User Manual

ManualsBrandsPlanet Technology ManualsSwitchWGSW-24040R

Table Of Contents

User’s Manual of WGSW-24040 / WGSW-24040R

Summary of content (576 pages)

PAGE 1
User’s Manual of WGSW-24040 / WGSW-24040R 1
PAGE 2
User’s Manual of WGSW-24040 / WGSW-24040R Trademarks Copyright © PLANET Technology Corp. 2012. Contents subject to which revision without prior notice. PLANET is a registered trademark of PLANET Technology Corp. All other trademarks belong to their respective owners.
PAGE 3
User’s Manual of WGSW-24040 / WGSW-24040R TABLE OF CONETNTS 1. INTRODUTION .................................................................................................................... 21 1.1 Packet Contents .........................................................................................................................................21 1.2 Product Description ...................................................................................................................................
PAGE 4
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.4 Users Configuration .............................................................................................................................................53 4.2.5 Privilege Levels ...................................................................................................................................................55 4.2.6 NTP Configuration .......................................................................................................
PAGE 5
User’s Manual of WGSW-24040 / WGSW-24040R 4.5.4 LACP Port Status...............................................................................................................................................103 4.5.5 LACP Port Statistics...........................................................................................................................................104 4.6 VLAN...........................................................................................................................
PAGE 6
User’s Manual of WGSW-24040 / WGSW-24040R 4.8.8 MLD Snooping Configuration.............................................................................................................................166 4.8.9 MLD Snooping VLAN Configuration ..................................................................................................................168 4.8.10 MLD Snooping Port Group Filtering.................................................................................................................
PAGE 7
User’s Manual of WGSW-24040 / WGSW-24040R 4.11.3 Network Access Server Configuration..............................................................................................................227 4.11.4 Network Access Overview ...............................................................................................................................237 4.11.5 Network Access Statistics .......................................................................................................................
PAGE 8
User’s Manual of WGSW-24040 / WGSW-24040R 4.15.4 Cable Diagnostics............................................................................................................................................308 4.16 Loop Protection......................................................................................................................................311 4.16.1 Configuration ..........................................................................................................................
PAGE 9
User’s Manual of WGSW-24040 / WGSW-24040R System Log Level................................................................................................................................................344 System Timezone................................................................................................................................................344 System Log Lookup..............................................................................................................................
PAGE 10
User’s Manual of WGSW-24040 / WGSW-24040R MAC Age Time ....................................................................................................................................................365 MAC Learning .....................................................................................................................................................365 MAC Dump...................................................................................................................................
PAGE 11
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SSH Configuration .....................................................................................................................386 Security Switch SSH Mode..................................................................................................................................386 Security Switch HTTPs Configuration .................................................................................................................
PAGE 12
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Group Delete ..................................................................................................................406 Security Switch SNMP Group Lookup .................................................................................................................406 Security Switch SNMP View Add.........................................................................................................................
PAGE 13
User’s Manual of WGSW-24040 / WGSW-24040R Security Network NAS Guest_VLAN ...................................................................................................................426 Security Network NAS Authenticate ....................................................................................................................427 Security Network NAS Statistics..........................................................................................................................
PAGE 14
User’s Manual of WGSW-24040 / WGSW-24040R Security AAA ACCT_RADIUS..............................................................................................................................448 Security AAA TACACS+ ......................................................................................................................................448 Security AAA Statistics......................................................................................................................................
PAGE 15
User’s Manual of WGSW-24040 / WGSW-24040R LACP Mode .........................................................................................................................................................467 LACP Key............................................................................................................................................................468 LACP Priority..........................................................................................................................
PAGE 16
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port Policer Unit ..........................................................................................................................................488 QoS Port Policer Flow Control.............................................................................................................................488 QoS Port Scheduler Mode.............................................................................................................................
PAGE 17
User’s Manual of WGSW-24040 / WGSW-24040R Firmware Swap ...................................................................................................................................................506 6.17 UPnP Command .....................................................................................................................................508 UPnP Configuration...................................................................................................................................
PAGE 18
User’s Manual of WGSW-24040 / WGSW-24040R Loop Protect Port Mode.......................................................................................................................................524 Loop Protect Port Action......................................................................................................................................525 6.21 IPMC Command.................................................................................................................................
PAGE 19
User’s Manual of WGSW-24040 / WGSW-24040R VCL Protocol-based VLAN Add Ethernet II .........................................................................................................543 VCL Protocol-based VLAN Add SNAP ................................................................................................................543 VCL Protocol-based VLAN Add LLC ...................................................................................................................
PAGE 20
User’s Manual of WGSW-24040 / WGSW-24040R APPENDEX B : GLOSSARY.................................................................................................
PAGE 21
User’s Manual of WGSW-24040 / WGSW-24040R 1.
PAGE 22
User’s Manual of WGSW-24040 / WGSW-24040R High-Performance / Cost-effective / Telecom class Gigabit solution for Enterprise backbone and Data Center Networking The PLANET Managed Switch is a L2/L4 Managed Gigabit Switch. Since Gigabit network interface had become the basic equipment and requirement of Enterprise and Network Servers, with 48Gbps switching fabric, the Managed Switch can handle extremely large amounts of data in a secure topology linking to a backbone or high capacity servers.
PAGE 23
User’s Manual of WGSW-24040 / WGSW-24040R Flexibility and Extension solution The 4 mini-GBIC slots are compatible with 1000Base-SX/LX and WDM SFP(Small Factor Pluggable) fiber-optic modules. The distance can be extended from 550 meters (Multi-Mode fiber) up to above 10/20/30 /40/50/70/120 kilometers (Single-Mode fiber or WDM fiber). They are well suited for using within the enterprise data centers and distributions.
PAGE 24
User’s Manual of WGSW-24040 / WGSW-24040R 1.4 Product Features  Physical Port  24-Port 10/100/1000Base-T RJ-45 copper  4 100/1000Base-X mini-GBIC/SFP slots , shared with Port-21 to Port-24  RS-232 DB9 console interface for basic management and setup  Layer 2 Features  Prevents packet loss with back pressure (Half-Duplex) and IEEE 802.
PAGE 25
User’s Manual of WGSW-24040 / WGSW-24040R -  Typical network application  Strict priority and Weighted Round Robin (WRR) CoS policies  Traffic-policing policies on the switch port  DSCP remarking Multicast  Supports IGMP Snooping v1, v2 and v3  Support MLD Snooping v1 and v2  Querier mode support  IGMP Snooping port filtering  MLD Snooping port filtering  MVR (Multicast VLAN Registration)  Security  IEEE 802.
PAGE 26
User’s Manual of WGSW-24040 / WGSW-24040R  Link Layer Discovery Protocol (LLDP) Protocol  Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues  Reset button for system reboot or reset to factory default  PLANET Smart Discovery Utility for deploy management  Redundant Power System (WGSW-24040R Only) ■ 100~240V AC / 48V DC Dual power redundant ■ Active-active redundant power failure protection ■ Backup of catastrophic power failure on one supply ■ Fault toler
PAGE 27
User’s Manual of WGSW-24040 / WGSW-24040R 1.5 Product Specification Product WSGW-24040 / WGSW-24040R Hardware Specification Hardware Version Version 2 Copper Ports 24 10/ 100/1000Base-T RJ-45 Auto-MDI/MDI-X ports 4 100/1000Base-X SFP interfaces, shared with Port-21 to Port-24 SFP/mini-GBIC Slots Compatible with 100Base-FX SFP Console 1 x RS-232 DB9 serial port (115200, 8, N, 1) Switch Architecture Store-and-Forward Switch Fabric 48Gbps / non-blocking Throughput 35.
PAGE 28
User’s Manual of WGSW-24040 / WGSW-24040R Q-in-Q tunneling Private VLAN Edge (PVE) MAC-Based VLAN Protocol-Based VLAN Voice VLAN MVR (Multicast VLAN Registration) Up to 255 VLAN groups, out of 4094 VLAN IDs IEEE 802.3ad LACP / Static Trunk Link Aggregation Support 12 groups of 16-Port trunk support Traffic classification based, Strict priority and WRR 8-Level priority for switching QoS - Port Number - 802.1p priority - 802.
PAGE 29
User’s Manual of WGSW-24040 / WGSW-24040R IEEE 802.1D Spanning tree protocol IEEE 802.1w Rapid spanning tree protocol IEEE 802.1s Multiple spanning tree protocol IEEE 802.1p Class of service IEEE 802.1Q VLAN Tagging IEEE 802.1x Port Authentication Network Control IEEE 802.
PAGE 30
User’s Manual of WGSW-24040 / WGSW-24040R 2. INSTALLATION This section describes the hardware features and installation of the Managed Switch on the desktop or rack mount. For easier management and control of the Managed Switch, familiarize yourself with its display indicators, and ports. Front panel illustrations in this chapter display the unit LED indicators. Before connecting any network device to the Managed Switch, please read this chapter completely. 2.1 Hardware Description 2.1.
PAGE 31
User’s Manual of WGSW-24040 / WGSW-24040R Reset Button Pressed and Released Function < 5 sec: System reboot Reboot the Managed Switch Reset the Managed Switch to Factory Default configuration. The Managed Switch will then reboot and load the default settings as below: > 5 sec: Factory Default 。 Default Username: admin 。 Default Password: admin 。 Default IP address: 192.168.0.100 。 Subnet mask: 255.255.255.0 。 Default Gateway: 192.168.0.
PAGE 32
User’s Manual of WGSW-24040 / WGSW-24040R Lights to indicate the port is running in 10/100Mbps speed and successfully established. 10/100 Orange LNK/ACT Blink: indicate that the switch is actively sending or receiving data over that port. ■ Per 100/1000Base-X SFP Interfaces LED Color 1000 Green LNK/ACT Orange Function Lights to indicate that the port is operating at 1000Mbps. Off to indicate the port is operating at 100Mbps or no link. Lights to indicate the port is successfully established.
PAGE 33
User’s Manual of WGSW-24040 / WGSW-24040R ■ DC Power Connector The rear panel of the WGSW-24040R contains a power switch and a DC power connector, which accepts DC power input voltage from -36V to -60V DC. Connect the power cable to the Managed Switch at the input terminal block. The size of the two screws in the terminal block is M3.5.
PAGE 34
User’s Manual of WGSW-24040 / WGSW-24040R Figure 2-7 Place the Managed Switch on the desktop Step3: Keep enough ventilation space between the Managed Switch and the surrounding objects. When choosing a location, please keep in mind the environmental restrictions discussed in Chapter 1, Section 4, and Specification. Step4: Connect the Managed Switch to network devices.
PAGE 35
User’s Manual of WGSW-24040 / WGSW-24040R Figure 2-8 Attach brackets to the Managed Switch. You must use the screws supplied with the mounting brackets. Damage caused to the parts by using incorrect screws would invalidate the warranty. Step3: Secure the brackets tightly. Step4: Follow the same steps to attach the second bracket to the opposite side. Step5: After the brackets are attached to the Managed Switch, use suitable screws to securely attach the brackets to the rack, as shown in Figure 2-9.
PAGE 36
User’s Manual of WGSW-24040 / WGSW-24040R 2.2.3 Installing the SFP transceiver The sections describe how to insert an SFP transceiver into an SFP slot. The SFP transceivers are hot-pluggable and hot-swappable. You can plug-in and out the transceiver to/from any SFP port without having to power down the Managed Switch. As the Figure 2-10 appears. Figure 2-10 Plug-in the SFP transceiver  Approved PLANET SFP Transceivers PLANET Managed Switch supports both Single mode and Multi-mode SFP transceiver.
PAGE 37
User’s Manual of WGSW-24040 / WGSW-24040R 1. It recommends using PLANET SFP on the Managed Switch. If you insert a SFP transceiver that is not supported, the Managed Switch will not recognize it. 2. Port 22 to Port 24 are shared SFP slot that support Gigabit & Fast Ethernet SFP transceiver. Before connect the other Managed Switches, workstation or Media Converter. In the installation steps below, this Manual use Gigabit SFP transceiver as the example.
PAGE 38
User’s Manual of WGSW-24040 / WGSW-24040R Figure 2-11 Pull out the SFP transceiver Never pull out the module without pull the handle or the push bolts on the module. Direct pull out the module with violent could damage the module and SFP module slot of the Managed Switch. 2.2.4 Connecting DC Power Supply – WGSW-24040R The WGSW-24040R supports -48VDC power input, connect the power cable to the switch at the input terminal block. 1. The size of the three screws in the terminal block is M3.5. 2.
PAGE 39
User’s Manual of WGSW-24040 / WGSW-24040R 3. SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Managed Switch. It describes the types of management applications and the communication and management protocols that deliver data between your management device (workstation or personal computer) and the system. It also contains information about port connection options.
PAGE 40
User’s Manual of WGSW-24040 / WGSW-24040R 3.2 Management Access Overview The Managed Switch gives you the flexibility to access and manage it using any or all of the following methods:  An administration console  Web browser interface  An external SNMP-based network management application The administration console and Web browser interface support are embedded in the Managed Switch software and are available for immediate use. Each of these management methods has their own advantages.
PAGE 41
User’s Manual of WGSW-24040 / WGSW-24040R Figure 3-1 Console management Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal-emulation program (such as HyperTerminal) to the Managed Switch console (serial) port. When using this management method, a straight DB9 RS-232 cable is required to connect the switch to the PC.
PAGE 42
User’s Manual of WGSW-24040 / WGSW-24040R terminal-emulation program for connecting to the terminal serial port. A workstation attachment under UNIX can use an emulator such as TIP. 3.4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer.
PAGE 43
User’s Manual of WGSW-24040 / WGSW-24040R Figure 3-4 Web main screen of Managed Switch 3.5 SNMP-Based Network Management You can use an external SNMP-based application to configure and manage the Managed Switch, such as SNMPc Network Manager, HP Openview Network Node Management (NNM) or What’s Up Gold. This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string.
PAGE 44
User’s Manual of WGSW-24040 / WGSW-24040R 4. WEB CONFIGURATION This section introduces the configuration and functions of the Web-Based management. About Web-based Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer. The Web-Based Management supports Internet Explorer 7.0.
PAGE 45
User’s Manual of WGSW-24040 / WGSW-24040R  1. Logging on the switch Use Internet Explorer 7.0 or above Web browser. Enter the factory-default IP address to access the Web interface. The factory-default IP Address as following: http://192.168.0.100 2. When the following login screen appears, please enter the default username "admin" with password “admin” (or the username/password you have changed via console) to login the main screen of Managed Switch. The login screen in Figure 4-1-2 appears.
PAGE 46
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-1-3 Default main page Now, you can use the Web management interface to continue the switch management or manage the Managed Switch by Web interface. The Switch Menu on the left of the web page let you access all the commands and statistics the Managed Switch provides. 1. It is recommended to use Internet Explore 7.0 or above to access Managed Switch. 2.
PAGE 47
User’s Manual of WGSW-24040 / WGSW-24040R 4.1 Main Web Page The SGSW Managed Switch provides a Web-based browser interface for configuring and managing it. This interface allows you to access the Managed Switch using the Web browser of your choice. This chapter describes how to use the Managed Switch’s Web browser interface to configure and manage it.
PAGE 48
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-1-5 Managed Switch Main Functions Menu 48
PAGE 49
User’s Manual of WGSW-24040 / WGSW-24040R 4.2 System Use the System menu items to display and configure basic administrative details of the Managed Switch. Under System the following topics are provided to configure and view the system information: This section has the following items: ■ System Information The switch system information is provided here. ■ IP Configuration Configure the switch-managed IP information on this page.
PAGE 50
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.1 System Information The System Info page provides information for the current device information. System Info page helps a switch administrator to identify the hardware MAC address, software version and system uptime. The screen in Figure 4-2-1 appears. Figure 4-2-1 System Information page screenshot The page includes the following fields: Object Description  Contact The system contact configured in Configuration | System | Information | System Contact.
PAGE 51
User’s Manual of WGSW-24040 / WGSW-24040R Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Click to refresh the page; any changes made locally will be undone. 4.2.2 IP Configuration The IP Configuration includes the IP Address, Subnet Mask and Gateway. The Configured column is used to view or change the IP configuration. Fill up the IP Address, Subnet Mask and Gateway for the device. The screen in Figure 4-2-2 appears.
PAGE 52
User’s Manual of WGSW-24040 / WGSW-24040R  DNS Proxy When DNS proxy is enabled, DUT will relay DNS requests to the current configured DNS server on DUT, and reply as a DNS resolver to the client device on the network. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. : Click to renew DHCP. This button is only available if DHCP is enabled. 4.2.3 IPv6 Configuration Configure the switch-managed IPv6 information on this page.
PAGE 53
User’s Manual of WGSW-24040 / WGSW-24040R  Prefix Provide the IPv6 Prefix of this switch. The allowed range is 1 through 128.  Router Provide the IPv6 gateway address of this switch. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field (:). For example, 'fe80::215:c5ff:fe03:4dc7'.
PAGE 54
User’s Manual of WGSW-24040 / WGSW-24040R  User Name The name identifying the user. This is also a link to Add/Edit User.  Privilege Level The privilege level of the user. The allowed range is 1 to 15. If the privilege level value is 15, it can access all groups, i.e. that is granted the fully control of the device. But others value need to refer to each group privilege level. User's privilege should be same or greater than the group privilege level to have the access of that group.
PAGE 55
User’s Manual of WGSW-24040 / WGSW-24040R privilege should be same or greater than the group privilege level to have the access of that group. By default setting, most groups privilege level 5 has the read-only access and privilege level 10 has the read-write access. And the system maintenance (software upload, factory defaults and etc.) need user privilege level 15.
PAGE 56
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-7 Privilege Levels Configuration page screenshot The page includes the following fields: Object Description  Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them contains more than one.
PAGE 57
User’s Manual of WGSW-24040 / WGSW-24040R System: Contact, Name, Location, Timezone, Log. Security: Authentication, System Access Management, Port (contains Dot1x port, MAC based and the MAC Address Limit), ACL, HTTPS, SSH, ARP Inspection and IP source guard. IP: Everything except 'ping'. Port: Everything except 'VeriPHY'. Diagnostics: 'ping' and 'VeriPHY'. Maintenance: CLI- System Reboot, System Restore Default, System Password, Configuration Save, Configuration Load and Firmware Load.
PAGE 58
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-8 NTP Configuration page screenshot The page includes the following fields: Object Description  Mode Indicates the NTP mode operation. Possible modes are: Enabled: Enable NTP mode operation. When enable NTP mode operation, the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain. Disabled: Disable NTP mode operation.
PAGE 59
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Mode Indicates the UPnP operation mode. Possible modes are: Enabled: Enable UPnP mode operation. Disabled: Disable UPnP mode operation. When the mode is enabled, two ACEs are added automatically to trap UPNP related packets to CPU. The ACEs are automatically removed when the mode is disabled.  TTL The TTL value is used by UPnP to send SSDP advertisement messages.
PAGE 60
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-10 UPnP devices shows on Windows My Network Places 4.2.8 DHCP Relay Configure DHCP Relay on this page. DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain.
PAGE 61
User’s Manual of WGSW-24040 / WGSW-24040R The Remote ID is 6 bytes in length, and the value is equal the DHCP relay agent’s MAC address. The DHCP Relay Configuration screen in Figure 4-2-11 appears. Figure 4-2-11 DHCP Relay Configuration page screenshot The page includes the following fields: Object Description  Relay Mode Indicates the DHCP relay mode operation. Possible modes are: Enabled: Enable DHCP relay mode operation.
PAGE 62
User’s Manual of WGSW-24040 / WGSW-24040R Drop: Drop the package when receive a DHCP message that already contains relay information. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.2.9 DHCP Relay Statistics This page provides statistics for DHCP relay. The DHCP Relay Statistics screen in Figure 4-2-12 appears.
PAGE 63
User’s Manual of WGSW-24040 / WGSW-24040R Client Statistics Object Description  Transmit to Client The packets number that relayed packets from server to client.  Transmit Error The packets number that error sending packets to servers.  Receive from Client The packets number that received packets from server.  Receive Agent Option The packets number that received packets with relay agent information option.
PAGE 64
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-13 CPU Load page screenshot Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. If your browser can not displies anythings in this page, please download Adobe SVG tool and install it in your computer. 4.2.11 System Log The switch system log information is provided here. The System Log screen in Figure 4-2-14 appears.
PAGE 65
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  ID The ID (>= 1) of the system log entry.  Level The level of the system log entry. The following level types are supported: Info: Information level of the system log. Warning: Warning level of the system log. Error: Error level of the system log. All: All levels.  Clear Level To clear the system log entry level. The following level types are supported: Info: Information level of the system log.
PAGE 66
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-15 Detailed Log page screenshot The page includes the following fields: Object Description  ID The ID (>= 1) of the system log entry.  Message The message of the system log entry. Buttons : Download the system log entry to the current entry ID. : Updates the system log entry to the current entry ID. : Updates the system log entry to the first available entry ID. : Updates the system log entry to the previous available entry ID.
PAGE 67
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-16 Remote Syslog page screenshot The page includes the following fields: Object Description  Mode Indicates the server mode operation. When the mode operation is enabled, the syslog message will send out to syslog server. The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments.
PAGE 68
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-17 SMTP Configuration page screenshot The page includes the following fields: Object Description  SMTP Mode Controls whether SMTP is enabled on this switch.  SMTP Server Type the SMTP server name or the IP address of the SMTP server.  SMTP Port Set port number of SMTP service.  SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e-mail is sent.
PAGE 69
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.15 Web Firmware Upgrade This page facilitates an update of the firmware controlling the switch. The Web Firmware Upgrade screen in Figure 4-2-18 appears. Figure 4-2-18 Web Firmware Upgrade page screenshot To open Firmware Upgrade screen perform the folling: 1. Click System -> Web Firmware Upgrade. 2. The Firmware Upgrade screen is displayed as in Figure 4-2-18. 3. Click the “ 4. Select on the firmware then click “ 5.
PAGE 70
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.16 TFTP Firmware Upgrade The Firmware Upgrade page provides the functions to allow a user to update the Managed Switch firmware from the TFTP server in the network. Before updating, make sure you have your TFTP server ready and the firmware image is on the TFTP server. The TFTP Firmware Upgrade screen in Figure 4-2-20 appears.
PAGE 71
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-21 Configuration Save page screenshot You can save/view or load the switch configuration. The configuration file is in XML format with a hierarchy of tags: Header tags: and . These tags are mandatory and must be present at the beginning of the file. Section tags: , and . The platform section must be the first section tag and this section must include the correct platform ID and version.
PAGE 72
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-2-22 File Download screen 2. Chose the file save path in management workstation. Figure 4-2-23 File save screen 4.2.18 Configuration Upload This function allows backup and reload the current configuration of the Managed Switch to the local management station.
PAGE 73
User’s Manual of WGSW-24040 / WGSW-24040R Configuration Upload screen in Figure 4-2-24 appears. Figure 4-2-24 Configuration Upload page screenshot  Configuration Upload 1. Click the “ ” button of the main page, the system would pop up the file selection menu to choose saved configuration. Figure 4-2-25 Windows file selection menu popup 2. Select on the configuration file then click “ 3. After down, the main screen appears “Transfer Completed”.
PAGE 74
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.19 Image Select This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. The web page displays two tables with information about the active and alternate firmware images. The Image Select screen in Figure 4-2-26 appears. 1. In case the active firmware image is the alternate image, only the "Active Image" table is shown.
PAGE 75
User’s Manual of WGSW-24040 / WGSW-24040R : Cancel activating the backup image. Navigates away from this page. 4.2.20 Factory Default You can reset the configuration of the stack switch on this page. Only the IP configuration is retained. The new configuration is available immediately, which means that no restart is necessary. The Factory Default screen in Figure 4-2-27 appears. Figure 4-2-27 Factory Default page screenshot Buttons : Click to reset the configuration to Factory Defaults.
PAGE 76
User’s Manual of WGSW-24040 / WGSW-24040R 4.2.21 System Reboot The Reboot page enables the device to be rebooted from a remote location. Once the Reboot button is pressed, user have to re-login the WEB interface about 60 seconds later, the System Reboot screen in Figure 4-2-28 appears. Figure 4-2-28 System Reboot page screenshot Buttons : Click to reboot the system. : Click to return to the Port State page without reboot the system.
PAGE 77
User’s Manual of WGSW-24040 / WGSW-24040R 4.3 Simple Network Management Protocol 4.3.1 SNMP Overview The Simple Network Management Protocol (SNMP) is an application layer protocol that facilitates the exchange of management information between network devices. It is part of the Transmission Control Protocol/Internet Protocol (TCP/IP) protocol suite. SNMP enables network administrators to manage network performance, find and solve network problems, and plan for network growth.
PAGE 78
User’s Manual of WGSW-24040 / WGSW-24040R  SNMPv3 Communities Configure SNMPv3 communities table on this page.  SNMPv3 Users Configure SNMPv3 users table on this page.  SNMPv3 Groups Configure SNMPv3 groups table on this page.  SNMPv3 Views Configure SNMPv3 views table on this page.  SNMPv3 Accesses Configure SNMPv3 accesses table on this page. 4.3.2 SNMP System Configuration Configure SNMP on this page. The SNMP System Configuration screen in Figure 4-3-1 appears.
PAGE 79
User’s Manual of WGSW-24040 / WGSW-24040R The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126. The field is applicable only when SNMP version is SNMPv1 or SNMPv2c. If SNMP version is SNMPv3, the community string will be associated with SNMPv3 communities table. It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string.
PAGE 80
User’s Manual of WGSW-24040 / WGSW-24040R SNMP v3: Set SNMP trap supported version 3.  Trap Community Indicates the community access string when send SNMP trap packet. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 33 to 126.  Trap Destination Address Indicates the SNMP trap destination address. It allow a valid IP address in dotted decimal notation ('x.y.z.w'). And it also allow a valid hostname.
PAGE 81
User’s Manual of WGSW-24040 / WGSW-24040R string must contain an even number(in hexadecimal format) with number of digits between 10 and 64, but all-zeros and all-'F's are not allowed.  Trap Security Name Indicates the SNMP trap security name. SNMPv3 traps and informs using USM for authentication and privacy. A unique security name is needed when traps and informs are enabled. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.3.
PAGE 82
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.3.5 SNMPv3 Configuration 4.3.5.1 SNMPv3 Communities Configure SNMPv3 communities table on this page. The entry index key is Community. The SNMPv3 Communities screen in Figure 4-3-4 appears. Figure 4-3-4 SNMPv3 Communities Configuration page screenshot The page includes the following fields: Object Description  Delete Check to delete the entry.
PAGE 83
User’s Manual of WGSW-24040 / WGSW-24040R 4.3.5.2 SNMPv3 Users Configure SNMPv3 users table on this page. The entry index keys are Engine ID and User Name. The SNMPv3 Users screen in Figure 4-3-5 appears. Figure 4-3-5 SNMPv3 Users Configuration page screenshot The page includes the following fields: Object Description  Delete Check to delete the entry. It will be deleted during the next save.  Engine ID An octet string identifying the engine ID that this entry should belong to.
PAGE 84
User’s Manual of WGSW-24040 / WGSW-24040R protocol. SHA: An optional flag to indicate that this user using SHA authentication protocol. The value of security level cannot be modified if entry already exist. That means must first ensure that the value is set correctly.  Authentication A string identifying the authentication pass phrase. For MD5 authentication protocol, the allowed string length is 8 to 32. For SHA authentication protocol, the Password allowed string length is 8 to 40.
PAGE 85
User’s Manual of WGSW-24040 / WGSW-24040R Object Description  Delete Check to delete the entry. It will be deleted during the next save.  Security Model Indicates the security model that this entry should belong to. Possible security models are: v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM).  Security Name A string identifying the security name that this entry should belong to.
PAGE 86
User’s Manual of WGSW-24040 / WGSW-24040R string length is 1 to 32, and the allowed content is the ASCII characters from 33 to 126.  View Type Indicates the view type that this entry should belong to. Possible view type are: included: An optional flag to indicate that this view subtree should be included. excluded: An optional flag to indicate that this view subtree should be excluded.
PAGE 87
User’s Manual of WGSW-24040 / WGSW-24040R any: Accepted any security model (v1|v2c|usm). v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM)  Security Level Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: None authentication and none privacy. Auth, NoPriv: Authentication and none privacy. Auth, Priv: Authentication and privacy.
PAGE 88
User’s Manual of WGSW-24040 / WGSW-24040R 4.4 Port Management Use the Port Menu to display or configure the Managed Switch's ports. This section has the following items:  Port Configuration Configures port connection settings  Port Statistics Overview Lists Ethernet and RMON port statistics  Port Statistics Detail Lists Ethernet and RMON port statistics  SFP Module Information Display SFP information  Port Mirror Sets the source and target ports for mirroring 4.4.
PAGE 89
User’s Manual of WGSW-24040 / WGSW-24040R  Current Link Speed Provides the current link speed of the port.  Configured Link Speed Select any available link speed for the given switch port. Draw the menu bar to select the mode.  Flow Control  Auto - Setup Auto negotiation for copper interface.  10Mbps HDX - Force sets 10Mbps/Half-Duplex mode.  10Mbps FDX - Force sets 10Mbps/Full-Duplex mode.  100Mbps HDX - Force sets 100Mbps/Half-Duplex mode.
PAGE 90
User’s Manual of WGSW-24040 / WGSW-24040R 4.4.2 Port Statistics Overview This page provides an overview of general traffic statistics for all switch ports. The Port Statistics Overview screen in Figure 4-4-2 appears. Figure 4-4-2 Port Statistics Overview page screenshot The displayed counters are: Object Description  Port The logical port for the settings contained in the same row.  Packets The number of received and transmitted packets per port.
PAGE 91
User’s Manual of WGSW-24040 / WGSW-24040R 4.4.3 Port Statistics Detail This page provides detailed traffic statistics for a specific switch port. Use the port select box to select which switch port details to display. The selected port belong to the currently selected stack unit, as reflected by the page header. The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.
PAGE 92
User’s Manual of WGSW-24040 / WGSW-24040R  Rx and Tx Broadcast The number of received and transmitted (good and bad) broadcast packets.  Rx and Tx Pause A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation. Receive and Transmit Size Counters The number of received and transmitted (good and bad) packets split into categories based on their respective frame sizes.
PAGE 93
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to refresh the page immediately. : Clears the counters for all ports. Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. 4.4.4 SFP Information You can check the physical or operational status of an SFP module via the SFP Module Information page. This page shows the operational status, such as the transceiver type, speed, and wavelength and supports distance of SFP module on a specific interface.
PAGE 94
User’s Manual of WGSW-24040 / WGSW-24040R Buttons Auto-refresh : Check this box to enable an automatic refresh of the page at regular intervals. : Click to refresh the page immediately. 4.4.5 Port Mirror Configure port Mirroring on this page. This function provide to monitoring network traffic that forwards a copy of each incoming or outgoing packet from one port of a network Switch to another port where the packet can be studied.
PAGE 95
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-4-6 Mirror Configuration page screenshot The page includes the following fields: Object Description  Port to mirror on Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored to this port. Disabled disables mirroring.  Port The logical port for the settings contained in the same row.  Mode Select mirror mode. Rx only: Frames received at this port are mirrored to the mirroring port.
PAGE 96
User’s Manual of WGSW-24040 / WGSW-24040R For a given port, a frame is only transmitted once. It is therefore not possible to mirror Tx frames on the mirror port. Because of this, mode for the selected mirror port is limited to Disabled or Rx only. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values.
PAGE 97
User’s Manual of WGSW-24040 / WGSW-24040R 4.5 Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups (LAGs). Port Aggregation multiplies the bandwidth between the devices, increases port flexibility, and provides link redundancy. Each LAG is composed of ports of the same speed, set to full-duplex operations.
PAGE 98
User’s Manual of WGSW-24040 / WGSW-24040R The Link Aggregation Control Protocol (LACP) provides a standardized means for exchanging information between Partner Systems that require high speed redundant links. Link aggregation lets you group up to eight consecutive ports into a single dedicated connection. This feature can expand bandwidth to a device on the network. LACP operation requires full-duplex mode, more detail information refer to the IEEE 802.3ad standard.
PAGE 99
User’s Manual of WGSW-24040 / WGSW-24040R 4.5.1 Static Aggregation This page is used to configure the Aggregation hash mode and the aggregation group. The aggregation hash mode settings are global, whereas the aggregation group relate to the currently selected stack unit, as reflected by the page header. Hash Code Contributors The Static Aggeration screen in Figure 4-5-2 appears.
PAGE 100
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-5-3 Aggregation Group Configuration page screenshot The page includes the following fields: .Object Description  Group ID Indicates the group ID for the settings contained in the same row. Group ID "Normal" indicates there is no aggregation. Only one group ID is valid per port.  Port Members Each switch port is listed for each group ID.
PAGE 101
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-5-4 LACP Port Configuration page screenshot The page includes the following fields: Object Description  Port The switch port number.  LACP Enabled Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2G LAGs per stack.  Key The Key value incurred by the port, range 1-65535 .
PAGE 102
User’s Manual of WGSW-24040 / WGSW-24040R each second, while Passive will wait for a LACP packet from a partner (speak if spoken to).  Timeout The Timeout controls the period between BPDU transmissions. Fast will transmit LACP packets each second, while Slow will wait for 30 seconds before sending a LACP packet.  Priority The Prio controls the priority of the port.
PAGE 103
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to refresh the page immediately. Auto-refresh : Automatic refresh occurs every 3 seconds. 4.5.4 LACP Port Status This page provides a status overview for LACP status for all ports. The LACP Port Status screen in Figure 4-5-6 appears. Figure 4-5-6 LACP Status page screenshot The page includes the following fields: Object Description  Port The switch port number.  LACP 'Yes' means that LACP is enabled and the port link is up.
PAGE 104
User’s Manual of WGSW-24040 / WGSW-24040R  Partner System ID The partner’s System ID (MAC address).  Partner Port The partner’s port number connected to this port.  Partner Priority The partner's port priority. Buttons : Click to refresh the page immediately. Auto-refresh : Automatic refresh occurs every 3 seconds. 4.5.5 LACP Port Statistics This page provides an overview for LACP statistics for all ports. The LACP Port Statistics screen in Figure 4-5-7 appears.
PAGE 105
User’s Manual of WGSW-24040 / WGSW-24040R  Discarded Shows how many unknown or illegal LACP frames have been discarded at each port. Buttons Auto-refresh : Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately. : Clears the counters for all ports.
PAGE 106
User’s Manual of WGSW-24040 / WGSW-24040R 4.6 VLAN 4.6.1 VLAN Overview A Virtual Local Area Network (VLAN) is a network topology configured according to a logical scheme rather than the physical layout. VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN. VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN.
PAGE 107
User’s Manual of WGSW-24040 / WGSW-24040R Membership 4.6.2 IEEE 802.1Q VLAN In large networks, routers are used to isolate broadcast traffic for each subnet into separate domains. This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains. VLANs confine broadcast traffic to the originating group, and can eliminate broadcast storms in large networks. This also provides a more secure and cleaner network environment.
PAGE 108
User’s Manual of WGSW-24040 / WGSW-24040R Some relevant terms: - Tagging - The act of putting 802.1Q VLAN information into the header of a packet. - Untagging - The act of stripping 802.1Q VLAN information out of the packet header. ■ 802.1Q VLAN Tags The figure below shows the 802.1Q VLAN tag. There are four additional octets inserted after the source MAC address. Their presence is indicated by a value of 0x8100 in the Ether Type field.
PAGE 109
User’s Manual of WGSW-24040 / WGSW-24040R ■ Port VLAN ID Packets that are tagged (are carrying the 802.1Q VID information) can be transmitted from one 802.1Q compliant network device to another with the VLAN information intact. This allows 802.1Q VLAN to span network devices (and indeed, the entire network – if all network devices are 802.1Q compliant). Every physical port on a switch has a PVID. 802.1Q ports are also assigned a PVID, for use within the switch.
PAGE 110
User’s Manual of WGSW-24040 / WGSW-24040R ■ VLAN Classification When the switch receives a frame, it classifies the frame in one of two ways. If the frame is untagged, the switch assigns the frame to an associated VLAN (based on the default VLAN ID of the receiving port). But if the frame is tagged, the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame.
PAGE 111
User’s Manual of WGSW-24040 / WGSW-24040R  Current number of Display the current number of VLANs VLANs  VLAN Learning Display the VLAN learning mode. The Managed Switch supports IVL (IVL Independent vlan learning).  Configurable PVID Indicates whether or not configurable PVID tagging is implemented. Tagging 4.6.4 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN. The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN.
PAGE 112
User’s Manual of WGSW-24040 / WGSW-24040R QinQ tunneling is used to maintain customer-specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs. This is accomplished by inserting Service Provider VLAN (SPVLAN) tags into the customer’s frames when they enter the service provider’s network, and then stripping the tags when the frames leave the network.
PAGE 113
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-2 VLAN Port Configuration page screenshot The page includes the following fields: Object Description  Port This is the logical port number for this row.  PVID Allow assign PVID for selected port. The range for the PVID is 1-4094. The PVID will be inserted into all untagged frames entering the ingress port. The PVID must as same as the VLAN ID that the port belong to VLAN group, or the untagged traffic will be dropped.
PAGE 114
User’s Manual of WGSW-24040 / WGSW-24040R frames, untagged frames received on the port are discarded. By default, the field is set to All.  Link Type Allow 802.1Q Untagged or Tagged VLAN for selected port. When adding a VLAN to selected port, it tells the switch whether to keep or remove the tag from a frame on egress. - Untag: outgoing frames without VLAN-Tagged. - Tagged:  Q-in-Q Mode outgoing frames with VLAN-Tagged.
PAGE 115
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-3 appears. Figure 4-6-3 VLAN Membership Configuration page screenshot The page includes the following fields: Object Description  Delete To delete a VLAN entry, check this box. The entry will be deleted on all stack switch units during the next Save.  VLAN ID Indicates the ID of this particular VLAN.  VLAN Name Indicates the name of the VLAN. Maximum length of the VLAN Name String is 32. VLAN Name can only contain alphabets or numbers.
PAGE 116
User’s Manual of WGSW-24040 / WGSW-24040R : Refreshes the displayed table starting from the "VLAN ID" input fields. : Updates the table starting from the first entry in the VLAN Table, i.e. the entry with the lowest VLAN ID. : Updates the table, starting with the entry after the last entry currently displayed. 4.6.6 VLAN Membership Status This page provides an overview of membership status for VLAN users. The VLAN Membership Status screen in Figure 4-6-4 appears.
PAGE 117
User’s Manual of WGSW-24040 / WGSW-24040R create multiple spanning trees in a network, which significantly improves network resource utilization while maintaining a loop-free environment.  Port Members A row of check boxes for each port is displayed for each VLAN ID. If a port is included in a VLAN, an image will be displayed. If a port is included in a Forbidden port list, an image will be displayed.
PAGE 118
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-5 VLAN Port Status for Static User page screenshot The page includes the following fields: Object Description  Port The logical port for the settings contained in the same row.  PVID Shows the VLAN identifier for that port. The allowed values are 1 through 4095. The default value is 1.  Port Type Show the VLAN Awareness for the port. If VLAN awareness is enabled, the tag is removed from tagged frames received on the port.
PAGE 119
User’s Manual of WGSW-24040 / WGSW-24040R  Conflicts Shows status of Conflicts whether exists or Not. When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration, the following conflicts can occur: Functional Conflicts between feature. Conflicts due to hardware limitation. Direct conflict between user modules. Buttons : Select VLAN Users from this drop down list. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds.
PAGE 120
User’s Manual of WGSW-24040 / WGSW-24040R Object Description  Delete To delete a private VLAN entry, check this box. The entry will be deleted during the next save.  Private VLAN ID Indicates the ID of this particular private VLAN.  Port Members A row of check boxes for each port is displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked.
PAGE 121
User’s Manual of WGSW-24040 / WGSW-24040R For private VLANs to be applied, the switch must first be configured for standard VLAN operation When this is in place, one or more of the configured VLANs can be configured as private VLANs.
PAGE 122
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-7 Port Isolation Configuration page screenshot The page includes the following fields: Object Description  Port Members A check box is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports. Buttons : Click to save changes.
PAGE 123
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-8 two separate VLAN diagram VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port-7 ~ Port-10 N/A VLAN Group 2 2 Port-1,Port-2 Port-3 VLAN Group 3 3 Port-4,Port-5 Port-6 Table 4-1 VLAN and Port Configuration The scenario described as follow:  Untagged packet entering VLAN 2 1. While [PC-1] transmit an untagged packet enters Port-1, the Managed Switch will tag it with a VLAN Tag=2.
PAGE 124
User’s Manual of WGSW-24040 / WGSW-24040R 1. While [PC-4] transmit an untagged packet enters Port-4, the switch will tag it with a VLAN Tag=3. [PC-5] and [PC-6] will received the packet through Port-5 and Port-6. 2. While the packet leaves Port-5, it will be stripped away it tag becoming an untagged packet. 3. While the packet leaves Port-6, it will keep as a tagged packet with VLAN Tag=3.
PAGE 125
User’s Manual of WGSW-24040 / WGSW-24040R 4. Assign PVID for each port: Port-1,Port-2 and Port-3 : PVID=2 Port-4,Port-5 and Port-6 : PVID=3 Port-7~Port-10 : PVID=1 5. Enable VLAN Tag for specific ports Link Type: Port-3 (VLAN-2) and Port-6 (VLAN-3) The Per Port VLAN configuration in Figure 4-6-10 appears. Figure 4-6-10 Port 1-Port 6 VLAN Configuration 4.6.10.2 VLAN Trunking between two 802.1Q aware switch The most cases are used for “Uplink” to other switches.
PAGE 126
User’s Manual of WGSW-24040 / WGSW-24040R Setup steps 1. Create VLAN Group Set VLAN Group 1 = Default-VLAN with VID (VLAN ID) =1 Add two VLANs – VLAN 2 and VLAN 3 VLAN Group 2 with VID=2 VLAN Group 3 with VID=3 2. Assign VLAN Member : VLAN 2 : Port-1,Port-2 and Port-3 VLAN 3 : Port-4, Port-5 and Port-6 VLAN 1 : All other ports – Port-7~Port-10 About the VLAN ports connect to the hosts, please refer to 4.6.10.1 examples.
PAGE 127
User’s Manual of WGSW-24040 / WGSW-24040R port configuration. 1. Specify Port-8 to be the 802.1Q VLAN Trunk port. 2. Assign Port-8 to both VLAN 2 and VLAN 3 at the VLAN Member configuration page. 3. Define a VLAN 1 as a “Public Area” that overlapping with both VLAN 2 members and VLAN 3 members. 4. Assign the VLAN Trunk Port to be the member of each VLAN – which wants to be aggregated. At this sample, add Port-8 to be VLAN 2 and VLAN 3 member port. The screen in Figure 4-6-12 appears.
PAGE 128
User’s Manual of WGSW-24040 / WGSW-24040R Setup steps 1. Assign Port Mode Set Port-1~Port-4 in Isolate port. Set Port5 and Port-6 in Promiscuous port. The screen in Figure 4-6-15 appears. Figure 4-6-15 The configuration of Isolate and Promiscuous port 2. Assign VLAN Member : VLAN 1 : Port-1,Port-2 ,Port-5 and Port-3 VLAN 2 : Port-3~Port-6. The screen in Figure 4-6-16 appears.
PAGE 129
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-6-16 Private VLAN port setting 4.6.11 MAC-based VLAN The MAC-based VLAN enties can be configured here. This page allows for adding and deleting MAC-based VLAN entries and assigning the entries to different ports. This page shows only static entries. The MAC-based VLAN screen in Figure 4-6-17 appears.
PAGE 130
User’s Manual of WGSW-24040 / WGSW-24040R VLAN ID are 1 through 4095. The MAC-based VLAN entry is enabled when you click on "Save". A MAC-based VLAN without any port members will be deleted when you click "Save". The “Delete” button can be used to undo the addition of new MAC-based VLANs. Buttons : Click to add a new MAC-based VLAN entry. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. Auto-refresh : Check this box to refresh the page automatically.
PAGE 131
User’s Manual of WGSW-24040 / WGSW-24040R Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately. 4.6.13 IP Subnet-based VLAN The IP subnet-based VLAN enties can be configured here. This page allows for adding, updating and deleting IP subnet-based VLAN entries and assigning the entries to different ports. This page shows only static entries. The IP-based VLAN screen in Figure 4-6-19 appears.
PAGE 132
User’s Manual of WGSW-24040 / WGSW-24040R entry. Legal values for a VLAN ID are 1 through 4095. The IP subnet-based VLAN entry is enabled when you click on "Save". The “Delete: button can be used to undo the addition of new IP subnet-based VLANs. Buttons : Click to add a new entry in mapping table. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. Auto-refresh : Check this box to refresh the page automatically.
PAGE 133
User’s Manual of WGSW-24040 / WGSW-24040R vary depending on the new frame type you selected.  Value Valid value that can be entered in this text field depends on the option selected from the the preceding Frame Type selection menu. Below is the criteria for three different Frame Types: 1. For Ethernet: Values in the text field when Ethernet is selected as a Frame Type is called etype. Valid values for etype ranges from 0x0600-0xffff 2.
PAGE 134
User’s Manual of WGSW-24040 / WGSW-24040R 4.6.15 Protocol-based VLAN Mambership This page allows you to map a already configured Group Name to a VLAN for the switch. The Group Name to VLAN Mapping Table screen in Figure 4-6-21 appears. Figure 4-6-21 Group Name to VLAN Mapping Table page screenshot The page includes the following fields: Object Description  Delete To delete a Group Name to VLAN map entry, check this box.
PAGE 135
User’s Manual of WGSW-24040 / WGSW-24040R : Click to undo any changes made locally and revert to previously saved values. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately.
PAGE 136
User’s Manual of WGSW-24040 / WGSW-24040R 4.7 Spanning Tree Protocol 4.7.1 Theory The Spanning Tree protocol can be used to detect and disable network loops, and to provide backup links between switches, bridges or routers. This allows the switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network, and provide backup links which automatically take over when a primary link goes down.
PAGE 137
User’s Manual of WGSW-24040 / WGSW-24040R The switch sends BPDUs to communicate and construct the spanning-tree topology. All switches connected to the LAN on which the packet is transmitted will receive the BPDU. BPDUs are not directly forwarded by the switch, but the receiving switch uses the information in the frame to calculate a BPDU, and, if the topology changes, initiates a BPDU transmission.
PAGE 138
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-7-1 STP Port State Transitions You can modify each port state by using management software. When you enable STP, every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up. If properly configured, each port stabilizes to the forwarding or blocking state.
PAGE 139
User’s Manual of WGSW-24040 / WGSW-24040R Parameter Description Default Value Bridge Identifier(Not user A combination of the User-set priority and 32768 + MAC configurable the switch’s MAC address.
PAGE 140
User’s Manual of WGSW-24040 / WGSW-24040R User-Changeable STA Parameters The Switch’s factory default setting should cover the majority of installations. However, it is advisable to keep the default settings as set at the factory; unless, it is absolutely necessary. The user changeable parameters in the Switch are as follows: Priority – A Priority for the switch can be set from 0 to 65535. 0 is equal to the highest Priority. Hello Time – The Hello Time can be from 1 to 10 seconds.
PAGE 141
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-7-5 Before Applying the STA Rules In this example, only the default STP values are used.
PAGE 142
User’s Manual of WGSW-24040 / WGSW-24040R The switch with the lowest Bridge ID (switch C) was elected the root bridge, and the ports were selected to give a high port cost between switches B and C. The two (optional) Gigabit ports (default port cost = 20,000) on switch A are connected to one (optional) Gigabit port on both switch B and C. The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link (default port cost = 200,000).
PAGE 143
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Basic Settings Object Description  Protocol Version The STP protocol version setting. Valid values are STP, RSTP and MSTP.  Bridge Priority Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch forms a Bridge Identifier. For MSTP operation, this is the priority of the CIST.
PAGE 144
User’s Manual of WGSW-24040 / WGSW-24040R re-enabled for normal STP operation. The condition is also cleared by a system reboot.  Port Error Recovery The time that has to pass before a port in the error-disabled state can be enabled. Valid values are between 30 and 86400 seconds (24 hours). Timeout The Gigabit Ethernet Switch implement the Rapid Spanning Protocol as the default spanning tree protocol. While select “Compatibles” mode, the system use the RSTP (802.
PAGE 145
User’s Manual of WGSW-24040 / WGSW-24040R  Topology Flag The current state of the Topology Change Flag for this Bridge instance.  Topology Change Last The time since last Topology Change occurred. Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately. 4.7.4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations, and possibly change them as well.
PAGE 146
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-7-9 STP CIST Port Configuration page screenshot The page includes the following fields: Object Description  Port The switch port number of the logical STP port.  STP Enabled Controls whether RSTP is enabled on this switch port.  Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values.
PAGE 147
User’s Manual of WGSW-24040 / WGSW-24040R A port entering error-disabled state due to this setting is subject to the bridge Port Error Recovery setting as well.  Point-to-point Controls whether the port connects to a point-to-point LAN rather than a shared medium. This can be automatically determined, or forced either true or false. Transitions to the forwarding state is faster for point-to-point LANs than for shared media. Buttons : Click to save changes.
PAGE 148
User’s Manual of WGSW-24040 / WGSW-24040R Gigabit Ethernet Trunk 50,000 Full Duplex 10,000 Trunk 5,000 Table 4-7-3 Default STP Path Costs 4.7.5 MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations, and possibly change them as well. The MSTI Priority screen in Figure 4-7-10 appears. Figure 4-7-10 MSTI Priority page screenshot The page includes the following fields: Object Description  MSTI The bridge instance.
PAGE 149
User’s Manual of WGSW-24040 / WGSW-24040R 4.7.6 MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations, and possibly change them as well. The MSTI Configuration screen in Figure 4-7-11 appears.
PAGE 150
User’s Manual of WGSW-24040 / WGSW-24040R  Configuration Name The name identifiying the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's. (Intra-region). The name is at most 32 characters.  Configuration Revision The revision of the MSTI configuration named above. This must be an integer between 0 and 65535. MSTI Mapping Object Description  MSTI The bridge instance.
PAGE 151
User’s Manual of WGSW-24040 / WGSW-24040R MSTI Port Configuration Object Description  Select MSTI Select the bridge instance and set more detail configuration.
PAGE 152
User’s Manual of WGSW-24040 / WGSW-24040R  Port The switch port number of the corresponding STP CIST (and MSTI) port.  Path Cost Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network.
PAGE 153
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Port The switch port number of the logical STP port.  CIST Role The current STP port role of the ICST port. The port role can be one of the following values: AlternatePort BackupPort RootPort DesignatedPort Disable  State The current STP port state of the CIST port .
PAGE 154
User’s Manual of WGSW-24040 / WGSW-24040R  MSTP The number of MSTP Configuration BPDU's received/transmitted on the port.  RSTP The number of RSTP Configuration BPDU's received/transmitted on the port.  STP The number of legacy STP Configuration BPDU's received/transmitted on the port.  TCN The number of (legacy) Topology Change Notification BPDU's received/transmitted on the port.  Discarded Unknown The number of unknown Spanning Tree BPDU's received (and discarded) on the port.
PAGE 155
User’s Manual of WGSW-24040 / WGSW-24040R 4.8 Multicast 4.8.1 IGMP Snooping The Internet Group Management Protocol (IGMP) lets host and routers share information about multicast groups memberships. IGMP snooping is a switch feature that monitors the exchange of IGMP messages and copies them to the CPU for feature processing. The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group.
PAGE 156
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-2 Multicast flooding Figure 4-8-3 IGMP Snooping multicast stream control 156
PAGE 157
User’s Manual of WGSW-24040 / WGSW-24040R IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time. IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group. IGMP version 1 is defined in RFC 1112. It has a fixed packet size and no optional data.
PAGE 158
User’s Manual of WGSW-24040 / WGSW-24040R message, and query messages that are specific to a given group. The states a computer will go through to join or to leave a multicast group are shown below: Figure 4-8-4 IGMP State Transitions  IGMP Querier – A router, or multicast-enabled switch, can periodically ask their hosts if they want to receive multicast traffic.
PAGE 159
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-5 IGMP Snooping Configuration page screenshot The page includes the following fields: Object Description  Snooping Enabled Enable the Global IGMP Snooping.  Unregistered IPMCv4 Enable unregistered IPMCv4 traffic flooding. Flooding Enabled The flooding control takes effect only when IGMP Snooping is enabled. When IGMP Snooping is disabled, unregistered IPMCv4 traffic flooding is always active in spite of this setting.
PAGE 160
User’s Manual of WGSW-24040 / WGSW-24040R  Proxy Enable Enable IGMP Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side.  Router Port Specify which ports act as IGMP router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. The Switch forwards IGMP join or leave packets to an IGMP router port.
PAGE 161
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-6 IGMP Snooping VLAN Configuration page screenshot The page includes the following fields: Object Description  VLAN ID The VLAN ID of the entry.  IGMP Snooping Enable Enable the per-VLAN IGMP Snooping. Only up to 64 VLANs can be selected.  IGMP Querier Enable the IGMP Querier in the VLAN.
PAGE 162
User’s Manual of WGSW-24040 / WGSW-24040R : Refreshes the displayed table starting from the "VLAN" input fields. : Updates the table starting from the first entry in the VLAN Table, i.e. the entry with the lowest VLAN ID. : Updates the table, starting with the entry after the last entry currently displayed. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.8.
PAGE 163
User’s Manual of WGSW-24040 / WGSW-24040R  Filtering Group The IP Multicast Group that will be filtered.  Add New Filtering Click “Add New Filtering Group” to add a new entry to the Group Filtering table. Specify the Port, and Filtering Group of the new entry. Click "Save". Group Buttons : Click to add a new entry to the Group Filtering table. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.8.
PAGE 164
User’s Manual of WGSW-24040 / WGSW-24040R Object Description  VLAN ID The VLAN ID of the entry.  Querier Version Working Querier Version currently.  Host Version Working Host Version currently.  Querier Status Show the Querier status is "ACTIVE" or "IDLE".  Querier Transmitted The number of Transmitted Querier.  Querier Received The number of Received Querier.  V1 Reports Received The number of Received V1 Reports.  V2 Reports Received The number of Received V2 Reports.
PAGE 165
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-9 IGMP Snooping Groups Information page screenshot The page includes the following fields: Object Description  VLAN ID VLAN ID of the group.  Groups Group address of the group displayed.  Port Members Ports under this group. Buttons Auto-refresh : Automatic refresh occurs every 3 seconds. : Refreshes the displayed table starting from the input fields. : Updates the table, starting with the first entry in the IGMP Group Table.
PAGE 166
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-10 IGMP SSM Information page screenshot The page includes the following fields: Object Description  VLAN ID VLAN ID of the group.  Group Group address of the group displayed.  Port Switch port number.  Mode Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude.  Source Address IP Address of the source.
PAGE 167
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-11 MLD Snooping Configuration page screenshot The page includes the following fields: Object Description  Snooping Enabled Enable the Global MLD Snooping.  Unregistered IPMCv6 Enable unregistered IPMCv6 traffic flooding. Flooding enabled The flooding control takes effect only when MLD Snooping is enabled. When MLD Snooping is disabled, unregistered IPMCv6 traffic flooding is always active in spite of this setting.
PAGE 168
User’s Manual of WGSW-24040 / WGSW-24040R  Leave Proxy Enable Enable MLD Leave Proxy. This feature can be used to avoid forwarding unnecessary leave messages to the router side.  Proxy Enable Enable MLD Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side.  Router Port Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier.
PAGE 169
User’s Manual of WGSW-24040 / WGSW-24040R  VLAN ID The VLAN ID of the entry.  MLD Snooping Enable Enable the per-VLAN MLD Snooping. Only up to 32 VLANs can be selected.  MLD Querier Enable the MLD Querier in the VLAN.  Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network. The allowed selection is MLD-Auto, Forced MLDv1, Forced MLDv2, default compatibility value is MLD-Auto.
PAGE 170
User’s Manual of WGSW-24040 / WGSW-24040R 4.8.10 MLD Snooping Port Group Filtering In certain switch applications, the administrator may want to control the multicast services that are available to end users. For example, an IP/TV service based on a specific subscription plan. The MLD filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port, and MLD throttling limits the number of simultaneous multicast groups a port can join.
PAGE 171
User’s Manual of WGSW-24040 / WGSW-24040R 4.8.11 MLD Snooping Status This page provides MLD Snooping status. The IGMP Snooping Status screen in Figure 4-8-14 appears. Figure 4-8-14 MLD Snooping Status page screenshot The page includes the following fields: Object Description  VLAN ID The VLAN ID of the entry.  Querier Version Working Querier Version currently.  Host Version Working Host Version currently.  Querier Status Shows the Querier status is "ACTIVE" or "IDLE".
PAGE 172
User’s Manual of WGSW-24040 / WGSW-24040R  V2 Reports Received The number of Received V2 Reports.  V1 Leave Received The number of Received V1 Leaves.  Router Port Display which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. Static denotes the specific port is configured to be a router port. Dynamic denotes the specific port is learnt to be a router port.
PAGE 173
User’s Manual of WGSW-24040 / WGSW-24040R  Groups Group address of the group displayed.  Port Members Ports under this group. Buttons Auto-refresh : Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately. : Updates the table, starting with the first entry in the IGMP Group Table. : Updates the table, starting with the entry after the last entry currently displayed. 4.8.13 MLDv2 Information Entries in the MLD SFM Information Table are shown on this page.
PAGE 174
User’s Manual of WGSW-24040 / WGSW-24040R  Port Switch port number.  Mode Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude.  Source Address IP Address of the source. Currently, system limits the total number of IP source addresses for filtering to be 128.  Type Indicates the Type. It can be either Allow or Deny.
PAGE 175
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-8-17 MVR Configuration page screenshot The page includes the following fields: Object Description  MVR Mode Enable/Disable the Global MVR. The Unregistered Flooding control depends on the current configuration in IGMP/MLD Snooping.
PAGE 176
User’s Manual of WGSW-24040 / WGSW-24040R table is full.  Delete Check to delete the entry. The designated entry will be deleted during the next save.  MVR VID Specify the Multicast VLAN ID. Be Caution: MVR source ports are not recommended to be overlapped with management VLAN ports.  MVR Name MVR Name is an optional attribute to indicate the name of the specific MVR VLAN. Maximum length of the MVR VLAN Name string is 32. MVR VLAN Name can only contain alphabets or numbers.
PAGE 177
User’s Manual of WGSW-24040 / WGSW-24040R I indicates Inactive; S indicates Source; R indicates Receiver The default Role is Inactive.  Immediate Leave Enable the fast leave on the port. Buttons : Click to add new MVR VLAN. Specify the VID and configure the new entry. Click "Save" : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.8.15 MVR Status This page provides MVR status. The MVR Status screen in Figure 4-8-18 appears.
PAGE 178
User’s Manual of WGSW-24040 / WGSW-24040R : Click to refresh the page immediately. : Clears all Statistics counters. Auto-refresh : Automatic refresh occurs every 3 seconds. 4.8.16 MVR Groups Information Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID, and then by group. Each page shows up to 99 entries from the MVR Group table, default being 20, selected through the "entries per page" input field.
PAGE 179
User’s Manual of WGSW-24040 / WGSW-24040R : Updates the table, starting with the entry after the last entry currently displayed. 4.8.17 MVR SFM Information Entries in the MVR SFM Information Table are shown on this page. The MVR SFM (Source-Filtered Multicast) Information Table also contains the SSM (Source-Specific Multicast) information. This table is sorted first by VLAN ID, then by group, and then by Port. Different source addresses belong to the same group are treated as single entry.
PAGE 180
User’s Manual of WGSW-24040 / WGSW-24040R : Refreshes the displayed table starting from the input fields. : Updates the table starting from the first entry in the MVR SFM Information Table. : Updates the table, starting with the entry after the last entry currently displayed.
PAGE 181
User’s Manual of WGSW-24040 / WGSW-24040R 4.9 Quality of Service 4.9.1 Understand QOS Quality of Service (QoS) is an advanced traffic prioritization feature that allows you to establish control over network traffic. QoS enables you to assign various grades of network service to different types of traffic, such as multi-media, video, protocol-specific, time critical, and file-backup traffic. QoS reduces bandwidth limitations, delay, loss, and jitter.
PAGE 182
User’s Manual of WGSW-24040 / WGSW-24040R 4.9.2 Port Policing This page allows you to configure the Policer settings for all switch ports. The Port Policing screen in Figure 4-9-1 appears. Figure 4-9-1 QoS Ingress Port Policers page screenshot The page includes the following fields: Object Description  Port The port number for which the configuration below applies.  Enable Controls whether the policer is enabled on this switch port.  Rate Controls the rate for the policer.
PAGE 183
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.9.3 Port Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports. The Port Classification screen in Figure 4-9-2 appears.
PAGE 184
User’s Manual of WGSW-24040 / WGSW-24040R A QoS class of 0 (zero) has the lowest priority. Note: If the QoS class has been dynamically changed, then the actual QoS class is shown in parentheses after the configured QoS class.  DP Level Controls the default Drop Precedence Level, i.e., the DP level for frames not classified in any other way.  PCP Controls the default PCP for untagged frames.  DEI Controls the default DEI for untagged frames.  Tag Class.
PAGE 185
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-4 QoS Egress Port Schedule page screenshot The page includes the following fields: Object Description  Port The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers. For more detail, please refer to chapter 4.9.5.1.  Mode Shows the scheduling mode for this port.  Q0 ~ Q5 Shows the weight for this queue and port. 4.9.
PAGE 186
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-5 QoS Egress Port Shapers page screenshot The page includes the following fields: Object Description  Port The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers. For more detail, please refer to chapter 4.9.5.1.  Q0 ~Q7 Shows "disabled" or actual queue shaper rate - e.g. "800 Mbps".  Port Shows "disabled" or actual port shaper rate - e.g. "800 Mbps". 4.9.5.
PAGE 187
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-6 QoS Egress Port Schedule and Shapers page screenshot The page includes the following fields: Object Description  Schedule Mode Controls whether the scheduler mode is "Strict Priority" or "Weighted" on this switch port.  Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port.  Queue Shaper Rate Controls the rate for the queue shaper. The default value is 500.
PAGE 188
User’s Manual of WGSW-24040 / WGSW-24040R restricted to 100-1000000 when the "Unit" is "kbps", and it is restricted to 1-13200 when the "Unit" is "Mbps".  Port Shaper Unit Controls the unit of measure for the port shaper rate as "kbps" or "Mbps". The default value is "kbps". Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. : Click to undo any changes made locally and return to the previous page. 4.9.
PAGE 189
User’s Manual of WGSW-24040 / WGSW-24040R  Mode Shows the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level. 4.9.6.1 QoS Egress Port Tag Remarking The QoS Egress Port Tag Remarking for a specific port are configured on this page. The QoS Egress Port Tag Remarking sscreen in Figure 4-9-8 appears.
PAGE 190
User’s Manual of WGSW-24040 / WGSW-24040R : Click to undo any changes made locally and return to the previous page. 4.9.7 Port DSCP This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports. The Port DSCP screen in Figure 4-9-9 appears. Figure 4-9-9 QoS Port DSCP Configuration page screenshot The page includes the following fields: Object Description  Port The Port coulmn shows the list of ports for which you can configure dscp ingress and egress settings.
PAGE 191
User’s Manual of WGSW-24040 / WGSW-24040R  Translate  Classify  Translate To Enable the Ingress Translation click the checkbox.  Classify Classification for a port have 4 different values.  Disable: No Ingress DSCP Classification.  DSCP=0: Classify if incoming (or translated if enabled) DSCP is 0.  Selected: Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP.   Egress All: Classify all DSCP.
PAGE 192
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-10 DSCP-Based QoS Ingress Classification page screenshot The page includes the following fields: Object Description  DSCP Maximum number of support ed DSCP values are 64.  Trust Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP values are treated as a non-IP frame.
PAGE 193
User’s Manual of WGSW-24040 / WGSW-24040R  QoS Class QoS Class value can be any of (0-7)  DPL Drop Precedence Level (0-1) Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.9.9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches. DSCP translation can be done in Ingress or Egress. The DSCP Translation screen in Figure 4-9-11 appears.
PAGE 194
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  DSCP Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63.  Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation Translate Classify  Translate DSCP at Ingress side can be translated to any of (0-63) DSCP values.
PAGE 195
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-12 DSCP Classification page screenshot The page includes the following fields: Object Description  QoS Class Available QoS Class value ranges from 0 to 7. QoS Class (0-7) can be mapped to followed parameters.  DSCP Select DSCP value (0-63) from DSCP menu to map DSCP to corresponding QoS Class and DPL value Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.9.
PAGE 196
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-13 QoS Control List Configuration page screenshot The page includes the following fields: Object Description  QCE# Indicates the index of QCE.  Port Indicates the list of ports configured with the QCE.  Frame Type Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed.
PAGE 197
User’s Manual of WGSW-24040 / WGSW-24040R Class: Classified QoS class. DPL: Classified Drop Precedence Level. DSCP: Classified DSCP value.  Modification Buttons You can modify each QCE in the table using the following buttons: : Inserts a new QCE before the current row. : Edits the QCE. : Moves the QCE up the list. : Moves the QCE down the list. : Deletes the QCE. : The lowest plus sign adds a new entry at the bottom of the list of QCL. 4.9.11.
PAGE 198
User’s Manual of WGSW-24040 / WGSW-24040R  Key Parameters Key configuration are discribed as below: Tag Value of Tag field can be 'Any', 'Untag' or 'Tag' VID Valid value of VLAN ID can be any value in the range 1-4095 or 'Any'; user can enter either a specific value or a range of VIDs PCP Priority Code Point: Valid value PCP are specific(0, 1, 2, 3, 4, 5, 6, 7) or range(0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any' DEI Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or 'Any' SMAC So
PAGE 199
User’s Manual of WGSW-24040 / WGSW-24040R Sport Source TCP/UDP port:(0-65535) or 'Any', specific or port range applicable for IP protocol UDP/TCP Dport Destination TCP/UDP port:(0-65535) or 'Any', specific or port range applicable for IP protocol UDP/TCP  IPv6 Protocol IP protocol number: (0-255, TCP or UDP) or 'Any' Source IP IPv6 source address: (a.b.c.d) or 'Any', 32 LS bits DSCP Diffserv Code Point value(DSCP): It can be specific value, range of value or 'Any'.
PAGE 200
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-15 QoS Control List Status page screenshot The page includes the following fields: Object Description  User Indicates the QCL user.  QCE# Indicates the index of QCE.  Frame Type Indicates the type of frame to look for incomming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed.
PAGE 201
User’s Manual of WGSW-24040 / WGSW-24040R 4.9.13 Storm Control Configuration Storm control for the switch is configured on this page. There is a unicast storm rate control, multicast storm rate control, and a broadcast storm rate control. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present on the MAC Address table. The configuration indicates the permitted packet rate for unicast, multicast or broadcast traffic across the switch.
PAGE 202
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-18 Queuing Counters page screenshot The page includes the following fields: Object Description  Port The logical port for the settings contained in the same row.  Q0 ~ Q7 There are 8 QoS queues per port. Q0 is the lowest priority queue.  Rx/Tx The number of received and transmitted packets per queue. Buttons : Click to refresh the page immediately. : Clears the counters for all ports.
PAGE 203
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-19 Voice VLAN Configuration page screenshot The page includes the following fields: Object Description  Mode Indicates the Voice VLAN mode operation. We must disable MSTP feature before we enable Voice VLAN. It can avoid the conflict of ingress filter. Possible modes are: Enabled: Enable Voice VLAN mode operation. Disabled: Disable Voice VLAN mode operation.  VLAN ID Indicates the Voice VLAN ID.
PAGE 204
User’s Manual of WGSW-24040 / WGSW-24040R cannot equal each port PVID. It is conflict configuration if the value equal management VID, MVR VID, PVID etc. The allowed range is 1 to 4095.  Age Time Indicates the Voice VLAN secure learning age time. The allowed range is 10 to 10000000 seconds. It used when security mode or auto detect mode is enabled. In other cases, it will based hardware age time. The actual age time will be situated in the [age_time; 2 * age_time] interval.
PAGE 205
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-9-20 Voice VLAN OUI Table page screenshot The page includes the following fields: Object Description  Delete Check to delete the entry. It will be deleted during the next save.  Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is "xx-xx-xx" (x is a hexadecimal digit).  Description The description of OUI address.
PAGE 206
User’s Manual of WGSW-24040 / WGSW-24040R 4.10 Access Control Lists ACL is an acronym for Access Control List. It is the list table of ACEs, containing access control entries that specify individual users or groups permitted or denied to specific traffic objects, such as a process or a program. Each accessible traffic object contains an identifier to its ACL. The privileges determine whether there are specific traffic object access rights.
PAGE 207
User’s Manual of WGSW-24040 / WGSW-24040R based ACE will not get matched by IP and ARP frames. ARP: The ACE will match ARP/RARP frames. IPv4: The ACE will match all IPv4 frames. IPv4/ICMP: The ACE will match IPv4 frames with ICMP protocol. IPv4/UDP: The ACE will match IPv4 frames with UDP protocol. IPv4/TCP: The ACE will match IPv4 frames with TCP protocol. IPv4/Other: The ACE will match IPv4 frames, which are not ICMP/UDP/TCP. IPv6: The ACE will match all IPv6 standard frames.
PAGE 208
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-10-2 Access Control List Configuration page screenshot The page includes the following fields: Object Description  Ingress Port Indicates the ingress port of the ACE. Possible values are: All: The ACE will match all ingress port. Port: The ACE will match a specific ingress port.  Policy / Bitmask Indicates the policy number and bitmask of the ACE.  Frame Type Indicates the frame type of the ACE.
PAGE 209
User’s Manual of WGSW-24040 / WGSW-24040R  Modification Buttons You can modify each ACE (Access Control Entry) in the table using the following buttons: : Inserts a new ACE before the current row. : Edits the ACE row. : Moves the ACE up the list. : Moves the ACE down the list. : Deletes the ACE. : The lowest plus sign adds a new entry at the bottom of the ACE listings. Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds.
PAGE 210
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-10-3 ACE Configuration page screenshot The page includes the following fields: Object Description  Ingress Port Select the ingress port for which this ACE applies. Any: The ACE applies to any port. Port n: The ACE applies to this port number, where n is the number of the switch port.  Policy Filter Specify the policy number filter for this ACE. Any: No policy filter is specified. (policy filter status is "don't-care".
PAGE 211
User’s Manual of WGSW-24040 / WGSW-24040R IPv4: Only IPv4 frames can match this ACE. Notice the IPv4 frames won't match the ACE with ethernet type. IPv6: Only IPv6 frames can match this ACE. Notice the IPv6 frames won't match the ACE with ehternet type.  Action Specify the action to take with a frame that hits this ACE. Permit: The frame that hits this ACE is granted permission for the ACE operation. Deny: The frame that hits this ACE is dropped.
PAGE 212
User’s Manual of WGSW-24040 / WGSW-24040R MC: Frame must be multicast. BC: Frame must be broadcast. UC: Frame must be unicast. Specific: If you want to filter a specific destination MAC address with this ACE, choose this value. A field for entering a DMAC value appears.  DMAC Value When "Specific" is selected for the DMAC filter, you can enter a specific destination MAC address. The legal format is "xx-xx-xx-xx-xx-xx". A frame that hits this ACE matches this DMAC value.
PAGE 213
User’s Manual of WGSW-24040 / WGSW-24040R Any: No ARP/RARP OP flag is specified. (OP is "don't-care".) Request: Frame must have ARP Request or RARP Request OP flag set. Reply: Frame must have ARP Reply or RARP Reply OP flag.  Sender IP Filter Specify the sender IP filter for this ACE. Any: No sender IP filter is specified. (Sender IP filter is "don't-care".) Host: Sender IP filter is set to Host. Specify the sender IP address in the SIP Address field that appears.
PAGE 214
User’s Manual of WGSW-24040 / WGSW-24040R Any: Any value is allowed ("don't-care").  IP Specify whether frames can hit the action according to their ARP/RARP hardware address space (HRD) settings. 0: ARP/RARP frames where the HLD is equal to Ethernet (1). 1: ARP/RARP frames where the HLD is equal to Ethernet (1). Any: Any value is allowed ("don't-care").  Ethernet Specify whether frames can hit the action according to their ARP/RARP protocol address space (PRO) settings.
PAGE 215
User’s Manual of WGSW-24040 / WGSW-24040R than zero must not be able to match this entry. Yes: IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry. Any: Any value is allowed ("don't-care").  IP Option Specify the options flag setting for this ACE. No: IPv4 frames where the options flag is set must not be able to match this entry. Yes: IPv4 frames where the options flag is set must be able to match this entry.
PAGE 216
User’s Manual of WGSW-24040 / WGSW-24040R ICMP value.  ICMP Code Filter Specify the ICMP code filter for this ACE. Any: No ICMP code filter is specified (ICMP code filter status is "don't-care"). Specific: If you want to filter a specific ICMP code filter with this ACE, you can enter a specific ICMP code value. A field for entering an ICMP code value appears.  ICMP Code Value When "Specific" is selected for the ICMP code filter, you can enter a specific ICMP code value. The allowed range is 0 to 255.
PAGE 217
User’s Manual of WGSW-24040 / WGSW-24040R that hits this ACE matches this TCP/UDP destination value.  TCP/UDP Destination Range When "Range" is selected for the TCP/UDP destination filter, you can enter a specific TCP/UDP destination range value. The allowed range is 0 to 65535. A frame that hits this ACE matches this TCP/UDP destination value.  TCP FIN Specify the TCP "No more data from sender" (FIN) value for this ACE. 0: TCP frames where the FIN field is set must not be able to match this entry.
PAGE 218
User’s Manual of WGSW-24040 / WGSW-24040R 0x800(IPv4), 0x806(ARP) and 0x86DD(IPv6). A frame that hits this ACE matches this EtherType value. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. : Return to the previous page. 4.10.4 ACL Ports Configuration Configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE.
PAGE 219
User’s Manual of WGSW-24040 / WGSW-24040R  Port The logical port for the settings contained in the same row.  Policy ID Select the policy to apply to this port. The allowed values are 0 through 255. The default value is 0.  Action Select whether forwarding is permitted ("Permit") or denied ("Deny"). The default value is "Permit".  Rate Limiter ID Select which rate limiter to apply on this port. The allowed values are Disabled or the values 1 through 16. The default value is "Disabled".
PAGE 220
User’s Manual of WGSW-24040 / WGSW-24040R : Click to clear the counters. 4.10.5 ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch. The ACL Rate Limiter Configuration screen in Figure 4-10-5 appears. Figure 4-10-5 ACL Rate Limiter Configuration page screenshot The page includes the following fields: Object Description  Rate Limiter ID The rate limiter ID for the settings contained in the same row.
PAGE 221
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values.
PAGE 222
User’s Manual of WGSW-24040 / WGSW-24040R 4.11 Authentication This section is to control the access of the Managed Switch, includes the user access and management control. The Authentication section contains links to the following main topics:  IEEE 802.1X Port-Based Network Access Control  MAC-Based Authentication  User Authentication Overview of 802.1X (Port-Based) Authentication In the 802.
PAGE 223
User’s Manual of WGSW-24040 / WGSW-24040R to authenticate. The disadvantage is that MAC addresses can be spoofed by malicious users, equipment whose MAC address is a valid RADIUS user can be used by anyone, and only the MD5-Challenge method is supported. The 802.1X and MAC-Based Authentication configuration consists of two sections, a system- and a port-wide.
PAGE 224
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-1  Client—the device (workstation) that requests access to the LAN and switch services and responds to requests from the switch. The workstation must be running 802.1X-compliant client software such as that offered in the Microsoft Windows XP operating system. (The client is the supplicant in the IEEE 802.1X specification.)  Authentication server—performs the actual authentication of the client.
PAGE 225
User’s Manual of WGSW-24040 / WGSW-24040R authentication server must support EAP within the native frame format. When the switch receives frames from the authentication server, the server's frame header is removed, leaving the EAP frame, which is then encapsulated for Ethernet and sent to the client.  Authentication Initiation and Message Exchange The switch or the client can initiate authentication.
PAGE 226
User’s Manual of WGSW-24040 / WGSW-24040R  Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network. The port starts in the unauthorized state. While in this state, the port disallows all ingress and egress traffic except for 802.1X protocol packets. When a client is successfully authenticated, the port transitions to the authorized state, allowing all traffic for the client to flow normally.
PAGE 227
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Client The management client for which the configuration below applies.  Authentication Method Authentication Method can be set to one of the following values: None: authentication is disabled and login is not possible. local: use the local user database on the switch stack for authentication. radius: use a remote RADIUS server for authentication.
PAGE 228
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-4 Network Access Server Configuration page screenshot The page includes the following fields: System Configuration Object Description  Mode Indicates if NAS is globally enabled or disabled on the switch.
PAGE 229
User’s Manual of WGSW-24040 / WGSW-24040R all ports are allowed forwarding of frames.  Reauthentication Enabled If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached. For MAC-based ports, reauthentication is only useful if the RADIUS server configuration has changed.
PAGE 230
User’s Manual of WGSW-24040 / WGSW-24040R MAC-Based Auth. If a client is denied access - either because the RADIUS server denies the client access or because the RADIUS server request times out (according to the timeout specified on the "Configuration→Security→AAA" page) - the client is put on hold in the Unauthorized state. The hold timer does not count during an on-going authentication. In MAC-based Auth. mode, the The switch will ignore new frames coming from the client during the hold time.
PAGE 231
User’s Manual of WGSW-24040 / WGSW-24040R Valid values are in the range [1; 4095].  Max. Reauth. Count The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting. The value can only be changed if the Guest VLAN option is globally enabled. Valid values are in the range [1; 255].
PAGE 232
User’s Manual of WGSW-24040 / WGSW-24040R between the supplicant and the authentication server. Frames sent between the supplicant and the switch are special 802.1X frames, known as EAPOL (EAP Over LANs) frames. EAPOL frames encapsulate EAP PDUs (RFC3748). Frames sent between the switch and the RADIUS server are RADIUS packets. RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch's IP address, name, and the supplicant's port number on the switch.
PAGE 233
User’s Manual of WGSW-24040 / WGSW-24040R comes up will be the first one considered. If that supplicant doesn't provide valid credentials within a certain amount of time, another supplicant will get a chance. Once a supplicant is successfully authenticated, only that supplicant will be allowed access. This is the most secure of all the supported modes. In this mode, the Port Security module is used to secure a supplicant's MAC address once successfully authenticated. Multi 802.1X Multi 802.
PAGE 234
User’s Manual of WGSW-24040 / WGSW-24040R authentication, and therefore, MAC-based Authentication has nothing to do with the 802.1X standard. The advantage of MAC-based authentication over port-based 802.1X is that several clients can be connected to the same port (e.g. through a 3rd party switch or a hub) and still require individual authentication, and that the clients don't need special supplicant software to authenticate. The advantage of MAC-based authentication over 802.
PAGE 235
User’s Manual of WGSW-24040 / WGSW-24040R changed to this VLAN ID, the port will be set to be a member of that VLAN ID, and the port will be forced into VLAN unaware mode. Once assigned, all traffic arriving on the port will be classified and switched on the RADIUS-assigned VLAN ID.
PAGE 236
User’s Manual of WGSW-24040 / WGSW-24040R Membership and VLAN Port" pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. Guest VLAN Operation: When a Guest VLAN enabled port's link comes up, the switch starts transmitting EAPOL Request Identity frames. If the number of transmissions of such frames exceeds Max. Reauth. Count and no EAPOL frames have been received in the meanwhile, the switch considers entering the Guest VLAN.
PAGE 237
User’s Manual of WGSW-24040 / WGSW-24040R the port runs out (EAPOL-based authentication). For MAC-based authentication, reauthentication will be attempted immediately. The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized. Reinitialize: Forces a reinitialization of the clients on the port and thereby a reauthentication immediately.
PAGE 238
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Port The switch port number. Click to navigate to detailed NAS statistics for this port.  Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values.  Port State The current state of the port. Refer to NAS Port State for a description of the individual states.
PAGE 239
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-6 Network Access Statistics page screenshot The page includes the following fields: Port State Object Description  Admin State The port's current administrative state. Refer to NAS Admin State for a description of possible values.  Port State The current state of the port. Refer to NAS Port State for a description of the individual states.  QoS Class The QoS class assigned by the RADIUS server. The field is blank if no QoS class is assigned.
PAGE 240
User’s Manual of WGSW-24040 / WGSW-24040R Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames The number of valid EAPOL Rx frames of any type that have been received by the switch. Rx Response ID dot1xAuthEapolRespId The number of valid EAPOL FramesRx Response Identity frames that have been received by the switch. Rx Responses dot1xAuthEapolRespFr The number of valid EAPOL amesRx response frames (other than Response Identity frames) that have been received by the switch.
PAGE 241
User’s Manual of WGSW-24040 / WGSW-24040R have been transmitted by the switch. Tx Requests dot1xAuthEapolReqFra The number of valid EAPOL mesTx Request frames (other than Request Identity frames) that have been transmitted by the switch.  Backend Server Counters These backend (RADIUS) frame counters are available for the following administrative states: Port-based 802.1X Single 802.1X Multi 802.1X MAC-based Auth. Direction Name IEEE Name Description Rx Access dot1xAuthBackendAcce 802.
PAGE 242
User’s Manual of WGSW-24040 / WGSW-24040R Not applicable. Rx Auth. dot1xAuthBackendAuth 802.1X- and MAC-based: Successes Successes Counts the number of times that the switch receives a success indication. Indicates that the supplicant/client has successfully authenticated to the backend server. Rx Auth. dot1xAuthBackendAuth 802.1X- and MAC-based: Failures Fails Counts the number of times that the switch receives a failure message.
PAGE 243
User’s Manual of WGSW-24040 / WGSW-24040R  Last Supplicant/Client Info Information about the last supplicant/client that attempted to authenticate. This information is available for the following administrative states: Port-based 802.1X Single 802.1X Multi 802.1X MAC-based Auth. Name IEEE Name Description MAC dot1xAuthLastEapolF The MAC address of the last supplicant/client. Address rameSource VLAN ID - The VLAN ID on which the last frame from the last supplicant/client was received.
PAGE 244
User’s Manual of WGSW-24040 / WGSW-24040R Object Description  Identity Shows the identity of the supplicant, as received in the Response Identity EAPOL frame. Clicking the link causes the supplicant's EAPOL and Backend Server counters to be shown in the Selected Counters table. If no supplicants are attached, it shows No supplicants attached. This column is not available for MAC-based Auth.  MAC Address For Multi 802.1X, this column holds the MAC address of the attached supplicant.
PAGE 245
User’s Manual of WGSW-24040 / WGSW-24040R Click to clear only the currently selected client's counters. 4.11.6 Authentication Server Configuration This page allows you to configure the Authentication Servers. The Authentication Server Configuration screen in Figure 4-11-7 appears.
PAGE 246
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Port State These setting are common for all of the Authentication Servers. Object Description  Timeout The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
PAGE 247
User’s Manual of WGSW-24040 / WGSW-24040R RADIUS Accounting Server Configuration The table has one row for each RADIUS Accounting Server and a number of columns, which are: Object Description  # The RADIUS Accounting Server number for which the configuration below applies.  Enabled Enable the RADIUS Accounting Server by checking this box.  IP Address/Hostname The IP address or hostname of the RADIUS Accounting Server. IP address is expressed in dotted decimal notation.
PAGE 248
User’s Manual of WGSW-24040 / WGSW-24040R 4.11.7 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration page. The RADIUS Authentication/Accounting Server Overview screen in Figure 4-11-8 appears. Figure 4-11-8 RADIUS Authentication/Accounting Server Overview page screenshot The page includes the following fields: RADIUS Authentication Servers Object Description  # The RADIUS server number.
PAGE 249
User’s Manual of WGSW-24040 / WGSW-24040R RADIUS Accounting Servers Object Description  # The RADIUS server number. Click to navigate to detailed statistics for this server.  IP Address The IP address and UDP port number (in : notation) of this server.  State The current state of the server. This field takes one of the following values:  Disabled: The server is disabled.  Not Ready: The server is enabled, but IP communication is not yet up and running.
PAGE 250
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-9 RADIUS Authentication/Accounting for Server Overview page screenshot The page includes the following fields: RADIUS Authentication Servers The statistics map closely to those specified in RFC4668 - RADIUS Authentication Client MIB. Use the server select box to switch between the backend servers to show details for. Object Description  Packet Counters RADIUS authentication server packet counter. There are seven receive and four transmit counters.
PAGE 251
User’s Manual of WGSW-24040 / WGSW-24040R Rx Access Rejects radiusAuthClientExtA The number of RADIUS ccessRejects Access-Reject packets (valid or invalid) received from the server. Rx Access radiusAuthClientExtA The number of RADIUS Challenges ccessChallenges Access-Challenge packets (valid or invalid) received from the server. Rx Malformed radiusAuthClientExt The number of malformed Access MalformedAccessRe RADIUS Access-Response Responses sponses packets received from the server.
PAGE 252
User’s Manual of WGSW-24040 / WGSW-24040R Tx Access radiusAuthClientExtA The number of RADIUS Requests ccessRequests Access-Request packets sent to the server. This does not include retransmissions. Tx Access radiusAuthClientExtA The number of RADIUS Retransmissio ccessRetransmission Access-Request packets ns s retransmitted to the RADIUS authentication server.
PAGE 253
User’s Manual of WGSW-24040 / WGSW-24040R State - Shows the state of the server. It takes one of the following values: Disabled: The selected server is disabled. Not Ready: The server is enabled, but IP communication is not yet up and running. Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept access attempts. Dead (X seconds left): Access attempts were made to this server, but it did not reply within the configured timeout.
PAGE 254
User’s Manual of WGSW-24040 / WGSW-24040R packets include packets with an invalid length. Bad authenticators or or unknown types are not included as malformed access responses. Rx Bad radiusAcctClientExt The number of RADIUS Authenticators BadAuthenticators packets containing invalid authenticators received from the server. Rx Unknown Types radiusAccClientExt The number of RADIUS UnknownTypes packets of unknown types that were received from the server on the accounting port.
PAGE 255
User’s Manual of WGSW-24040 / WGSW-24040R timeout, the client may retry to the same server, send to a different server, or give up. A retry to the same server is counted as a retransmit as well as a timeout. A send to a different server is counted as a Request as well as a timeout.  Other Info This section contains information about the state of the server and the latest round-trip time. Name RFC4670 Name Description IP Address - IP address and UDP port for the accounting server in question.
PAGE 256
User’s Manual of WGSW-24040 / WGSW-24040R Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Click to refresh the page immediately. : Clears the counters for the selected server. The "Pending Requests" counter will not be cleared by this operation. 4.11.9 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch.
PAGE 257
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-11 Windows Server – add new RADIUS client setting 3.
PAGE 258
User’s Manual of WGSW-24040 / WGSW-24040R 4. The shared secret key should be as same as the key configured on the Managed Switch. Figure 4-11-13 Windows Server RADIUS Server setting 5. Configure ports attribute of 802.1X, the same as “802.1X Port Configuration”. Figure 4-11-14 802.1x Port Configuration 6. Create user data. The establishment of the user data needs to be created on the Radius Server PC.
PAGE 259
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-15 Windows 2003 AD server setting path 7.
PAGE 260
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-16 Add User Properties screen Figure 4-11-17 Add User Properties screen Set the Ports Authenticate Status to “Force Authorized” if the port is connected to the RADIUS server or the port is a uplink port that is connected to another switch. Or once the 802.1X stat to work, the switch might not be able to access the RADIUS server.
PAGE 261
User’s Manual of WGSW-24040 / WGSW-24040R 4.11.10 802.1X Client Configuration Windows XP is originally 802.1X support. As to other operating systems (windows 98SE, ME, 2000), an 802.1X client utility is needed. The following procedures show how to configure 802.1X Authentication in Windows XP. Please note that if you want to change the 802.1x authentication type of a wireless client, i.e.
PAGE 262
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-11-19 7. Click “OK”. 8. When client has associated with the Managed Switch, a user authentication notice appears in system tray. Click on the notice to continue.
PAGE 263
User’s Manual of WGSW-24040 / WGSW-24040R 9. Enter the user name, password and the logon domain that your account belongs. 10. Click “OK” to complete the validation process.
PAGE 264
User’s Manual of WGSW-24040 / WGSW-24040R 4.12 Security This section is to control the access of the Managed Switch, includes the user access and management control. The Security page contains links to the following main topics:  Port Limit Control  Access Management  HTTPs / SSH  DHCP Snooping  IP Source Guard  ARP Inspection 4.12.1 Port Limit Control This page allows you to configure the Port Security Limit Control system and port settings.
PAGE 265
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-12-1 Port Limit Control Configuration Overview page screenshot The page includes the following fields: System Configuration Object Description  Mode Indicates if Limit Control is globally enabled or disabled on the switchstack.
PAGE 266
User’s Manual of WGSW-24040 / WGSW-24040R limit checks and corresponding actions are disabled.  Aging Enabled If checked, secured MAC addresses are subject to aging as discussed under Aging Period.  Aging Period If Aging Enabled is checked, then the aging period is controlled with this input. If other modules are using the underlying port security for securing MAC addresses, they may have other requirements to the aging period.
PAGE 267
User’s Manual of WGSW-24040 / WGSW-24040R maximum cannot be granted, if the remaining ports have already used all available MAC addresses.  Action If Limit is reached, the switch can take one of the following actions: None: Do not allow more than Limit MAC addresses on the port, but take no further action. Trap: If Limit + 1 MAC addresses is seen on the port, send an SNMP trap.
PAGE 268
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.2 Access Management Configure access management table on this page. The maximum entry number is 16. If the application's type match any one of the access management entries, it will allow access to the switch. The Access Management Configuration screen in Figure 4-12-2 appears.
PAGE 269
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.3 Access Management Statistics This page provides statistics for access management. The Access Management Statistics screen in Figure 4-12-3 appears. Figure 4-12-3 Access Management Statistics Overview page screenshot The page includes the following fields: Object Description  Interface The interface that allowed remote host can access the switch.  Receive Packets The received packets number from the interface under access management mode is enabled.
PAGE 270
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Mode Indicates the HTTPS mode operation. When the current connection is HTTPS, to apply HTTPS disabled mode operation will automatically redirect web browser to an HTTP connection. Possible modes are:  Automatic Redirect  Enabled: Enable HTTPS mode operation.  Disabled: Disable HTTPS mode operation. Indicates the HTTPS redirect mode operation.
PAGE 271
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Mode Indicates the SSH mode operation. Possible modes are:  Enabled: Enable SSH mode operation.  Disabled: Disable SSH mode operation. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values.
PAGE 272
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.6 Port Security Status This page shows the Port Security status. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules - the user modules. When a user module has enabled port security on a port, the port is set-up for software-based learning.
PAGE 273
User’s Manual of WGSW-24040 / WGSW-24040R Object Description  User Module Name The full name of a module that may request Port Security services.  Abbr A one-letter abbreviation of the user module. This is used in the Users column in the port status table. Port Status The table has one row for each port on the selected switch in the switch and a number of columns, which are: Object Description  Port The port number for which the status applies.
PAGE 274
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.7 Port Security Detail This page shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules - the user modules. When a user module has enabled port security on a port, the port is set-up for software-based learning.
PAGE 275
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server. Configure DHCP Snooping on this page. The DHCP Snooping Configuration screen in Figure 4-12-8 appears.
PAGE 276
User’s Manual of WGSW-24040 / WGSW-24040R Disabled: Disable DHCP snooping mode operation.  Port Mode Indicates the DHCP snooping port mode. Possible port modes are: Trusted: Configures the port as trusted sources of the DHCP message. Configuration Untrusted: Configures the port as untrusted sources of the DHCP message. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.12.
PAGE 277
User’s Manual of WGSW-24040 / WGSW-24040R  Rx and Tx Offer The number of offer (option 53 with value 2) packets received and transmitted.  Rx and Tx Request The number of request (option 53 with value 3) packets received and transmitted.  Rx and Tx Decline The number of decline (option 53 with value 4) packets received and transmitted.  Rx and Tx ACK The number of ACK (option 53 with value 5) packets received and transmitted.
PAGE 278
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-12-10 IP Source Guard Configuration screen page screenshot The page includes the following fields: Object Description  Mode of IP Source Enable the Global IP Source Guard or disable the Global IP Source Guard. All Guard Configuration  Port Mode Configuration configured ACEs will be lost when the mode is enabled. Specify IP Source Guard is enabled on which ports.
PAGE 279
User’s Manual of WGSW-24040 / WGSW-24040R This value can be 0, 1, 2 and unlimited. If the port mode is enabled and the value of max dynamic client is equal 0, it means only allow the IP packets forwarding that are matched in static entries on the specific port. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. : Click to translate all dynamic entries to static entries. 4.12.
PAGE 280
User’s Manual of WGSW-24040 / WGSW-24040R 4.12.12 ARP Inspection ARP Inspection is a secure feature. Several types of attacks can be launched against a host or devices connected to Layer 2 networks by "poisoning" the ARP caches. This feature is used to block such attacks. Only valid ARP requests and responses can go through DUT. This page provides ARP Inspection related configuration. The ARP Inspection Configuration screen in Figure 4-12-12 appears.
PAGE 281
User’s Manual of WGSW-24040 / WGSW-24040R Configuration  Port Mode Configuration Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port. Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. : Click to translate all dynamic entries to static entries. 4.12.13 ARP Inspection Static Table This page provides Static ARP Inspection Table.
PAGE 282
User’s Manual of WGSW-24040 / WGSW-24040R 4.13 Address Table Switching of frames is based upon the DMAC address contained in the frame. The Managed Switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame ). This table contains both static and dynamic entries.
PAGE 283
User’s Manual of WGSW-24040 / WGSW-24040R By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging. Object Description  Disable Automatic Enables/disables the the automatic aging of dynamic entries Aging  Aging Time The time after which a learned entry is discarded. By default, dynamic entries are removed from the MAC after 300 seconds. This removal is also called aging.
PAGE 284
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.13.2 MAC Address Table Status Dynamic MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address. The MAC Address Table screen in Figure 4-13-2 appears.
PAGE 285
User’s Manual of WGSW-24040 / WGSW-24040R  VLAN The VLAN ID of the entry.  MAC address The MAC address of the entry.  Port Members The ports that are members of the entry. Buttons Auto-refresh : Automatic refresh occurs every 3 seconds. : Refreshes the displayed table starting from the "Start from MAC address" and "VLAN" input fields. : Flushes all dynamic entries. : Updates the table starting from the first entry in the MAC Table, i.e. the entry with the lowest VLAN ID and MAC address.
PAGE 286
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Port The port number for which the status applies. Click the port number to see the status for this particular port.  VLAN ID The VLAN ID of the entry.  MAC Address The MAC address of the entry.  IP Address The IP address of the entry. Buttons Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds.
PAGE 287
User’s Manual of WGSW-24040 / WGSW-24040R next Dynamic IP Source Guard Table match. In addition, the two input fields will - upon a “Refresh” button click - assume the value of the first displayed entry, allowing for continuous refresh with the same start address. The “>>” will use the last entry of the currently displayed as a basis for the next lookup. When the end is reached the text "No more entries" is shown in the displayed table. Use the “|<<” button to start over.
PAGE 288
User’s Manual of WGSW-24040 / WGSW-24040R 4.14 LLDP 4.14.1 Link Layer Discovery Protocol Link Layer Discovery Protocol (LLDP) is used to discover basic information about neighboring devices on the local broadcast domain. LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device. Advertised information is represented in Type Length Value (TLV) format according to the IEEE 802.
PAGE 289
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-14-1 LLDP Configuration page screenshot The page includes the following fields: LLDP Parameters Object Description  Tx Interval The switch is periodically transmitting LLDP frames to its neighbors for having the network discovery information up-to-date. The interval between each LLDP frame is determined by the Tx Interval value. Valid values are restricted to 5 32768 seconds.
PAGE 290
User’s Manual of WGSW-24040 / WGSW-24040R Tx Hold multiplied by Tx Interval seconds. Valid values are restricted to 2 - 10 times. TTL in seconds is based on the following rule: (Transmission Interval * Holdtime Multiplier) ≤ 65536. Therefore, the default TTL is 4*30 = 120 seconds.  Tx Delay If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds.
PAGE 291
User’s Manual of WGSW-24040 / WGSW-24040R TLVs and discarded CDP frames are not shown in the LLDP statistics.). CDP TLVs are mapped onto LLDP neighbours' table as shown below. CDP TLV "Device ID" is mapped to the LLDP "Chassis ID" field. CDP TLV "Address" is mapped to the LLDP "Management Address" field. The CDP address TLV can contain multiple addresses, but only the first address is shown in the LLDP neighbours table. CDP TLV "Port ID" is mapped to the LLDP "Port ID" field.
PAGE 292
User’s Manual of WGSW-24040 / WGSW-24040R 4.14.3 LLDP MED Configuration This page allows you to configure the LLDP-MED. The LLDPMED Configuration screen in Figure 4-14-2 appears. Figure 4-14-2 LLDPMED Configuration page screenshot The page includes the following fields: Fast start repeat count Object Description  Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general.
PAGE 293
User’s Manual of WGSW-24040 / WGSW-24040R advertise LLDP-MED TLVs in outgoing LLDPDUs on the associated port. The LLDP-MED application will temporarily speed up the transmission of the LLDPDU to start within a second, when a new LLDP-MED neighbour has been detected in order share LLDP-MED information as fast as possible to new neighbours.
PAGE 294
User’s Manual of WGSW-24040 / WGSW-24040R WGS84: (Geographical 3D) - World Geodesic System 1984, CRS Code 4327, Prime Meridian Name: Greenwich. NAD83/NAVD88: North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich; The associated vertical datum is the North American Vertical Datum of 1988 (NAVD88). This datum pair is to be used when referencing locations on land, not near tidal water (which would use Datum = NAD83/MLLW).
PAGE 295
User’s Manual of WGSW-24040 / WGSW-24040R  Building Building (structure) - Example: Low Library  Apartment Unit (Apartment, suite) - Example: Apt 42  Floor Floor - Example: 4  Room no. Room number - Example: 450F  Place type Place type - Example: Office  Postal community Postal community name - Example: Leonia name  P.O. Box Post office box (P.O. BOX) - Example: 12345  Additional code Additional code - Example: 1320300003 Emergency Call Service Emergency Call Service (e.g.
PAGE 296
User’s Manual of WGSW-24040 / WGSW-24040R 4. Video Conferencing 5. Streaming Video 6. Control / Signaling (conditionally support a separate network policy for the media types above) A large network may support multiple VoIP policies across the entire organization, and different policies per application type. LLDP-MED allows multiple policies to be advertised per port, each corresponding to a different application type.
PAGE 297
User’s Manual of WGSW-24040 / WGSW-24040R other similar appliances supporting real-time interactive video/audio services. Streaming Video - for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment. Video applications relying on TCP with buffering would not be an intended use of this application type.
PAGE 298
User’s Manual of WGSW-24040 / WGSW-24040R  Port The port number for which the configuration applies.  Policy ID The set of policies that shall apply for a given port. The set of policies is selected by checkmarking the checkboxes that corresponds to the policies Buttons : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.14.4 LLDP-MED Neighbor This page provides a status overview for all LLDP-MED neighbors.
PAGE 299
User’s Manual of WGSW-24040 / WGSW-24040R 1. LAN Switch/Router 2. IEEE 802.1 Bridge 3. IEEE 802.3 Repeater (included for historical reasons) 4. IEEE 802.11 Wireless Access Point 5. Any device that supports the IEEE 802.1AB and MED extensions defined by TIA-1057 and can relay IEEE 802 frames via any method. LLDP-MED Endpoint Device Definition Within the LLDP-MED Endpoint Device category, the LLDP-MED scheme is broken into further Endpoint Device Classes, as defined in the following.
PAGE 300
User’s Manual of WGSW-24040 / WGSW-24040R include aspects related to end user devices. Example product categories expected to adhere to this class include (but are not limited to) end user communication appliances, such as IP Phones, PC-based softphones, or other communication appliances that directly support the end user.
PAGE 301
User’s Manual of WGSW-24040 / WGSW-24040R  Policy Policy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device. Can be either Defined or Unknown Unknown: The network policy for the specified application type is currently unknown. Defined: The network policy is defined.  TAG TAG is indicating whether the specified application type is using a tagged or an untagged VLAN.
PAGE 302
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-14-4 LLDP Neighbor Information page screenshot The page includes the following fields: Object Description  Local Port The port on which the LLDP frame was received.  Chassis ID The Chassis ID is the identification of the neighbor's LLDP frames.  Remote Port ID The Remote Port ID is the identification of the neighbor port.  System Name System Name is the name advertised by the neighbor unit.
PAGE 303
User’s Manual of WGSW-24040 / WGSW-24040R 4.14.6 Port Statistics This page provides an overview of all LLDP traffic. Two types of counters are shown. Global counters are counters that refer to the whole stack, switch, while local counters refers to counters for the currently selected switch. The LLDP Statistics screen in Figure 4-14-5 appears.
PAGE 304
User’s Manual of WGSW-24040 / WGSW-24040R Local Counters The displayed table contains a row for each port. The columns hold the following information: Object Description  Local Port The port on which LLDP frames are received or transmitted.  Tx Frames The number of LLDP frames transmitted on the port.  Rx Frames The number of LLDP frames received on the port.  Rx Errors The number of received LLDP frames containing some kind of error.
PAGE 305
User’s Manual of WGSW-24040 / WGSW-24040R 4.15 Network Diagnostics This section provide the Physical layer and IP layer network diagnostics tools for troubleshoot. The diagnostic tools are designed for network manager to help them quickly diagnose problems between point to point and better service customers. Use the Diagnastics menu items to display and configure basic administrative details of the Managed Switch.
PAGE 306
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-15-1 ICMP Ping page screenshot The page includes the following fields: Object Description  IP Address The destination IP Address.  Ping Length The payload size of the ICMP packet. Values range from 2 bytes to 1452 bytes.  Ping Count The count of the ICMP packet. Values range from 1 time to 60 times.  Ping Interval The interval of the ICMP packet. Values range from 0 second to 30 seconds.
PAGE 307
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-15-2 ICMPv6 Ping page screenshot The page includes the following fields: Object Description  IP Address The destination IP Address.  Ping Length The payload size of the ICMP packet. Values range from 2 bytes to 1452 bytes.  Ping Count The count of the ICMP packet. Values range from 1 time to 60 times.  Ping Interval The interval of the ICMP packet. Values range from 0 second to 30 seconds. Buttons : Click to transmit ICMP packets.
PAGE 308
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-15-3 Remote IP Ping Test page screenshot The page includes the following fields: Object Description  Port The logical port for the settings.  Remote IP Address The destination IP Address.  Ping Size The payload size of the ICMP packet. Values range from 8 bytes to 1400 bytes.  Result Display the ping result. 4.15.4 Cable Diagnostics This page is used for running the Cable Diagnostics. Press to run the diagnostics.
PAGE 309
User’s Manual of WGSW-24040 / WGSW-24040R seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table. Note that Cable Diagnostics is only accurate for cables of length 7 - 140 meters. 10 and 100 Mbps ports will be linked down while running cable diagnostic. Therefore, running cable diagnastic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete.
PAGE 310
User’s Manual of WGSW-24040 / WGSW-24040R Short A - Cross-pair short to pair A Short B - Cross-pair short to pair B Short C - Cross-pair short to pair C Short D - Cross-pair short to pair D Cross A - Abnormal cross-pair coupling with pair A Cross B - Abnormal cross-pair coupling with pair B Cross C - Abnormal cross-pair coupling with pair C Cross D - Abnormal cross-pair coupling with pair D Length: The length (in meters) of the cable pair. The resolution is 3 meters Buttons : Click to run the diagnostics.
PAGE 311
User’s Manual of WGSW-24040 / WGSW-24040R 4.16 Loop Protection This chapter describes enabling loop protection function that provides loop protection to prevent broadcast loops in WGSW-24040. 4.16.1 Configuration This page allows the user to inspect the current Loop Protection configurations, and possibly change them as well; screen in Figure 4-16-1 appears.
PAGE 312
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: General Settings Object Description  Enable Loop Controls whether loop protections is enabled (as a whole). Protection  Transmission Time The interval between each loop protection PDU sent on each port. valid values are 1 to 10 seconds.  Shutdown Time The period (in seconds) for which a port will be kept disabled in the event of a loop is detected (and the port action shuts down the port).
PAGE 313
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  Port The switch port number of the logical port.  Action The currently configured port action.  Transmit The currently configured port transmit mode.  Loops The number of loops detected on this port.  Status The current loop protection status of the port.  Loop Whether a loop is currently detected on the port.  Time of Last Loop The time of the last loop event detected.
PAGE 314
User’s Manual of WGSW-24040 / WGSW-24040R 4.17.1 sFlow Configuration This page allows for configuring sFlow. The configuration is divided into two parts: Configuration of the sFlow receiver (a.k.a. sFlow collector) and configuration of per-port flow and counter samplers. sFlow configuration is not persisted to non-volatile memory, which means that a reboot will disable sFlow sampling, screen in Figure 4-17-1 appears.
PAGE 315
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Receiver Configuration Object Description  Owner Basically, sFlow can be configured in two ways: Through local management using the Web or CLI interface or through SNMP. This read-only field shows the owner of the current sFlow configuration and assumes values as follows: • If sFlow is currently unconfigured/unclaimed, Owner contains .
PAGE 316
User’s Manual of WGSW-24040 / WGSW-24040R requested, the switch will automatically adjust it to the closest achievable. This will be reported back in this field.  Flow Sampler Max. Header The maximum number of bytes that should be copied from a sampled packet to the sFlow datagram. Valid range is 14 to 200 bytes with default being 128 bytes. If the maximum datagram size does not take into account the maximum header size, samples may be dropped.
PAGE 317
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-17-2 sFlow Statistics page screenshot The page includes the following fields: Receiver Statistics Object Description  Owner This field shows the current owner of the sFlow configuration. It assumes one of three values as follows: • If sFlow is currently unconfigured/unclaimed, Owner contains . • If sFlow is currently configured through Web or CLI, Owner contains .
PAGE 318
User’s Manual of WGSW-24040 / WGSW-24040R  IP Address/Hostname The IP address or hostname of the sFlow receiver.  Timeout The number of seconds remaining before sampling stops and the current sFlow owner is released.  Tx Successes The number of UDP datagrams successfully sent to the sFlow receiver.  Tx Errors The number of UDP datagrams that has failed transmission. The most common source of errors is invalid sFlow receiver IP/hostname configuration.
PAGE 319
User’s Manual of WGSW-24040 / WGSW-24040R 4.18 RMON RMON is the most important expansion of the standard SNMP. RMON is a set of MIB definitions, used to define standard network monitor functions and interfaces, enabling the communication between SNMP management terminals and remote monitors. RMON provides a highly efficient method to monitor actions inside the subnets. MID of RMON consists of 10 groups.
PAGE 320
User’s Manual of WGSW-24040 / WGSW-24040R characters. InUcastPkts: The number of uni-cast packets delivered to a higher-layer protocol. InNUcastPkts: The number of broad-cast and multi-cast packets delivered to a higher-layer protocol. InDiscards: The number of inbound packets that are discarded even the packets are normal. InErrors: The number of inbound packets that contained errors preventing them from being deliverable to a higher-layer protocol.
PAGE 321
User’s Manual of WGSW-24040 / WGSW-24040R : Click to add a new community entry. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.18.2 RMON Alarm Detail This page provides an Detail of a specific RMON statistics entry; screen in Figure 4-18-2 appears.
PAGE 322
User’s Manual of WGSW-24040 / WGSW-24040R Buttons : Click to refresh the page immediately. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Updates the table starting from the first entry in the Alarm Table, i.e. the entry with the lowest ID. : Updates the table, starting with the entry after the last entry currently displayed. 4.18.3 RMON Alarm Status This page provides an overview of RMON Alarm entries.
PAGE 323
User’s Manual of WGSW-24040 / WGSW-24040R  Rising Index Rising event index.  Falling Threshold Falling threshold value.  Falling Index Falling event index. Buttons : Click to refresh the page immediately. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Updates the table starting from the first entry in the Alarm Table, i.e. the entry with the lowest ID.
PAGE 324
User’s Manual of WGSW-24040 / WGSW-24040R  Community Specify the community when trap is sent, the string length is from 0 to 127, default is "public".  Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event. Buttons : Click to add a new community entry. : Click to save changes. : Click to undo any changes made locally and revert to previously saved values. 4.18.
PAGE 325
User’s Manual of WGSW-24040 / WGSW-24040R 4.18.6 RMON Event Status This page provides an overview of RMON Event table entries.Each page shows up to 99 entries from the Event table, default being 20, selected through the "entries per page" input field. When first visited, the web page will show the first 20 entries from the beginning of the Event table. The first displayed will be the one with the lowest Event Index and Log Index found in the Event table table; screen in Figure 4-18-6 appears.
PAGE 326
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-18-7 RMON history configuration page screenshot The page includes the following fields: Object Description  Delete Check to delete the entry. It will be deleted during the next save.  ID Indicates the index of the entry. The range is from 1 to 65535.  Data Source Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000*(switch ID-1), for example, if the port is switch 3 port 5, the value is 2005.
PAGE 327
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-18-8 RMON history Detail page screenshot The page includes the following fields: Object Description  History Index Indicates the index of History control entry.  Sample Index Indicates the index of the data entry associated with the control entry  Sample Start The total number of events in which packets were dropped by the probe due to lack of resources.
PAGE 328
User’s Manual of WGSW-24040 / WGSW-24040R  Fragments The number of frames which size is less than 64 octets received with invalid CRC.  Jabber The number of frames which size is larger than 64 octets received with invalid CRC.  Collisions The best estimate of the total number of collisions on this Ethernet segment.  Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval, in hundredths of a percent.
PAGE 329
User’s Manual of WGSW-24040 / WGSW-24040R  Drops The total number of events in which packets were dropped by the probe due to lack of resources.  Octets The total number of octets of data (including those in bad packets) received on the network.  Pkts The total number of packets (including bad packets, broadcast packets, and multicast packets) received.  Broadcast The total number of good packets received that were directed to the broadcast address.
PAGE 330
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-18-10 RMON Statistics configuration page screenshot The page includes the following fields: Object Description  Delete Check to delete the entry. It will be deleted during the next save.  ID Indicates the index of the entry. The range is from 1 to 65535.  Data Source Indicates the port ID which wants to be monitored.
PAGE 331
User’s Manual of WGSW-24040 / WGSW-24040R Figure 4-18-11 Loop protection configuration page screenshot The page includes the following fields: Object Description  Data Source The port ID which wants to be monitored.  Drop The total number of events in which packets were dropped by the probe due to lack of resources.  Octets The total number of octets of data (including those in bad packets) received on the network.
PAGE 332
User’s Manual of WGSW-24040 / WGSW-24040R CRC.  Jabb. The number of frames which size is larger than 64 octets received with invalid CRC.  Coll. The best estimate of the total number of collisions on this Ethernet segment.  64 The total number of packets (including bad packets) received that were 64 octets in length.  65~127 The total number of packets (including bad packets) received that were between 65 to 127 octets in length.
PAGE 333
User’s Manual of WGSW-24040 / WGSW-24040R The page includes the following fields: Object Description  ID Indicates the index of Statistics entry.  Data Source (ifIndex) The port ID which wants to be monitored.  Drop The total number of events in which packets were dropped by the probe due to lack of resources.  Octets The total number of octets of data (including those in bad packets) received on the network.
PAGE 334
User’s Manual of WGSW-24040 / WGSW-24040R : Click to refresh the page immediately. Auto-refresh : Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. : Updates the table starting from the first entry in the Alarm Table, i.e. the entry with the lowest ID. : Updates the table, starting with the entry after the last entry currently displayed.
PAGE 335
User’s Manual of WGSW-24040 / WGSW-24040R 5. COMMAND LINE INTERFACE 5.1 Accessing the CLI When accessing the management interface for the switch over a direct connection to the server’s console port, or via a Telnet connection, the switch can be managed by entering command keywords and parameters at the prompt. Using the switch's command-line interface (CLI) is very similar to entering commands on a UNIX system. This chapter describes how to use the Command Line Interface (CLI).
PAGE 336
User’s Manual of WGSW-24040 / WGSW-24040R Configure IP address The SGSW Managed Switch is shipped with default IP address as following. IP Address: 192.168.0.100 Subnet Mask: 255.255.255.0 To check the current IP address or modify a new IP address for the Switch, please use the procedures as follow:  Show the current IP address 1. On ”WGSW-24040/> ” prompt, enter “ip configuration”. 2. The screen displays the current IP address, Subnet Mask and Gateway. As show in Figure 5-2.
PAGE 337
User’s Manual of WGSW-24040 / WGSW-24040R Figure 5-3 Set IP address screen 4. Repeat Step 1 to check if the IP address is changed. If the IP address is successfully configured, the Managed Switch will apply the new IP address setting immediately. You can access the Web interface of Managed Switch through the new IP address. If you do not familiar with console command or the related parameter, enter “help” anytime in console to get the help description.
PAGE 338
User’s Manual of WGSW-24040 / WGSW-24040R 338
PAGE 339
User’s Manual of WGSW-24040 / WGSW-24040R 6. Command Line Mode The CLI groups all the commands in appropriate modes according to the nature of the command. A sample of the CLI command modes are described below. Each of the command modes supports specific software commands.
PAGE 340
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: System Configuration [all | (port )] Parameters: all port : Show all switch configuration, default: Show system configuration : Show switch port configuration : Port list or 'all', default: All ports Example: To display system information: WGSW-24040:/>System configuration System Contact : System Name : WGSW-24040 System Location : Timezone Offset : 0 MAC Address : 00-30-4f-11-22-33 System Time : 1970-01-01 Thu 00:24:39+00:00
PAGE 341
User’s Manual of WGSW-24040 / WGSW-24040R System Log Server Address : System Log Level : Info WGSW-24040:/> System Version Description: Show system version information. Syntax: System Version Example: To display system version: WGSW-24040:/>System version Version : Beta1205281742 Build Date : 2012-05-28T17:42:57+0800 WGSW-24040:/> System Log Server Mode Description: Show or set the system log server mode.
PAGE 342
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>System log server mode System Log Server Mode : Disabled System Name Description: Set or show the system name. Syntax: System Name [] Parameters: : System name string. (1-255) Use "" to clear the string System name is a text string drawn from the alphabet (A-Za-z), digits (0-9), minus sign (-). No blank or space characters are permitted as part of a name.
PAGE 343
User’s Manual of WGSW-24040 / WGSW-24040R Example: To set device contact: WGSW-24040:/>System contact WGSW-24040-Test System Log Server Address Description: Show or set the system log server address. Syntax: System Log Server Address [] Parameters: : IP host address (a.b.c.d) or a host name string Default Setting: empty Example: To set log server address: WGSW-24040:/> log server address 192.168.0.21 System Location Description: Set or show the system location.
PAGE 344
User’s Manual of WGSW-24040 / WGSW-24040R Example: To set device location: WGSW-24040:/>System location 9F-LAB System Log Level Description: Show or set the system log level. It uses to determine what kind of message will send to syslog server.
PAGE 345
User’s Manual of WGSW-24040 / WGSW-24040R Example: To set timezone: WGSW-24040:/>system timezone 120 System Log Lookup Description: Show or clear the system log.
PAGE 346
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: System Log Clear [all|info|warning|error] Parameters: all : Show all levels (default) info : Show informations warning : Show warnings error : Show errors Example: To sclear the system log: WGSW-24040:/>system log clear WGSW-24040:/> System Reboot Description: Reboot the system.
PAGE 347
User’s Manual of WGSW-24040 / WGSW-24040R Example: To restore default value but not reset IP address: WGSW-24040:/>system restore default keep_ip System Load Description: Show current CPU load: 100ms, 1s and 10s running average (in percent, zero is idle).
PAGE 348
User’s Manual of WGSW-24040 / WGSW-24040R 6.2 IP Command IP Configuration Description: Show IP configuration. Syntax: IP Configuration Example: Show IP configuration: WGSW-24040:/>ip configuration IP Configuration: ================= DHCP Client : Disabled IP Address : 192.168.0.101 IP Mask : 255.255.255.0 IP Router : 192.168.0.254 DNS Server : 0.0.0.0 VLAN ID :1 DNS Proxy : Disabled IPv6 AUTOCONFIG mode : Disabled IPv6 Link-Local Address: fe80::230:4fff:fe11:2233 IPv6 Address : ::192.
PAGE 349
User’s Manual of WGSW-24040 / WGSW-24040R IP DHCP Description: Set or show the DHCP client mode. Syntax: IP DHCP [enable|disable] Parameters: enable : Enable or renew DHCP client disable: Disable DHCP client Default Setting: Disable Example: Disable DHCP sever: WGSW-24040:/>ip dhcp disable IP Setup Description: Set or show the IP setup. Syntax: IP Setup [] [] [] [] Parameters: : IP address (a.b.c.d), default: Show IP address : IP subnet mask (a.
PAGE 350
User’s Manual of WGSW-24040 / WGSW-24040R VLAN ID :1 Example: Set IP address: WGSW-24040:/>ip setup 192.168.0.100 255.255.255.0 IP Ping Description: Ping IP address (ICMP echo). Syntax: IP Ping [(Length )] [(Count )] [(Interval )] Parameters: : IPv4 host address (a.b.c.
PAGE 351
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: IP DNS [] Parameters: : IP address (a.b.c.d), default: Showdne IP address Default Setting: 0.0.0.0 Example: Set DNS IP address: WGSW-24040:/>ip dns 168.95.1.1 IP DNS Proxy Description: Set or show the IP DNS Proxy mode.
PAGE 352
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: IP IPv6 AUTOCONFIG [enable|disable] Parameters: enable : Enable IPv6 AUTOCONFIG mode disable: Disable IPv6 AUTOCONFIG mode Default Setting: disable Example: Enable IPv6 autoconfig function: WGSW-24040:/>ip ipv6 autoconfig enable IPv6 Setup Description: Set or show the IPv6 setup.
PAGE 353
User’s Manual of WGSW-24040 / WGSW-24040R IPv6 Prefix : 96 IPv6 Router : :: Example: Set IPv6 address: WGSW-24040:/>ip ipv6 setup 2001::0002 64 2100::0001 IPv6 Ping Description: Ping IPv6 address (ICMPv6 echo). Syntax: IP IPv6 Ping6 [(Length )] [(Count )] [(Interval )] Parameters: : IPv6 host address. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field (:).
PAGE 354
User’s Manual of WGSW-24040 / WGSW-24040R IP NTP Configuration Description: Show NTP configuration. Syntax: IP NTP Configuration Default Setting: IP NTP Configuration: ===================== NTP Mode : Disabled Idx --- Server IP host address (a.b.c.d) or a host name string ------------------------------------------------------ 1 pool.ntp.org 2 europe.pool.ntp.org 3 north-america.pool.ntp.org 4 asia.pool.ntp.org 5 oceania.pool.ntp.org IP NTP Mode Description: Set or show the NTP mode.
PAGE 355
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>ip ntp mode enable IP NTP Server Add Description: Add NTP server entry. Syntax: IP NTP Server Add Parameters: : The server index (1-5) : IP host address (a.b.c.d) or a host name string Example: To add NTP server: WGSW-24040:/>ip ntp server add 1 60.249.136.151 IP NTP Server IPv6 Add Description: Add NTP server IPv6 entry.
PAGE 356
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>ip ntp server ipv6 add 1 2001:7b8:3:2c::123 IP NTP Server Delete Description: Delete NTP server entry.
PAGE 357
User’s Manual of WGSW-24040 / WGSW-24040R 6.3 Port Management Command Port Configuration Description: Show port configuration.
PAGE 358
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports auto : Auto negotiation of speed and duplex 10hdx : 10 Mbps, half duplex 10fdx : 10 Mbps, full duplex 100hdx : 100 Mbps, half duplex 100fdx : 100 Mbps, full duplex 1000fdx : 1 Gbps, full duplex 1000x_ams : 1000BASE-X with automatic media sense 1000x : 1000BASE-X (default: Show configured and current mode) Default Setting: Auto Example: Set 10Mbps (half duplex) speed for port1 WGSW-24040:
PAGE 359
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>port flow control 1 enable Port State Description: Set or show the port administrative state. Syntax: Port State [] [enable|disable] Parameters: : Port list or 'all', default: All ports enable : Enable port disable : Disable port (default: Show administrative mode) Default Setting: Enable Example: Disable port1 WGSW-24040:/>port state 1 disable Port Maximum Frame Description: Set or show the port maximum frame size.
PAGE 360
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set 2048 frame size for port1 WGSW-24040:/>port maxframe 1 2048 Port Power Description: Set or show the port PHY power mode.
PAGE 361
User’s Manual of WGSW-24040 / WGSW-24040R (default: Show mode) Default Setting: Discard Example: WGSW-24040:/>port excessive 1 restart Port Statistics Description: Show port statistics.
PAGE 362
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports Port SFP Description: Show SFP port information.
PAGE 363
User’s Manual of WGSW-24040 / WGSW-24040R 6.4 MAC Address Table Command MAC Configuration Description: Show MAC address table configuration. Syntax: MAC Configuration [] Parameters: : Port list or 'all', default: All ports Example: Show Mac address state WGSW-24040:/>mac configuration 1 MAC Configuration: ================== MAC Address : 00-30-4f-24-04-d1 MAC Age Time: 300 Port ---- Learning -------- 1 Auto MAC Add Description: Add MAC address table entry.
PAGE 364
User’s Manual of WGSW-24040 / WGSW-24040R Example: Add Mac address 00-30-4F-01-01-02 in port1 and vid1 WGSW-24040:/>mac add 00-30-4f-01-01-02 1 1 MAC Delete Description: Delete MAC address entry. Syntax: MAC Delete [] Parameters: : MAC address ('xx-xx-xx-xx-xx-xx' or 'xx.xx.xx.xx.xx.
PAGE 365
User’s Manual of WGSW-24040 / WGSW-24040R MAC Age Time Description: Set or show the MAC address age timer. Syntax: MAC Agetime [] Parameters: : MAC address age time (0,10-1000000) 0=disable, (default: Show age time) Default Setting: 300 Example: Set agetime value in 30 WGSW-24040:/>mac agetime 30 MAC Learning Description: Set or show the port learn mode.
PAGE 366
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>mac learning 1 secure MAC Dump Description: Show sorted list of MAC address entries. Syntax: MAC Dump [] [] [] Parameters: : Maximum number of MAC addresses 1-8192, default: Show all addresses : First MAC address ('xx-xx-xx-xx-xx-xx' or 'xx.xx.xx.xx.xx.
PAGE 367
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports Example: Set all of MAC statistics WGSW-24040:/>mac statistics Port ---- Dynamic Addresses ----------------- 1 0 Total Dynamic Addresses: 1 Total Static Addresses : 6 MAC Flush Description: Flush all learned entries.
PAGE 368
User’s Manual of WGSW-24040 / WGSW-24040R 6.5 VLAN Configuration Command VLAN Configuration Description: Show VLAN configuration. Syntax: VLAN Configuration [] Parameters: : Port list or 'all', default: All ports Example: Show VLAN status of port1 WGSW-24040:/>vlan configuration 1 VLAN Configuration: =================== Mode : IEEE 802.
PAGE 369
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: VLAN PVID [] [|none] Parameters: : Port list or 'all', default: All ports |none : Port VLAN ID (1-4095) or 'none', default: Show port VLAN ID Default Setting: 1 Example: Set PVID2 for port10 WGSW-24040:/>vlan pvid 10 2 VLAN Frame Type Description: Set or show the port VLAN frame type.
PAGE 370
User’s Manual of WGSW-24040 / WGSW-24040R VLAN Ingress Filter Description: Set or show the port VLAN ingress filter.
PAGE 371
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>vlan mode portbased VLAN Link Type Description: Set or show the port VLAN link type.
PAGE 372
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set port2 in man port WGSW-24040:/>vlan qinq 2 man VLAN Ethernet Type Description: Set or show out layer VLAN tag ether type in Q-in-Q VLAN mode. Syntax: VLAN Ethtype [] [man|dot1q] Parameters: : Port list or 'all', default: All ports man dot1q : Set out layer VLAN tag ether type : MAN : Set out layer VLAN tag ether type : 802.
PAGE 373
User’s Manual of WGSW-24040 / WGSW-24040R Default Setting: 1 Example: Add port1 to port4 in VLAN10 WGSW-24040:/>vlan add 10 1-4 VLAN Forbidden Add Description: Add or modify VLAN entry in forbidden table. Syntax: VLAN Forbidden Add | [] Parameters: |: VLAN ID (1-4095) or VLAN Name : Port list or 'all', default: All ports Example: Frobidden add port1 to port4 in VLAN10 WGSW-24040:/>vlan forbidden add 10 1-4 VLAN Delete Description: Delete VLAN entry.
PAGE 374
User’s Manual of WGSW-24040 / WGSW-24040R VLAN Forbidden Delete Description: Delete VLAN entry. Syntax: LAN Forbidden Delete | Parameters: |: VLAN ID (1-4095) or VLAN Name Example: Forbidden delete VLAN10 WGSW-24040:/>vlan forbidden delete 10 VLAN Forbidden Lookup Description: Lookup VLAN Forbidden port entry.
PAGE 375
User’s Manual of WGSW-24040 / WGSW-24040R : VLAN ID (1-4095), default: Show all VLANs name : VLAN name string : VLAN name - Maximum of 32 characters. VLAN Name can only contain alphabets or numbers. VLAN name should contain atleast one alphabet.
PAGE 376
User’s Manual of WGSW-24040 / WGSW-24040R VLAN Name Delete Description: Delete VLAN Name to VLAN ID Mapping. Syntax: VLAN Name Delete Parameters: : VLAN name - Maximum of 32 characters. VLAN Name can only contain alphabets or numbers. VLAN name should contain atleast one alphabet. Example: Delete VLAN name WGSW-24040:/>vlan name delete test VLAN Name Lookup Description: Show VLAN Name table. Syntax: VLAN Name Lookup [] Parameters: : VLAN name - Maximum of 32 characters.
PAGE 377
User’s Manual of WGSW-24040 / WGSW-24040R VLAN Status Description: VLAN Port Configuration Status.
PAGE 378
User’s Manual of WGSW-24040 / WGSW-24040R 6.6 Private VLAN Configuration Command PVLAN Configuration Description: Show Private VLAN configuration.
PAGE 379
User’s Manual of WGSW-24040 / WGSW-24040R : Port list or 'all', default: All ports Example: Add port1 to port4 in PVLAN10 WGSW-24040:/>pvlan add 10 1-4 PVLAN Delete Description: Delete Private VLAN entry. Syntax: PVLAN Delete Parameters: : Private VLAN ID. The allowed range for a Private VLAN ID is the same as the switch port number range. Example: Delete PVLAN10 WGSW-24040:/>pvlan delete 10 PVLAN Lookup Description: Lookup Private VLAN entry.
PAGE 380
User’s Manual of WGSW-24040 / WGSW-24040R PVLAN ID Ports -------- ----- 1 1-10 PVLAN Isolate Description: Set or show the port isolation mode.
PAGE 381
User’s Manual of WGSW-24040 / WGSW-24040R 6.7 Security Command Security Switch User Configuration Description: Show users configuration.
PAGE 382
User’s Manual of WGSW-24040 / WGSW-24040R Example: Add new user: username: test, password: test & privilege: 10 WGSW-24040:/>security switch users add test test 10 Security Switch User Delete Description: Delete users entry. Syntax: Security Switch Users Delete Parameters: : A string identifying the user name that this entry should belong to. The allowed string length is (1-32). The valid user name is a combination of letters, numbers and underscores Example: Delete test account.
PAGE 383
User’s Manual of WGSW-24040 / WGSW-24040R CRO CRW SRO SRW -------------------------------- --- --- --- --Aggregation 5 10 5 10 Diagnostics 5 10 5 10 IP 5 10 5 10 LACP 5 10 5 10 LLDP 5 10 5 10 LLDP_MED 5 Loop_Protect 5 10 5 10 10 5 10 MAC_Table 5 10 5 10 MVR 5 10 5 10 Maintenance 15 Mirroring 5 10 5 10 Multicast 5 10 5 10 Port_Security 5 10 5 10 Ports 5 10 1 10 Private_VLANs 15 15 15 5 Protocol_based_VLAN 10 5 5 10 10 5 10 QoS 5 10
PAGE 384
User’s Manual of WGSW-24040 / WGSW-24040R : Configuration read-only privilege level (1-15) : Configuration/Execute read-write privilege level (1-15) : Status/Statistics read-only privilege level (1-15) : Status/Statistics read-write privilege level (1-15) Example: Change privilege level of MVR group. WGSW-24040:/>security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description: Show the current privilege level.
PAGE 385
User’s Manual of WGSW-24040 / WGSW-24040R console local Disabled telnet local Disabled ssh local Disabled web local Disabled Security Switch Authentication Method Description: Set or show Auth method. (default: Show Auth method).
PAGE 386
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SSH Configuration Description: Show SSH configuration. Syntax: Security Switch SSH Configuration Example: Show SSH configuration. WGSW-24040:/>security switch ssh configuration SSH Configuration: ================== SSH Mode : Enable Security Switch SSH Mode Description: Set or show the SSH mode.
PAGE 387
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch HTTPs Configuration Description: Show HTTPS configuration. Syntax: Security Switch HTTPS Configuration Example: Show HTTPs configuration. WGSW-24040:/>security switch https configuration HTTPS Configuration: ==================== HTTPS Mode : Enable HTTPS Redirect Mode : Disabled Security Switch HTTPs Mode Description: Set or show the HTTPS mode.
PAGE 388
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch HTTPs Redirect Description: Set or show the HTTPS redirect mode. Automatic redirect web browser to HTTPS during HTTPS mode enabled. Syntax: Security Switch HTTPS Redirect [enable|disable] Parameters: enable : Enable HTTPs redirect disable: Disable HTTPs redirect (default: Show HTTPs redirect mode) Default Setting: disable Example: Enable HTTPs redirect function.
PAGE 389
User’s Manual of WGSW-24040 / WGSW-24040R S: SNMP T: TELNET/SSH Idx Start IP Address End IP Address WST --- ------------------------------- ------------------------------ - - - Security Switch Access Mode Description: Set or show the access management mode. Syntax: Security Switch Access Mode [enable|disable] Parameters: enable : Enable access management disable: Disable access management (default: Show access management mode) Default Setting: disable Example: Enable access management function.
PAGE 390
User’s Manual of WGSW-24040 / WGSW-24040R : End IP address (a.b.c.d) web : Indicates that the host can access the switch from HTTP/HTTPS snmp : Indicates that the host can access the switch from SNMP telnet : Indicates that the host can access the switch from TELNET/SSH Example: Add access management list from 192.168.0.1 to 192.168.0.200 via web interface. WGSW-24040:/>security switch access add 1 192.168.0.1 192.168.0.
PAGE 391
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch Access Delete Description: Delete access management entry. Syntax: Security Switch Access Delete Parameters: : entry index (1-16) Example: Delete access management ID 1 WGSW-24040:/>security switch access delete 1 Security Switch Access Lookup Description: Lookup access management entry.
PAGE 392
User’s Manual of WGSW-24040 / WGSW-24040R Clear access management entry. WGSW-24040:/>security switch access clear Security Switch Access Statistics Description: Show or clear access management statistics. Syntax: Security Switch Access Statistics [clear] Parameters: clear: Clear access management statistics Example: Show access management statistics.
PAGE 393
User’s Manual of WGSW-24040 / WGSW-24040R Set or show the SNMP mode. Syntax: Security Switch SNMP Mode [enable|disable] Parameters: enable : Enable SNMP disable: Disable SNMP (default: Show SNMP mode) Default Setting: enable Example: Disable SNMP mode. WGSW-24040:/>security switch snmp mode disable Security Switch SNMP Version Description: Set or show the SNMP protocol version.
PAGE 394
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Read Community Description: Set or show the community string for SNMP read access. Syntax: Security Switch SNMP Read Community [] Parameters: : Community string. Use 'clear' or "" to clear the string Maximum length allowed is upto 256 characters. (default: Show SNMP read community) Default Setting: public Example: Set SNMP read community private.
PAGE 395
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Trap Mode Description: Set or show the SNMP trap mode. Syntax: Security Switch SNMP Trap Mode [enable|disable] Parameters: enable : Enable SNMP traps disable: Disable SNMP traps (default: Show SNMP trap mode) Default Setting: disable Example: Enable SNMP trap mode. WGSW-24040:/>security switch snmp trap mode enable Security Switch SNMP Trap Version Description: Set or show the SNMP trap protocol version.
PAGE 396
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>security switch snmp trap version 2c Security Switch SNMP Trap Community Description: Set or show the community string for SNMP traps. Syntax: Security Switch SNMP Trap Community [] Parameters: : Community string. Use 'clear' or "" to clear the string Maximum length allowed is upto 256 characters. (default: Show SNMP trap community) Default Setting: public Example: Set private value for SNMP trap community.
PAGE 397
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Trap IPv6 Destination Description: Set or Show the SNMP trap destination IPv6 address. Syntax: Security Switch SNMP Trap IPv6 Destination [] Parameters: : IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field (:). For example, four hexadecimal digits with a colon separates each field (:). For example, fe80::215:c5ff:fe03:4dc7'.
PAGE 398
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Trap Link-up Description: Set or show the port link-up and link-down trap mode.
PAGE 399
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>security switch snmp trap inform mode disable Security Switch SNMP Trap Inform Timeout Description: Set or show the SNMP trap inform timeout (usecs). Syntax: Security Switch SNMP Trap Inform Timeout [] Parameters: : SNMP trap inform timeout (0-2147 seconds) Default Setting: 1 Example: Set SNMP trap inform timeout in 20sec.
PAGE 400
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>security switch snmp trap inform retry times 10 Security Switch SNMP Trap Probe Security Engine ID Description: Show SNMP trap security engine ID probe mode.
PAGE 401
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Trap Security Name Description: Set or show SNMP trap security name. Syntax: Security Switch SNMP Trap Security Name [] Parameters: : A string representing the security name for a principal (default: Show SNMP trap security name).
PAGE 402
User’s Manual of WGSW-24040 / WGSW-24040R Add or modify SNMPv3 community entry. The entry index key is . Syntax: Security Switch SNMP Community Add [] [] Parameters: : Community string : IP address (a.b.c.d), default: Show IP address : IPv4 subnet mask (a.b.c.d), default: Show IP mask Example: Add SNMPv3 community entry. WGSW-24040:/>security switch snmp community add public 192.168.0.20 255.255.255.
PAGE 403
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : entry index (1-64) Example: Lookup SNMPv3 community entry WGSW-24040:/>security switch snmp community lookup Idx Community Source IP Source Mask --- -------------------------------- --------------- --------------- 1 public 192.168.0.20 2 private 255.255.255.0 0.0.0.0 0.0.0.0 Number of entries: 2 Security Switch SNMP User Add Description: Add SNMPv3 user entry.
PAGE 404
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>security switch snmp user add 800007e5017f000003 admin_snmpv3 md5 12345678 des abcdefgh Security Switch SNMP User Delete Description: Delete SNMPv3 user entry. Syntax: Security Switch SNMP User Delete Parameters: : entry index (1-64) Example: Delete SNMPv3 user entry WGSW-24040:/>security switch snmp user delete 1 Security Switch SNMP User Changekey Description: Change SNMPv3 user password.
PAGE 405
User’s Manual of WGSW-24040 / WGSW-24040R 87654321 12345678 Security Switch SNMP User Lookup Description: Lookup SNMPv3 user entry.
PAGE 406
User’s Manual of WGSW-24040 / WGSW-24040R : A string identifying the group name that this entry should belong to. The allowed string length is (1-32), and the allowed content is ASCII characters from 33 to 126 Example: Add SNMPv3 group entry WGSW-24040:/>security switch snmp group add usm admin_snmpv3 group_snmpv3 Security Switch SNMP Group Delete Description: Delete SNMPv3 group entry.
PAGE 407
User’s Manual of WGSW-24040 / WGSW-24040R --- ----- -------------------------------- -------------------------------1 v1 public default_ro_group 2 v1 private default_rw_group 3 v2c public default_ro_group 4 v2c private default_rw_group 5 usm default_user default_rw_group Number of entries: 5 Security Switch SNMP View Add Description: Add or modify SNMPv3 view entry. The entry index key are and .
PAGE 408
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : entry index (1-64) Example: Delete SNMPv3 view entry WGSW-24040:/>security switch snmp view delete 3 Security Switch SNMP View Lookup Description: Lookup SNMPv3 view entry.
PAGE 409
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : A string identifying the group name that this entry should belong to.
PAGE 410
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch SNMP Access Lookup Description: Lookup SNMPv3 access entry.
PAGE 411
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: Security Switch RMON Statistics Delete Parameters: : Statistics ID (1-65535). Security Switch RMON Statistics Lookup Description: Show RMON Statistics entries. Syntax: Security Switch RMON Statistics Lookup [] Parameters: : Statistics ID (1-65535). Security Switch RMON History Add Description: Add or modify RMON Hisotry entry. The entry index key is .
PAGE 412
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: Security Switch RMON History Delete Parameters: : History ID (1-65535). Security Switch RMON History Lookup Description: Show RMON History entries. Syntax: Security Switch RMON History Lookup [] Parameters: : History ID (1-65535). Security Switch RMON Alarm Add Description: Add or modify RMON Alarm entry. The entry index key is .
PAGE 413
User’s Manual of WGSW-24040 / WGSW-24040R .1.3.6.1.2.1.2.2.1.18.xxx – ifOutNUcastPkts .1.3.6.1.2.1.2.2.1.19.xxx – ifOutDiscards .1.3.6.1.2.1.2.2.1.20.xxx – ifOutErrors .1.3.6.1.2.1.2.2.1.21.xxx – ifOutQLen "xxx" means the interface identified by a particular value of this index is the same interface as identified by the same value of OID 'ifIndex'. absolute : Get the sample directly. delta : Calculate the difference between samples (default).
PAGE 414
User’s Manual of WGSW-24040 / WGSW-24040R Security Switch RMON Event Add Description: Add or modify RMON Event entry. The entry index key is . Syntax: Security Switch RMON Event Add [none|log|trap|log_trap] [] [] Parameters: none : Event ID (1-65535). : Get the sample directly. log : Get the sample directly. trap : Get the sample directly. log_trap : Calculate the difference between samples (default).
PAGE 415
User’s Manual of WGSW-24040 / WGSW-24040R Security Network Psec Switch Description: Show Port Security status. Syntax: Security Network Psec Switch [] Parameters: : Port list or 'all', default: All ports Example: Show port security status. WGSW-24040:/>security network psec switch Users: L = Limit Control 8 = 802.
PAGE 416
User’s Manual of WGSW-24040 / WGSW-24040R Port 1: ------- MAC Address VID ----------------- ---- State Added Age/Hold Time ---------- ------------------------- Security Network Limit Configuration Description: Show Limit Control configuration. Syntax: Security Network Limit Configuration [] Parameters: : Port list or 'all', default: All ports Example: Show Limit Control configuration.
PAGE 417
User’s Manual of WGSW-24040 / WGSW-24040R Set or show global state. Syntax: Security Network Limit Mode [enable|disable] Parameters: enable : Globally enable port security disable : Globally disable port security (default: Show current global enabledness of port security limit control) Default Setting: disable Example: Enable the limit mode WGSW-24040:/>security network limit mode enable Security Network Limit Aging Description: Set or show aging state.
PAGE 418
User’s Manual of WGSW-24040 / WGSW-24040R Security Network Limit Agetime Description: Time in seconds between check for activity on learned MAC addresses. Syntax: Security Network Limit Agetime [] Parameters: : Time in seconds between checks for activity on a MAC address (10-10000000 seconds) (default: Show current age time) Default Setting: 3600 Example: Set age time in 100sec.
PAGE 419
User’s Manual of WGSW-24040 / WGSW-24040R Security Network Limit Limit Description: Set or show the max. number of MAC addresses that can be learned on this set of ports. Syntax: Security Network Limit Limit [] [] Parameters: : Port list or 'all', default: All ports : Max.
PAGE 420
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set trap mode for limit action for port 1 WGSW-24040:/>security network limit action 1 trap Security Network Limit Reopen Description: Reopen one or more ports whose limit is exceeded and shut down. Syntax: Security Network Limit Reopen [] Parameters: : Port list or 'all', default: All ports Example: Reopen port 1 WGSW-24040:/>security network limit reopen 1 Security Network NAS Configuration Description: Show 802.
PAGE 421
User’s Manual of WGSW-24040 / WGSW-24040R Mode : Disabled Reauth. : Disabled Reauth. Period : 3600 EAPOL Timeout : 30 Age Period : 300 Hold Time : 10 RADIUS QoS : Disabled RADIUS VLAN : Disabled Guest VLAN : Disabled Guest VLAN ID :1 Max.
PAGE 422
User’s Manual of WGSW-24040 / WGSW-24040R Security Network NAS State Description: Set or show the port security state. Syntax: Security Network NAS State [] [auto|authorized|unauthorized|single|multi|macbased] Parameters: : Port list or 'all', default: All ports auto : Port-based 802.1X Authentication authorized : Port access is allowed unauthorized: Port access is not allowed single : Single Host 802.1X Authentication multi : Multiple Host 802.
PAGE 423
User’s Manual of WGSW-24040 / WGSW-24040R disable: Disable reauthentication (default: Show current reauthentication mode) Default Setting: disable Example: Enable reauthentication function. WGSW-24040:/>security network nas reauthentication enable Security Network NAS ReauthPeriod Description: Set or show the period between reauthentication attempts.
PAGE 424
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Time between EAPOL retransmissions (1-65535 seconds) (default: Show current EAPOL retransmission timeout) Default Setting: 30 Example: Set the time between EAPOL retransmissions for 100sec. WGSW-24040:/>security network nas eapoltimeout 100 Security Network NAS Agetime Description: Time in seconds between check for activity on successfully authenticated MAC addresses.
PAGE 425
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Time on hold (10-1000000 seconds) (default: Show current hold time) Default Setting: 10 Example: Set NAS hold time in 100sec WGSW-24040:/>security network nas holdtime 100 Security Network NAS RADIUS_QoS Description: Set or show either global state (use the global keyword) or per-port state of RADIUS-assigned QoS.
PAGE 426
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: Security Network NAS RADIUS_VLAN [global|] [enable|disable] Parameters: global : Select the global RADIUS-assigned VLAN setting : Select the per-port RADIUS-assigned VLAN setting (default: Show current per-port RADIUS-assigned VLAN state) enable : Enable RADIUS-assigned VLAN either globally or on one or more ports disable: Disable RADIUS-assigned VLAN either globally or on one or more ports (default: Show current RADIUS-assigned VLAN
PAGE 427
User’s Manual of WGSW-24040 / WGSW-24040R (default: Show current Maximum Reauth Count value : The value can only be set if you use the 'global' keyword in the beginning of the command.
PAGE 428
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports clear : Clear statistics eapol : Show EAPOL statistics radius : Show Backend Server statistics (default: Show all statistics) Example: Show 802.1X statistics in port 1 WGSW-24040:/>security network nas statistics 1 Rx Total: 0 Rx Response/Id: Tx Total: 0 Rx Response: Tx Request/Id: 0 0 0 Tx Request: 0 Rx Access Challenges: 0 Tx Responses: 0 Rx Other Requests: 0 Rx Auth.
PAGE 429
User’s Manual of WGSW-24040 / WGSW-24040R Security Network ACL Action Description: Set or show the ACL port default action.
PAGE 430
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set ACL policy 2 for port 1 WGSW-24040:/>security network acl policy 1 2 Security Network ACL Rate Description: Set or show the ACL rate limiter.
PAGE 431
User’s Manual of WGSW-24040 / WGSW-24040R [] [] [(etype [] [] []) | (arp [] [] [] [] []) | (ip [] [] [] []) | (icmp [] [] [] [] []) | (udp [] [] [] [] []) | (tcp [] [] [] [] [] [])] [permit|deny] [] [] [] [] Parameters: :
PAGE 432
User’s Manual of WGSW-24040 / WGSW-24040R : Rate limiter number (1-15) or 'disable' : Port number for copy of frames or 'disable' : System logging of frames: log|log_disable : Shut down ingress port: shut|shut_disable Security Network ACL Delete Description: Delete ACE.
PAGE 433
User’s Manual of WGSW-24040 / WGSW-24040R Security Network ACL Clear Description: Clear all ACL counters. Syntax: Security Network ACL Clear Example: Clear all ACL counters. WGSW-24040:/>security network acl clear Security Network ACL Status Description: Show ACL status.
PAGE 434
User’s Manual of WGSW-24040 / WGSW-24040R Security Network ACL Port State Description: Set or show the ACL port state. Syntax: Security Network ACL Port State [] [enable|disable] Parameters: : Port list or 'all', default: All ports enable|disable: ACL port state Default Setting: Enable Security Network DHCP Relay Configuration Description: Show DHCP relay configuration. Syntax: Security Network DHCP Relay Configuration Example: Show DHCP relay configuration.
PAGE 435
User’s Manual of WGSW-24040 / WGSW-24040R Set or show the DHCP relay mode. Syntax: Security Network DHCP Relay Mode [enable|disable] Parameters: enable : Enable DHCP relaly mode. When enable DHCP relay mode operation, the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain. And the DHCP broadcast message won't flood for security considered.
PAGE 436
User’s Manual of WGSW-24040 / WGSW-24040R Security Network DHCP Relay Information Mode Description: Set or show DHCP relay agent information option mode. When enable DHCP relay information mode operation, the agent insert specific information (option 82) into a DHCP message when forwarding to DHCP server and remote it from a DHCP message when transferring to DHCP client. It only works under DHCP relay operation mode enabled.
PAGE 437
User’s Manual of WGSW-24040 / WGSW-24040R Default Setting: replace Example: Keep the original relay information when receive a DHCP message that already contains it WGSW-24040:/>security network dhcp relay information policy keep Security Network DHCP Relay Statistics Description: Show or clear DHCP relay statistics. Syntax: Security Network DHCP Relay Statistics [clear] Parameters: clear: Clear DHCP relay statistics Example: Show DHCP relay statistics.
PAGE 438
User’s Manual of WGSW-24040 / WGSW-24040R Security Network DHCP Snooping Mode [enable|disable] Parameters: enable : Enable DHCP snooping mode. When enable DHCP snooping mode operation, the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports.
PAGE 439
User’s Manual of WGSW-24040 / WGSW-24040R Security Network DHCP Snooping Statistics Description: Show or clear DHCP snooping statistics. Syntax: Security Network DHCP Snooping Statistics [] [clear] Parameters: : Port list or 'all', default: All ports clear : Clear DHCP snooping statistics Example: Show DHCP snooping statistics of port 1.
PAGE 440
User’s Manual of WGSW-24040 / WGSW-24040R Security Network IP Source Guard Mode Description: Set or show IP source guard mode. Syntax: Security Network IP Source Guard Mode [enable|disable] Parameters: enable : Enable IP Source Guard disable: Disable IP Source Guard Default Setting: disable Example: Enable IP source guard mode WGSW-24040:/>security network ip source guard mode enable Security Network IP Source Guard Port Mode Description: Set or show the IP Source Guard port mode.
PAGE 441
User’s Manual of WGSW-24040 / WGSW-24040R Security Network IP Source Guard Limit Description: Set or show the IP Source Guard port limitation for dynamic entries.
PAGE 442
User’s Manual of WGSW-24040 / WGSW-24040R Security Network IP Source Guard Status Description: Show IP source guard static and dynamic entries. Syntax: Security Network IP Source Guard Status [] Parameters: : Port list or 'all', default: All ports Example: Show IP source guard static and dynamic entries. WGSW-24040:/>security network ip source guard status Security Network IP Source Guard Translation Description: Translate IP source guard dynamic entries into static entries.
PAGE 443
User’s Manual of WGSW-24040 / WGSW-24040R Security Network ARP Inspection Mode Description: Set or show ARP inspection mode. Syntax: Security Network ARP Inspection Mode [enable|disable] Parameters: enable : Enable ARP Inspection disable: Disable ARP Inspection Default Setting: disable Example: Enable ARP inspection mode WGSW-24040:/>security network arp inspection mode enable Security Network ARP Inspection Port Mode Description: Set or show the ARP Inspection port mode.
PAGE 444
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>security network arp inspection port mode 1 Security Network ARP Inspection Entry Description: Add or delete ARP inspection static entry.
PAGE 445
User’s Manual of WGSW-24040 / WGSW-24040R Security Network ARP Inspection Translation Description: Translate ARP inspection dynamic entries into static entries. Syntax: Security Network ARP Inspection Translation Security AAA Configuration Description: Show Auth configuration. Syntax: Security AAA Configuration Example: Show Auth configuration.
PAGE 446
User’s Manual of WGSW-24040 / WGSW-24040R ======================================= Server Mode IP Address Secret Port ------ -------- --------------- ------------------------------ ----- 1 Disabled 1813 2 Disabled 1813 3 Disabled 1813 4 Disabled 1813 5 Disabled 1813 TACACS+ Authentication Server Configuration: ============================================ Server Mode IP Address Secret Port ------ --------------- ------------------------------ ----- -------- 1 Disabled 49 2
PAGE 447
User’s Manual of WGSW-24040 / WGSW-24040R Security AAA Deadtime Description: Set or show server dead time. Syntax: Security AAA Deadtime [] Parameters: : Time that a server is considered dead if it doesn't answer a request (0-3600 seconds) (default: Show server dead time configuration) Default Setting: 300 Example: Set 1000sec for server dead time WGSW-24040:/>security aaa deadtime 1000 Security AAA RADIUS Description: Set or show RADIUS authentication server setup.
PAGE 448
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set RADIUS authentication server configuration. WGSW-24040:/>security aaa radius 1 enable 192.168.0.20 12345678 1812 Security AAA ACCT_RADIUS Description: Set or show RADIUS accounting server setup.
PAGE 449
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: The server index (1-5) (default: Show TACACS+ authentication server configuration) enable : Enable TACACS+ authentication server disable : Disable TACACS+ authentication server (default: Show TACACS+ server mode) : IP host address (a.b.c.d) or a host name string : Secret shared with external authentication server. To set an empty secret, use two quotes (""). To use spaces in secret, enquote the secret.
PAGE 450
User’s Manual of WGSW-24040 / WGSW-24040R 6.8 Spanning Tree Protocol Command STP Configuration Description: Show STP Bridge configuration. Syntax: STP Configuration Example: Show STP configuration.
PAGE 451
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set the STP Bridge protocol version. WGSW-24040:/> stp version rstp STP Tx Hold Description: Set or show the STP Bridge Transmit Hold Count parameter. Syntax: STP Txhold [] Parameters: : STP Transmit Hold Count (1-10) Default Setting: 6 Example: Set STP Tx hold in 10 WGSW-24040:/>stp txhold 10 STP MaxHops Description: Set or show the MSTP Bridge Max Hop Count parameter.
PAGE 452
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set STP maximum hops in 25 WGSW-24040:/>stp maxhops 25 STP MaxAge Description: Set or show the bridge instance maximum age. Syntax: STP MaxAge [] Parameters: : STP maximum age time (6-40, and max_age <= (forward_delay-1)*2) Default Setting: 20 Example: Set STP maximum age time in 10 WGSW-24040:/>stp maxage 10 STP FwdDelay Description: Set or show the bridge instance forward delay.
PAGE 453
User’s Manual of WGSW-24040 / WGSW-24040R Set STP forward delay value in 25 WGSW-24040:/>stp fwddelay 25 STP CName Description: Set or Show MSTP configuration name and revision. Syntax: STP CName [] [] Parameters: : MSTP Configuration name. A text string up to 32 characters long. Use quotes (") to embed spaces in name. : Integer value Default Setting: Configuration name: MAC address Configuration rev.: 0 Example: Set MSTP configuration name and revision.
PAGE 454
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set edge port BPDU filtering WGSW-24040:/>stp bpdufilter enable STP BPDU Guard Description: Set or show edge port BPDU Guard. Syntax: STP bpduGuard [enable|disable] Parameters: enable|disable: enable or disable BPDU Guard for Edge ports Default Setting: Disable Example: Set edge port BPDU guard WGSW-24040:/>stp bpduguard enable STP Recovery Description: Set or show edge port error recovery timeout.
PAGE 455
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set STP recovery value in 30 sec. WGSW-24040:/>stp recovery 30 STP Status Description: Show STP Bridge status. Syntax: STP Status [] [] Parameters: : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) : Port list or 'all', default: All ports Example: Show STP Bridge status.
PAGE 456
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: STP Msti Priority [] [] Parameters: : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) : STP bridge priority (0/4096/8192/12288/.../53248/57344/61440) Default: 32768 Example: Set MST1 priority value in 4096. WGSW-24040:/>stp msti priority 1 4096 STP MSTI Map Description: Show or clear MSTP MSTI VLAN mapping configuration.
PAGE 457
User’s Manual of WGSW-24040 / WGSW-24040R Example: Add MST1 in vlan1. WGSW-24040:/>stp msti add 1 1 STP Port Configuration Description: Show STP Port configuration. Syntax: STP Port Configuration [] Parameters: : Port list or 'all'. Port zero means aggregations.
PAGE 458
User’s Manual of WGSW-24040 / WGSW-24040R disable Example: Enable STP function on port1 WGSW-24040:/>stp port mode 1 enable STP Port Edge Description: Set or show the STP adminEdge port parameter.
PAGE 459
User’s Manual of WGSW-24040 / WGSW-24040R Disable : Disable MSTP autoEdge Default: enable Example: Disable STP edge function on port1 WGSW-24040:/>stp port autoedge 1 disable STP Port P2P Description: Set or show the STP point2point port parameter.
PAGE 460
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports enable : Enable MSTP restricted role disable : Disable MSTP restricted role Default: disable Example: Eisable STP restricted role on port1 WGSW-24040:/>stp port restrictedrole 1 enable STP Port RestrictedTcn Description: Set or show the MSTP restrictedTcn port parameter.
PAGE 461
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: STP Port bpduGuard [] [enable|disable] Parameters: : Port list or 'all', default: All ports enable : Enable port BPDU Guard disable : Disable port BPDU Guard Default: disable Example: Eisable BPDU guard on port1 WGSW-24040:/>stp port bpduguard 1 enable STP Port Statistic Description: Show STP port statistics.
PAGE 462
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: STP Port Mcheck [] Parameters: : Port list or 'all', default: All ports Example: Set the STP mCheck (Migration Check) variable for port 1. WGSW-24040:/>stp port mcheck 1 STP MSTI Port Configuration Description: Show the STP port instance configuration. Syntax: STP Msti Port Configuration [] [] Parameters: : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...
PAGE 463
User’s Manual of WGSW-24040 / WGSW-24040R auto Example: Set MSTI7 in port1 WGSW-24040:/>stp msti port cost 7 1 MSTI Port Path Cost ---- ---- ---------- MST7 1 Auto STP MSTI Port Priority Description: Set or show the STP port instance priority. Syntax: STP Msti Port Priority [] [] [] Parameters: : STP bridge instance no (0-7, CIST=0, MSTI1=1, ...) : Port list or 'all'. Port zero means aggregations. : STP port priority (0/16/32/48/...
PAGE 464
User’s Manual of WGSW-24040 / WGSW-24040R 6.9 Link Aggregation Command Aggregation Configuration Description: Show link aggregation configuration. Syntax: Aggr Configuration Aggregation Add Description: Add or modify link aggregation. Syntax: Aggr Add [] Parameters: : Port list or 'all', default: All ports : Aggregation ID: 1-14 Example: Add port 1~4 in Group1 WGSW-24040:/>aggr add 1-4 1 Aggregation Delete Description: Delete link aggregation.
PAGE 465
User’s Manual of WGSW-24040 / WGSW-24040R Delete Group2 WGSW-24040:/>aggr delete 2 Aggregation Lookup Description: Lookup link aggregation. Syntax: Aggr Lookup [] Parameters: : Aggregation ID: 1-14 Aggregation Mode Description: Set or show the link aggregation traffic distribution mode.
PAGE 466
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>Aggr mode smac disable 466
PAGE 467
User’s Manual of WGSW-24040 / WGSW-24040R 6.10 Link Aggregation Control Protocol Command LACP Configuration Description: Show LACP configuration.
PAGE 468
User’s Manual of WGSW-24040 / WGSW-24040R : Port list or 'all', default: All ports enable : Enable LACP protocol disable: Disable LACP protocol (default: Show LACP mode) Default Setting: disable Example: Enable LACP for port1~4 WGSW-24040:/>lacp mode 1-4 enable LACP Key Description: Set or show the LACP key.
PAGE 469
User’s Manual of WGSW-24040 / WGSW-24040R LACP Prio [] [] Parameters: : Port list or 'all', default: All ports : LACP Prio (0-65535) Default Setting: 32768 LACP System Priority Description: Set or show the LACP System prio. Syntax: LACP System Prio [] Parameters: : LACP System Prio (0-65535) Default Setting: 32768 LACP Role Description: Set or show the LACP role.
PAGE 470
User’s Manual of WGSW-24040 / WGSW-24040R active Example: Set passive for port1~4 WGSW-24040:/>lacp role 1-4 passive LACP Status Description: Show LACP Status.
PAGE 471
User’s Manual of WGSW-24040 / WGSW-24040R : Port list or 'all', default: All ports : Clear LACP statistics clear Example: Show LACP statistics of port1~4 WGSW-24040:/>lacp statistics 1-4 Port Rx Frames Tx Frames ------ --------------- --------------- Rx Unknown Rx Illegal --------------- ---------- 1 0 0 0 0 2 0 0 0 0 3 0 0 0 0 4 0 0 0 0 LACP Timeout Description: Set or show the LACP timeout.
PAGE 472
User’s Manual of WGSW-24040 / WGSW-24040R 6.11 LLDP Command LLDP Configuration Description: Show LLDP configuration.
PAGE 473
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports enable : Enable LLDP reception and transmission disable: Disable LLDP rx : Enable LLDP reception only tx : Enable LLDP transmission only (default: Show LLDP mode) Default Setting: disable Example: Enable port1 LLDP function. WGSW-24040:/>lldp mode 1 enable LLDP Optional TLV Description: Show or Set LLDP Optional TLVs.
PAGE 474
User’s Manual of WGSW-24040 / WGSW-24040R System capabilities: Enable Master's IP address: Enable Example: Disable description of the port for port1 WGSW-24040:/>lldp optional_tlv 1 port_descr disable LLDP Interval Description: Set or show LLDP Tx interval. Syntax: LLDP Interval [] Parameters: : LLDP transmission interval (5-32768) Default Setting: 30 Example: Set transmission interval in 10 WGSW-24040:/>lldp interval 10 LLDP Hold Description: Set or show LLDP Tx hold value.
PAGE 475
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set LLDP hold value in 10 WGSW-24040:/>lldp hold 10 LLDP Delay Description: Set or show LLDP Tx delay. Syntax: LLDP Delay [] Parameters: : LLDP transmission delay (1-8192) Default Setting: 2 Example: Set LLDP delay value in 1 WGSW-24040:/>lldp delay 1 LLDP Reinit Description: Set or show LLDP reinit delay.
PAGE 476
User’s Manual of WGSW-24040 / WGSW-24040R Example: Set LLDP reinit delay value in 3 WGSW-24040:/>lldp reinit 3 LLDP Statistics Description: Show LLDP Statistics. Syntax: LLDP Statistics [] [clear] Parameters: : Port list or 'all', default: All ports : Clear LLDP statistics clear Example: Show LLDP Statistics of port 1 WGSW-24040:/>lldp statistics 1 LLDP global counters Neighbor entries was last changed at - (18819 sec. ago).
PAGE 477
User’s Manual of WGSW-24040 / WGSW-24040R LLDP Info Description: Show LLDP neighbor device information. Syntax: LLDP Info [] Parameters: : Port list or 'all', default: All ports LLDP CDP Aware Description: Set or show if discovery information from received CDP ( Cisco Discovery Protocol ) frames is added to the LLDP neighbor table.
PAGE 478
User’s Manual of WGSW-24040 / WGSW-24040R 6.12 LLDPMED Command LLDPMED Configuration Description: Show LLDP-MED configuration. Syntax: LLDPMED Configuration [] Parameters: : Port list or 'all', default: All ports Example: Show LLDP-MED configuration of port1~4 WGSW-24040:/>lldpmed configuration 1-4 LLDP-MED Configuration: ======================= Fast Start Repeast Count : 4 Location Coordinates : Latitude - 0.0000 North Longitude - 0.0000 East Altitude - 0.
PAGE 479
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: LLDPMED Civic [country|state|county|city|district|block|street|leading_street_direction|trailing_street_suffix|str_suf|house_no|house_no_s uffix|landmark|additional_info|name|zip_code|building|apartment|floor|room_number|place_type|postal_com_name|p_o_ box|additional_code] [] Parameters: country state county city district block street : Country : National subdivisions (state, caton, region, province, prefecture) : County, parish,gun (JP), dist
PAGE 480
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: LLDPMED ecs [] Parameters: : lldpmed The value for the Emergency Call Service LLDPMED Policy Delete Description: Delete the selected policy. Syntax: LLDPMED policy delete [] Parameters: : List of policies to delete Example: Delete the policy 1 WGSW-24040:/>lldpmed policy delete 1 LLDPMED Policy Add Description: Adds a policy to the list of polices.
PAGE 481
User’s Manual of WGSW-24040 / WGSW-24040R interactive voice services. guest_voice_signaling : Guest Voice Signaling (conditional) for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media. : Softphone Voice for use by softphone applications on typical data centric devices, such as softphone_voice PCs or laptops.
PAGE 482
User’s Manual of WGSW-24040 / WGSW-24040R LLDPMED Coordinates Description: Set or show LLDP-MED Location. Syntax: LLDPMED Coordinates [] [] [coordinate_value] Parameters: : The tude_type parameter takes the following values: latitude : Latitude, 0 to 90 degrees with max. 4 digits (Positive numbers are north of the equator and negative numbers are south of the equator). longitude: Longitude, 0 to 180 degrees with max.
PAGE 483
User’s Manual of WGSW-24040 / WGSW-24040R LLDPMED Fast Description: Set or show LLDP-MED Fast Start Repeat Count. Syntax: LLDPMED Fast [] Parameters: : The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism defined by LLDP-MED (1-10). LLDPMED Info Description: Show LLDP-MED neighbor device information.
PAGE 484
User’s Manual of WGSW-24040 / WGSW-24040R 6.13 Quality of Service Command QoS Configuration Description: Show QoS Configuration. Syntax: QoS Configuration [] Parameters: : Port list or 'all', default: All ports QoS Port Classification Class Description: Set or show the default QoS class. If the QoS class has been dynamically changed, then the actual QoS class is shown in parentheses after the configured QoS class.
PAGE 485
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: QoS Port Classification DPL [] [] Parameters: : Port list or 'all', default: All ports : Drop Precedence Level (0-3) Default Setting: 0 Example: Set the default Drop Precedence Level in 1 for port1 WGSW-24040:/>qos Port Classification dpl 1 1 QoS Port Classification Tag Description: Set or show if the classification is based on the PCP and DEI values in tagged frames.
PAGE 486
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port Classification Map Description: Set or show the port classification map. This map is used when port classification tag is enabled,and the purpose is to translate the Priority Code Point (PCP) and Drop Eligible Indicator (DEI) from a tagged frame to QoS class and DP level.
PAGE 487
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port Policer Mode Description: Set or show the port policer mode Syntax: QoS Port Policer Mode [] [enable|disable] Parameters: : Port list or 'all', default: All ports enable : Enable port policer disable : Disable port policer (default: Show port policer mode) Default Setting: disable Example: Enable QoS port policer WGSW-24040:/>qos Port Policer Mode 1-10 enable QoS Port Policer Rate Description: Set or show the port policer rat
PAGE 488
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>qos Port Policer Rate 1-10 1000 QoS Port Policer Unit Description: Set or show the port policer unit.
PAGE 489
User’s Manual of WGSW-24040 / WGSW-24040R (default: Show port policer flow control mode) Default Setting: disable QoS Port Scheduler Mode Description: Set or show the port scheduler mode.
PAGE 490
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port QueueShaper Mode Description: Set or show the port queue shaper mode.
PAGE 491
User’s Manual of WGSW-24040 / WGSW-24040R Set the port queue shaper rate in 1000 WGSW-24040:/>qos Port QueueShaper rate 1-10 0-7 1000 QoS Port QueueShaper Excess Description: Set or show the port queue excess bandwidth mode.
PAGE 492
User’s Manual of WGSW-24040 / WGSW-24040R mapped : Use mapped versions of QoS class and DP level (default: Show port tag remarking mode) Default Setting: classified Example: Set the port tag remarking mode in mapped. WGSW-24040:/>qos Port TagRemarking Mode 1-10 mapped QoS Port TagRemarking PCP Description: Set or show the default PCP. This value is used when port tag remarking mode is set to 'default'.
PAGE 493
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : Port list or 'all', default: All ports : Drop Eligible Indicator (0-1) Default Setting: 0 Example: Set the default EDI in 1. WGSW-24040:/>qos Port TagRemarking EDI 1-10 1 QoS Port TagRemarking Map Description: Set or show the port tag remarking map. This map is used when port tag remarking mode is set to 'mapped', and the purpose is to translate the classified QoS class (0-7) and DP level (0-1) to PCP and DEI.
PAGE 494
User’s Manual of WGSW-24040 / WGSW-24040R : Port list or 'all', default: All ports enable : Enable DSCP ingress translation disable : Disable DSCP ingress translation (default: Show DSCP ingress translation mode) Default Setting: disable Example: Enable DSCP ingress translation on all port. WGSW-24040:/>qos Port DSCP Translation 1-10 enable QoS Port DSCP Classification Description: Set or show DSCP classification based on QoS class.
PAGE 495
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port DSCP EgressRemark Description: Set or show the port DSCP remarking mode.
PAGE 496
User’s Manual of WGSW-24040 / WGSW-24040R QoS DSCP Translation Description: Set or show global ingress DSCP translation table. If port DSCP translation is enabled, translation table is used to translate incoming frames DSCP value and translated value is used to map QoS class and DP level.
PAGE 497
User’s Manual of WGSW-24040 / WGSW-24040R If port DSCP classification is 'selected', DSCP will be classified based on QoS class and DP level only for DSCP value with classification mode 'enabled'. DSCP may be translated DSCP if translation is enabled for the port.
PAGE 498
User’s Manual of WGSW-24040 / WGSW-24040R to map the classified DSCP to a new DSCP value. Syntax: QoS DSCP EgressRemap [] [] Parameters: : DSCP (0-63) list or 'all' : Egress remapped DSCP: 0-63, BE, CS1-CS7, EF or AF11-AF43 QoS Port Storm Unicast Description: Set or show the port storm rate limiter for unicast frames.
PAGE 499
User’s Manual of WGSW-24040 / WGSW-24040R QoS Port Storm Broadcast [] [enable|disable] [] [kbps|fps] Parameters: : Port list or 'all', default: All ports enable : Enable storm policing of broadcast frames disable : Disable storm policing of broadcast frames : Rate in kbps or fps (100-13200000) kbps fps : Unit is kilo bits per second : Unit is frames per second Default Setting: disable Example: Enable multicast storm control in 2kbps WGSW-24040:/> QoS Port Storm m
PAGE 500
User’s Manual of WGSW-24040 / WGSW-24040R QoS QCL Add Description: Add or modify QoS Control Entry (QCE). If the QCE ID parameter is specified and an entry with this QCE ID already exists, the QCE will be modified. Otherwise, a new QCE will be added. If the QCE ID is not specified, the next available QCE ID will be used. If the next QCE ID parameter is specified, the QCE will be placed before this QCE in the list.
PAGE 501
User’s Manual of WGSW-24040 / WGSW-24040R : IPv4 frame fragmented: yes|no|any : Source TCP/UDP port:(0-65535) or 'any', specific or port range : Dest. TCP/UDP port:(0-65535) or 'any', specific or port range ipv6 : IPv6 keyowrd : IPv6 source address: (a.b.c.
PAGE 502
User’s Manual of WGSW-24040 / WGSW-24040R QoS QCL status [combined|static|voice_vlan|conflicts] Parameters: : Shows the combined status combined|static|voice_vlan|conflicts: combined static : Shows the static user configured status : Shows the status by Voice VLAN voice_vlan conflicts : Shows all conflict status (default : Shows the combined status) QoS QCL Refresh Description: Resolve QCE conflict status.
PAGE 503
User’s Manual of WGSW-24040 / WGSW-24040R 6.14 Mirror Command Mirror Configuration Description: Show mirror configuration. Syntax: Mirror Configuration [] Parameters: : Port list or 'all', default: All ports Example: Show mirror configuration. WGSW-24040:/>mirror configuration Mirror Port Description: Set or show the mirror port.
PAGE 504
User’s Manual of WGSW-24040 / WGSW-24040R Mirror Mode Description: Set or show the mirror mode. Syntax: Mirror Mode [] [enable|disable|rx|tx] Parameters: : Port list or CPU or 'all', default: All ports and CPU enable : Enable Rx and Tx mirroring disable: Disable Mirroring rx : Enable Rx mirroring tx : Enable Tx mirroring (default: Show mirror mode) Default Setting: disable Example: Enable the mirror mode for port 1-4.
PAGE 505
User’s Manual of WGSW-24040 / WGSW-24040R 6.15 Configuration Command Configuration Save Description: Save configuration to TFTP server. Syntax: Config Save Parameters: : TFTP server IP address (a.b.c.d) : Configuration file name Configuration Load Description: Load configuration from TFTP server. Syntax: Config Load [check] Parameters: : TFTP server IP address (a.b.c.
PAGE 506
User’s Manual of WGSW-24040 / WGSW-24040R 6.16 Firmware Command Firmware Load Description: Load new firmware from TFTP server. Syntax: Firmware Load Parameters: : IP host address (a.b.c.d) or a host name string : Firmware file name Firmware IPv6 Load Description: Load new firmware from IPv6 TFTP server.
PAGE 507
User’s Manual of WGSW-24040 / WGSW-24040R Activate the alternate firmware image.
PAGE 508
User’s Manual of WGSW-24040 / WGSW-24040R 6.17 UPnP Command UPnP Configuration Description: Show UPnP configuration. Syntax: UPnP Configuration Example: Show UPnP configuration. WGSW-24040:/>upnp configuration UPnP Configuration: =================== UPnP Mode : Disabled UPnP TTL :4 UPnP Advertising Duration : 100 UPnP Mode Description: Set or show the UPnP mode.
PAGE 509
User’s Manual of WGSW-24040 / WGSW-24040R WGSW-24040:/>upnp mode enable UPnP TTL Description: Set or show the TTL value of the IP header in SSDP messages. Syntax: UPnP TTL [] Parameters: : ttl range (1..255), default: Show UPnP TTL Default Setting: 4 Example: Set the value 10 for TTL value of the IP header in SSDP messages. WGSW-24040:/>upnp ttl 10 UPnP Advertising Duration Description: Set or show UPnP Advertising Duration.
PAGE 510
User’s Manual of WGSW-24040 / WGSW-24040R 6.18 MVR Command MVR Configuration Description: Show the MVR configuration. Syntax: MVR Configuration Example: Show the MVR configuration.
PAGE 511
User’s Manual of WGSW-24040 / WGSW-24040R MVR Mode [enable|disable] Parameters: enable : Enable MVR mode disable : Disable MVR mode (default: Show MVR mode) Default Setting: disable Example: Enable MVR mode. WGSW-24040:/>mvr mode enable MVR VLAN Setup Description: Set or show per MVR VLAN configuration.
PAGE 512
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: |: MVR VLAN ID (1-4095) or Name (Maximum of 32 characters) : Dynamic MVR mode dynamic compatible: Compatible MVR mode (default: Show MVR VLAN mode) MVR VLAN Port Description: Set or show per MVR VLAN port role.
PAGE 513
User’s Manual of WGSW-24040 / WGSW-24040R MVR VLAN Channel Description: Set or show per MVR VLAN channel.
PAGE 514
User’s Manual of WGSW-24040 / WGSW-24040R MVR Immediate Leave [] [enable|disable] Parameters: <: Port list or 'all', default: All ports enable : Enable Immediate Leave disable : Disable Immediate Leave (default: Show MVR Immediate Leave) MVR Status Description: Show/Clear MVR operational status. Syntax: MVR Status [] [clear] Parameters: : VLAN ID (1-4095) clear : Clear log MVR Groups Description: Show MVR group addresses.
PAGE 515
User’s Manual of WGSW-24040 / WGSW-24040R MVR SFM [] [] Parameters: : VLAN ID (1-4095) : Port list or 'all', default: All ports 515
PAGE 516
User’s Manual of WGSW-24040 / WGSW-24040R 6.19 Voice VLAN Command Voice VLAN Configuration Description: Show Voice VLAN configuration. Syntax: Voice VLAN Configuration Example: Show Voice VLAN configuration.
PAGE 517
User’s Manual of WGSW-24040 / WGSW-24040R Port ---- Mode -------- Security Discovery Protocol -------- ------------------ 1 Disabled Disabled OUI 2 Disabled Disabled OUI 3 Disabled Disabled OUI 4 Disabled Disabled OUI 5 Disabled Disabled OUI 6 Disabled Disabled OUI 7 Disabled Disabled OUI 8 Disabled Disabled OUI 9 Disabled Disabled OUI 10 Disabled Disabled OUI Voice VLAN Mode Description: Set or show the Voice VLAN mode.
PAGE 518
User’s Manual of WGSW-24040 / WGSW-24040R Voice VLAN ID Description: Set or show Voice VLAN ID. Syntax: Voice VLAN ID [] Parameters: : VLAN ID (1-4095) Default Setting: 1000 Example: Set ID 2 for Voice VLAN ID. WGSW-24040:/>voice vlan id 2 Voice VLAN Agetime Description: Set or show Voice VLAN age time.
PAGE 519
User’s Manual of WGSW-24040 / WGSW-24040R Voice VLAN Traffic Class Description: Set or show Voice VLAN ID. Syntax: Voice VLAN Traffic Class [] Parameters: : Traffic class (0-7) Default Setting: 7 Example: Set 4 traffic class for voice VLAN WGSW-24040:/>voice vlan traffic class4 Voice VLAN OUI Add Description: Add Voice VLAN OUI entry. Modify OUI table will restart auto detect OUI process. The maximum entry number is (16).
PAGE 520
User’s Manual of WGSW-24040 / WGSW-24040R Voice VLAN OUI Delete Description: Delete Voice VLAN OUI entry. Modify OUI table will restart auto detect OUI process. Syntax: Voice VLAN OUI Delete Parameters: : OUI address (xx-xx-xx). The null OUI address isn't allowed Example: Delete Voice VLAN OUI entry. WGSW-24040:/>voice vlan oui delete 00-11-22 Voice VLAN OUI Clear Description: Clear Voice VLAN OUI entry. Modify OUI table will restart auto detect OUI process.
PAGE 521
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: : OUI address (xx-xx-xx), default: Show OUI address Voice VLAN Port Mode Description: Set or show the Voice VLAN port mode. When the port mode isn't disabled, we must disable MSTP feature before we enable Voice VLAN. It can avoid the conflict of ingress filter. Syntax: Voice VLAN Port Mode [] [disable|auto|force] Parameters: : Port list or 'all', default: All ports disable : Disjoin from Voice VLAN.
PAGE 522
User’s Manual of WGSW-24040 / WGSW-24040R : Port list or 'all', default: All ports enable : Enable Voice VLAN security mode. disable: Disable Voice VLAN security mode (default: Show flow Voice VLAN security mode) Default Setting: disable Example: Enable the Voice VLAN port security mode for port 1-4. WGSW-24040:/>voice vlan security 1-4 enable Voice VLAN Discovery Protocol Description: Set or show the Voice VLAN port discovery protocol mode. It only work under auto detect mode is enabled.
PAGE 523
User’s Manual of WGSW-24040 / WGSW-24040R 6.20 Loop Protect Command Loop Protect Configuration Description: Show Loop Protection configuration. Syntax: Loop Protect Configuration Loop Protect Mode Description: Set or show the Loop Protection mode. Syntax: Loop Protect Mode [enable|disable] Parameters: enable : Enable Loop Protection disable: Disable Loop Protection Default Setting: enable Loop Protect Transmit Description: Set or show the Loop Protection transmit interval.
PAGE 524
User’s Manual of WGSW-24040 / WGSW-24040R Loop Protect Shutdown Description: Set or show the Loop Protection shutdown time. Syntax: Loop Protect Shutdown [] Parameters: Shutdown time interval (0-604800 seconds) A value of zero disables re-enabling the port Default Setting: 10 Loop Protect Port Configuration Description: Show Loop Protection port configuration.
PAGE 525
User’s Manual of WGSW-24040 / WGSW-24040R Loop Protect Port Action Description: Set or show the Loop Protection port action.
PAGE 526
User’s Manual of WGSW-24040 / WGSW-24040R 6.21 IPMC Command IPMC Configuration Description: Show IPMC snooping configuration. Syntax: IPMC Configuration [mld|igmp] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP IPMC Mode Description: Set or show the IPMC snooping mode.
PAGE 527
User’s Manual of WGSW-24040 / WGSW-24040R IPMC Flooding Description: Set or show the IPMC unregistered addresses flooding operation.
PAGE 528
User’s Manual of WGSW-24040 / WGSW-24040R Default Setting: disable Example: Enable IGMP Leave Proxy WGSW-24040:/>ipmc leave proxy igmp enable IPMC Proxy Description: Set or show the mode of IPMC Proxy.
PAGE 529
User’s Manual of WGSW-24040 / WGSW-24040R Parameters: mld|igmp : mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP : SSM Range keyword range : IPv4/IPv6 multicast group address, accordingly : Mask length for IPv4(4 ~ 32)/IPv6(8 ~ 128) ssm range, accordingly IPMC VLAN Add Description: Add the IPMC snooping VLAN interface.
PAGE 530
User’s Manual of WGSW-24040 / WGSW-24040R IPMC State Description: Set or show the IPMC snooping state for VLAN.
PAGE 531
User’s Manual of WGSW-24040 / WGSW-24040R Default Setting: enable Example: Enable IGMP querier for VLAN 1 WGSW-24040:/>ipmc querier igmp 1 enable IPMC Compatibility Description: Set or show the IPMC Compatibility.
PAGE 532
User’s Manual of WGSW-24040 / WGSW-24040R igmp: IPMC for IPv4 IGMP : Port list or 'all', default: All ports enable : Enable MLD fast leave disable: Disable MLD fast leave (default: Show IPMC fast leave mode) Default Setting: disable Example: Enable IGMP fast leave for all port WGSW-24040:/>ipmc fastleave igmp 1-10 enable IPMC Throttling Description: Set or show the IPMC port throttling status.
PAGE 533
User’s Manual of WGSW-24040 / WGSW-24040R IPMC Filtering Description: Set or show the IPMC port group filtering list.
PAGE 534
User’s Manual of WGSW-24040 / WGSW-24040R Show IPMC operational status, accordingly. Syntax: IPMC Status [mld|igmp] [] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP : VLAN ID (1-4095) or 'any', default: Show all VLANs Example: Show VLAN 1 IPMC operational status WGSW-24040:/>ipmc status igmp 1 IPMC Groups Description: Show IPMC group addresses, accordingly.
PAGE 535
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: IPMC Version [mld|igmp] [] Parameters: mld|igmp: mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP : VLAN ID (1-4095) or 'any', default: Show all VLANs Example: Show VLAN 1 IPMC Versions. WGSW-24040:/>ipmc version igmp 1 IPMC SFM Description: Show SFM (including SSM) related information for IPMC.
PAGE 536
User’s Manual of WGSW-24040 / WGSW-24040R mld : IPMC for IPv6 MLD igmp: IPMC for IPv4 IGMP : VLAN ID (1-4095) or 'any', default: Show all VLANs ipmc_param_rv: -1 1~255 : Default Value (2) : Robustness Variable (default: Show IPMC Interface Robustness Variable IPMC Parameter QI Description: Set or show the IPMC Query Interval.
PAGE 537
User’s Manual of WGSW-24040 / WGSW-24040R : VLAN ID (1-4095) or 'any', default: Show all VLANs ipmc_param_qri: -1 : Default Value (100) 0~31744 : Query Response Interval in tenths of seconds (default: Show IPMC Interface Query Response Interval IPMC Parameter LLQI Description: Set or show the IPMC Last Listener Query Interval.
PAGE 538
User’s Manual of WGSW-24040 / WGSW-24040R -1 : Default Value (1) 0~31744 : Unsolicited Report Interval in seconds (default: Show IPMC Interface Unsolicited Report Interval 538
PAGE 539
User’s Manual of WGSW-24040 / WGSW-24040R 6.22 sFlow Command sFlow Configuration Description: Show global and per port sFlow configuration. Syntax: sFlow Configuration sFlow Receiver Description: Set or show the sFlow receiver timeout, IP address, and UDP port. Syntax: sFlow Receiver [release] [] [] [] [] Parameters: release : Release the current owner of the receiver.
PAGE 540
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: sFlow FlowSampler [] [] [] Parameters: : Port list or 'all'. Default: All ports. : Specifies the statistical sampling rate The sample rate is specified as N to sample 1/Nth of the packets in the monitored flows. There are no restrictions on the value, but the switch will adjust it to the closest possible sampling rate. 0 disables sampling.
PAGE 541
User’s Manual of WGSW-24040 / WGSW-24040R sFlow Statistics Samplers Description: Get or clear per-port statistics. Syntax: sFlow Statistics Samplers [] [clear] Parameters: : Port list or 'all'. Default: All ports. clear : Clear statistics.
PAGE 542
User’s Manual of WGSW-24040 / WGSW-24040R 6.23 VLAN Control List Command VCL MAC-based VLAN Configuration Description: Show VCL MAC-based VLAN configuration. Syntax: VCL Macvlan Configuration VCL MAC-based VLAN Add Description: Add or modify VCL MAC-based VLAN entry.
PAGE 543
User’s Manual of WGSW-24040 / WGSW-24040R Example: Delete 00-11-22-33-44-55-66 in MAC-based VLAN list WGSW-24040:/> vcl macvlan del 00-11-22-33-44-55-66 VCL Stasus Description: Show VCL MAC-based VLAN users configuration. Syntax: VCL Status [combined|static|nas|all] Parameters: combined|static|nas|all: VCL User VCL Protocol-based VLAN Add Ethernet II Description: Add VCL protocol-based VLAN Ethernet-II protocol to group mapping.
PAGE 544
User’s Manual of WGSW-24040 / WGSW-24040R : PID value (0x0-0xFFFF). If OUI is 00-00-00, valid range of PID is from 0x0600-0xFFFF. : Protocol group ID VCL Protocol-based VLAN Add LLC Description: Add VCL protocol-based VLAN LLC protocol to group mapping.
PAGE 545
User’s Manual of WGSW-24040 / WGSW-24040R : PID value (0x0-0xFFFF). If OUI is 00-00-00, valid range of PID is from 0x0600-0xFFFF. VCL Protocol-based VLAN Delete LLC Description: Delete VCL protocol-based VLAN LLC protocol to group mapping. Syntax: VCL ProtoVlan Protocol Delete Llc Parameters: : DSAP value (0x00-0xFF) : SSAP value (0x00-0xFF) VCL Protocol-based VLAN Add Description: Add VCL protocol-based VLAN group to VLAN mapping.
PAGE 546
User’s Manual of WGSW-24040 / WGSW-24040R : Protocol group ID VCL Protocol-based VLAN Configuration Description: Show VCL protocol-based VLAN entries. Syntax: VCL ProtoVlan Conf VCL IP-based VLAN Configuration Description: Show VCL IP Subnet-based VLAN configuration. Syntax: VCL IPVlan Configuration [] Parameters: : Unique VCE ID for each VCL entry VCL IP-based VLAN Add Description: Add or modify VCL IP Subnet-based VLAN entry.
PAGE 547
User’s Manual of WGSW-24040 / WGSW-24040R VCL IP-based VLAN Delete Description: Delete VCL IP Subnet-based VLAN entry.
PAGE 548
User’s Manual of WGSW-24040 / WGSW-24040R 6.24 SMTP Command SMTP Configuration Description: Show SMTP configure. Syntax: SMTP Configuration SMTP Mode Description: Enable or disable SMTP configure. Syntax: SMTP Mode [enable|disable] Parameters: enable : Enable SMTP mode disable : Disable SMTP mode (default: Show SMTP mode) SMTP Server Description: Set or show SMTP server configure.
PAGE 549
User’s Manual of WGSW-24040 / WGSW-24040R SMTP Auth Description: Enable or disable SMTP authentication configure. Syntax: SMTP Auth [enable|disable] Parameters: enable : Enable SMTP authentication disable : Disable SMTP authentication (default: Show SMTP authentication) SMTP Auth_user Description: Set or show SMTP authentication user name configure.
PAGE 550
User’s Manual of WGSW-24040 / WGSW-24040R SMTP Mail From Description: Set or show SMTP E-mail from configure. Syntax: SMTP Mailfrom [] Parameters: : SMTP E-mail from address SMTP Mail Subject Description: Set or show SMTP E-mail subject configure. Syntax: SMTP Mailsubject [] Parameters: : SMTP E-mail subject SMTP Mail to 1 Description: Set or show SMTP E-mail 1 to configure.
PAGE 551
User’s Manual of WGSW-24040 / WGSW-24040R Syntax: SMTP Mailto2 [] Parameters: : SMTP E-mail 2 to address 551
PAGE 552
User’s Manual of WGSW-24040 / WGSW-24040R 7. SWITCH OPERATION 7.1 Address Table The Switch is implemented with an address table. This address table composed of many entries. Each entry is used to store the address information of some node in network, including MAC address, port no, etc. This in-formation comes from the learning process of Ethernet Switch. 7.2 Learning When one packet comes in from any port, the Switch will record the source address, port no.
PAGE 553
User’s Manual of WGSW-24040 / WGSW-24040R 7.5 Auto-Negotiation The STP ports on the Switch have built-in "Auto-negotiation". This technology automatically sets the best possible bandwidth when a connection is established with another network device (usually at Power On or Reset). This is done by detect the modes and speeds at the second of both device is connected and capable of, both 10Base-T and 100Base-TX devices can connect with the port in either Half- or Full-Duplex mode.
PAGE 554
User’s Manual of WGSW-24040 / WGSW-24040R 8. TROUBLE SHOOTING This chapter contains information to help you solve problems. If the Ethernet Switch is not functioning properly, make sure the Ethernet Switch was set up according to instructions in this manual.
PAGE 555
User’s Manual of WGSW-24040 / WGSW-24040R  4. If that device works, refer to the next step. 5. If that device does not work, check the AC power While IP Address be changed or forgotten admin password – To reset the IP address to the default IP Address “192.168.0.100” or reset the password to default value. Press the hardware reset button at the front panel about 10 seconds. After the device is rebooted, you can login the management WEB interface within the same subnet of 192.168.0.xx.
PAGE 556
User’s Manual of WGSW-24040 / WGSW-24040R APPENDEX A A.1 Switch's RJ-45 Pin Assignments 1000Mbps, 1000Base T Contact MDI MDI-X 1 BI_DA+ BI_DB+ 2 BI_DA- BI_DB- 3 BI_DB+ BI_DA+ 4 BI_DC+ BI_DD+ 5 BI_DC- BI_DD- 6 BI_DB- BI_DA- 7 BI_DD+ BI_DC+ 8 BI_DD- BI_DC- Implicit implementation of the crossover function within a twisted-pair cable, or at a wiring panel, while not expressly forbidden, is beyond the scope of this standard. A.
PAGE 557
User’s Manual of WGSW-24040 / WGSW-24040R The standard cable, RJ-45 pin assignment The standard RJ-45 receptacle/connector There are 8 wires on a standard UTP/STP cable and each wire is color-coded.
PAGE 558
User’s Manual of WGSW-24040 / WGSW-24040R APPENDEX B : GLOSSARY A ACE ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed, different parameter options that are available for individual application. ACL ACL is an acronym for Access Control List.
PAGE 559
User’s Manual of WGSW-24040 / WGSW-24040R ranging from 1-1024K packets per seconds. Under "Ports" and "Access Control List" web-pages you can assign a Rate Limiter ID to the ACE(s) or ingress port(s). AES AES is an acronym for Advanced Encryption Standard. The encryption key protocol is applied in 802.1i standard to improve WLAN security. It is an encryption standard by the U.S. government, which will replace DES and 3DES. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 bits.
PAGE 560
User’s Manual of WGSW-24040 / WGSW-24040R C CC CC is an acronym for Continuity Check. It is a MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP. CCM CCM is an acronym for Continuity Check Message. It is a OAM frame transmitted from a MEP to it's peer MEP and used to implement CC functionality. CDP CDP is an acronym for Cisco Discovery Protocol. D DEI DEI is an acronym for Drop Eligible Indicator. It is a 1-bit field in the VLAN tag.
PAGE 561
User’s Manual of WGSW-24040 / WGSW-24040R Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task. This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address. DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain.
PAGE 562
User’s Manual of WGSW-24040 / WGSW-24040R DSCP DSCP is an acronym for Differentiated Services Code Point. It is a field in the header of IP packets for packet classification purposes. E EEE EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802.3az. EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU/T G.8031. Ethernet Type Ethernet Type, or EtherType, is a field in the Ethernet MAC header, defined by the Ethernet networking standard.
PAGE 563
User’s Manual of WGSW-24040 / WGSW-24040R connection to a particular port on a remote host (port 80 by default). An HTTP server listening on that port waits for the client to send a request message. HTTPS HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer. It is used to indicate a secure HTTP connection.
PAGE 564
User’s Manual of WGSW-24040 / WGSW-24040R from a mail server. IMAP is the protocol that IMAP clients use to communicate with the servers, and SMTP is the protocol used to transport mail to an IMAP server. The current version of the Internet Message Access Protocol is IMAP4. It is similar to Post Office Protocol version 3 (POP3), but offers additional and more complex features. For example, the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer.
PAGE 565
User’s Manual of WGSW-24040 / WGSW-24040R LLDP is an IEEE 802.1ab standard protocol.
PAGE 566
User’s Manual of WGSW-24040 / WGSW-24040R For debugging network problems or monitoring network traffic, the switch system can be configured to mirror frames from multiple ports to a mirror port. (In this context, mirroring a frame is the same as copying the frame.) Both incoming (source) and outgoing (destination) frames can be mirrored to the mirror port. MLD MLD is an acronym for Multicast Listener Discovery for IPv6.
PAGE 567
User’s Manual of WGSW-24040 / WGSW-24040R NTP NTP is an acronym for Network Time Protocol, a network protocol for synchronizing the clocks of computer systems. NTP uses UDP (datagrams) as transport layer. O OAM OAM is an acronym for Operation Administration and Maintenance. It is a protocol described in ITU-T Y.1731 used to implement carrier ethernet functionality. MEP functionality like CC and RDI is based on this. Optional TLVs.
PAGE 568
User’s Manual of WGSW-24040 / WGSW-24040R PING ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer. The other computer responds with an acknowledgment that it received the packets. Ping was created to verify whether a specific computer on a network or the Internet exists and is connected. ping uses Internet Control Message Protocol (ICMP) packets.
PAGE 569
User’s Manual of WGSW-24040 / WGSW-24040R QCE QCE is an acronym for QoS Control Entry. It describes QoS class associated with a particular QCE ID. There are six QCE frame types: Ethernet Type, VLAN, UDP/TCP Port, DSCP, TOS, and Tag Priority. Frames can be classified by one of 4 different QoS classes: "Low", "Normal", "Medium", and "High" for individual application. QCL QCL is an acronym for QoS Control List.
PAGE 570
User’s Manual of WGSW-24040 / WGSW-24040R RADIUS is an acronym for Remote Authentication Dial In User Service. It is a networking protocol that provides centralized access, authorization and accounting management for people or computers to connect and use a network service. RDI RDI is an acronym for Remote Defect Indication.
PAGE 571
User’s Manual of WGSW-24040 / WGSW-24040R SNAP The SubNetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP) fields. SNAP supports identifying protocols by Ethernet type field values; it also supports vendor-private protocol identifier. SNMP SNMP is an acronym for Simple Network Management Protocol.
PAGE 572
User’s Manual of WGSW-24040 / WGSW-24040R T TACACS+ TACACS+ is an acronym for Terminal Acess Controller Access Control System Plus. It is a networking protocol which provides access control for routers, network access servers and other networked computing devices via one or more centralized servers. TACACS+ provides separate authentication, authorization and accounting services. Tag Priority Tag Priority is a 3-bit field storing the priority level for the 802.1Q frame.
PAGE 573
User’s Manual of WGSW-24040 / WGSW-24040R determine the priority from the 6-bit ToS field in the IP header. The most significant 6 bits of the ToS field are fully decoded into 64 possibilities, and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit (0~63). TLV TLV is an acronym for Type Length Value. A LLDP frame can contain multiple pieces of information. Each of these pieces of information is known as TLV.
PAGE 574
User’s Manual of WGSW-24040 / WGSW-24040R Virtual LAN. A method to restrict communication between switch ports. VLANs can be used for the following applications: VLAN unaware switching: This is the default configuration. All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1. This means that MAC addresses are learned in VLAN 1, and the switch does not remove or insert VLAN tags. VLAN aware switching: This is based on the IEEE 802.1Q standard. All ports are VLAN aware.
PAGE 575
User’s Manual of WGSW-24040 / WGSW-24040R necessarily with first generation wireless access points. WPA2 implements the full standard, but will not work with some older network cards (Wikipedia). WPA-PSK WPA-PSK is an acronym for Wi-Fi Protected Access - Pre Shared Key. WPA was designed to enhance the security of wireless networks. There are two flavors of WPA: enterprise and personal. Enterprise is meant for use with an IEEE 802.1X authentication server, which distributes different keys to each user.
PAGE 576
EC Declaration of Conformity For the following equipment: *Type of Product: 24-Port 10/100/1000Mbps with 4 Shared SFP Managed Gigabit Switch *Model Number: WGSW-24040 / WGSW-24040R / SGSW-24040 / SGSW-24040R * Produced by: Manufacturer‘s Name : Manufacturer‘s Address: Planet Technology Corp. 10F., No.96, Minquan Rd., Xindian Dist., New Taipei City 231, Taiwan (R.O.C.).