Powered by Accton ES4308-PoE 8-Port Web-Smart PoE Switch Management Guide www.edge-core.
Management Guide Web-Smart PoE Switch with 7 10/100/1000BASE-T (RJ-45) Ports and 1 Gigabit Combination (RJ-45/SFP) Port
ES4308-PoE E022009/ST-R02 F2.
About This Guide Purpose This guide gives specific information on how to operate and use the management functions of the switch. Audience The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
• • • • • • Added the Ingress Filtering Enabled option to the VLAN Port Configuration screen (page 3-26). Updated descriptive text under “802.1X” on page 3-28. Added description of counters under “Displaying 802.1X Statistics” on page 3-30. Added “RSTP” on page 3-35. Added “QoS Settings” on page 3-42. Updated descriptive text under “PoE” on page 3-47. August 2007 Revision This is the first release of this guide.
Contents Chapter 1: Introduction Description of Software Features 1-1 1-1 Chapter 2: Initial Configuration 2-1 Chapter 3: Configuring the Switch Using the Web Interface Navigating the Web Browser Interface Home Page Configuration Options Panel Display Main Menu Web Configuration Displaying Status Overview Showing Port Statistics Displaying the System Name Setting the Switch’s IP Address Manual Configuration Configuring the Logon Password Tools Restore to Factory Defaults Upgrade Firmware Upload/Download
Contents 802.1X Configuring 802.1X Displaying 802.
Tables Table 3-1 Table 3-2 Table 3-3 Table 3-3 Table 3-3 Table 3-4 Web Page Configuration Buttons Switch Main Menu Port Statistics Recommended STA Path Cost Range Default STA Path Costs Mapping CoS Values to Egress Queues 3-3 3-4 3-9 3-38 3-38 3-43 v
Tables vi
Figures Figure 3-1 Figure 3-2 Figure 3-3 Figure 3-4 Figure 3-5 Figure 3-6 Figure 3-7 Figure 3-8 Figure 3-9 Figure 3-10 Figure 3-11 Figure 3-12 Figure 3-13 Figure 3-14 Figure 3-15 Figure 3-16 Figure 3-17 Figure 3-18 Figure 3-19 Figure 3-20 Figure 3-21 Figure 3-22 Figure 3-23 Figure 3-24 Figure 3-25 Figure 3-26 Figure 3-27 Figure 3-28 Figure 3-29 Figure 3-30 Figure 3-31 Figure 3-32 Figure 3-33 Figure 3-34 Home Page Front Panel Indicators System Information Port Statistics System Name LAN Settings Password Se
Figures viii
Chapter 1: Introduction The ES4308-PoE is a web-managed Gigabit PoE switch that delivers performance and control to your network. It provides 8 full-duplex 1000BASE-T ports that significantly improve network performance and boost throughput using features configured through a web-based management interface. With 16 Gigabits of throughput bandwidth, this switch provides an effective solution to meeting the growing demands on your network.
Introduction of broadcast traffic passing through the port is restricted. If broadcast traffic rises above a pre-defined threshold, it will be throttled until the level falls back beneath the threshold. Static Addresses – A static address can be assigned to a specific interface on this switch. Static addresses are bound to the assigned interface and will not be moved. When a static address is seen on another interface, the address will be ignored and will not be written to the address table.
Description of Software Features • Provide data security by restricting all traffic to the originating VLAN. Traffic Prioritization – This switch prioritizes each packet based on the required level of service, using four priority queues with Weighted Round Robin Queuing. It uses IEEE 802.1p and 802.1Q tags to prioritize incoming traffic based on input from the end-station application. These functions can be used to provide independent priorities for delay-sensitive data and best-effort data.
Introduction 1-4
Chapter 2: Initial Configuration To make use of the management features of your ES4308-PoE, you must first configure it with an IP address that is compatible with the network in which it is being installed. This should be done before you permanently install the switch in the network. Follow this procedure: 1. Place the switch close to the PC that you intend to use for configuration. It helps if you can see the front panel of the switch while working on your PC. 2.
Initial Configuration 2-2
Chapter 3: Configuring the Switch Using the Web Interface This switch provides an embedded HTTP web agent. Using a web browser you can configure the switch and view statistics to monitor network activity. The web agent can be accessed by any computer on the network using a standard web browser (Internet Explorer 5.5 or above, or Mozilla Firefox 1.0 or above). Prior to accessing the switch from a web browser, be sure you have first performed the following tasks: 1.
Configuring the Switch Home Page When your web browser connects with the switch’s web agent, the home page is displayed as shown below. The home page displays the Main Menu on the left side of the screen and System Information on the right side. The Main Menu links are used to navigate to other menus, and display configuration parameters and statistics.
Navigating the Web Browser Interface Configuration Options Configurable parameters have a dialog box or a drop-down list. Once a configuration change has been made on a page, be sure to click on the Apply button to confirm the new setting. The following table summarizes the web page configuration buttons. Table 3-1 Web Page Configuration Buttons Button Action Apply Sets specified values to the system. Cancel Discards all changes and restores current values. Help Links directly to web help.
Configuring the Switch Main Menu Using the onboard web agent, you can define system parameters, manage and control the switch, and all its ports, or monitor network conditions. The following table briefly describes the selections available from the web-browser interface. Table 3-2 Switch Main Menu Menu Description STATUS Page 3-6 Overview Provides a basic system description, including system 3-6 name, IP address, port, trunk, and VLAN information. Statistics Shows statistics for port and interface.
Navigating the Web Browser Interface Table 3-2 Switch Main Menu (Continued) Menu Description Page VLAN Membership Configure VLAN port groups. 3-24 VLAN Port Config Configures VLAN behavior for individual ports and trunks. 3-26 VLANS 3-24 802.1X 3-28 Settings Sets up 802.1X port authentication. 3-29 Statistics Displays the 802.1X statistics collected by the switch. 3-30 Settings Configures LLDP functions. 3-34 Neighbor Displays neighboring device LLDP statistics.
Configuring the Switch Web Configuration Displaying Status Overview You can easily identify the system by displaying the device name, location and contact information. Field Attributes System Information • • • • • • • System Name – Name assigned to the switch system. System Location – Specifies the system location. System Contact – Administrator responsible for the system. Number of Ports – Number of built-in ports. Hardware Version – Hardware version of the main board.
Web Configuration • • • • Flow Control Status – Indicates whether flow control is enabled or disabled. (IEEE 802.3x, or Back-Pressure) Auto-negotiation – Shows if auto-negotiation is enabled or disabled. Frame Type – Either “Tagged” or “All.” “Tagged” means that the port will only receive VLAN-tagged frames. When set to “All,” the port will also receive untagged frames. PVID – The VLAN ID assigned to untagged frames received on the interface.
Configuring the Switch Web – Click STATUS, Overview.
Web Configuration Showing Port Statistics You can display statistics on network traffic from the ports. These statistics can be used to identify potential problems with the switch (such as a faulty port or unusually heavy loading). All values displayed have been accumulated since the last system reboot, but can be reset to zero by clicking the CLEAR button. The current statistics are refreshed every few seconds, but the refresh can be paused by clicking the PAUSE button.
Configuring the Switch Displaying the System Name You can easily identify the system by displaying the device name and other descriptive information. Field Attributes • • • Switch Name – A name assigned to the switch system. System Location – Specifies the system location. System Contact – Administrator responsible for the system. Web – Click System, Name.
Web Configuration Note: If you cannot remember the switch’s IP address, you can restore the original settings by following the procedure described in the “Troubleshooting” section. Manual Configuration Web – Click SYSTEM, LAN Settings. Enter the IP address, subnet mask and gateway, then click APPLY. Note that if you change the switch IP address, you must close the web interface and start a new session using the new IP address.
Configuring the Switch Configuring the Logon Password The administrator has write access for all parameters governing the onboard agent. You should therefore assign a new administrator password as soon as possible, and store it in a safe place. Field Attributes Password – Specifies the user password.
Web Configuration Tools On the Tools page, you can restore the switch to default settings, upgrade the firmware of the switch, or restart the switch. Restore to Factory Defaults Forces the switch to restore the original factory settings. To reset the switch, select “Reset to Factory Defaults” from the drop-down list and click APPLY. The LAN IP Address, Subnet Mask and Gateway IP Address will be reset to their factory defaults. Web – Click System, Tools, Reset to Factory Defaults.
Configuring the Switch Upload/Download Configuration Web – Click SYSTEM, Tools, Upload/Download Configuration. To upload or download the configuration file, select “Upload/Download Configuration” from the Tools drop-down list, then click “Upload” or “Download,” and then click on the “Browse” button to select the file. Then click the APPLY button to transfer the switch configuration file. Figure 3-10 Upload/Download Configuration Restart Switch Web – Click SYSTEM, Tools, Restart Switch.
Web Configuration Register Product Edgecore requests that you register your switch online, if you have not already done so. The Register Product page provides a convenient link to the Edgecore web site for this purpose. Web – Click System, Register Product. Click the Register Now button to access the Edgecore web site and register your switch. Figure 3-12 Register Product Port Configuration You can use the Port Configuration page to manually set the speed, duplex mode, and flow control.
Configuring the Switch Web – Click PORTS, Settings. Enable or disable jumbo frames, select the required settings for any port, and then click APPLY.
Web Configuration Storm Control Broadcast storms may occur when a device on your network is malfunctioning, or if application programs are not well designed or properly configured. If there is too much broadcast traffic on your network, performance can be severely degraded or everything can come to complete halt. You can protect your network from broadcast storms by setting a threshold for broadcast traffic for each port. Any broadcast packets exceeding the specified threshold will then be dropped.
Configuring the Switch Port Mirroring You can mirror traffic from any source port to a target port for real-time analysis. You can then attach a logic analyzer or RMON probe to the target port and study the traffic crossing the source port in a completely unobtrusive manner. Field Attributes • Port to Mirror to – The port that will “duplicate” or “mirror” the traffic on the source port. Only incoming packets can be mirrored.
Web Configuration Cable Diagnostic You can perform cable diagnostics for all ports or selected ports to diagnose any cable faults (short, open etc.) and feedback a distance to the fault. Field Attributes • Cable Diagnostics – Cable diagnostics is performed on a per-port basis. Select the port number from the drop-down list. • Cable Status – Shows the cable length, operating conditions and isolates a variety of common faults that can occur on Category 5 twisted pair cabling.
Configuring the Switch Trunk Membership You can create multiple links between devices that work as one virtual, aggregate link. A port trunk offers a dramatic increase in bandwidth for network segments where bottlenecks exist, as well as providing a fault-tolerant link between two devices. This page allows you to create a maximum of four trunks of up to eight ports per trunk. The Membership Table has one row for each port and six columns.
Web Configuration Trunk Configuration This page allows you to configure the speed, duplex mode, and flow control for a trunk. Field Attributes • • • • Trunk – Indicates trunk identification. Speed/Duplex – Allows you to manually set the port speed and duplex mode for all ports in the trunk. Flow Control – Allows flow control to be enabled or disabled. When the box is checked, flow control is enabled. Ports – Indicates which ports belong to the trunk. Web – Click TRUNKS, Settings.
Configuring the Switch Field Attributes • • Port – The port number. Enabled – Enables LACP on the associated port. • Key Value – Configures a port's LACP administration key. The port administrative key must be set to the same value for ports that belong to the same link aggregation group (LAG). If this administrative key is not set when an LAG is formed (i.e., it has the null value of 0), this key will automatically be set to the same value as that used by the LAG. Web – Click TRUNKS, LACP Setup.
Web Configuration LACP Status This page allows you display the operational state for the local and remote side of an link aggregation. Field Attributes Aggregation Information • • Aggregation Group - Identifier for a local link aggregation group. Partner MAC Address - Physical address of device at other end of link. • • Local Ports Aggregated - Local ports participating in this LAG. Seconds Since Last Change - Time since the last LACP packet was received. LACP Port Status • Port - The port number.
Configuring the Switch Configuring VLAN Groups The 802.1Q VLAN Configuration page allows you to create and delete VLANs (Virtual LANs), and set up or modify VLAN group members. Introduction to VLANs VLANs are logical partitions of the physical LAN. You can use VLANs to increase network performance or improve internal network security. If the network has adequate performance and security for your current needs, it is recommended that you leave the VLAN settings in the default configuration.
Web Configuration Web – Click VLANS, VLAN Membership. Create a new VLAN by giving it an ID (Range: 1~4094) and then clicking Add. Modify or delete a VLAN by selecting its radio button and clicking Modify or Delete.
Configuring the Switch Configuring VLAN Members After creating a new VLAN, configure port and trunk members. Field Attributes • Port – Adds a port to the newly created VLAN. • Trunk – Adds a static trunk to the newly created VLAN. • LACP – Adds an LACP trunk to the newly created VLAN. Web – After creating a new VLAN, the following screen displays. Assign the ports and trunks associated with the VLAN, and click Apply. Figure 3-22 VLAN Group Settings VLAN Port Configuration The 802.
Web Configuration VLAN aware ports will strip the VLAN tag from received frames and insert the tag in transmitted frames (except for the PVID). VLAN unaware ports will not strip the tag from received frames or insert the tag in transmitted frames. • Ingress Filtering Enabled – If enabled, incoming frames for VLANs which do not include this ingress port in their member set will be discarded.
Configuring the Switch 802.1X Network switches can provide open and easy access to network resources by simply attaching a client PC. Although this automatic configuration and access is a desirable feature, it also allows unauthorized personnel to easily intrude and possibly gain access to sensitive network data. The IEEE 802.1X (dot1x) standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication.
Web Configuration Configuring 802.1X Use the 802.1X Configuration page to specify global or port-specific parameters for the IEEE 802.1X Port Authentication Protocol. Field Attributes System Setting • Mode - Enables or disables 802.1X globally for all ports on the switch. The 802.1X protocol must be enabled globally for the switch before the port settings are active. (Default: Disabled) • RADIUS IP - Address of authentication server.
Configuring the Switch If a re-authentication fails, the IEEE802.1X standard enforces a so-called “quiet-period” in which the authenticator (switch) shall be quiet and not re-try another authentication – also packets from the supplicant are discarded during this quiet period – this way 'brute-force' attacks are prevented. Web – Click 802.1X, Settings. Enable 802.1X globally for the switch, modify the global and port-specific parameters required, and click APPLY. Figure 3-24 802.
Web Configuration • AuthTimeoutsWhileAuthenticating – The number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of the Backend Authentication state machine indicating authentication timeout. • AuthEapStartsWhileAuthenticating – the number of times that the state machine transitions from AUTHENTICATING to ABORTING, as a result of an EAPOL-Start message being received from the Supplicant.
Configuring the Switch • backendAuthSuccesses – The number of times that the state machine receives an EAP-Success message from the Authentication Server. Indicates that the Supplicant has successfully authenticated to the Authentication Server. Dot1x MIB Counters • EapolFramesRx – The number of valid EAPOL frames of any type that have been received by this Authenticator. • EapolStartFramesRx – The number of EAPOL Start frames that have been received by this Authenticator.
Web Configuration Web – Click 802.1X, Statistics. Figure 3-25 802.
Configuring the Switch LLDP Settings This page allows you to configure the Link Layer Discovery Protocol (LLDP). LLDP allows devices in the local broadcast domain to share information about themselves. LLDP-capable devices periodically transmit information in messages called Type Length Value (TLV) fields to neighbor devices. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.
Web Configuration LLDP Neighbor Table This page provides information on neighboring devices. Field Attributes • Local Port - The local port to which a remote LLDP-capable device is attached. • Chassis ID - An identifier for the particular chassis in this system. In most cases, this is the MAC address of the remote device. • Remote Port ID - The port from which this LLDPDU was transmitted. • System Name - The neighboring device’s full name. This string indicates the system’s administratively assigned name.
Configuring the Switch the lowest cost spanning tree, it enables all root ports and designated ports, and disables all other ports. Network packets are therefore only forwarded between root ports and designated ports, eliminating any possible network loops. Once a stable network topology has been established, all bridges listen for Hello BPDUs (Bridge Protocol Data Units) transmitted from the Root Bridge.
Web Configuration • Forward Delay – The maximum time (in seconds) this device will wait before changing states (i.e., discarding to learning to forwarding). This delay is required because every device must receive information about topology changes before it starts to forward frames. In addition, each port needs time to listen for conflicting information that would make it return to a discarding state; otherwise, temporary data loops might result. - Default: 15 - Minimum: The higher of 4 or [(Max.
Configuring the Switch Note that when Force Version is set to Compatible mode (STP) and the default path cost recommended by the IEEE 8021w standard exceeds 65,535, the default is set to 65,535. Table 3-3 Recommended STA Path Cost Range Port Type IEEE 802.1D-1998 IEEE 802.1w-2001 Ethernet 50-600 200,000-20,000,000 Fast Ethernet 10-60 20,000-2,000,000 Gigabit Ethernet 3-10 2,000-200,000 Port Type Link Type IEEE 802.
Web Configuration Web – Click RSTP, Settings. Set any required system or port-specific attributes for RSTP, and click APPLY.
Configuring the Switch Displaying RSTP Status Use the RSTP Status page to display global and port-specific status and attribute settings for the Rapid Spanning Tree Protocol. Field Attributes RSTP Bridge Overview • Hello Time – Interval (in seconds) at which the root device transmits a configuration message. • Max Age – The maximum time (in seconds) a device can wait without receiving a configuration message before attempting to reconfigure.
Web Configuration • Port Role – Roles are assigned according to whether the port is part of the active topology connecting the bridge to the root bridge (i.e., root port), connecting a LAN through the bridge to the root bridge (i.e., designated port); or is an alternate or backup port that may provide connectivity if other bridges, bridge ports, or LANs fail or are removed. The role is set to disabled (i.e., disabled port) if a port has no role within the spanning tree.
Configuring the Switch QoS Settings QoS (Quality of Service) is a mechanism that is used to prioritize traffic as it is forwarded through the switch. Both the queue service mode (strict or weighted round robin), and the method of classifying the priority of ingress traffic can be configured on this page. Traffic can be classified as high, medium, normal or low priority. When the switch is heavily loaded, lower priority traffic is dropped first.
Web Configuration Field Attributes Queue Mode • Strict – Services the egress queues in sequential order, transmitting all traffic in the higher priority queues before servicing lower priority queues. • WRR – Weighted Round-Robin shares bandwidth at the egress ports by using scheduling weights with default values of 1, 2, 4, 8 for queues 0 through 7, respectively. (This is the default selection.
Configuring the Switch Web – Click QOS, Settings. In QoS Mode, select Port-based, 802.1p, or DSCP to configure the related parameters. When the QoS Mode is set to Port-based, the following table is displayed. Figure 3-30 Port-based QoS Settings When the QoS Mode is set to 802.1p, the 802.p Configuration table is displayed as shown below. Figure 3-31 802.
Web Configuration When the QoS Mode is set to DSCP, the DSCP Configuration table is displayed as shown below.
Configuring the Switch SNMP Use the SNMP Settings page to configure the Simple Network Management Protocol (SNMP), including enabling the local SNMP agent on this switch, specifying a trap manager, and setting the access strings. Simple Network Management Protocol (SNMP) is a communication protocol designed specifically for managing devices on a network. Equipment commonly managed with SNMP includes switches, routers and host computers.
Web Configuration PoE The switch can provide DC power to a wide range of connected devices, eliminating the need for an additional power source and cutting down on the amount of cables attached to each device. Once configured to supply power, an automatic detection process is initialized by the switch that is authenticated by a PoE signature from the connected device. Detection and authentication prevent damage to non-802.3af compliant devices.
Configuring the Switch Power over Ethernet Settings Configures Power over Ethernet (PoE) parameters for the switch. Field Attributes • Port 1 Power Mode – Port 1 may be configured to supply as much as 25 watts of power when set to High mode. In normal mode it can supply a maximum of 15.4 watts. (Default: Normal) • Power Reserve – Displays the percentage of the power budget (70W) being drawn by attached devices. • Port – The port number. • PoE Enabled – The administrative status of PoE power on the port.
Appendix A: Software Specifications Software Features Authentication RADIUS, Port (802.1X), Port Security DHCP Client Port Configuration 100BASE-TX: 10/100 Mbps, half/full duplex 1000BASE-T: 10/100 Mbps at half/full duplex, 1000 Mbps at full duplex Flow Control Full Duplex: IEEE 802.
Software Specifications Class of Service Supports two levels of priority (which can be configured by VLAN tag or port), Layer 3/4 priority mapping: IP DSCP Additional Features SNMP (Simple Network Management Protocol) Management Features In-Band Management Web-based HTTP, SNMP manager Software Loading HTTP in-band SNMP Management access via MIB database Trap management Standards IEEE 802.1D Bridging IEEE 802.1p Priority tags IEEE 802.1Q VLAN IEEE 802.1w Rapid Spanning Tree Protocol IEEE 802.
Management Information Bases Management Information Bases Bridge MIB (RFC 1493) Entity MIB (RFC 2737) Ether-like MIB (RFC 3635) Extended Bridge MIB (RFC 2674) Extensible SNMP Agents MIB (RFC 2742) Forwarding Table MIB (RFC 2096) Interface Group MIB (RFC 2233) Interfaces Evolution MIB (RFC 2863) MAU MIB (RFC 3636) MIB II (RFC 1213) Port Access Entity MIB (IEEE 802.
Software Specifications A-4
Appendix B: Troubleshooting Forgot or Lost Password If you have forgotten the administration password you can return the switch to its factory default state by following these steps: 1. Remove the power cord from the back of the switch. 2. Remove all cables from the front-panel ports. 3. Connect port 1 to port 2 on the front panel, using a standard network cable. 4. Reconnect the power cord to the rear of the switch. 5. Wait at least 40 seconds before disconnecting port 1 from port 2.
Troubleshooting 3. In the list of components used by this connection on the General tab, select Internet Protocol (TCP/IP), and then click the Properties button. 4. In the Internet Protocol (TCP/IP) Properties dialog box, click to select Use the following IP address. Then type your intended IP address, Subnet mask, and Default gateway in the provided text boxes 5. Click OK to save the changes. To change the IP address of a Windows 2000 PC: 1.
ES4308-PoE E022009/ST-R02 149100036400A
