the switch.
VI-3-2 Group This page allows the network administrator to group SNMP users and assign different authorization and access privileges. Available settings are explained as follows: Item Description Group Name Enter a name for the group. Version Specify SNMP version. Security Level Specify SNMP security level for the group. It is available when SNMPv3 is selected. No Security – No authentication and no encryption. Authentication – Requires authentication but no encryption.
VI-3-3 Community This page allows a user to add/remove multiple communities of SNMP. Available settings are explained as follows: 166 Item Description Community Name Enter a name as community name. The maximum length of the text is limited to 23 characters. Type Basic – View and access right can be specified for such SNMP community profile. Advanced – Specify one of the SNMP groups for such SNMP community profile.
VI-3-4 User This page allows a user to configure SNMP user profile. Available settings are explained as follows: Item Description User Name Enter a name for creating new SNMP user. Group Choose one of the SNMP group from the drop down list. Then, this user profile will be grouped under the selected SNMP group. Security Level Specify SNMP security level for the group. It is available when SNMPv3 is selected. No Security – No authentication.
168 VigorSwitch G2280 User’s Guide
VI-3-5 Engine ID VI-3-5-1 Local Engine ID This page allows a user to configure and display SNMP local engine ID. Available settings are explained as follows: Item Description Engine ID The user defined engine ID is range 10 to 64 hexadecimal characters, and the hexadecimal number must be divided by “2”. User Defined - If it is checked, the local engine ID will be configured manually. If not, the default Engine ID which is made up of MAC and Enterprise ID will be used instead.
Available settings are explained as follows: Item Description Address Type Specify the address type for entering hostname or IPv4/IPv6 address. Server Address Enter the IP address or the host name of the SNMP server. Engine ID Specify the engine ID for remote SNMP server. The engine ID is range10 to 64 hexadecimal characters, and the hexadecimal number must be divided by 2. Add Click it to create a new profile. Edit - click it to modify the settings for the selected server profile.
VI-3-6 Trap Event This page allows a user to add or delete SNMP trap receiver IP address and community name. Available settings are explained as follows: Item Description Authentication Failure Enable – VigorSwtich will reboot when encountering authentication failure (including community not match or user password not match). Link Up / Down Enable – VigorSwtich will reboot while encountering port link up or down trap. Cold Start Enable – VigorSwtich will reboot while encountering user trap.
VI-3-7 Notification This page allows a user to configure a host to receive SNMPv1/v2/ve notification. Available settings are explained as follows: 172 Item Description Address Type Choose IPv4/IPv6/Hostname to specify IP address or the hostname of the SNMP trap recipients. Server Address Enter the IP address of SNMP server based on the address type selected above. Version Specify SNMP notification version (SNMPv1/v2/v3). Type Specify Notification Type. Trap –Send SNMP traps to the host.
Inform is selected as Type. Use Default - If it is checked, the default number (3) will be used automaticallty. Add Edit Click it to create a new notification profile. - Click it to modify the settings for the selected server profile. - Click it to remove the selected entry.
VI-4 Access Manager This page allows the network administrator to control availability of management services such as HTTP, HTTPS, Telent and SSH. Available settings are explained as follows: 174 Item Description HTTP Service HTTP is the acronym of HyperText Transfer Protocol. Enabled –Click it to enable HTTP service. HTTPS Service HTTPS is the acronym of Hypertext Transfer Protocol over Secure Socket Layer. Enabled - Click it to enable HTTPS service.
VI-5 Time and Date VI-5-1 System Time Zone This page allows a user to specify where the time of VigorSwitch should be inquired from. Available settings are explained as follows: Item Description System Time Zone Setting Time Zone Use the drop down menu to select a time zone that VigorSwitch is located. Daylight Saving Time Select the mode of daylight saving time. Disable –Disable daylight saving time. Recurring - Using recurring mode of daylight saving time.
From - Specify the starting time of non-recurring daylight saving time. To - Specify the ending time of recurring daylight saving time. Apply Apply the settings to the switch. System Time Zone Informations Display the status of system time zone. VI-5-2 Time This page allows a user to specify time and activate SNTP server manually. Available settings are explained as follows: 176 Item Description Manual Time Specify static time (year, month, day, hours, miniutes and seconds) manually.
VI-6 Backup Manager Backup Manager allows a user to backup the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol. Available settings are explained as follows: Item Description Backup Method Select Backup method. TFTP - Using TFTP to backup firmware. HTTP - Using WEB browser to ubackup firmware. Server IP It is available when TFTP is selected as Backup Method. Enter the IPv4/IPv6 address for the TFTP server.
VI-7 Upgrade Manager Backup Manager allows a user to upgrade the firmware image or configuration file on the switch to remote TFTP server or host file system through HTTP protocol. Available settings are explained as follows: 178 Item Description Upgrade Method Select Upgrade method: TFTP - Using TFTP to upgrade firmware. HTTP - Using WEB browser to upgrade firmware. Server IP It is available when TFTP is selected as Upgrade Method. Enter the IPv4/IPv6 address for the TFTP server.
VI-8 Firmware Information This page allows a user to choose the active firmware and backup firmware. Available settings are explained as follows: Item Description Active Image There are two versions of firmware. Simply choose the one you want as primary firmware. Apply Apply the settings to the switch. Firmware 1 Information Firmware 2 Information Mode - Display the mode (Active or Backup) of the firmware. Active –Display the status (in use or not) of the firmware.
VI-9 Account Manager This page allows a user to add or delete local user on switch database for authentication. The configuration result for each port will be displayed on the table listed on the lower side of this web page. Available settings are explained as follows: Item Description User Name Enter a username for new account. If you want to modify an existed user account, simply enter the same string in this field. Then, modify the password and choose privilege level.
VigorSwitch G2280 User’s Guide 181
VI-10 Factory Default Click Apply to return to factory default settings for VigorSwitch. If Keep my current IPv4 address settings is checked, after clicking Apply, the original configuration for IP address will be kept.
VI-11 Reboot Switch Click Apply to reboot VigorSwitch with current settings.
This page is left blank.
Part VII Diagnostics VigorSwitch G2280 User’s Guide 185
VII-1 Cable Diagnostics After finished copper test, the results will be shown on the lower side of this web page. Available settings are explained as follows: 186 Item Description Port Use the drop down list to select the port (GE1 to GE28) or ports for performing cable diagnostics. Start Perform the copper test action.
VII-2 Ping Test After finished the ping test, the results will be shown on the lower side of this web page. Available settings are explained as follows: Item Description Protocol Choose IPv4/IPv6 to specify IP address for sending ping to check if network path is ok. Host Enter the IP address of SNMP server based on the protocol selected above. Count It means how many times to send ping request packet. Enter a number between 1 and 5 as the count and the default configuration is 4.
VII-3 SysLog VII-3-1 SysLog Explorer After clicking View, the results will be shown on the lower side of this web page. Available settings are explained as follows: 188 Item Description Source Volatile Memory – Explore the logs contained in volatile memory (also known as RAM). Non-Volatile Memory - Explore the logs contained in non-volatile memory (also known as Flash).
VII-3-2 SysLog Settings VII-3-2-1 SysLog Service This page allows user to enable system logging into local syslog and specific remote syslog server for storage. Available settings are explained as follows: Item Description SysLog Service Enable – Click it to activate function of syslog. Disable – Click it to inactivate the function. Apply Apply the settings to the switch.
VII-3-2-2 Local SysLog This page allows user to enable logging into volatile memory or non-volatile memory. Available settings are explained as follows: 190 Item Description Source Volatile Memory – Select the volatile memory for saving local log. Volatile memory does not hold the log after reboot or power off. Non-Volatile Memory - Select the non-volatile memory for saving. If you want to modify Volatile Memory / Non-Volatile Memory, select Volatile Memory / Non-Volatile Memory in this field.
VII-3-2-3 Remote SysLog This page allows user to enable system logging into specific remote syslog server for storage. After clicking Apply, the results will be shown on the lower side of this web page. Available settings are explained as follows: Item Description Server Address Enter the IP address of Syslog server. Server Port Specify the port that syslog should be sent to. Severity Select severity (emerg, alert, crit, error, warning, notice, info and debug) of log messages which will be stored.
This page is left blank.
Appendix: Reference This chapter will tell you the basic concept of features to manage this switch and how they work. A-1 What’s the Ethernet Ethernet originated and was implemented at Xerox in Palo Alto, CA in 1973 and was successfully commercialized by Digital Equipment Corporation (DEC), Intel and Xerox (DIX) in 1980. In 1992, Grand Junction Networks unveiled a new high speed Ethernet with the same characteristic of the original Ethernet but operated at 100Mbps, called Fast Ethernet now.
This above diagram shows the Ethernet architecture, LLC sub-layer and MAC sub-layer, which are responded to the Data Link layer, and transceivers, which are responded to the Physical layer in OSI model. In this section, we are mainly describing the MAC sub-layer. Logical Link Control (LLC) Data link layer is composed of both the sub-layers of MAC and MAC-client. Here MAC client may be logical link control or bridge relay entity.
LLC type 1 connectionless service, LLC type 2 connection-oriented service and LLC type 3 acknowledge connectionless service are three types of LLC frame for all classes of service. In Fig 3-2, it shows the format of Service Access Point (SAP). Please refer to IEEE802.2 for more details.
A-2 Media Access Control (MAC) MAC Addressing Because LAN is composed of many nodes, for the data exchanged among these nodes, each node must have its own unique address to identify who should send the data or should receive the data. In OSI model, each layer provides its own mean to identify the unique address in some form, for example, IP address in network layer. The MAC is belonged to Data Link Layer (Layer 2), the address is defined to be a 48-bit long and locally unique address.
Start-of-frame delimiter (SFD) - The SFD is one-byte long with alternating pattern of ones and zeros, ending with two consecutive 1-bits. It immediately follows the preamble and uses the last two consecutive 1s bit to indicate that the next bit is the start of the data packet and the left-most bit in the left-most byte of the destination address. The SFD pattern is 10101011. Destination address (DA) - The DA field is used to identify which network device(s) should receive the packet. It is a unique address.
After the frame is assembled, when transmitting the frame, the preamble (PRE) bytes are inserted and sent first, then the next, Start of frame Delimiter (SFD), DA, SA and through the data field and FCS field in turn. The followings summarize what a MAC does before transmitting a frame. 1. MAC will assemble the frame.
Parameter value/LAN Max. collision domain DTE to DTE Max. collision domain with repeater Slot time Interframe Gap AttemptLimit BackoffLimit JamSize MaxFrameSize MinFrameSize BurstLimit 10Base 100Base 1000Base 100 meters 100 meters for UTP 100 meters for UTP 2500 meters 412 meters for fiber 205 meters 316 meters for fiber 200 meters 512 bit times 9.6us 16 10 32 bits 1518 64 Not applicable 512 bit times 0.96us 16 10 32 bits 1518 64 Not applicable 512 bit times 0.
A-3 Flow Control Flow control is a mechanism to tell the source device stopping sending frame for a specified period of time designated by target device until the PAUSE time expires. This is accomplished by sending a PAUSE frame from target device to source device. When the target is not busy and the PAUSE time is expired, it will send another PAUSE frame with zero time-to-wait to source device. After the source device receives the PAUSE frame, it will again transmit frames immediately.
the receiver of the target device begins receiving the bit stream, and looks for the PRE (Preamble) pattern and Start-of-Frame Delimiter (SFD) that indicates the next bit is the starting point of the MAC frame until all bit of the frame is received. For a received frame, the MAC will check: 1. If it is less than one slotTime in length, i.e. short packet, and if yes, it will be discarded by MAC because, by definition, the valid frame must be longer than the slotTime.
Note: RIF is used in Token Ring network to provide source routing and comprises two fields, Routing Control and Route Descriptor. When MAC parses the received frame and finds a reserved special value 0x8100 at the location of the Length/Type field of the normal non-VLAN frame, it will interpret the received frame as a tagged VLAN frame. If this happens in a switch, the MAC will forward it, according to its priority and egress rule, to all the ports that is associated with that VID.
Index A Account Manager, 171, 172 L License Agreement, 23 B License Information, 25, 26, 31, 47, 48, 75, 76, 85 Limiting Rate, 108 Backup Manager, 169 P Bandwidth, 143 C Preamble, 107 Properties, 110 CoS Mapping, 140 Q D QoS Configuration, 125, 135 Dashboard, 16, 17 S Diagnostics, 177 DoS, 110 Security, 89 DoS Port Setting, 112 SNMP, 155 DoS Protection, 112 SNMP Community, 158, 159, 161 E Storm Control, 108 Storm Control, 90, 92, 93, 95, 98, 104, 106, 107 Egress Shaping Per Queue, 145
