2 Switch Access
Contents
1. Figure 58 Setting ACL Entry Parameters 1 SICOM3024P The switch provides a number of ACL entry parameters You need to click lt Next gt to finish setting all of them as shown in the following figures Configure Item 1537 1537 65535 7 os 8 i i ios L 2 lo 1000 0 1023 60 0 63 5000 _ 0 85835 E Cs ie 4093 e 1 4093 e 1 4093 w Figure 59 Setting ACL Entry Parameters 2 SICOM3024P 58 Configure Item 65000 1 65535 Advanced Configuration Kl Konse Kl Elon ses 1 65535 Kl EF 88535 21 1 65535 Kl Elon seess Kl Elon seesa None None None Disable Disable Disable Kl F 28525 Zelle 1 65535 Figure 60 Setting ACL Entry Parameters 3 SICOM3024P Configure Item 1 1 65535 ind of Ethie v OOOO 3 HEN 1 65535 eft O O O E 0 63 1 65535 eft ov 0 63 Figure 61 Setting ACL Entry Parameters 4 SICOM3024P Group Forcible configuration 1 Item Range 1 1023 Function Set the ID of the ACL entry You can configure a maximum of 1023 59 Advanced Configuration ACL entries When multiple ACL entries are configured they are compared with packets in the ascending order of IDs Action Options Deny Redir Port Mirror Port Forwar2. Figure 124 GMRP Agent Entry Configuration MAC Format HHHHHHHHHHHH H is a hexadecimal number Function Configure the MAC address of multicast group The lowest bit of the first byte is 1 VLAN ID Options all created VLAN numbers Function Configure the VLAN ID for the GMRP agent entry Description GMRP agent entry can only be forwarded from the propagation 128 Advanced Configuration port with the VLAN ID same as this entry s VLAN ID Member Port List Select the member port for the agent entry The port can only be selected from GMRP agent enabled ports Source Port List Options all GMRP agent enabled ports 4 View modify or delete a GMRP agent entry as shown in the following figure GMRP Agent List O1 01 00 00 00 00 01 1 S1 FE1 O2 01 00 00 00 00 02 2 S1 FE1 Figure 125 GMRP Agent Entry Operations A GMRP agent entry consists of the MAC address VLAN ID and member port To delete an entry select the entry and click lt Delete gt To modify an entry select the entry and click lt Modify gt 5 View the multicast members of this agent entry on the connected neighbor device as shown in the following figure The following conditions shall be met gt GMRP is enabled on the inter connected devices gt The two ports that connect the devices must be propagation ports and the VLAN ID of the propagation port on the local device must be identical with that in the agent entry GMRP Dynam
3. S1 FE1 0 Kbps D kops SIEEZ 70 80 Kbps 90 _ kbps S1FE3 0 o kops 0 Kbps S1 FE4 0 0 Kbps 0 Kbps S1 FE5 0 D rte 0 Kbps S1 FE6 H D kbps 0 Kbps S4 FE7 H D ps 0 Kbps S1 FE8 0 0s kops 0 Kbps S4 GE1 0 D kbps 0 Kbps S4 GE2 H 0s kbps 0 Kbps 0 H Kbps 0 Kbps D D Kbps D Kbps Figure 30 Port Rate Control Service Broadcast Range 64 1000000Kbps Function Configure rate control for packets on the port Packets whose rate is higher than the specified value are discarded Description The ingress rate for a 100M port ranges from 64 to 100000Kbps The ingress rate for a 1000M port ranges from 64 to 1000000Kbps OutRate Range 64 1000000Kbps Function Limit the rate of packets forwarded by a port 31 Advanced Configuration Description The egress rate for a 100M port ranges from 64 to 100000Kbps The ingress rate for a 1000M port ranges from 64 to 1000000Kbps Caution If a rate value is set to 0 rate control is disabled on the port CAUTION 6 1 3 Typical Configuration Example Set the rate threshold of unicast and multicast packets on port 2 to 70Kbps broadcast packets to 80Kbps and outgoing rate to 90Kbps Configuration steps 1 Select unicast and multicast packets in the Service column and broadcast packets in the Broadcast column as shown in Figure 29 2 On port 2 set the service rate threshold to 70Kbps broadcast rate threshold to 80Kbps
4. Prony Queue 0 Oo lw 1 0 g 2 1 3 1 v 4 2 w 5 2 6 j St a 7 ar E Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 106 802 1p Priority Queue Mapping SICOM3048 802 1P Priority Portfolio Priority Queue Range 0 7 0 3 Default Priority 0 and 1 are mapped to queue 0 priority 2 and 3 are mapped to queue 1 Priority 4 and 5 are mapped to queue 2 priority 6 and 7 are mapped to queue 3 Function Configure the mapping between 802 1p priority and queue 5 Configure IP TOS priority queue mapping Click lt IP TOS Priority gt in Figure 103 to configure the IP TOS priority queue mapping as shown in the following figure IP TOS Priority 0 7 IP TOS 0 IP TOS 1 IP TOS 2 IP TOS 3 IP TOS 4 IPTOS5 IPTOS6 IP TOS7 eletetetetetete lt lt lt lt j lt lt lt lt Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 107 IP TOS Priority Queue Mapping SICOM3048 110 Advanced Configuration IP TOS Priority Portfolio Priority Queue Range 0 7 0 3 Default Priority O to 7 is mapped to queue 0 Function Configure the mapping between IP TOS priority and queue 6 Configure DSCP priority queue mapping Click lt DSCP Priority gt in Figure 103 to configure the DSCP priority queue mapping as shown in the following figure DSCP Priority 0 63 pscp o mom pscP
5. Figure 121 Port Traffic Alarm Information 6 21 GMRP Configuration and Query 6 21 1 GARP The Generic Attribute Registration Protocol GARP is used for distributing registering and cancelling certain information VLAN multicast address among switches on the same network GARP applications include GVRP and GMRP With GARP the configuration information of a GARP member will distribute the information to the entire switching network A GARP member instructs the 123 Advanced Configuration other GARP members to register or cancel its own configuration information by means of join leave message respectively The member also registers or cancels the configuration information of other members based on join leave messages sent by other members GARP involves three types of messages Join Leave and LeaveAll gt When a GARP application entity wants to register its own information on other switches the entity sends a Join message Join messages fall into two types JoinEmpty and JoinIn A Joinln message is sent to declare a registered attribute while a JoinEmpty message is sent to declare an attribute that is not registered yet gt When a GARP application entity wants to cancel its own information on other switches the entity sends a Leave message gt After a GARP entity starts it starts the LeaveAll timer When the timer expires the entity sends a LeaveAll message Note z An application entity indicates a
6. Caution CAUTION RSTP transparent transmission cannot be enabled on an RSTP enabled port 6 14 3 Typical Configuration Example As shown in Figure 96 Switch A Switch B Switch C and Switch D form a DT ring and Switch E and Switch F form an RSTP ring In the RSTP ring the entire DT ring serves as a transparent link to forward RSTP packets of Switch E and Switch F gt Configure Switch A Switch B Switch C and Switch D as a DT ring For 101 Advanced Configuration details see section 6 12 DT Ring gt Enable RSTP on the involved ports of Switch E and Switch F as shown in Figure 92 and Figure 94 gt Enable RSTP transparent transmission on ports A1 A2 A3 B1 B2 B3 C1 C2 D1 and D2 as shown in Figure 97 6 15 QoS 6 15 1 Overview Quality of Service QoS enables differentiated services based on different requirements under limited bandwidths by means of traffic control and resource allocation on IP networks QoS tries to satisfy the transmission of different services to reduce network congestion and minimize congestion s impact on the services of high priority QoS mainly involves service identification congestion management and congestion avoidance Service identification Objects are identified based on certain match rules For example the objects can be priority tags carried by packets priority mapped by ports and VLANs or priority information mapped by quintuples Service identification is
7. cccccceeeessereeeeeeeeeeeees 101 Oil 5 OOS E 102 Geol OVEN EW ananena fa ae ee ete 102 6 19 25 De ee TE 103 6 15 3 Web Configuration GICOMD0O2AD 104 6 15 4 Web Configuration SICOM3048 ssssseeeeeeesesneennneeeesernne 107 6 15 5 Typical Configuration Example ccccceeeeeeeeeeeeeeeeeeeees 112 6 16 MAC Address Aging Time sssssseneeeeseesssennnreesserrrrrnnnrnsseerrrrrren 113 G a Wee 113 6 16 2 Web Configuration ee 113 ae Ee 114 BET EENEG 114 6 17 2 Web Configuration ee 114 Sie bo ail AR 114 BB Wee e 114 6 18 2 Web Configuration E 115 GEN KE d EE 117 Wee 117 6 19 2 Web Configuration BE 118 6 20 POR e BEE 122 E Me E 122 6 20 2 Web COnmquralions csen crescent e atau ta sae 122 6 21 GMRP Configuration and Query ccceeeeeeeeeeeeeeeeeeeeeseeeeeeeees 123 IV 621 1 e ee a ear Sa ee een depen ee cn 123 6 21 2 GMRP teeeg ee eege eege ege eet 125 6 213 DESCMPUOM eege 125 6 21 4 Web Configuration cccceecccceeeeeeee tere eeeeeeeeeeeeeeeeeeeeteee 126 6 21 5 Typical Configuration Example ccc eeeeeeeeeeeeeeeeeeenees 130 B22 ee oie ake ats cated AS E catsuit ET E ETET EE 131 B22 Me EE 131 6 222 RMON Eet E 132 6 22 3 Web Configuration cccceccccceeeceeeeeeeeeeeeeeeeeeteeeeeeeeeeeteees 133 6 20 Ee 138 GE WEE E 138 6 23 2 RT te e E 138 6 23 3 Web Configuration cccccccecceeeceeeeeeeeeeeeeeeeeeneeeeeeeeeeeteees 138 6 24 Unicast Address Configuration and
8. vian 100 T vian 200 vian 300 Figure 39 Selecting PVLAN Members PVLAN List Options select deselect 41 Advanced Configuration Default deselect Function Select PVLAN members Note e Both shared and isolation domains are member VLANs of PVLAN NOTE 6 3 3 Typical Configuration Example Figure 40 shows a PVLAN application VLAN300 is a shared domain and port 1 and port 2 are uplink ports VLAN100 and VLAN200 are isolation domains and port 3 4 5 and 6 are downlink ports VLAN 300 Figure 40 PVLAN Configuration Example Configuration steps 1 Configure the shared domain VLAN 300 as shown in Figure 38 Set port 1 and port 2 to Untag ports and add them to VLAN 300 Set port 3 and port 4 to Tag ports and add them to VLAN 300 Enable PVLAN on the two ports Set port 5 and port 6 to Tag ports and add them to VLAN 300 Enable PVLAN on the two ports 2 Configure VLAN 100 an isolation domain as shown in Figure 38 Set port 1 and port 2 to Tag ports and add them to VLAN 100 Enable PVLAN on the two ports 42 Advanced Configuration Set port 3 and port 4 to Untag ports and add them to VLAN 100 3 Configure VLAN 200 an isolation domain as shown in Figure 38 Set port 1 and port 2 to Tag ports and add them to VLAN 200 Enable PVLAN on the two ports Set port 5 and port 6 to Untag ports and add them to VLAN 200 4 Set VLAN300 VLAN100 and VLAN200 to PVLAN members as shown i
9. Advanced Configuration Figure 129 RMON History Table Index Range 1 65535 Function Configure the number of the history entry Data Source Options iflndex portid Function Select the port whose information is to be sampled Owner Range 1 32 characters Function Configure the name of the history entry Sampling Number Range 1 65535 Function Configure the sampling times of the port Sampling Space Range 1 3600s Function Configure the sampling period of the port 3 Configure the event table as shown in the following figure Figure 130 RMON Event Table Index Range 1 65535 134 Advanced Configuration Function Configure the index number of the event entry Owner Range 1 32 characters Function Configure the name of the event entry Event Type Options NONE LOG Snmp Trap Log and Trap Default NONE Function Configure the event type for alarms that is the processing mode towards alarms Event Description Range 1 127 characters Function Describe the event Event Community Range 1 127 characters Function Configure the community name for sending a trap event The value shall be identical with that in SNMP 4 Configure the alarm table as shown in the following figures ee lee ele A h ifIndex 1 d To Absolute na 0 0 0 3 a a ee GE Figure 131 RMON Alarm Table 1213 MIB
10. Disable s EDD ms 00000 ms S4iGE3 Disable si Disable CONTE ms lune RBD S4 GE4 Disable sel Disable op ms Em ms pp Figure 123 Port GMRP Configuration GMRP Enable Options Enable Disable Default Disable Function Enable or disable the GMRP function on the port Agent Enable Options Enable Disable Default Disable Function Enable or disable the GMRP agent function on the port Caution gt Agent port cannot propagate agent entry CAUTION gt To enable the GMRP agent function on a port you need to enable the GMBRP function first Hold Timer Range 100ms 327600ms Default 100ms Description This value must be a multiple of 100 It is better to set the Hold timers on all GMRP enabled ports to the same time 127 Advanced Configuration Join Timer Range 100ms 327600ms Default 500ms Description This value must be a multiple of 100 It is better to set the Join timers on all GMRP enabled ports to the same time Leave Timer Range 100ms 327600ms Default 3000ms Description This value must be a multiple of 100 It is better to set the Leave timers on all GMRP enabled ports to the same time 3 Add a GMRP agent entry as shown in the following figure GMRP Agent Set 010000000001 1 1 4093 Port List NOTE Multicast propagation port cannot be set as member port 1 FE1
11. 89 Advanced Configuration Options all switch ports Function Set a port to backup port Explanation Enable DT Ring before setting backup port Add VLAN List Options all created VLANs Function Select the VLANs for the ring port After parameters are set the DT Ring List shows all created rings as shown in the following figure DT RING List Fat master ES Enable SURES 0 b 2 slave S1 FE4 S1 FE Enable S1 FE6 0 Add Figure 89 DT Ring List 4 View and modify DT Ring configuration Click a DT Ring entry in Figure 89 to show its ring configuration and modify it as shown in the following figure DT RING Configuration DT RING master 1 FE1 S1 FE3 Figure 90 DT Ring Configuration Click lt Apply gt for changes to take effect after modification Click lt Delete gt to delete the DT Ring configuration entry 90 Advanced Configuration 5 View DT Ring and port status as shown in the following figure DT RING State List DT RING blocking forwarding RING CLOSE DT RING 192 168 0 119 00 1E CD 10 23 38 blocking 192 168 0 109 00 00 EE EE 02 05 blocking Figure 91 DT Ring State 6 12 5 Typical Configuration Example As shown in Figure 83 Switch A B C and D form Ring 1 Switch E F G and H form ring 2 Links CE and DF are the backup links between Ring 1 and Ring 2 Configuration on Switch A 1 D
12. Default Enable Function Allow the port to receive data or not Description Enable indicates the port can transmit data Disable indicates the port cannot transmit data Reset Options Reset Noreset Default Noreset Function Reset the port or not 5 4 Password Change You can change the password for user name admin as shown in the following figure admin Figure 20 Password Change 5 5 Software Update Software updates may help the switch to improve its performance For this 24 Basic Configuration series switches software updates include BootROM software version update and system software version update The BootROM software version should be updated before the system software version If the BootROM version does not change you can update only the system software version The software version update requires an FTP server 5 5 1 Software Update through FTP Install an FTP server The following uses WFTPD software as an example to introduce FTP server configuration and software update 1 Click Security Users Rights The Users Rights Security Dialog dialog box is displayed Click lt New User gt to create a new FTP user as shown in the following figure Create a user name and password for example user name admin and password 123 Click lt OK gt EY No log file open WFIPD User Name User New User Delete Change Pass Ho
13. Table 4 Different Processing Modes for Packets Processing Received Packets Processing Packets to Be Forwarded Untagged packets Tagged packets Port Type Packet Processing gt Ifthe VLAN IDina Forward the packet after Untag packet is in the list removing the tag of VLANs allowed through accept the Add PVID tags to packet untagged packets gt If the VLAN ID ina Keep the tag and forward packet is not in the we the packet list of VLANs allowed through discard the packet 6 2 4 Web Configuration 1 Configure the VLAN transparent transmission mode as shown in the following figure 34 Advanced Configuration Ingress VLAN Filter Nonmember Drop v Untagged Port VLAN List o default 1 Figure 31 Configuring VLAN Transparent Transmission Mode Ingress VLAN Filter Options Nonmember Drop Nonmember Forward Default Nonmember Drop Function Configure the VLAN transparent transmission mode Description The transparent transmission mode indicates whether the switch checks incoming packets on a port If Nonmember Drop is selected a packet is discarded when the VLAN tag of the packet is different from the VLAN of the port If Nonmember Forward is selected a packet is accepted when the VLAN tag of the packet is identical with that of any other connected port on the switch otherwise the packet is discarded 2 Create a VLAN Click lt Add gt in Figure 31 to create a VLAN As show
14. pscr 13 0 eilD chbi i 0 eilD chisi D e Deche 0 DscP17 0 eilD chi i 0 eilD chi i D e pscP 20 0 ellpechb il 0 ellpgchba i 0 v Dscr 23 D v Dscp 24 0 v DscP25 0 eilD ch ei 0 Dscr 27 D e DScP 28 0 DScP29 0 pscP30 0 ellpgchbai D e DSCP 32 0 ellpechba l 0 pDscP34 0 v DscP3s5 D v Dscp 36 0 DscP37 0 eilD ch i 0 eilD ch i 0 e pscp 40 0 Dscr41 0 DscP42 0 ellD cChA i D e pscp 44 0 pscp45 0 eilD ch ei 0 v DscP47 D e pscp 48 0 Dscp49 0 w DscrP 50 0 eilD chbsi D e DScP 52 0 ellpgchbsai 0 v DscP 54 0 pscPss D v pscrs6 0 v DSscPs7 D DscPss 0 eilD chsai D e Dechen 0 y Dscr61 0 DscP62 0 Dscr 63 D e Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 102 DSCP Priority Queue Mapping SICOM3024P DSCP Priority Portfolio DSCP Qos Queue Range 0 63 0 3 Default Priority 0 to 63 is mapped to queue 0 Function Configure the mapping between DSCP priority and queue 6 15 4 Web Configuration SICOM3048 1 Configure the QoS mode as shown in the following figure Qos Mode 802 1P Priority DSCP MODE w DSCP Priority Figure 103 QoS Mode SICOM3048 Qos Mode Options Disable WRR Hq preempt Default Hq preempt Function Configure the scheduling mode of a port 107 Advanced Configuration IP TOS DSCP Options DSCP MODE IPTOS MODE Default DSCP MODE Function If TOS DIFF is selec
15. 46 Advanced Configuration 6 5 4 Web Configuration 1 Add Port Trunk Click lt Add gt to add a trunk group as shown in the following figure Figure 45 Adding a Trunk Group 2 Configure the trunk group as shown in the following figure 1 Figure 46 Configuring the Trunk Group Trunk ID SICOM3024P Range 1 14 Function Set the trunk group ID Description The series switches support a maximum of 14 trunk groups Each group can contain a maximum of 4 ports Trunk ID SICOM3048 Range 1 6 Function Set the trunk group ID Description The series switches support a maximum of 6 trunk groups Each group can contain a maximum of 4 ports 47 Advanced Configuration 3 View trunk group list as shown in the following figure trunk 1 trunk 2 S1 FE2 S1 FE3 S1 FE4 S1 FE5 S1 FE6 S1 FE7 Figure 47 Trunk Group List Lock Lock the member ports of a trunk group After locked member ports are deleted from a trunk group you must enable the ports manually to unlock the ports Click a trunk group in Figure 47 You can modify or delete the trunk group as shown in the following figure Figure 48 Modifying Deleting a Trunk Group After modifying group member settings add a new port to the group or delete a port member from the group click lt Apply gt to make the modification take effect If you click lt Delete gt you can delete t
16. Advanced Configuration in Figure 123 The following table lists the dynamically learned GMRP multicast entries on Switch B Table 7 Dynamic Multicast Entries Attribute of Port 2 on Attribute of Port 2 on Multicast Entries Switch A Switch B Received on Switch B MAC 01 00 00 00 00 01 Untag1 Untag1 VLAN ID 1 Member port 2 MAC 01 00 00 00 00 02 Untag2 Untag2 VLAN ID 2 Member port 2 MAC 01 00 00 00 00 01 Untag1 Untag2 VLAN ID 2 Member port 2 6 22 RMON 6 22 1 Overview Based on SNMP architecture Remote Network Monitoring RMON allows network management devices to proactively monitor and manage the managed devices An RMON network usually involves the Network Management Station and Agents The NMS manages Agents and Agents can collect statistics on various types of traffic on these ports RMON mainly provides statistics and alarm functions With the statistics function Agents can periodically collect statistics on various types of traffic on these ports such as the number of packets received from a certain network segment during a certain period Alarm function is that Agents can monitor the values of specified MIB variables When a value reaches the alarm threshold such as the number of packets reaches the specified value Agent can 131 Advanced Configuration automatically record alarm events in RMON log or send a Trap message to the management device 6 22 2 RMON G
17. and those in queue 3 enjoy 8 2 4 8 bandwidth Packets received through port 1 and port 4 are put into queue 3 and forwarded according to the FIFO mechanism The total bandwidth ratio of port 1 and port 4 is 8 2 4 8 6 16 MAC Address Aging Time 6 16 1 Overview Switch ports can learn addresses automatically The switch adds the source addresses source MAC address switch port number of received frames to the address table Aging time starts from when a dynamic MAC address is added to the MAC address table If no port receives a frame with the MAC address within one to two times the aging time then the switch deletes the entry of the MAC address from the dynamic forwarding address table Static MAC address table does not involve the concept of aging time 6 16 2 Web Configuration Configure MAC address aging time as shown in the following figure 300 15 3600 sec Figure 110 MAC Address Aging Time MAC Aging Time Range 15 3600 seconds Default 300 seconds Description You can adjust the aging time as required 113 Advanced Configuration 6 17 LLDP 6 17 1 Overview The Link Layer Discovery Protocol LLDP provides a standard link layer discovery mechanism It encapsulates device information such as the capability management address device identifier and interface identifier in a Link Layer Discovery Protocol Data Unit LLDPDU and advertises the LLDPDU to its directly connected neighbors Upon recei
18. 1 2 DT RING Status Backup PortChange times Figure 86 Creating a DT Ring Click lt Add gt and configure the DT ring 3 Configure DT Ring and DT VLAN Ring as shown in the following figures DT RING Enable na DT RING S1 FE3 Add VLAN List Figure 88 DT VLAN Ring Configuration Redundancy 88 Advanced Configuration Forced configuration DT RING Domain ID Configuration rang 1 32 Function The domain ID is used to distinguish different rings One switch supports a maximum of 16 port based rings or 8 VLAN based rings Domain Name Range 1 31 characters Function Configure the domain name Station Type Options Master Slave Default Master Function Select the switch role in a ring Ring Port1 Ring Port2 Options all switch ports Function Select two ring ports Caution A gt Aring port or backup port cannot be added to a trunk group A port added to a trunk group cannot be configured as a ring port or backup port gt A ring port or backup port can be configured as a mirroring source or destination port A mirroring source or destination port cannot be configured as a ring port or backup port gt STP cannot be enabled on a ring port or a backup port An STP enabled port cannot be configured as a ring port or backup port DT RING Options Enable Disable Default Disable Function Enable disable DT Ring Backup Port
19. 1 port1 1 state Link up 3 Output rate THU SEP 13 15 22 58 2012 Output alarm entity id 2 state Normal 2 PortLink Alarm THU SEP 13 15 22 55 2012 Port alarm entity id 1 2 port 1 2 state Link down 1 PowerAlarm THU SEP 13 15 21 49 2012 Power alarm entity id 2 state Power down 0 Output rate THU SEP 13 15 21 28 2012 Output alarm entity id 2 state Alarm Figure 135 Running Log Query Advanced Configuration Performance log Portfolio Index LogType Time Description Function Display the current running log 6 24 Unicast Address Configuration and Query 6 24 1 Overview When forwarding a packet the switch searches for the forwarding port in the MAC address table based on the destination MAC address of the packet AMAC address can be either static or dynamic Static MAC address are configured They have the highest priority not overridden by dynamic MAC addresses and are permanently valid Dynamic MAC addresses are learned by the switch in data forwarding which are valid only for a certain period The switch periodically updates its MAC address table When receiving a data frame to be forwarded the switch learns the source MAC address of the frame establishes a mapping with the receiving port and queries the forwarding port in the MAC address table based on the destination MAC address of the frame If a match is found the switch forwards the data frame from the corresponding port If no match is found the switch broadcasts th
20. 2 SONOS IS ora aes geed 53 6 8 3 Principle isk cececdtitdpteccd beste doi ioiddeuae 53 6 8 4 Web Configuration DEE 54 6 8 5 Typical Configuration Example ccccceeeeeeeeeeeeeeeeeeeeeees 55 Ge EE 56 6 9 1 EE 56 6 9 2 Implementation E 56 6 9 3 Web Configuration GICOMD0O2AD 57 6 9 4 Web Configuration SICOM3048 sssssnenneeeeeeseennnnnnneseeernne 66 6 9 5 Typical Configuration Example ccccecceeeeeeeeeeeeeeeeeeeeees 74 SH PNA AEE E EE 75 GA e 75 6 10 2 EELER egetegiee egene ee ege 75 6 10 3 Web Configuration e 76 EH NIE Ae ET EE EEE EEE EAE Eege 77 eI e 77 6 11 2 ale lu le DEE 78 6 11 3 Description EE 78 eA E 79 6 11 5 Web Configuration EE 80 6 11 6 Typical Configuration Example cccccceeeeeeeeeeeeeeeeeeeees 82 rea a SS lala E 83 en Me 83 EE 83 6 12 3 Implementation AEN 84 6 12 4 Web Contiquratlovicins Anas ana anaes Aaa val erat 87 6 12 5 Typical Configuration Example ccceeeeeeeeeeeeeeeeeeeeeeees 91 cml Pom aie d Malte meaner rem Nom ree eee are rr rrr or rye tr 92 613A EEN a T aren a A 92 Boe MGONCEDIG iaoi eege 92 E EE 93 6 13 4 Implementation ssnnseeseeeseeeennnnrneeeseeennrnnrrnneserrnrrnnnneeeeeennnn 94 6 13 5 E ee e TE e DEE 95 6 13 6 Typical Configuration Example cccccceeeeeeeteeeeeeeeeeeeeees 98 6 14 RSTP STP Transparent Transmtseion 100 6 14 1 QVGIVIGW eege ee 100 6 14 2 Web Configuration ee 101 6 14 3 Typical Configuration Example
21. Enable SNTP Select the server and set related parameters as shown in the following figure 192 168 0 23 16 18 162848ec BEE ou e Figure 112 SNTP Configuration SNTP State Options Enable Disable Default Disable Function Enable Disable SNTP Server IP Format A B C D Function Set the IP address of the SNTP server The client synchronizes time from the server based on the packets sent by the server Interval Time Range 16 16284s Function Configure the interval for sending synchronization requests from the 115 Advanced Configuration SNTP client to the server time zone Options 0 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 Default 0 Function Select the local time zone 2 Select the synchronization mode between the client and the server as shown in the following figure 2012 09 18 11 10 23 2012 09 18 11 10 26 automatism v Figure 113 Time Synchronization Mode Server Time Function Display the latest time obtained from the server Device Time Function Display the time of the device update Options automatism manual Default automatism Function Select the time synchronization mode between the device and the server 3 View SNTP configuration as shown in the following figure You can click the check box of an SNTP server and click lt Delete gt to del
22. Node 135 Advanced Configuration E SE E RTE EE a _ Rising larm v an Figure 132 RMON Alarm Table RMON MIB Node Index Range 1 65535 Function Configure the number of the alarm entry OID Indicates the OID of the current MIB node Owner Range 1 32 characters Function Configure the name of the alarm entry Data Source Options ifIndex portid Function Select the port whose information is to be monitored Stat Group Options indexes of entries in the RMON statistics table Function Select the statistics entry whose port is to be monitored Sampling Type Options Absolute Delta Default Absolute Function Absolute indicates absolute value based sampling The value of the variable is directly extracted when the end of a sampling period approaches 136 Advanced Configuration Delta indicates change value based sampling The change value of the variable in the sampling period is extracted when the end of the period approaches Alarm Type Options RisingAlarm FallingAlarm RisOrFallAlarm Default RisingAlarm Function Select the alarm type including the rising edge alarm falling edge alarm and both rising edge and falling edge alarms Sampling Space Range 1 65535 Function Configure the sampling period The value should be identical with that in the history table Rising Threshold Range 0 65535 Function Configure the rising edge threshold When the sampling valu
23. Port2 Pong SSE Part a we eg d gt we VLAN200 D Desktop PG KN Es k el wa g D Desktop Pe aa _jeerPc N Workstation baap ah Figure 36 VLAN Application Configurations on Switch A and Switch B 1 Create VLAN 2 add port 1 and port 2 to VLAN 2 as Untag ports and add port 7 into VLAN 2 as Tag port as shown in Figure 32 2 Create VLAN 100 add port 3 and port 4 to VLAN 100 as Untag ports and add port 7 into VLAN 100 as Tag port as shown in Figure 32 3 Create VLAN 200 add port 5 and port 6 into VLAN 200 as Untag ports and add port 7 into VLAN 200 as Tag port as shown in Figure 32 39 Advanced Configuration 6 3 PVLAN 6 3 1 Overview Private VLAN PVLAN uses two layers isolation technologies to realize the complex port traffic isolation function achieving network security and broadcast domain isolation The upper VLAN is a shared domain VLAN in which ports are uplink ports The lower VLANs are isolation domains in which ports are downlink ports Downlink ports can be assigned to different isolation domains and they can communicate with the uplink port at the same time Isolation domains cannot communicate with each other Figure 37 PVLAN Application As shown in the preceding figure the shared domain is VLAN 100 and the isolation domains are VLAN 10 and VLAN 30 the devices in the isolation domains can communicate with the device in the shared domain such as VLAN 10 can communicate wi
24. S3 FE3 S3 FE4 S3 FE5 g S3 FE6 p S4 FE2 e S4 FE3 S4 FE4 S4IFX5 S4 FX6 DT RING Alarm 1 Ring Open Figure 119 Alarm Information SICOM3048 power Options Normal WARN Description After the power alarm is enabled Normal is displayed for dual power inputs while WARN is displayed for a single power input temperature Options Normal HIGH LOW Description When the switch temperature is equal to or higher than the upper limit HIGH is displayed when the switch temperature is equal to or lower than the lower limit LOW is displayed otherwise Normal is displayed IP MAC Alarm Options Normal Alarm Description When an IP MAC conflict occurs Alarm is displayed otherwise Normal is displayed Port Alarm Advanced Configuration Options Link Up Link Down Description After port alarm is enabled Link Up is displayed for a port connected properly Link Down is displayed for a port disconnected or connected abnormally DT RING Alarm Options Ring Open Ring Close Description After ring alarm is enabled Ring Open is displayed for an open ring while Ring Close is displayed for a closed ring 6 20 Port Traffic Alarm 6 20 1 Overview With the port traffic alarm function the switch generates an alarm if the traffic rate of a port exceeds the specified threshold or a CRC error occurs A Caution CAUTION gt The traffic alarm function is based on a port An alarm is generated on
25. The change in link status affects the status of backup ports 3 DT VLAN Ring implementation DT VLAN Ring allows the packets of different VLANs to be forwarded in different paths Each forwarding path for a VLAN forms a DT VLAN Ring Different DT VLAN Rings can have different master stations As shown in the following figure two DT VLAN Rings are configured Ring links of DT VLAN Ring10 AB BC CD DE EA Ring links of DT VLAN Ring20 FB BC CD DE EF 86 Advanced Configuration The two rings are tangent at link BC CD and DE Switch C and Switch D share the same ports in the two rings but use different logical links based on VLAN VLAN 10 VLAN 20 Figure 84 DT VLAN Ring 6 12 4 Web Configuration 1 Configure redundant ring mode and ring status detection as shown in the following figure maeg v Sais Figure 85 Redundant Ring Mode Configuration Select Redundancy Mode Options DT RING PORT DT RING VLAN Default DT RING PORT Function Select the redundancy mode Check Loop Status Options Disable Enable Default Disable Function Enable or disable ring status detection Description After ring status detection is enabled the switch automatically detects ring status When a non ring port receives DT Ring packets the port 87 Advanced Configuration will be locked Therefore use the function with caution 2 Create a DT ring as shown in the following figure DT RING List Domain ID Station TypeRing Port
26. cannot be manually created and or deleted NOTE gt Reserved VLANs are reserved to realize specific functions by the system and cannot be manually created and or deleted The packet with an 802 1Q header is a tagged packet the one without 802 1Q header is an untagged packet All packets carry an 802 1Q tag in the switch 6 2 3 Port based VLAN VLAN partition can be either port based or MAC address based This series switches support port based VLAN partition VLAN members can be defined based on switch ports After a port is added to a specified VLAN the port can forward the packets with the tag for the VLAN 1 Port Type Ports fall into two types according to how they handle VLAN tags when they forward packets 33 Advanced Configuration gt Untag port Packets forwarded by an Untag port do not have VLAN tags Untag ports are usually used to connect to terminals that do not support 802 1Q By default all switch ports are Untag ports and belong to VLAN1 gt Tag port All packets forwarded by a Tag port carry a VLAN tag Tag ports are usually used to connect network transmission devices 2 PVID Each port has a PVID When receiving an untagged packet a port adds a tag to the packet according to the PVID The port PVID is the VLAN ID of the Untag port By default all ports PVID is VLAN 1 The following table shows how the switch processes received and forwarded packets according to the port type and PVID
27. for each other to enhance connection reliability 6 5 2 Implementation As shown in the following figure three ports in Switch A aggregate to a trunk group and the bandwidth of the trunk group is the total bandwidth of three ports 45 Advanced Configuration Switch A Link aggregation Switch B Figure 44 Port Trunk If Switch A sends packets to Switch B by way of the aggregated link Switch A determines the member port for transmitting the traffic based on the calculation result of load sharing When one member port of the aggregated link fails the traffic transmitted through the port is taken over by another normal port based on traffic sharing algorithm 6 5 3 Description Port trunk and the following port configurations cannot be used together gt Port redundancy A port added to a trunk group cannot be configured as a redundant port while a redundant port cannot be added to a trunk group gt Port mirroring A port added to a trunk group cannot be configured as a mirroring destination or source port In addition the following operations are not recommended gt Enable GMRP on a trunk port gt Add a GMRP enabled port to a trunk group gt Add a trunk port to a static unicast multicast entry gt Add a port in a static unicast multicast entry to a trunk group Caution gt Gigabit ports of the series switches do not support port trunk CAUTION gt Aport can be added to only one trunk group
28. involves transmitting BPDUs among devices to determine the network topology The following table shows the data structure of a BPDU Table 6 BPDU Root Root Designated Designated Message Max Hello Forward bridge path bridge ID port ID age age time delay ID cost 8 4 8 bytes 2 bytes 2 bytes 2 2 2 bytes bytes bytes bytes bytes Root bridge ID priority of the root bridge 2 bytes MAC address of the root bridge 6 bytes Root path cost cost of the path to the root bridge Designated bridge ID priority of the designated bridge 2 bytes MAC address of the designated bridge 6 bytes Designated port ID port priority port number Message age duration that a BPDU can be spread in a network Max age maximum duration that a BPDU can be saved on a device When Message age is larger than Max age the BPDU is discarded Hello time interval for sending BPDUs Forward delay status change delay discarding learning forwarding 93 Advanced Configuration 6 13 4 Implementation The process for all bridges calculating the spanning tree with BPDUs is as follows 1 In the initial phase each port of all devices generates the BPDU with itself as the root bridge both root bridge ID and designated bridge ID are the ID of the local device the root path cost is 0 the designated port is the local port 2 Best BPDU selection All devices send their own BPDUs and receive BP
29. most When the 75 Advanced Configuration number of ARP entries is larger than 512 new entries automatically overwrite old dynamic entries 6 10 3 Web Configuration 1 Configure ARP aging time as shown in the following figure ARP Aging Time LARP AgingTime 20 10 60min Figure 71 Configuring Aging Time ARP Aging Time Range 10 60 minutes Default 20 minutes Function Configure ARP aging time Description ARP aging time is the duration from when a dynamic ARP entry is added to the table to when the entry is deleted from the table 2 Add a static ARP entry as shown in the following figure ARP address Gescht 192 168 0 41 020000000223 Figure 72 Adding a Static ARP Entry ARP address Portfolio IP address MAC address Format A B C D HHHHHHHHHHHH H is a hexadecimal number Function Configure a static ARP entry Caution CAUTION gt The IP address of a static ARP entry must be on the same network segment with the IP address of the switch He Advanced Configuration gt If the IP address of a static entry is the IP address of the switch the system automatically maps the IP address to the MAC address of the switch gt In general the switch automatically learns ARP entries Manual configuration is not required 3 View or delete an ARP entry as shown in the following figure ARP address 192 168 0 2
30. standards 1 2 Product Models This series switches include SICOM3048 SICOM3024P_V3 1 V3 1 indicates the hardware version 1 3 Software Features This series switches provide abundant software features satisfying customers various requirements gt Redundancy protocols RSTP STP DT Ring and MSTP gt Multicast protocols IGMP Snooping GMRP and static multicast gt Switching attributes VLAN PVLAN QoS and ARP gt Bandwidth management port trunk port rate limiting gt Security ACL gt Synchronization protocol SNTP gt Device management FTP software update configuration upload download gt Device diagnosis port mirroring LLDP link check gt Alarm function port alarm power alarm ring alarm IP MAC address conflict alarm temperature alarm and port traffic alarm gt Network management management by CLI Telnet Web and Kyvision Product Introduction network management software and SNMP network monitoring Switch Access 2 Switch Access You can access the switch by gt Console port gt Telnet gt Web browser gt Kyvision management software Kyvision network management software is designed by Kyland For details refer to its user manual 2 1 View Types When logging into the Command Line Interface CLI by the console port or Telnet you can enter different views or switch between views by using the following commands Table 1 View Types Command for Vie
31. the NMS and inform the NMS of the event Log Trap logs the event and sends a Trap message to the NMS None indicates no action 132 Advanced Configuration gt Alarm group RMON alarm management can monitor the specified alarm variables After alarm entries are defined the system will acquire the values of monitored alarm variables in the defined period When the value of an alarm variable is larger than or equal to the upper limit a rising alarm event is triggered When the value of an alarm variable is smaller than or equal to the lower limit a falling alarm event is triggered Alarms will be handled according to the event definition Caution CAUTION If a sampled value of alarm variable exceeds the threshold multiple times in a same direction then the alarm event is only triggered only the first time therefore the rising alarm and falling alarm are generated alternately 6 22 3 Web Configuration 1 Configure the statistics table as shown in the following figure Set Statistics Information 1 a ifIndex 1 v Figure 128 RMON Statistics Index Range 1 65535 Function Configure the number of the statistics entry Owner Range 1 32 characters Function Configure the name of the statistics entry Data Source Options ifIndex portid Function Select the port whose statistics are to be collected 2 Configure the history table as shown in the following figure 133
32. 0 to 0x0180c200002f gt Broadcast packets indicate the packets with the destination MAC address of FF FF FF FF FF FF gt Unknown multicast packets indicate the packets neither added statically nor learned through IGMP Snooping or GMRP gt Unknown unicast packets indicate the packets neither added statically nor whose source MAC addresses are learned gt Unknown source packets indicate the packets with unknown source MAC addresses 6 1 2 Web Configuration 1 Select the packet types for rate control as shown in the following figure 30 Advanced Configuration The restricted speed is disabled when itis setto 0 Set Packet Type for Rate Control Unicast packet type and address added staticly or learned Multicast packet type and address added staticly or learned through IGMP noopi ping Mac control frame between 0x0180c2000000 0x0180c200002f Broadcast address Multicast packet and address not added staticly and not learned through IGMP Snooping Unicast packet type and address not added staticly and not through source es Unknown source address in packet Figure 29 Packet Types for Rate Control The receiver classifies rate control into two types service rate control and broadcast rate control Each packet can be added to only one rate control type 2 Configure port rate control as shown in the following figure
33. 1 H v pscP 2 H F pscp3 m sw pscp 4 np pscrs H pscr s 3 A pscP7 0 e pscps np pscr9 H pscP10 H eilp cbil 0 A pDecbI l H F psc 13 0 sellpecpa lp v DscP 15 ps DscP 16 H DscP17 H v pscP138 D pscP19 D we DScP an H w DscP 21 0 DscP 22 gp F pscp 23 pw Dscp 24 00 F psc 25 0 scp 26 0 F DscP 27 0 sw Dscp 28 0 pscP29 D pscP30 D pscP31 Oo we DscP 32 H pscP 33 H pscp 34 0 pscP3s Ow pscp 36 mom DscP 37 np pscp 38 gp ellpecbaal ps pscp 40 H w pscP 41 0 sellpecpa l gp F pscP 43 Ow pscp 44 H pscp 45 0 pscp 46 gp pscp 47 pw pscp 48 D welpechbA l H F pscr 50 H sellpecbsai 0 A pscr 52 H pscrs3 H pscps4 D pscpss D e Deche H w DscP 57 nt pscp 58 0 pscr 59 pw Dechen H pscr61 H pscP62 0 pscr63 D we Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 108 DSCP Priority Queue Mapping SICOM3048 DSCP Priority Portfolio DSCP Qos Queue Range 0 63 0 3 Default Priority 0 to 63 is mapped to queue 0 Function Configure the mapping between DSCP priority and queue 111 Advanced Configuration 6 15 5 Typical Configuration Example The following uses SICOM3024P as an example to describe QoS configuration As shown in the following figure port 1 port 2 port 3 and port 4 forward packets
34. 28 2000000 S1 FE8 Disable wv 2 2 Ye S4 GE1 Disable wv SE rrii e S4 GE2 Disable w e S4 GE3 Disable 128 g200ntc Ye S4 GE4 j Disable v 2000000 Ye Figure 94 Port Settings Protocol State Options Enable Disable Default Disable Function Enable or disable STP on ports A Caution gt An STP enabled port cannot be configured as a mirroring source or CAUTION destination port STP cannot be enabled on a mirroring source or 97 Advanced Configuration destination port gt An STP enabled port cannot be added to a trunk group STP cannot be enabled on a port added to a trunk group gt An STP enabled port cannot be configured as a ring port or backup port STP cannot be enabled on a ring port or a backup port Port Priority Range 0 255 The step is 16 Default 128 Function Configure the port priority which determines the roles of ports Path Cost Range 1 200000000 Default 2000000 10M port 200000 100M port 20000 1000M port Description The path cost of a port is used to calculate the best path The value of the parameter depends on the bandwidth The larger the value the lower the cost You can change the role of a port by changing the value of the path cost parameter To configure the value manually select No for Cost Count Cost Count Range Yes No Default Yes Description Yes indicates the path cost of the port adopts the default value No indicates you can conf
35. 3 90 FB A6 3C CA 7E Dynamic 192 168 0 41 02 00 00 00 02 23 Static 192 168 0 94 00 00 A4 BB CC 05 Dynamic 192 168 0 179 00 00 EE EE 02 05 Dynamic add Figure 73 ARP Address Table ARP address Portfolio IP address MAC address Flags Function Display ARP entries including static and dynamic entries Operation Select a static entry in the Number column Click lt Delete gt to delete the entry Caution You cannot delete dynamic ARP entries CAUTION 6 11 SNMP 6 11 1 Overview The Simple Network Management Protocol SNMP is a framework using TCP IP to manage network devices With the SNMP function the administrator can query device information modify parameter settings monitor device status and discover network faults 77 Advanced Configuration 6 11 2 Implementation SNMP adopts the management station agent mode Therefore SNMP involves two types of NEs NMS and agent gt The Network Management Station NMS is a station running SNMP enabled network management software client It is the core for the network management of an SNMP network gt Agent is a process in the managed network devices It receives and processes request packets from the NMS When an alarm occurs the agent proactively reports it to the NMS The NMS is the manager of an SNMP network while the agent is the managed device of the SNMP network The NMS and agents exchange management pa
36. 802 1w defines the Rapid Spanning Tree Protocol RSTP Compared with STP RSTP achieves much more rapid convergence by adding alternate port and backup port for the root port and designated port respectively When the root port is invalid the alternate port can enter the forwarding state quickly 6 13 2 Concepts gt Root bridge serves as the root for a tree A network has only one root bridge The root bridge changes with network topology The root bridge periodically sends BPDU to the other devices which forward the BPDU to ensure topology stability gt Root port indicates the best port for transmission from the non root bridges to the root bridge The best port is the port with the smallest cost to the root bridge A non root bridge communicates with the root bridge through the root port A non root bridge has only one root port The root bridge has no root port gt Designated port indicates the port for forwarding BPDU to other devices or LANs All ports on the root bridge are designated ports 92 Advanced Configuration gt Alternate port indicates the backup port of the root port If the root port fails the alternate port becomes the new root port gt Backup port indicates the backup port of the designated port When a designated port fails the backup port becomes the new designated port and forwards data 6 13 3 BPDU To prevent loops all the bridges of a LAN calculate a spanning tree The calculation process
37. COM3048 18 Basic Configuration 5 Basic Configuration 5 1 IP Address 1 View the switch IP address by using the console port Log in to the switch CLI through the console port Run the show interface command in the management view to view the switch IP address As shown in the following figure the IP address is circled in red Switch HyperTerminal File Edit Yiew Call Transfer Help Da s DB Switch gt enable No password set laos Vi UP BROADCAST MULTICAST ARP RUNNING ype HACI lt Internet reddress 192 168 0 Netmask Ux HH Subnetmas C OxPFFFT FOO Net Bxc0a80000 ar Bxchas0000 Mac We SC 2338 lo lanat number Hl Flags 0x8069 UP LOOPBACK MULTICAST ARP RUNNING Type SOFTWARE_LOOPBACK Internet address 127 0 0 1 Netmask 0xff000000 Subnetmask Oxf f800000 Net 0x7f800000 Subnet 8x7f 800000 Switch _ Connected 0 00 31 Auto detect 9600 8 N 1 Figure 15 Viewing IP Address 2 Set the IP address Switch IP address and gateway can be configured manually as shown in the following figure 00 1E CD 10 23 38 192 168 0 119 255 255 255 0 192 168 0 1 Figure 16 IP Address 19 Basic Configuration Caution gt IP address and gateway must be in the same network segment otherwise the S IP address cannot be modified gt For the series switches the change in IP address will take effect only after the device is restarted 5 2 Basic I
38. DUs from other devices Upon receiving a BPDU each port compares the received BPDU with its own gt If the priority of its own BPDU is higher then the port does not perform any operation gt If the priority of the received BPDU is higher then the port replaces the local BPDU with the received one Devices compare the BPDUs of all ports and figure out the best BPDU Principles for comparing BPDUs are as follows gt The BPDU with a smaller root bridge ID has a higher priority gt If the root bridge IDs of two BPDUs are the same their root path costs are compared If the root path cost in a BPDU plus the path cost of the local port is smaller then the priority of the BPDU is higher gt If the root path costs of two BPDUs are also the same the designated bridge IDs designated port IDs and IDs of the port receiving the BPDUs are further compared in order The BPDU with a smaller ID has a higher priority The BPDU with a smaller root bridge ID has a higher priority 3 Selection of the root bridge The root bridge of the spanning tree is the bridge with the smallest bridge ID 4 Selection of the root port A non root bridge device selects the port receiving the best BPDU as the root port 5 BPDU calculation of the designated port Based on the BPDU of the root 94 Advanced Configuration port and the path cost of the root port a device calculates a designated port BPDU for each port as follows gt Replace the root bridg
39. FE1 Enable v Enable v Enable v On Off v Enable v Enable v Noreset v S1 FE2 Enablen wl Enable v Enable v 100 lore sl Enable v Bisco Noreset v S1 FE3 Enablen sl Enable v Enable v 100M GE Enable v Enable si Noreset v S1 FE4 Enable v Enable v Enable v 100M zs Enable v Enable si Noreset v S1 FE5 Enable v Enable Enable v 100i lore Enable v Enable v Noreset v SIEES Enable v Enable v Enable v 100M Off v Enable v Enable v Noreset v S1 FE7 Enable v Enable v Enable v 100M P lore wl Enable v a sl Noreset v S1 FES Enable v Enable v Enable v On P GE Enable v Enable v Noreset v S4 GE1 Enable v Enable v Enable v 1000 lore v Enable v Enable v Noreset v S4 GE2 Enable v Enable v Enable v 1000 AA Enable v Enable v Noreset v S4 GE3 Enable v Enable v Enable v 1000M Dv Enable v Enable v Noreset v S4 GE4 Enable v Enable v Enable v 1000 GE Enable v Enable v Noreset v Figure 19 Port Configuration Administration Status Options Enable Disable Default Enable Function Allow data transmission on port or not 21 Basic Configuration Description Enable indicates the port is enabled and permits data transmission Disable indicates the port is disabled and disallows data transmission This option directly affects the hardware status of the port and triggers port alarms Operation Status Description When the administration status is Enable the operation status is set to Enable forcib
40. GARP enabled port NOTE GARP timers include Hold timer Join timer Leave timer and LeaveAll timer gt Hold Timer When receiving a registration message a GARP entity does not send a Join message immediately but starts a Hold timer When the timer expires the entity sends all the registration messages received within the preceding period in one Join message reducing packet sending for better network stability gt Join Timer To ensure that Join messages are received by other application entities a GARP application entity starts a Join timer after sending a Join message If receiving no Joinln message before Join timer expires the entity sends the Join message again If receiving a JoinIn message before the timer expires the entity does not send the second Join message gt Leave Timer When a GARP application entity wants to cancel the 124 Advanced Configuration information about an attribute the entity sends a Leave message The entity receiving the message starts Leave timer If receiving no Join message before the timer expires then the entity receiving the message cancels the information about the attribute gt LeaveAll Timer As a GARP application entity starts it starts LeaveAll timer When the timer expires the entity sends a LeaveAll message so that the other GARP application entities re register all the attributes Then the entity starts LeaveAll timer again for the new cycle 6 21 2 GMRP The GARP Mul
41. Li Disable S1 FE7 Untagged v d v S1 FE8 v i isable AE E v S4GE2 2 i Disable S4GE3 er v S4GE4 v 7 isable Figure 35 Modifying Deleting a Created VLAN 6 2 5 Typical Configuration Example As shown in the following figure the entire LAN is divided into 3 VLANs VLAN2 VLAN100 and VLAN200 It is required that the devices in a same VLAN can communicate to each other but different VLANs are isolated The terminal PCs cannot distinguish Tag packets so the ports on connecting Switch A and Switch B with PCs are set to Untag port VLAN2 VLAN100 and VLAN200 packets need to be transmitted between Switch A and Switch B so the ports connecting Switch A and Switch B should be set to Tag ports permitting the packets of VLAN 2 VLAN 100 and VLAN 200 to pass through The following table shows specific configuration Table 5 VLAN Configuration nen O Configuration 38 Advanced Configuration VLAN2 Set port 1 and port 2 of Switch A and B to Untag ports and port 7 to Tag port VLAN100 Set port 3 and port 4 of Switch A and B to Untag ports and port 7 to Tag port VLAN200 Set port 5 and port 6 of Switch A and B to Untag ports and port 7 to Tag port BD Qo Q VLAN2 Workstation Workstation a VLAN200 BMG SS es D sktop PC TaN PO Dee A gr Ba mg Po M2 P tg Pots Ports _ Deskop PC rett e ae es Switch A Switch B Pott A N S porte
42. Options Enable Disable Default Disable Function Enable or disable static multicast Static multicast and IGMP Snooping cannot be enabled at the same time 2 Add a static multicast entry as shown in the following figure Static FDB Multicast List Configuration 010101010101 1 1 4093 Port List Figure 51 Adding a Static Multicast Entry MAC Portfolio HHHHHHHHHHHH H is a hexadecimal number Function Configure the multicast group address The lowest bit of the highest 51 Advanced Configuration byte is 1 VLAN ID Options all existing VLANs Function Set the VLAN ID of the entry Only the member ports of the VLAN can forward the multicast packets Member Port List Select member ports for the multicast address If hosts connected to a port need to receive the packets from a multicast address you can configure the port as the member port of the multicast address 3 View modify or delete a static multicast entry as shown in the following figure Static FDB Multicast List O 03 01 01 01 01 01 2 S1 FE1 S1 FE4 O 01 01 01 01 01 01 1 S1 FE1 S1 FE2 S1 FE3 Figure 52 Operations on a Static Multicast Entry The static multicast address list contains the MAC address VLAN ID and member port To delete an entry select the entry and click lt Delete gt To modify an entry select the entry and click lt Modify gt 6 8 IGMP Snooping 6 8 1 Ove
43. Query cccceeeeeeeeeeeetteees 140 GE a We EE 140 6 24 2 Web Re Le TE E 140 Seele Le ees 142 Preface Preface This manual mainly introduces the access methods and software features of SICOM3024P 3048 series industrial Ethernet switches and details Web configuration methods Content Structure The manual contains the following contents Chapter Content 1 Product Introduction gt Overview gt Product models gt Software features 2 Switch Access View types Access through Console Port Access through Telnet Access through Web 3 Device Management Restart Logout 4 Device Status Basic information Port status Port statistics System Operating Information 5 Basic Configuration IP address Basic information Port configuration Password change Software update FTP Software version query Configuration upload download VIY Y Y Y VW VW VIV YV V VIV VIWV YV V WV 6 Advanced Configuration Port rate limiting Preface VLAN PVLAN Port mirroring Port trunk Link check Static multicast IGMP Snooping ACL ARP SNMP DT Ring RSTP STP RSTP STP transparent transmission QoS MAC address aging time LLDP SNTP MSTP Alarm Port traffic alarm GMRP configuration and query RMON Log query Vv Vv VV VW VW VW VV VW VW VW WV VV VW WV VV VV VV WV WV Unicast address configuration and query Note L indicates the features
44. SICOM3024P 3048 Series Industrial Ethernet Switches Web Operation Manual HKYLAND Kyland Technology Co Ltd Publication Date Apr 2013 Version V2 1 FAX 86 10 88796678 Website htto www kyland com E mail support kyland com Disclaimer Kyland Technology Co Ltd tries to keep the content in this manual as accurate and as up to date as possible This document is not guaranteed to be error free and we reserve the right to amend it without notice Copyright 2013 Kyland Technology Co Ltd All rights reserved No part of this documentation may be excerpted reproduced translated annotated or duplicated in any form or by any means without the prior written permission of KYLAND Corporation Contents PY GLACE ee eege eege eebe 1 A PROGUCTIMMOOUCKION EE 5 Ts Th FOWGIVIOW essani isene ieaie ia aa ai tt bite bebe tba bate 5 1 2 Product Models Ee 5 1 3 Software EE 5 e Ee 7 2 EE 7 2 2 Access through Console Port 8 2 3 Access through Telnet ee 11 2A ACCESS through Webi E 12 3 Device Management ects aeiaienangae ae ae 15 4 Device STATUS os cosssnsia20dcicdedoeasededyeseededpondededeniesd ad pncdededyennytadeacbededeeanededyecdeteds 16 4 1 Basic Information EE 16 4 27 Port EE 16 AS POM EE 18 4 4 System Operating Intormaton 18 5 Basic Configuration WE 19 S PAd le 19 5 2 Basic Information EE 20 5 9 een UE UE 21 5 4 Password e Te eae fe eh ee ee ee 24 5 5 Software TEE EE EE Eu 24 5 5 1
45. Software Update through EI 25 5 6 Software Version Query c ccccccceeeeeneeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeseees 28 5 7 Configuration UpoloadiDownload 29 6 AdVaNnCed COnQUratOMccces iisen een ta lated ea eilei i ia 30 6 1 Port Rate GMIN DEE 30 BK LEE 30 6 1 2 Web Configuration est di aceeilaci ade ieilenadietlandd tee ceaadahines 30 6 1 3 Typical Configuration Example ccceeeceeeeeeseeeeeeeeeeeeeees 32 6 2 VLAN ee eege eege eeegiafben 32 6 21 MEIER 32 6 2 2 Principle soiin iaa a eaaa 32 6 2 3 Port based VLAN wan alten a iia nas nn Coates 33 6 2 4 Web Configuration wc toes c ce cceradenesicc eden cntieccasadendeecnceeceanncunee 34 6 2 5 Typical Configuration Example cccceeeeeeeesseeeeeeeeeeeeeees 38 63 gt IPVUAN DEE 40 E a Oe e 40 6 3 2 Web Configuration BEE 41 6 3 3 Typical Configuration Example ccccccceeeeeeceeeeeeeeeeeeeees 42 6 4 Focus 43 DAT Uveniew EEN 43 ER le Le EEN 43 6 4 3 Web Configuration ee 44 6 4 4 Typical Configuration Example cccccceeeeeeeeeeeeeeeeeeeeeees 45 ORS ee le 45 6 5 1 MOVGIVIOW eege gees 45 65 2 Jee 45 6 5 3 DOSCUDUOWM EE 46 6 5 4 Web Configuration RE 47 6 5 5 Typical Configuration Example cccccceeeeeeeteeeeeeeeeeeeeees 48 6 6 EIDEN 49 CR Ee EE 49 6 6 2 Web Configuration ee 49 6 7 Stati Multicast sianar a ha a ae note lee ian ie ales 50 GE ME 50 6 7 2 Web Configuration E 50 GE EE e leen e E 52 e Oe e 52 6 8
46. a of the high priority queue When the high priority queue contains no data the switch starts to process the data of the queue with lower priority 6 15 3 Web Configuration SICOM3024P 1 Configure the QoS mode as shown in the following figure Qos Mode 802 1P Priority Qos Mode WRR v DSCP Priority Figure 98 QoS Mode SICOM3024P Qos Mode Options Disable WRR STRICT Default STRICT Function Configure the scheduling mode of a port 2 Configure the queue weight ratio as shown in the following figure Weight of Priority Queues 8 4 2 1 Figure 99 Configuring Queue Weight Ratio SICOM3024P 3 HIGHEST 2 SECHIGH 1 SECLOW 0 LOWEST Range 1 55 1 55 1 55 1 55 Default 8 4 2 1 104 Advanced Configuration Function Configure the queue weight ratio by obeying the following rules Weight of queue 3 2 2 x Weight of queue 2 Weight of queue 2 2 2 x Weight of queue 1 Weight of queue 1 2 2 x Weight of queue 0 3 Configure QoS port priority mapping mode as shown in the following figure Set the Port Priority S1 FE1 S1 FE2 S1 FE3 S1 FE4 S1 FE5 S1 FE6 S1 FE7 S1 FE8 S4 GE1 S4 GE2 S4 GE3 S4 GE4 Figure 100 Setting QoS Port Priority Mapping Mode SICOM3024P Set the Port Priority Options Port Based DIFF 802 1P Priority Default 802 1P Priority Function Configure port priority mapping mode Description Only one priori
47. able Function Check whether the TCP Sequence field of a packet is 0 Disable indicates the rule is not used No indicates the condition is met if the TCP Sequence field of a packet is not 0 Yes indicates the condition is met if the TCP Sequence field of a packet is 0 TCP Header Length Range 1 15 Function Configure the TCP header length If the corresponding field of a packet is smaller than the value of this parameter then the condition is met Source L4 Port Range 1 65535 Function Configure the source port number for Layer 4 protocol packets If the corresponding field of a packet is identical with the value then the condition is met Destination L4 Port Range 1 65535 Function Configure the destination port number for Layer 4 protocol packets 72 Advanced Configuration If the corresponding field of a packet is identical with the value then the condition is met TCP Flag Range 0 63 Function Configure the TCP flag If the corresponding field of a packet is identical with the value of this parameter then the condition is met TOS DSCP Range 0 255 Function Configure the service type If the corresponding field of a packet is identical with the value of this parameter then the condition is met IP Protocol Range 0 255 Function Configure the IP protocol value If the corresponding field of a packet is identical with the value of this parameter then the condition is met IP Version Range 0 255 Functi
48. and Windows will open it for you telnet 192 168 0 2 Figure 6 Telnet Access D Note L NOTE For details about how to confirm the switch IP address see section 5 1 IP Address 11 Switch Access 2 In the Telnet interface input admin in User and 123 in Password Press lt Enter gt to log in to the switch as shown in the following figure Telnet 192 168 0 2 o x Password a Welcome To Telnet Press RETURN to get started Switch gt Figure 7 Telnet Interface 2 4 Access through Web The precondition of accessing switch by Web is the normal communication between the PC and the switch Note IE8 0 or a later version is recommended for the best Web display results NOTE 1 Input IP address in the browser address bar The login interface is displayed as shown in the following figure Input the default user name admin and password 123 Click lt Login gt 12 Switch Access Layer 2 Switch px User Name admin a Password eee C Save Password KYLAND TELECOM TECHNOLOGY CO LTD All Rights Reserved Figure 8 Web Login The English login interface is displayed by default You can click lt P X gt to change to the Chinese login interface Note For details about how to confirm the switch IP address see section 5 1 IP NOTE Address 2 After you log in successfully there is a navigation tree on the left of
49. and outgoing rate to 9OKbps as shown in Figure 30 6 2 VLAN 6 2 1 Overview One LAN can be divided into multiple logical Virtual Local Area Networks VLANs A device can only communicate with the devices on the same VLAN As a result broadcast packets are restricted to a VLAN optimizing LAN security VLAN partition is not restricted by physical location Each VLAN is regarded as a logical network If a host in one VLAN needs to send data packets to a host in another VLAN a router or layer 3 device must be involved 6 2 2 Principle To enable network devices to distinguish packets from different VLANs fields for identifying VLANs need to be added to packets At present the most commonly used protocol for VLAN identification is IEEE802 1Q The following 32 Advanced Configuration table shows the structure of an 802 1Q frame Table 3 802 1Q Frame Structure 802 1Q Header DA SA Length Type Data FCS Type PRI CFI VID A 4 byte 802 1Q header as the VLAN tag is added to the traditional Ethernet data frame Type 16 bits It is used to identify a data frame carrying a VLAN tag The value is 0x8100 PRI three bits identifying the 802 1p priority of a packet CFI one bit 0 indicates Ethernet and 1 indicates token ring VID 12 bits indicating the VLAN number The value ranges from 1 to 4093 0 4094 and 4095 are reserved values Note gt VLAN 1 is the default VLAN and
50. ation description nore Note Al The matters call for special attention Incorrect operation might cause Hat Warning data loss or damage to devices Product Documents The documents of SICOM3024P 3048 series industrial Ethernet switches include Document Content SICOM3024P V3 1 Series Industrial Describes the hardware structure Ethernet Switches Hardware Installation hardware specifications mounting and Manual dismounting methods of SICOM3024P SICOM3048 Series Industrial Ethernet Describes the hardware structure Switches Hardware Installation Manual hardware specifications mounting and dismounting methods of SICOM3048 SICOM3024P 3048 Series Industrial Ethernet Switches Web Operation Manual Describes the switch software functions Web configuration methods and steps of all functions Document Obtainment Product documents can be obtained by gt CD shipped with the device gt Kyland website www kyland com Product Introduction 1 Product Introduction 1 1 Overview The series switches are applied in the power rail transit coal mining and many other industries and can work properly in rugged environment They support MSTP and DT Ring securing reliable operation With extensive ports the switches satisfy various customers requirements The series switches employ the internal modular design for flexible expansion They comply with IEC61850 3 and IEEE1613
51. ble The port can transmit data Device Status Disable The port cannot transmit data CFS Note k A For details about port settings see section 5 3 Port Configuration 4 3 Port Statistics Port statistics cover the number of bytes packets that each port sends receives CRC errors and number of packets with less than 64 bytes as shown in the following figure S4 FE1 Enable Down 0 0 D 0 0 0 S1 FE2 Enable Down 0 0 0 0 0 0 S1 FE3 Enable Down 0 0 0 0 0 0 S1FE4 Enable Up 1670419 7399 14367882 171176 D 0 S4 FES Enable Down 0 0 D 0 0 0 S1 FE6 Enable Down D 0 D 0 0 0 S4 FE7 Enable Down 0 0 0 0 D 0 S1 FES Enable Down 0 0 0 0 0 0 S4 GE1 Enable Down D 0 0 0 0 D S4 GX2 Enable Down 0 0 0 0 0 0 S4 GE3 Enable Down D 0 0 0 0 0 S4 GE4 Enable Down 0 0 0 0 D 0 Figure 12 Port Statistics You can click lt Reset gt to restart statistics collection 4 4 System Operating Information System operating information includes the device runtime CPU usage device temperature and system time as shown in the following figures Device Operating Time ODays 0H 14M 158S CPU 0 short term 2 long term Device Temperature 43C 2012 09 17 14 16 28 Monday Figure 13 System Operating Information SICOM3024P Device Operating Time ODays 5H 25M 41S CPU 5 short term 5 long term Figure 14 System Operating Information SI
52. c 40 02 be 1 S1 FE2 14 c8 3a 35 d3 cc 2a 1 S1 FE2 15 d0 27 88 45 ff 25 1 S1 FE2 16 00 1e cd 17 83 6d 1 S1 FE2 Figure 138 Dynamic Unicast FDB Table 141 Appendix Acronyms Appendix Acronyms Acronym Full Spelling ACL Access Control List ARP Address Resolution Protocol BPDU Bridge Protocol Data Unit CIST Common and Internal Spanning Tree CLI Command Line Interface CRC Cyclic Redundancy Check CST Common Spanning Tree DSCP Differentiated Services Code Point FTP File Transfer Protocol GARP Generic Attribute Registration Protocol GMRP GARP Multicast Registration Protocol IGMP Internet Group Management Protocol IGMP Snooping Internet Group Management Protocol Snooping IST Internal Spanning Tree LLDP Link Layer Discovery Protocol MAC Media Access Control MIB Management Information Base MSTI Multiple Spanning Tree Instance MSTP Multiple Spanning Tree Protocol NMS Network Management Station OID Object Identifier QoS Quality of Service RMON Remote Network Monitoring RSTP Rapid Spanning Tree Protocol SNMP Simple Network Management Protocol SNTP Simple Network Time Protocol 142 STP TCP ToS VLAN WRR Appendix Acronyms Spanning Tree Protocol Transmission Control Protocol Type of Service Virtual Local Area Network Weighted Round Robin 143
53. ckets through SNMP SNMP involves the following basic operations gt Get Request gt Get Response gt Get Next Request gt Set Request gt Trap The NMS sends Get Request Get Next Request and Set Request packets to agents to query configure and manage variables After receiving these requests agents reply with Get Response packets When an alarm occurs an agent proactively reports it to the NMS with a trap message 6 11 3 Description This series switches support SNMPv2 SNMPv2 is compatible with SNMPv1 SNMPv1 uses community name for authentication A community name acts as a password limiting NMS s access to agents If the switch does not acknowledged the community name carried by an SNMP packet the packet is discarded SNMPv2 also uses community name for authentication It is compatible with 78 Advanced Configuration SNMPv1 and extends the functions of SNMPv1 To enable the communication between the NMS and agent their SNMP versions must match Different SNMP versions can be configured on an agent so that it can use different versions to communicate with different NMSs 6 11 4 MIB Any managed resource is called managed object The Management Information Base MIB stores managed objects It defines the hierarchical relationships of managed objects and attributes of objects such as names access permissions and data types Each agent has its own MIB The NMS can read write MIBs based on permissions The fo
54. configuration is changed you can download the original configuration files from the server to switch through FTP File uploading is to upload the switch configuration files to the server and save them to doc and txt files File downloading is to download the saved configuration files from the server to switch as shown in the following figures A Caution After configuration file is downloaded to the switch you need to restart the CAUTION switch to make the configuration take effect Upload file K 192 168 0 23 config txt admin SE Figure 27 Configuration File Upload Download file Ki 192 168 0 23 config txt Figure 28 Configuration File Download 29 Advanced Configuration 6 Advanced Configuration 6 1 Port Rate Limiting 6 1 1 Overview Port rate limiting is to limit the rate packets received or transmitted by a port and discard the packets whose rate exceeds the threshold The function takes effect on all packets at the egress but only certain types of packets at the ingress The following packets are controlled at the ingress gt Unicast packets indicate the unicast packets added statically or whose source MAC addresses are learned gt Multicast packets indicate the packets added statically or learned through IGMP Snooping or GMRP gt Reserved multicast packets indicate the packets with MAC addresses in the range of 0x0180c200000
55. connected to the switch through Ethernet The IP address of the management server is 192 168 0 23 and the switch is 192 168 0 2 The NMS monitors and manages the Agent through SNMPv2 and reads and writes the MIB node information of the Agent When the Agent is faulty it proactively sends trap messages to the NMS as shown in the following figure 192 168 0 23 Agent 192 168 0 2 NMS Figure 80 SNMP Configuration Example Configuration on the Agent 1 Enable SNMP as shown in Figure 76 2 Configure access rights Set read only community name to public read write community name to private and request port to 161 as shown in Figure 77 3 Enable trap sending set trap port number to 162 and IP address of server to 192 168 0 23 as shown in Figure 78 82 Advanced Configuration To monitor and manage the status of the Agent run the management software for example Kyvision on the NMS For operations on Kyvision refer to the Kyvision Operation Manual 6 12 DT Ring 6 12 1 Overview DT Ring and DT Ring are Kyland proprietary redundancy protocols They enable a network to recover within 50ms when a link fails ensuring stable and reliable communication DT Ring fall into two types port based ring DT Port Ring and VLAN based ring DT VLAN Ring gt DT Port Ring specifies a port to forward or block packets gt DT VLAN Ring specifies a port to forward or block the packets of a specific VLAN This allows multi
56. d Default Deny Function Configure the action towards a packet that matches the ACL entry Deny Packets matching the entry will be denied Redir Port Packets matching the entry will be forwarded to the specified port You need to specify the port in the drop down list Mirror Port Packets matching the entry will be forwarded to both the destination port and the specified port in the drop down list Forward Packets matching the entry will be forwarded to the destination port Control Port Options all one or multiple ports Function Select the port on which the ACL takes effect Source MAC Portfolio MAC MASK Format HHHHHHHHHHHH HHHHHHHHHHHH H is a hexadecimal number Function Configure the source MAC address and subnet mask If the source MAC address and subnet mask of a packet is identical with the value of this parameter then the condition is met Destination MAC Portfolio MAC MASK Format HHHHHHHHHHHH HHHHHHHHHHHH H is a hexadecimal number Function Configure the destination MAC address and subnet mask If the destination MAC address and subnet mask of a packet is identical with the value of this parameter then the condition is met Source IP 60 Advanced Configuration Portfolio IP MASK Format A B C D A B C D Function Configure the source IP address and subnet mask If the source IP address and subnet mask of a packet is identical with the value of this parameter then the condition
57. ds on the TOS DSCP in packets You can configure the mapping between priority and queues gt When a packet is tagged the 802 1p value depends on the priority of 802 1Q in the packet When a packet is untagged the 802 1p value depends on the default priority of the port You can configure the mapping between the 802 1p priority and queues When forwarding data a port uses a scheduling mode to schedule the data of four queues and the bandwidth of each queue The switch supports two scheduling modes Weighted Round Robin WRR Hq preempt mode and STRICT mode gt WRR mode schedules data flows based on weight ratio Queues obtain their bandwidths based on their weight ratio WRR prioritizes high weight ratio queues More bandwidths are allocated to queues with higher weight ratio 103 Advanced Configuration gt Hg preempt mode forwards high priority packets preferentially It is mainly used for transmitting sensitive signals If a frame enters the high priority queue the switch stops scheduling the low priority queues and starts to process the data of the high priority queue When the high priority queue contains no data the switch starts to process the data of the queue with lower priority gt STRICT mode forwards high priority packets preferentially It is mainly used for transmitting sensitive signals If a frame enters the high priority queue the switch stops scheduling the low priority queues and starts to process the dat
58. e 1 511 Function Set the ID of the ACL entry A maximum of 511 ACL entries can be configured When multiple ACL entries are configured they are compared with packets in the ascending order of IDs Action Options Deny Redir Port Mirror Port Forward Default Deny Function Configure the action towards a packet that matches the ACL entry Deny Packets matching the entry will be denied Redir Port Packets matching the entry will be forwarded to the specified port Specify the port in the drop down list Mirror Port Packets matching the entry will be forwarded to both the destination port and the specified port in the drop down list Control Port Options All ports Any specified port Function Select the port on which the ACL takes effect Source MAC Portfolio MAC address MAC subnet mask Format HHHHHHHHHHHH HHHHHHHHHHHH H is a hexadecimal number Function Configure the source MAC address and subnet mask If the source MAC address and subnet mask of a packet is identical with the value of this parameter then the condition is met Destination MAC 69 Advanced Configuration Portfolio MAC address MAC subnet mask Format HHHHHHHHHHHH HHHHHHHHHHHH H is a hexadecimal number Function Configure the destination MAC address and subnet mask If the destination MAC address and subnet mask of a packet is identical with the value of this parameter then the condition is met Ethernet Type Range 1537 65535 Fu
59. e T High T Low 119 Advanced Configuration Range Enable Disable 150 C 55 C Default Disable 80 C 30 C Function Enable or disable temperature alarm and configure the higher and lower limits Port Alarm Options select deselect Default deselect Function Enable or disable port alarm DT RING Alarm Options select deselect Default deselect Function Enable or disable the DT Ring alarm function 2 After the alarm function is enabled the alarm information is as follows Basic Vision power WARN temperature HIGH IP Alarm Alarm MAC Alarm Normal Port Alarm SUE mm Joes LinkDown ES 87 S1 FE5 S1 FE6 S1 FE7 S1 FE8 S2 FE1 S2 FE2 S2 FE3 S2 FE4 S2 FE S2 FE6 S2 FE7 3 S2 FE8 EE S3 FE S3 FE6 S3 FE7 S S3 FE8 S4 GE1 fewest e EE DT RING Alarm Ring Open Figure 118 Alarm Information SICOM3024P Basic Vision Advanced Configuration IP Alarm Alarm MAC Alarm Normal SO FE2 Port Alarm SO FE1 LinkUp SO FE5 SOFES SO FE10 Link Down SO FE3 SO FE4 SO FE7 SO FES SO FEQ sure OFE17 SO FE21 SOIFE14 SO FE18 SO FE22 O FE11 SO FE12 SO FE1 SO FE16 SO FE19 SO FE20 S0 GX1 soiGx2 S1 FE2 SO FE2 SO FE24 SO GX3 SO GX4 S1 FE1 S1 FE5 S2 FE3 S4iFE6 S2 FE4 S1 FE3 S1 FE4 p S2IFE1 S2 FE2 S2 FE5 S2 FE6 S3 FE1 S3 FE2
60. e exceeds the threshold and the alarm type is set to RisingAlarm or RisOrFallAlarm an alarm is generated and the rising event index is triggered Falling Threshold Range 0 65535 Function Configure the falling edge threshold When the sampling value is lower than the threshold and the alarm type is set to FallingAlarm or RisOrFallAlarm an alarm is generated and the falling event index is triggered Rising Event Index Range 0 65535 Function Configure the index of the rising event that is processing mode for rising edge alarms Falling Event Index Function Configure the index of the falling event that is processing mode for falling edge alarms 137 Advanced Configuration 6 23 Log Query 6 23 1 Overview The log function records the switch running information facilitating the administrator in reading and managing log packets and locating faults Running log covers gt Power alarm temperature alarm IP MAC conflict alarm port alarm DT Ring alarm and port traffic alarm gt Broadcast storm gt Software system restart 6 23 2 Description The running log contains a maximum of 1024 entries When more than 1024 entries are configured new entries overwrite the old entries 6 23 3 Web Configuration 1 Enable the log function as shown in the following figure Figure 133 Log Status Configuration Enable Runlog Options Enable Disable Default Enable Function Enable or disable the running
61. e Fault Disable Send Fault Description If Link Check is enabled on a ring port and the port sends and receives data normally Normal Link is displayed If the peer end does not receive the detection packets from the device Send Fault is displayed If the device does not receive detection packets from the peer end Receive Fault is displayed If Link Check is not enabled on a port Disable is displayed 6 7 Static Multicast 6 7 1 Overview You can configure the static multicast address table You can add an entry to the table in lt multicast MAC address VLAN ID multicast member port gt format When receiving multicast packets the switch searches the table for the corresponding member port to forward the packets The device supports up to 256 multicast entries 6 7 2 Web Configuration 1 Enable static multicast as shown in the following figure RTRSY sense won Disable v Figure 50 Enabling Static Multicast Advanced Configuration Multicast Filtrate Mode Options transmit unknown drop unknown Default transmit unknown Function Configure the processing mode for unknown multicast packets Description Unknown multicast packets are packets neither manually added nor learned through IGMP Snooping or GMRP Transmit unknown indicates unknown multicast packets are broadcasted in the corresponding VLANs drop unknown indicates unknown multicast packets are discarded FDB Multicast Status
62. e ID with the root bridge ID of the BPDU of the root port gt Replace the root path cost with the root path cost of the root port BPDU plus the path cost of the root port gt Replace designated bridge ID with the ID of the local device gt Replace the designated port ID with the ID of the local port 6 Selection of the designated port If the calculated BPDU is better then the device selects the port as the designated port replaces the port BPDU with the calculated BPDU and sends the calculated BPDU If the port BPDU is better then the device does not update the port BPDU and blocks the port Blocked ports can receive and forward only RSTP packets but not other packets 6 13 5 Web Configuration 1 Enable STP RSTP as shown in the following figure Protocol Settings reem ze Figure 92 Enabling RSTP STP Protocol Types Options Disable RSTP STP Default Disable Function Disable or enable RSTP or STP 2 Set the time parameters of the network bridge as shown in the following figure 95 Advanced Configuration 32768 0 65535 2 1 10 Sec 20 6 240 Sec 15 4 128 Sec Default v Figure 93 Setting Time Parameters of the Network Bridge Spanning Tree Priority Range 0 65535 The step is 4096 Default 32768 Function Configure the priority of the network bridge Description The priority is used for selecting the root bridge Th
63. e auto query function can be enabled only if IGMP Snooping is enabled Caution CAUTION The auto query function on a network shall be enabled on at least one switch IGMP Cross Status Options Enable Disable Default Disable Function If the function is enabled report and leave packets can be forwarded 54 Advanced Configuration by the DT ring ports 2 View the multicast member list as shown in the following figure IGMP Member List 01 00 5E 7F FF FA 1 S1 FE1 01 00 5E 0A 18 03 4 S1 FE1 01 00 5E 51 09 08 4 S1 FE1 Figure 54 IGMP Snooping Member List IGMP Member List Combination MAC VLAN ID Member In the FDB multicast table dynamically learned through IGMP Snooping the VLAN ID is the VLAN ID of member ports 6 8 5 Typical Configuration Example As shown in the following figure IGMP Snooping is enabled on Switch 1 Switch 2 and Switch 3 Auto query is enabled on Switch 2 and Switch 3 The IP address of Switch 2 is 192 168 1 2 and that of Switch 3 is 192 168 0 2 Therefore Switch 3 is elected as the querier 1 Enable IGMP Snooping on Switch 1 2 Enable IGMP Snooping and auto query on Switch 2 3 Enable IGMP Snooping and auto query on Switch 3 The router The router en port switch2 port switch3 4 5 2 1 Querier Multicast Server Figure 55 IGMP Snooping Configuration Example gt Switch 3 as the querier periodically sends general query packets Port 4 of Sw
64. e frame in its broadcast domain The switch supports a maximum of 256 static unicast entries 6 24 2 Web Configuration 1 Add a static MAC address entry as shown in the following figure Set FDB Unicast ecdel2345678 SES S1 FE2 v Figure 136 Adding a Static FDB Unicast Entry MAC 140 Advanced Configuration Format HHHHHHHHHHHH H is a hexadecimal number Function Configure the unicast MAC address The lowest bit in the first byte is 0 VLAN ID Options all created VLAN IDs Member Port Options all switch ports Function Select the port for forwarding packets destined for the MAC address The port must be in the specified VLAN 2 View the static unicast address list as shown in the following figure FDB Unicast Mac List ec de 12 34 56 78 2 S1 FE2 CH 00 01 01 01 01 01 1 S1 FE1 Figure 137 Viewing Static FDB Table Select an entry You can delete or modify the entry 3 View the dynamic unicast address list as shown in the following figure Dynamic Unicast Mac List 1 ac 16 2d 03 a7 22 1 S1 FE2 2 70 71 b 95 cc 22 1 S1 FE2 3 d0 67 e5 29 82 6e 1 S1 FE2 4 d4 be d9 b9 47 ce 1 S1 FE2 5 c8 9 dc 57 3e 96 1 S1 FE2 6 00 00 00 98 00 54 1 S1 FE2 7 40 16 9f f0 b0 0e 1 S1 FE2 8 d0 67 e5 19 71 e2 1 S1 FE2 9 80 c1 6e e0 5b 9a 1 S1 FE2 10 d0 27 88 70 5b cd 1 S1 FE2 11 d4 be d9 b9 46 fb 1 S1 FE2 12 d4 be d9 b9 46 bb 1 S1 FE2 13 44 87 f
65. e ring gt Multiple backup ports can be configured in one ring gt On a switch only one backup port can be configured for one ring gt DT Port Ring and DT VLAN Ring cannot be configured on one switch at the same time The following figure shows the working process of switch A B C D Figure 81 DT Ring Topology 1 Configure Switch A as the master station and others as slave stations 2 Because Ring port 1 on the master station links up first it is in a Forwarding state and ring port 2 is in a Blocking state The two ring ports of each slave are in a Forwarding state 3 When link CD connecting Switch C to Switch D fails as shown in the following figure port 2 switches to a Forwarding state and port 6 and port 7 are in a Blocking state Figure 82 DT Ring Link Fault 85 Advanced Configuration Caution The change in link status affects the roles and status of ring ports CAUTION 2 DT Ring implementation DT Ring can provide backup for two DT rings as shown in the following figure One backup port is configured respectively on Switch C and Switch D Which port is the master backup port depends on the MAC addresses of the two ports If the master backup port or its link fails the slave backup port will forward packets preventing loops and ensuring normal communication between redundant rings Master Master a el D port F H Figure 83 DT Ring Topology Caution CAUTION
66. e smaller the value the higher the priority Hello Time Range 1 10s Default 2s Function Configure the interval for sending BPDU Max Age Time Range 6 240s Default 20s Description If the value of message age in the BPDU is larger than the specified value then the BPDU is discarded Forward Delay Time Range 4 128s Default 15s Function Configure status change time from Discarding to Learning or from Learning to Forwarding Message age Increment Options Compulsion Default Default Default 96 Advanced Configuration Function Configure the value to be added to message age when a BPDU passes through a network bridge Description In compulsion mode the value is 1 In default mode the value is max max age time 16 1 Forward Delay Time Max Age Time and Hello Time shall meet the following requirements 2 x Forward Delay Time 1 0 seconds 2 Max Age Time Max Age Time 2 2 x Hello Time 1 0 seconds 3 Enable RSTP on ports as shown in the following figure Port Settings _ Port Protocol State Port Priority 0 255 Path Cost 1 200000000 Cost Count _ S1 FE1 Enable v 128 J Yes v S1 FE2 Enable v 128 2000000 No v S1 FE3 Enable wv 128 200000 Yes v S1 FE4 Enable v 128 2000000 No v S1 FE5 Disable v J e S1 FE6 Disable wv i S1 FE7 Disable v 1
67. elete gt to delete the ACL entry 6 9 4 Web Configuration SICOM3048 1 Add an ACL entry Add List Figure 64 Adding an ACL Entry SICOM3048 Click lt Add List gt in the preceding figure to add an ACL entry Different group 66 Advanced Configuration IDs correspond to different ACL parameters as shown in the following figures Configure Item Lamm sl l MAC sg O Deny ffffffffff00 ue 040404040404 jyac ffffffffff00 ask 1537 1537 65535 28 ams Figure 65 Setting ACL Entry Parameters Group 1 SICOM3048 Configure Item Is EH Red Port v SO SORES Os MAC ffffffffff00 jyask 040404040404 yac 192 168 0 202 e 255 255 255 0 192 168 0 208 255 255 255 0 Figure 66 Setting ACL Entry Parameters Group 2 SICOM3048 Advanced Configuration Configure Item CT _ a nen ior Fo ae ae az ges ege ees ez e 1 15 x4 192 168 0 202 255 255 255 0 MASK P 192 168 0 208 P EREE vask Figure 67 Setting ACL Entry Parameters Group 3 SICOM3048 Configure Item ESE Forward 0 FE1 e 1537 65535 1 4093 H 0 255 6 0 255 69 0 255 le ze Apply Figure 68 Setting ACL Entry Parameters Group 4 SICOM3048 68 Advanced Configuration Group Options 1 4 Default 1 Function Configure the group number of the ACL entry Description Different group IDs correspond to different ACL parameters Item Rang
68. ete it Seen sne so 1 MEZEN 192 168 0 84 repose Synch Figure 114 SNTP Configuration Server State Options active repose 116 Advanced Configuration Description The active server provides SNTP time for the client Only one server can be in active state at a time Synchronization To synchronize time manually click lt Synch gt 4 Configure the switch as the SNTP server as shown in the following figure See 192 168 0 119 2012 09 18 11 41 54 Figure 115 Configuring the Switch as the SNTP Server SNTP State Options Enable Disable Default Disable Function Enable or disable the SNTP server function time zone Options 0 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 and 12 Default 8 Function Select the server time zone 6 19 Alarm 6 19 1 Overview This series switches support the following types of alarms gt Power alarm If the function is enabled then an alarm will be generated for a single power input gt Temperature alarm If the function is enabled then an alarm will be generated when the temperature is equal to or lower than the lower limit or equal to or higher than the higher limit 117 Advanced Configuration gt IP MAC conflict alarm If the function is enabled then an alarm will be generated for an IP MAC conflict gt Port alarm If the function is enabled then an alarm will be genera
69. g S4 GE3 Enable Enable Down _ S4 GE4 Enable Enable Down _ _ Figure 11 Port Status Port ID Display the type and ID of ports Port ID is in Sa B format a indicates the number of the slot where the board resides SO indicates the port is a fixed port on the device not on a board B indicates the port type and ID of the board panel where the port resides 16 Device Status FE FX GE GxX indicate port types FE 10 100Base TX RJ45 port FX 100Base FX port GE Gigabit RJ45 port GX Gigabit SFP slot Administration Status Display the administration status of ports Enable The port is available and permits data transmission Disable The port is locked without data transmission Operation Status Display the operation status of ports Link Display the link status of ports Up The port is in LinkUp state and can communicate normally Down The port is in LinkDown state and cannot communicate normally Speed Display the communication speed of LinkUp ports Duplex Display the duplex mode of LinkUp ports Full duplex The port can receive and transmit data at the same time Half duplex The port only receives or transmits data at the same time Flow Control Display the flow control status of LinkUp ports RX Options Enable Disable Enable The port can receive data Disable The port cannot receive data TX Options Enable Disable Ena
70. gure 23 Software Update through FTP Warning gt Only the software version in inactive state can be used for update through ee WARNING Web gt The file name must contain an extension Otherwise the update may fail 5 Ensure normal communication between the FTP server and the switch as shown in the following figure E Ho log file open WFIPD SEE File Edit View Logging Messages Security Help L 0132 O9 1 7 12 14 40 16 Connection accepted from 192 168 0 119 C 0132 09 17 12 14 40 16 Command USER admin received C 0132 09717712 14 40 16 DAG Sword accepted L 0132 09 17 12 14 40 16 User admin logged in C 0132 09 17 12 14 40 16 Command TYPE I received C 0132 097 17 12 14 40 16 TYPE set to I N C 0132 09 1 7 12 14 40 16 Command PASY received C 0132 09 17 12 14 40 16 Entering Passive Mode 192 168 0 23 8 33 C 0132 09717712 14 40 16 Command RETR sicom 3000DC 1 5 5 bin received C 0132 09 1 7 12 14 40 16 RETRieve started on file sicom 3000DC 1 5 5 bin C 0132 09717712 14 41 33 Transfer finished G 0132 09 1 7 12 14 41 33 Got file D TEST VERSION SICOM3024P_ 3 1 SICOM 3000DC 1 5 5 sicon C 0132 09717712 14 41 45 Command QUIT received C 0132 09 1 7 12 14 41 45 QUIT or close user admin logged out For Help press F1 1 socket 0 users NUM Figure 24 Normal Communication between the FTP Server and the Switch Caution To display update log information as sh
71. he group 6 5 5 Typical Configuration Example As shown in Figure 44 port 2 port 3 and port 4 of Switch A are connected to ports of Switch B respectively forming trunk group 1 to achieve load balancing 48 Advanced Configuration among ports Configuration steps 1 Create trunk group 1 on Switch A and add port 2 port 3 and port 4 to the group as shown in Figure 46 2 Create trunk group 1 on Switch B and add port 2 port 3 and port 4 to the group as shown in Figure 46 6 6 Link Check 6 6 1 Overview Link Check detects the data transmission of redundancy protocol enabled ports Link check helps to detect the anomaly for timely processing when a fault occurs 6 6 2 Web Configuration The following figure shows the link check configuration Link Check S1 FE1 Normal Link S1 FE2 Send Fault S1 FE3 Receive Fault S1 FE4 Disable Disable Disable Disable Disable ei w y l wio Goal Co Administration Status Figure 49 Link Check Configuration Options Enable Disable Default Enable 49 Advanced Configuration Description The function can be enabled only on a redundant protocol enabled port T Caution If the peer device does not support the function the function shall be disabled on CAUTION the connected port of the local device Run Status Options Normal Link Receiv
72. ic Multicast List 1 01 00 00 00 00 01 1 SO FE1 Figure 126 GMRP Dynamic Multicast Table GMRP Dynamic Multicast List Portfolio Index Multicast MAC VLAN ID Member Port 129 Advanced Configuration Function View GMRP dynamic multicast entries 6 21 5 Typical Configuration Example As shown in the following figure Switch A and Switch B are connected through port 2 Port 1 of Switch A is set to an agent port and generates two multicast entries gt MAC address 01 00 00 00 00 01 VLAN 1 gt MAC address 01 00 00 00 00 02 VLAN 2 After configuring different VLAN attributes on ports observe the dynamic registration between switches and multicast information update Agent Port gt Sy SwitchA SwitchB Figure 127 GMRP Networking Configuration on Switch A 1 Enable global GMRP function in switch A set LeaveAll timer to the default value as shown in Figure 122 2 Enable GMRP function and agent function in port 1 enable only GMRP function in port 2 set the timers to default values as shown in Figure 123 3 Configure agent multicast entry Set lt MAC address VLAN ID Member port gt to lt 01 00 00 00 00 01 1 1 gt and lt 01 00 00 00 00 02 2 1 gt as shown in Figure 124 Configuration on Switch B 1 Enable global GMRP function in switch B set LeaveAll timer to the default value as shown in Figure 122 2 Enable GMPR function on port 2 set the timers to default values as shown 130
73. igure the path cost 6 13 6 Typical Configuration Example The priorities of Switch A B and C are 0 4096 and 8192 Path costs of links are 4 5 and 10 as shown in the following figure 98 Advanced Configuration Switch A Priority 0 Switch B Priority 4096 Switch C Priority 8192 Figure 95 RSTP Configuration Example Configuration on Switch A 1 Set priority to 0 and time parameters to default values as shown in Figure 93 2 Set the path cost of port 1 to 5 and that of port 2 to 10 as shown in Figure 94 Configuration on Switch B 1 Set priority to 4096 and time parameters to default values as shown in Figure 93 2 Set the path cost of port 1 to 5 and that of port 2 to 4 as shown in Figure 94 Configuration on Switch C 1 Set priority to 8192 and time parameters to default values as shown in Figure 93 2 Set the path cost of port 1 to 10 and that of port 2 to 4 as shown in Figure 94 gt The priority of Switch A is 0 and its root ID is the smallest Therefore Switch Ais the root bridge gt The path cost from AP1 to BP1 is 5 and that from AP2 to BP2 is 14 99 Advanced Configuration Therefore BP1 is the root port gt The path cost from AP1 to CP2 is 9 and that from AP2 to CP1 is 10 Therefore CP2 is the root port and BP2 is the designated port 6 14 RSTP STP Transparent Transmission 6 14 1 Overview RSTP is compliant with IEEE standard DT Ring is the private redundant protection
74. is met Destination IP Portfolio IP MASK Format A B C D A B C D Function Configure the destination IP address and subnet mask If the destination IP address and subnet mask of a packet is identical with the value of this parameter then the condition is met Ethernet Type Range 1537 65535 Function Configure the Ethernet type If the Ethernet type field of a packet is identical with the value of this parameter then the condition is met TOS DSCP Range 0 255 Function Configure the service type If the corresponding field of a packet is identical with the value of this parameter then the condition is met IP Protocol Range 0 255 Function Configure the IP protocol value If the corresponding field of a packet is identical with the value of this parameter then the condition is met IP TTL Range 0 3 Function Configure the TTL field If the value is set to 0 the TTL of a matched packet must be 0 if the value is set to 1 the TTL of a matched packet must be 1 if the value is set to 2 the TTL of a matched packet range from 2 to 254 if the value is set to 3 the TTL of a matched packet must be 255 If the corresponding field of a packet meets these rules then the condition is met 61 Advanced Configuration Max ICMP Range 0 1023 Function Configure the Max ICMP value The value indicates the data length of ICMP packets If the data length of an ICMP packet is larger than the value then the condition is me
75. itch 2 receives the packets and is thus elected as the routing port Switch 55 Advanced Configuration 2 forwards the packets through port 3 Then port 2 of Switch 1 receives the packets and is thus elected as the routing port gt When PC 1 is added to multicast group 225 1 1 1 and sends IGMP report packets port 1 and port 2 routing port of Switch 1 are added to multicast group 225 1 1 1 IGMP report packets are forwarded to Switch 2 through port 2 Then port 3 and port 4 of Switch 2 are also added to multicast group 225 1 1 1 Switch 2 forwards the report packets to Switch 3 through port 4 As a result port 5 of Switch 3 is also added to multicast group 225 1 1 1 gt When receiving multicast data Switch 1 forwards the data to PC 1 through port 1 As port 2 is also a multicast group member it also forwards multicast data As the process proceeds multicast data finally reaches port 5 of Switch 3 because no further receiver is available If PC 2 is also added to multicast group 225 1 1 1 multicast data is also forwarded to PC 2 6 9 ACL 6 9 1 Overview With the development of network technologies security issues have become increasingly prominent calling for access control mechanism With the Access Control List ACL function the switch matches packets with the list to implement access control 6 9 2 Implementation The series switches filter packets according to the matched ACL Each entry consists several conditions in
76. ity Description The MIB information of the switch can be read and written only if the community name carried by an SNMP packet is identical with that configured on the switch Request Port 80 Advanced Configuration Range 1 65535 Default 161 Function Configure the number of the port for receiving SNMP requests 3 Set trap parameters as shown in the following figure Trap Settings Pie s O 162 1 65535 192 168 0 23 IP Addr IP Addr er cy es er ass Figure 78 Trap Configuration Trap on off Options Enable Disable Default Enable Function Enable or disable trap sending Trap Port ID Options 1 65535 Default 162 Function Configure the number of port for sending trap messages Server IP Address Format A B C D Function Configure the address of the server for receiving trap messages You can configure a maximum of five servers 4 View the IP address of the management server as shown in the following figure 81 Advanced Configuration Management Station 192 168 0 23 IP Addr IP Addr IP Addr Figure 79 IP Address of Management Server The IP address of the management server does not need to be configured manually The switch automatically displays it only if the NMS is running on the server and reads and writes the MIB node information of the device 6 11 6 Typical Configuration Example SNMP management server is
77. ket is 0 User Defined Field 0 2 Portfolio Value Base Addr Offset Range or Options Value 1 65535 Base Adar End of Tag Default End of EthType End of IP Header Offset 0 63 Function Define a field as an ACL condition Value indicates the value to be matched Base Addr indicates the reference point of a packet End of Tag indicates the end of the Tag field is the reference point End of EthType indicates the end of the EthType field is the reference point End of IP Header indicates the end of the IP header field is the reference point Offset indicates the offset of the value compared with the reference point If the Offset of a packet compared with Base Addr is Value then the condition is met F Note L NOTE It is not necessary to set all these parameters but at least one parameter needs to be set If only one parameter is required then leave all the other parameters empty 3 View the ACL IPACL 1 IPACL 3 IPACL 70 Add List Figure 62 ACL Entries SICOM3024P Click an ACL entry in the preceding figure Then modify or delete the ACL entry as shown in the following figure 65 Advanced Configuration Fee EE sim S1FE1 S1 FE2 BW SEET S1 FES il oO S2 FE5 S2 FE6 ai F S3 FX3 S3 FX4 O O S4 GX1 S4 GX2 O oO O P MASK Figure 63 Modifying Deleting an ACL Entry SICOM3024P Click lt Apply gt for changes to take effect after modification Click lt D
78. llowing figure shows the relationships among the NMS agent and MIB Get Set requests cb E EE Get responses and Traps NMS Agent Figure 74 Relationship among NMS Agent and MIB MIB defines a tree structure The tree nodes are managed objects Each node has a unique Object Identifier OID which indicates the location of the node in the MIB structure As shown in the following figure the OID of object A is Root gt d Ze Node 1 Node 2 N d N Node 1 NO Node 2 a J d d Ne f P Object 1 e f Node 1 8 object 2 d d E d Objecta 1 Figure 75 MIB Tree Structure 79 Advanced Configuration 6 11 5 Web Configuration 1 Enable SNMP as shown in the following figure Lay Figure 76 Enabling SNMP SNMP Status Options Enable Disable Default Enable Function Enable or disable SNMP 2 Configure access rights as shown in the following figure public 3 16 3 16 p rivate 161 1 65535 Figure 77 Access Rights Configuration Read Only Community Range 3 16 characters Default public Function Configure the name of read only community Description The MIB information of the switch can be read only if the community name carried by an SNMP packet is identical with that configured on the switch Read Write Community Range 3 16 characters Default private Function Configure the name of read write commun
79. log function If the function is enabled running information will be recorded 2 Configure running log upload as shown in the following figure 138 RunLog Uploaded Advanced Configuration FTP Server IP Address Format A B C D 192 168 0 23 log txt admin Figure 134 Running Log Upload Function Set the IP address of the FTP server FTP File Name Range 1 20 characters Function Set the name of the log file saved on the server FTP User Name Range 1 20 characters Function Set the FTP user name FTP Password Range 1 20 characters Function Set the FTP password Caution A CAUTION The FTP server software needs to be running during log upload 3 View the running log as shown in the following figure Performance log 10 Ring Open Close THU SEP 13 15 24 42 2012 Ring alarm entity id 1 estate Ring open H PortLink Alarm THU SEP 13 15 24 42 2012 Port alarm entity id 1 2 port1 2 state Link down 8 Ring Open Close THU SEP 13 15 24 07 2012 Ring alarm entity id 1 state Ring close 7 PortLink Alarm THU SEP 13 15 24 07 2012 Port alarm entity id 1 2 port 1 2 state Link up 6 Output rate THU SEP 13 15 23 44 2012 Output alarm entity id 1 state Alarm 5 Input rate THU SEP 13 15 23 43 2012 Input alarm entity id 1 state Alarm 4 PortLink Alarm THU SEP 13 15 23 39 2012 Port alarm entity id 1
80. ly when the administration status is Disable the operation status is set to Disable forcibly Auto Options Enable Disable Default Enable Function Configure the auto negotiation status of ports Description When Auto is set to Enable the port speed and duplex mode will be automatically negotiated according to port connection status when Auto is set to Disable the port speed and duplex mode can be configured Caution A 100Base FX ports are set to Disable forcibly CAUTION Speed Options 10M 100M 1000M Function Configure the speed of ports forcibly Description When Auto is set to Disable the port speed can be configured Duplex Options Half Full Function Configure the duplex mode of ports Description When Auto is set to Disable the port duplex mode can be configured 22 Basic Configuration Caution A gt 10 100Base TX ports can be set to auto negotiation 10M amp full duplex CAUTION 10M amp half duplex 100M amp full duplex or 100M amp half duplex gt 100Base FX ports are set to 100M amp full duplex gt 1000M RJ45 ports can be set to auto negotiation 10M amp full duplex 10M amp half duplex 100M amp full duplex 100M amp half duplex 1000M amp full duplex ot 1000M amp half duplex gt 1000M fiber ports can be set to auto negotiation and 1000M amp full duplex You are advised to enable auto negotiation for each port to avoid the connection problems caused by mis
81. ly if the function is enabled on a port gt The traffic alarm function is direction specific Incoming and outgoing traffic corresponds to different alarms gt Ifa CRC error occurs then a CRC error alarm is generated 6 20 2 Web Configuration 1 Configure port traffic alarm as shown in the following figure ser eebe enable v Figure 120 Configuring Port Traffic Alarm 122 Advanced Configuration Port Options all switch ports Function Select the ports for traffic alarm Alarm Type Options Input Rate Output Rate CRC Error Function Configure the port traffic alarm type Alarm Status Options enable disable Default disable Function Enable or disable the alarm type Alarm Threshold Range 1 1000000000bps or 1 1000000kbps Function Configure the port traffic alarm threshold 2 View port traffic alarm information as shown in the following figure S1 FE1 enable 100bps alarm enable 1000bps alarm enable alarm S1 FE2 enable 100kbps normal enable 100bps normal enable normal S1 FE3 disable disable disable S1 FE4 disable disable disable S1 FES disable disable e disable S1 FE6 disable disable disable S1 FE7 disable disable disable S1 FE8 disable disable disable S4 GE1 disable disable disable S4 GE2 disable disable disable S4 GE3 disable disable s gt disable S4 GE4 disable disable disable
82. matched port configuration If you want to force port speed duplex mode please make sure the same speed duplex mode configuration in the connected ports at both ends Flow Control Options Off On Default Off Function Enable Disable flow control function on the designated port Description Once the flow control function is enabled the port will inform the sender to slow the transmitting speed to avoid packet loss by algorithm or protocol when the port received flow is bigger than the size of port cache If the devices work in different duplex modes half full their flow control is realized in different ways If the devices work in full duplex mode the receiving end will send a special frame Pause frame to inform the sending end to stop sending packets When the sender receives the Pause frame it will stop sending packets for a period of wait time carried in the Pause frame and continue sending packets once the wait time ends If the devices work in half duplex mode they support back pressure flow control The receiving end creates a conflict or a carrier signal When the sender detects the conflict or the carrier wave it will take backoff to postpone the data transmission 23 Basic Configuration RX Options Enable Disable Default Enable Function Allow the port to receive data or not Description Enable indicates the port can receive data Disable indicates the port cannot receive data TX Options Enable Disable
83. me Directory Restricted to home Help Rights gt gt Change Password E New Password a E Verity Password KS Cancel Help For Help press F1 1 socket 0 users NUM Figure 21 Creating a New FTP User 2 Input the storage path of the update file in Home Directory as shown in the following figure Click lt Done gt 25 Ho log file open WFIPD User Rights Security Dialog User Name admin X User New User Delete Change Pass Home Directory F Stest version Restricted to home Help Rights gt gt For Help press F1 1 socket Ousers Figure 22 File Location Basic Configuration 3 To update the BootROM software input the following command in the management view Switch update bootrom File_name Ftp_server_ip_address User_name Password The following table lists the parameter descriptions Table 2 Parameters for BootROM Update by FTP Parameter Description File_name Name of the BootROM version Pip server ID address IP address of the FTP server User_name Created FTP user name Password Created FTP password 4 The following figure shows the software update page Enter the IP address of the FTP server file name on the server FTP user name and password Click lt Apply gt 26 Basic Configuration 2 v 192 168 0 23 icom 3000DC 1 5 5 bin admin Fi
84. n Figure 39 6 4 Port Mirroring 6 4 1 Overview With port mirroring function the switch copies all received or transmitted data frames in a port mirroring source port to another port mirroring destination port The mirroring destination port is connected to a protocol analyzer or RMON monitor for network monitoring management and fault diagnosis 6 4 2 Description A switch supports only one mirroring destination port but multiple source ports Multiple source ports can be either in the same VLAN or in different VLANs Mirroring source port and destination port can be in the same VLAN or in different VLANs The source port and destination port cannot be the same port T Caution CAUTION gt A mirroring source or destination port cannot be added to a Trunk group while the port added to a Trunk group cannot be set to a mirroring destination or source port gt A mirroring source or destination port cannot be set to a redundant port while a redundant port cannot be set to a mirroring source or destination port 43 Advanced Configuration 6 4 3 Web Configuration 1 Select the mirroring destination port as shown in the following figure im _ Figure 41 Selecting a Mirroring Port Mirroring Port Options Disable a switch port Default Disable Function Select a port to be the mirroring destination port There must be only one mirroring destination port 2 Select mirroring source ports and the mir
85. n be added to multiple VLANs 3 View the VLAN list as shown in the following figure Ingress VLAN Filter Nonmember Drop v Untagged Port VLAN List Fi default 1 oO vlan 2 EI vlan 3 Add Figure 33 Viewing VLAN List 36 Advanced Configuration PVLAN List Options select deselect Function Enable or disable the PVLAN function For details see the next chapter 4 View the PVIDs of ports Click lt Untagged Port VLAN List gt in Figure 33 The following page is displayed S 1 FE1 S1 FE2 S1 FE3 S1 FE4 S1 FES S1 FE6 S1 FE7 S1 FE8 S4 GE1 S4 GE2 S4 GE3 sch ee ee ee ee ee ee ee LI eh LI cb S4 GE4 Figure 34 Port PVID List A Caution Each port must have an Untag attribute If it is not set the Untag port is in CAUTION VLAN 1 by default 5 Modify Delete VLAN Click a VLAN list in Figure 33 You can modify or delete a created VLAN Click lt Delete gt at the bottom You can delete a VLAN directly as shown in the following figure 37 Advanced Configuration Edit VLAN Group VLAN Name vlan VLAN ID Fon VLANMember Priority PVLAN S1FE1 i v Disable S1FE2 8 i Disable S1 FE3 E E S1EEA v i isable S1 FE5 Tagged v l S1 FE6 Untagged v
86. n in the following figure select the ports to be added to the VLAN and set port parameters VLAN Name vlan vANID 2 rop VLANMember Priority PVLAN s1FE1 sl mo Disable E sl mo S1FE3 Less sl sires a sl o Disable S1FES Tagged v 0 S1 FE6 Untagged v 1 Disable S1 FE7 Untagged v dal Disable S4 FE8 y s4iGE1 el 1 7 ce SS i VEH Disable S4 GE3 Lo y 0 4iGE4 Losse el 7 Figure 32 VLAN Configuration VLAN Name 35 Advanced Configuration Range 1 31 characters Function Set the VLAN name VLAN ID Range 2 4093 Function Configure the VLAN ID Description VLAN ID is used to distinguish different VLANs This series switches support a maximum of 256 VLANs VLAN Member Options Tagged Untagged Function Select the type of the port in the VLAN Priority Range 0 7 Default 0 Function Set the default priority of the port When adding an 802 1Q tag to an untagged packet the value of the PRI field is the priority PVLAN Options Enable Disable Default Disable Function To add a Tag port to a VLAN you need to enable or disable PVLAN For details about PVLAN see the next chapter Caution CAUTION An Untag port can be added to only one VLAN The VLAN ID is the PVID of the port The default value is 1 A Tag port ca
87. n is met if the source IP address of a packet is different from its destination IP address Yes indicates the condition is met if the source IP address of a packet is identical with its destination IP address Same L4 Port Options Disable Yes No Default Disable Function Check whether the source Layer 4 port number of a packet is identical with its destination Layer 4 port number Disable indicates the rule is not used No indicates the condition is met if the source Layer 4 port number of a packet is different from its destination Layer 4 port number Yes indicates the condition is met if the source Layer 4 port number of a packet is identical with its destination Layer 4 port number TCP UDP Valid Options Disable Yes No Default Disable Function Check whether the received packet is a TCP UDP packet Disable indicates the rule is not used Yes indicates the condition is met if the received packet is a valid TCP UDP 71 Advanced Configuration packet No indicates the condition is met if the received packet is not a valid TCP UDP packet TCP Frame Valid Options Disable Yes No Default Disable Function Check whether the received packet is a valid TCP frame Disable indicates the rule is not used Yes indicates the condition is met if the received packet is a valid TCP frame No indicates the condition is met if the received packet is not a valid TCP frame TCP Sequence Zero Options Disable Yes No Default Dis
88. nction Configure the Ethernet type If the Ethernet type field of a packet is identical with the value of this parameter then the condition is met Vlan Tag Range 1 4093 Function Configure the VLAN ID If the corresponding field of a packet is identical with the value of this parameter then the condition is met IPV4 Valid Options Disable Yes No Default Disable Function Check whether the received packet is a valid IPv4 packet Disable indicates the rule is not used Yes indicates the condition is met if the received packet is a valid IPv4 packet No indicates the condition is met if the received packet is not a valid IPv4 packet Source IP Portfolio IP address IP subnet mask Format A B C D A B C D Function Configure the source IP address and subnet mask If the source IP address and subnet mask of a packet is identical with the value of this parameter then the condition is met Destination IP Portfolio IP address IP subnet mask 70 Advanced Configuration Format A B C D A B C D Function Configure the destination IP address and subnet mask If the destination IP address and subnet mask of a packet is identical with the value of this parameter then the condition is met Same IP Address Options Disable Yes No Default Disable Function Check whether the source IP address of a packet is identical with its destination IP address Disable indicates the rule is not used No indicates the conditio
89. nfiguration GMRP State Options Enable Disable Default Disable Function Enable or disable the global GMRP function The function and IGMP Snooping cannot be used at the same time LeaveAll Timer Range 100ms 327600ms Default 10000ms Function Set the interval for sending LeaveAll messages The value must be a multiple of 100 Description If the LeaveAll timers of different devices expire at the same time multiple LeaveAll messages will be sent simultaneously increasing unnecessary packets To prevent this problem the actual timeout of a LeaveAll timer is a random value between the specified value and 1 5 times the specified value 2 Configure GMPR function on each port as shown in the following figure 126 Advanced Configuration Port Configure S1 FE1 Enable v Enable w 100 ms 500 ms 3000 SS S1 FE2 Enable w Disable Si 100 ms 500 ms 3000 ms S1 FE3 Enable v Disable v 100 ms 500 ms 3000 ms S1FE4 Disable sl Disable Doo s Ep ms eom es S1 FE5 Disable v Disable 100 ms 500 ms 3000 ms S1FE6 Disable v Disable Op ms Em ms eom ge S1 FE7 Disable v Disable 100 ms 500 ms 3000 ms S4 FE8 Disable sel Disable m ms Em ms eom es SAGE Disable wi Disable TCO ms E0 ms opp a S4 GE2 Disable v
90. nfiguration 1 Set the action to Redir Port and select port 1 in the drop down list as shown in Figure 58 2 Select FE2 in Control Port as shown in Figure 58 3 Set the source MAC address to 020202020202 and subnet mask to FFFFFFFFFFFF as shown in Figure 58 4 Keep all the other parameters empty 6 10 ARP 6 10 1 Overview The Address Resolution Protocol ARP resolves the mapping between IP addresses and MAC addresses by the address request and response mechanism The switch can learn the mapping between IP addresses and MAC addresses of other hosts on the same network segment It also supports static ARP entries for specifying mapping between IP addresses and MAC addresses Dynamic ARP entries periodically age out ensuring consistency between ARP entries and actual applications The series switches provide not only Layer 2 switching function but also the ARP function for resolving the IP addresses of other hosts on the same network segment enabling the communication between the NMS and managed hosts 6 10 2 Description ARP entries fall into dynamic and static ones Dynamic entries are generated and maintained based on the exchange of ARP packets Dynamic entries can expire be updated by a new ARP packet or be overwritten by a static ARP entry Static entries are manually configured and maintained They never expire or are overwritten by dynamic ARP entries The switch supports up to 512 ARP entries 256 static ones at
91. nformation Basic information includes the project name switch name location contact and system time as shown in the following figure Chongxin Mansion Buil 86 10 88798888 2012 year 9 month m2 day hour 9 minute Gd second Figure 17 Device Information SICOM3024P Chongxin Mansion Buil 86 10 88798888 Figure 18 Device Information SICOM3048 Project Name Range 1 64 characters System Name Range 1 32 characters Location 20 Basic Configuration Value English Chinese characters Range 1 255 characters One Chinese character occupies the position of two English characters Contact Value English Chinese characters Range 1 32 characters One Chinese character occupies the position of two English characters Device time Portfolio YYYY MM DD HH MM SS Range YYYY year ranges from 2000 to 2099 MM month from 1 to 12 DD day from 1 to 31 HH hour from 0 to 23 and MM minute and SS second from 0 to 59 Function Set the system date and time The switch can continue timekeeping after powered off 5 3 Port Configuration In port configuration you can configure port status port speed flow control and other information as shown in the following figure S1
92. not available on SICOM3048 NOTE Preface Conventions in the manual 1 Text format conventions Format Description The content in lt gt is a button name For example click lt Apply gt button The content in is a window name or a menu name For example click File menu item The content in is a portfolio For example IP address MAC address means the IP address and MAC address are a portfolio and they can be configured and displayed together Multi level menus are separated by gt For example Start All Programs Accessories Click Start menu click the sub menu All programs then click the submenu Accessories Select one option from two or more options that are separated by mm For example Addition Deduction means addition or deduction It means a range For example 1 255 means the range from 1 to 255 2 CLI conventions Format Description Bold Commands and keywords for example show version appear in bold font Italic Parameters for which you supply values are in italic font For example in the show vlan vian id command you need to supply the actual value of vian id 3 Symbol conventions Preface Symbol Description Al The matters need attention during the operation and configuration Caution and they are supplement to the operation description L Necessary explanations to the oper
93. omain ID 1 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Disable do not set backup ports as shown in Figure 87 Configuration on Switch B 2 Domain ID 1 Domain name Ring Ring port port 1 and port 2 Station type Master DT Ring Disable do not set backup ports as shown in Figure 87 Configuration on Switch C and Switch D 3 Domain ID 1 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Enable Backup port port 3 as shown in Figure 87 Configuration on Switch E Switch F and Switch G 4 Domain ID 2 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Disable do not set backup ports as shown in Figure 87 Configuration on Switch H 5 Domain ID 2 Domain name Ring Ring port port 1 and port2 Station type 91 Advanced Configuration Master DT Ring Disable do not set backup ports as shown in Figure 87 6 13 RSTP STP 6 13 1 Overview Standardized in IEEE802 1D the Spanning Tree Protocol STP is a LAN protocol used for preventing broadcast storms caused by link loops and providing link backup STP enabled devices exchange packets and block certain ports to prune loops into trees preventing proliferation and endless loops The drawback of STP is that a port must wait for twice the forwarding delay to transfer to the forwarding state To overcome the drawback IEEE creates 802 1w standard to supplement 802 1D IEEE
94. on Configure the value of the IP protocol version plus the header length If the corresponding field of a packet is identical with the value of this parameter then the condition is met IP TTL Range 0 255 Function Configure the TTL field If the corresponding field of a packet is identical with the value of this parameter then the condition is met Note It is not necessary to set all parameters but at least one parameter needs to be NOTE set If only one parameter is required then leave the other parameters empty 3 View the ACL 73 Advanced Configuration IPACL 1 IPACL 2 IPACL 3 IPACL 4 Figure 69 ACL Entries SICOM3048 Click an ACL entry in the preceding figure You can modify or delete the ACL entry as shown in the following figure Item Configuration p om 1537 1537 65535 020202020202 mac EE vask 040404040404 mac FFFFFFFFFFOO MASK La Amen Figure 70 Modifying Deleting an ACL Entry SICOM3048 Click lt Apply gt for the changes to take effect after modification You can click lt Delete gt to delete the ACL entry 6 9 5 Typical Configuration Example The following uses SICOM3024P as an example to describe the configuration steps for an ACL entry Connect port 2 of the switch Configure the port to receive packets only from source MAC address 02 02 02 02 02 02 and forward the packets through port 1 Configuration steps Advanced Co
95. own in the preceding figure you need to CAUTION click Logging Log Options in WFTPD and select Enable Logging and the log information to be displayed 27 Basic Configuration 6 When the update is completed as shown in the following figure please reboot the device and open the Switch Basic Information page to check whether the update succeeded and the new version is active Result The software is upgraded successfully Figure 25 Successful Software Update through FTP meee Warning gt In the software update process keep the FTP server software running EE WARNING gt When update completes reboot the device to make the new version take effect gt If update fails do not reboot the device to avoid the loss of software file and startup anomaly 5 6 Software Version Query Two software versions can be downloaded to the switch but only one can be in active state at a time In the Web UI you can update only the inactive version By querying software versions you can learn the IDs release dates and statuses of the two versions as shown in the following figure Software Version 2012 9 10 18 04 2012 9 10 18 04 Figure 26 Software Version Query Active y Zeie 2 oss 28 Basic Configuration 5 7 Configuration Upload Download Configuration backup function can save current switch configuration files on the server When the switch
96. packet The querier periodically sends general query packets destination IP address 224 0 0 1 to confirm whether or not the multicast group has member ports After receiving the query packet a non querier device forwards the packet to all its connected ports gt Specific query packet If a device wants to leave a multicast group it sends an IGMP leave packet After receiving the leave packet the querier sends a specific query packet destination IP address IP address of the multicast group to confirm whether the group contains other member ports gt Membership report packet If a device wants to receive the data of a multicast group the device sends an IGMP report packet destination IP address IP address of the multicast group immediately to respond to the 53 Advanced Configuration IGMP query packet of the group gt Leave packet If a device wants to leave a multicast group the device will send an IGMP leave packet destination IP address 224 0 0 2 6 8 4 Web Configuration 1 Enable IGMP Snooping as shown in the following figure Enable v Enable v Figure 53 Enabling IGMP Snooping IGMP Snooping Status Options Enable Disable Default Disable Function Enable or disable IGMP Snooping IGMP Snooping and static multicast GMRP cannot be enabled at the same time Auto Query Status Options Enable Disable Default Disable Function Enable or disable auto query for querier election Description Th
97. ple VLANs on a tangent port that is one port is part of different redundant rings based on different VLANs DT Port Ring and DT VLAN Ring cannot be used together 6 12 2 Concepts gt Master station One ring has only one master station The master station sends DT Ring packets and detects the current status of the ring gt Master port On the master station the first port whose link status changes to up is called the master port It is in forwarding state gt Slave port On the master station the port whose link status changes to up later is called the slave port When the ring is closed the slave port is in blocking state When a ring is open due to a link or port failure the status of the slave port changes to forwarding gt Slave station A ring can include multiple slave stations Slave stations listen to and forward DT Ring packets and report fault information to the master station 83 Advanced Configuration gt Backup port The port for communication between DT rings is called the backup port gt Master Backup Port When there are multiple backup ports in a ring the master backup port is the backup port corresponding to a lager device MAC address and it is in a Forwarding state gt Slave Backup Port When there are multiple backup ports in a ring all the other ports except the master backup port are slave backup ports and they are in a blocking state gt Forwarding state A port can forward and receive da
98. port of a PC to the console port of the switch with a DB9 RJ45 cable 2 Run the Hyper Terminal in Windows desktop Click Start All Programs Accessories Communications Hyper Terminal as shown in the following figure Switch Access E Co e RI Hyperterminal Entertainment tb Network Connections ICH System Tools gt I Network Setup Wizard QJ Address Book a New Connection Wizard J Calculator 3 Wireless Network Setup Wizard ER Command Prompt ge E Notepad Y Paint Program Compatibility Wizard gt Internet Ki My Documents Internet Explorer E mail Fe My Recent Documents Outlook Express Set Program Access and Defaults W Windows Catalog Windows Update 8 Microsoft Update Ca Remote Desktop Connection Synchronize EE Tour windows xP E Windows Explorer A Wordpad ICH Games EH Startup Internet Explorer Wi msn Pi Outlook Express C Tour Windows XP 1 Files and Settings Tr Wizard ES Command Prompt s gt Remote Assistance Windows Media Player Winrar AllPrograms Figure 1 Starting the Hyper Terminal 3 Create a new connection Switch as shown in the following figure New Connection HyperTerminal Connection Description wy New Connection Enter a name and choose an icon for the connection Name Switch Icon Figure 2 C
99. protocol of Kyland but cannot coexist with RSTP on the same network To solve this problem Kyland developed the RSTP STP transparent transmission function The function enables the switch to keep other redundant protocols while transparently transmitting RSTP packets meeting industrial communication requirements Switches running other redundant protocols can receive and forward RSTP packets only if the RSTP transparent transmission function is enabled RSTP transparent transmission enabled switches can be regarded as a transparent link As shown in the following figure Switch A Switch B Switch C and Switch D form a DT ring The transparent transmission function is enabled on these four switches so that Switch E and Switch F can receive RSTP packets from each other Figure 96 RSTP Transparent Transmission 100 Advanced Configuration 6 14 2 Web Configuration Configure RSTP transparent transmission on ports as shown in the following figure Fo RSTP Transparent Transmission S1 FE1 Disable S1 FE2 Disable S1 FE3 isabl S1 FE4 Disabl S1 FE5 Enable v S1 FE6 Enable v S1 FE7 Disable v S1 FES Disable v S4 GE1 Disable v S4 GE2 Disable v S4 GE3 Disable v S4 GE4 Disable v Figure 97 RSTP Transparent Transmission Configuration RSTP Transparent Transmission Options Enable Disable Default Disable Function Enable or disable RSTP transparent transmission on ports
100. reating a New Connection 4 Connect the communication port in use as shown in the following figure Switch Access Connect To B Switch Enter details for the phone number that you want to dial Country region imna 5 Area code Phone number E Conect using T Figure 3 Selecting the Communication Port Note To confirm the communication port in use right click My Computer and click Property Hardware Device Manager Port 5 Set port parameters Bits per second 9600 Data bits 8 Parity None Stop bits 1 and Flow control None as shown in the following figure COM1 Properties Port Settings Bits per second Data bits Parity Stop bits Flow control Figure 4 Setting Port Parameters 10 Switch Access 6 Click lt OK gt The switch CLI is displayed Input password admin and press lt Enter gt to enter the user view as shown in the following figure Switch HyperTerminal Elle File Edit View Call Transfer Help Dw 2 aD ef Switch gt Connected 0 00 03 Auto detect Auto detect Figure 5 CLI 2 3 Access through Telnet The precondition for accessing a switch by Telnet is the normal communication between the PC and the switch 1 Enter telnet P address in the Run dialog box as shown in the following figure Type the name of a program folder document or Internet resource
101. roring mode as shown in the following figure S1 FE1 RX amp TX v S1 FE2 RX S1 FE3 RX v S1 FE4 TX v C1 s4 FE5 RX large Care RX C S1 FE8 RX O S4 GE1 RX O S4 GE2 O S4 GE3 O S4 GE4 Figure 42 Mirroring Source Port Mode Options RX TX RX amp TX Function Select the data to be mirrored TX indicates only the transmitted packets are mirrored in the source port RX indicates only the received packets are mirrored in the source port 44 Advanced Configuration TX amp RX indicates both transmitted and received packets are mirrored in the source port 6 4 4 Typical Configuration Example As shown in the following figure the mirroring destination port is port 2 and the mirroring source port is port 1 Both transmitted and received packets on port 1 are mirrored to port 2 Message prcocessingin device Source port Destination port Host Mirrored port Mirroring port Data monitoring device Figure 43 Port Mirroring Example Configuration steps 1 Set port 2 to the mirroring destination port as shown in Figure 41 2 Set port 1 to the mirroring source port and the port mirroring mode to TX amp RX as shown in Figure 42 6 5 Port Trunk 6 5 1 Overview Port trunk is to bind a group of physical ports that have the same configuration to a logical port The member ports in a trunk group can not only share the load but also become a dynamic backup
102. roups RMON RFC2819 defines multiple RMON groups The series devices support statistics group history group event group and alarm group in public MIB Each group supports up to 32 entries gt Statistics group With the statistics group the system collects statistics on all types of traffic on ports and stores the statistics in the Ethernet statistics table for further query by the management device The statistics includes the number of network collisions CRC error packets undersized or oversized packets broadcast and multicast packets received bytes and received packets After creating a statistics entry on a specified port successfully the statistics group counts the number of packets on the port and the statistics is a continuously accumulated value gt History group History group requires the system to periodically sample all kinds of traffic on ports and saves the sampling values in the history record table for further query by the management device The history group counts the statistics values of all kinds of data in the sampling interval gt Event group Event group is used to define event indexes and event handing methods Events defined in the event group is used in the configuration item of alarm group An event is triggered when the monitored device meets the alarm condition Events are addressed in the following ways Log logs the event and related information in the event log table Trap sends a Trap message to
103. rt number for Layer 4 protocol packets If the corresponding field of a packet is identical with the value then the condition is met Dst Port Range 0 3 Portfolio X Y X and Y XSY range from 1 to 65535 X and Y indicate the lower and upper limits of Layer 4 destination port numbers respectively Function Configure the destination port number range for Layer 4 protocol packets If the corresponding field of a packet is within the specified range then the condition is met L2 Format Options None L2_Others Ethernet_II IEEE 802 2 SNAP Default None Function Configure Layer 2 Ethernet frame format None indicates this rule is not used L2 Others indicates all of the other Ethernet frame formats except Ethernet_Il and IEEE 802 2 SNAP When the Ethernet frame format of a packet is consistent with the specified value then the condition is met L3 Format Options None L3_Others IPV4_without_frag IPV6_without_exten Default None Function Configure the Layer 3 Internet protocol None indicates this rule is not used L3 Others indicates all the Layer 3 Internet protocols except IPV4_without_frag and IPV6_without_exten When the Layer 3 Internet protocol of a packet is consistent with the specified value then the condition is met L4 Format 63 Advanced Configuration Options None L4_Others TCP UDP ICMP IGMP Default None Function Configure the Layer 4 protocol type None indicates this rule is not used LA Others indicate
104. rview Internet Group Management Protocol Snooping IGMP Snooping is a multicast protocol at the data link layer It is used for managing and controlling multicast groups IGMP Snooping enabled switches analyze received IGMP packets establish mapping between ports and MAC multicast addresses and forward multicast packets according to the mapping 52 Advanced Configuration 6 8 2 Concepts gt Querier periodically sends IGMP general query packets to query the status of the members in the multicast group maintaining the multicast group information When multiple queriers exist on a network they automatically elect the one with the smallest IP address to be the querier Only the elected querier periodically sends IGMP general query packets The other queriers only receive and forward IGMP query packets gt Router port receives general query packets on an IGMP enabled switch from the querier Upon receiving an IGMP report a switch establishes a multicast entry and adds the port that receives the IGMP report to the member port list If a router port exists it is also added to the member port list Then the switch forwards the IGMP report to other devices through the router port so that the other devices establish the same multicast entry 6 8 3 Principle IGMP Snooping manages and maintains multicast group members by exchanging related packets among IGMP enabled devices The related packets are as follows gt General query
105. s all the protocols except TCP UDP ICMP and IGMP When the Layer 4 protocol type of a packet is consistent with the specified value then the condition is met Same IP Options Disable False True Default Disable Function Check whether the source IP address of a packet is identical with its destination IP address Disable indicates the rule is not used False indicates the condition is met if the source IP address of a packet is different from its destination IP address True indicates the condition is met if the source IP address of a packet is identical with its destination IP address Same L4 Port Options Disable False True Default Disable Function Check whether the source Layer 4 port number of a packet is identical with its destination Layer 4 port number Disable indicates the rule is not used False indicates the condition is met if the source Layer 4 port number of a packet is different from its destination Layer 4 port number True indicates the condition is met if the source Layer 4 port number of a packet is identical with its destination Layer 4 port number TCP Sequence Zero Options Disable False True Default Disable Function Check whether the TCP Sequence field of a packet is 0 64 Advanced Configuration Disable indicates the rule is not used False indicates the condition is met if the TCP Sequence field of a packet is not 0 True indicates the condition is met if the TCP Sequence field of a pac
106. t TCP Flag Range 0 63 Function Configure the TCP flag If the corresponding field of a packet is identical with the value of this parameter then the condition is met ICMP Type Code Range 0 65535 Function Configure the ICMP type code If the corresponding field of a packet is identical with the value of this parameter then the condition is met Vlan ID Range 1 4093 Function Configure the VLAN ID If the corresponding field of a packet is identical with the value of this parameter then the condition is met Vian ID Range 0 3 Portfolio X Y and Y X lt Y range from 1 to 4093 X and Y indicate the lower and upper limits of Vlan IDs respectively Function Configure the range of VLAN IDs of packets The condition is met when the VLAN ID of a packet is within the specified range Source L4 Port Range 1 65535 Function Configure the source port number for Layer 4 protocol packets If the corresponding field of a packet is identical with the value then the condition is met Src Port Range 0 3 Portfolio X Y X and Y XSY range from 1 to 65535 X and Y indicate the lower and upper limits of Layer 4 source port numbers respectively 62 Advanced Configuration Function Configure the source port number range for Layer 4 protocol packets If the corresponding field of a packet is within the specified range then the condition is met Destination L4 Port Range 1 65535 Function Configure the destination po
107. ta gt Blocking state A port can receive and forward only DT Ring packets but cannot receive or forward any other data packets 6 12 3 Implementation 1 DT Ring implementation The master port on the master station periodically sends DT Ring packets to detect ring status If the slave port of the master station receives the packets the ring is closed otherwise the ring is open When a ring is closed the master port of the master station is in a forwarding state the slave port in a blocking state and all ring ports of slave stations are in a forwarding state A ring may be open in the following cases gt The master port of the master station fails The statuses of the slave port on the master station and all ring ports of slave stations change to forwarding gt The slave port of the master station fails The statuses of the master port on the master station and all ring ports of slave stations change to forwarding gt Another port or link fails The statuses of the two ports of the master station and all up ports of slave stations change to forwarding DT Ring configurations should meet the following conditions gt All switches in the same ring must have the same domain number gt Each ring can only have one master station and multiple slave stations 84 Advanced Configuration gt Only two ports can be configured on each switch for a ring gt For two connected rings backup ports can be configured only in on
108. ted you need to select IP TOS or DSCP in this parameter DSCP mode indicates the DSCP priority queue mapping mode and IP TOS mode indicates the IP TOS priority queue mapping mode 2 Configure the queue weight ratio as shown in the following figure Weight of Priority Queues Figure 104 Configuring Queue Weight Ratio SICOM3048 3 HIGHEST 2 SECHIGH 1 SECLOW 0 LOWEST Range 1 55 1 55 1 55 1 55 Default 8 4 2 1 Function Configure the queue weight ratio by obeying the following rules Weight of queue 3 2 2 x Weight of queue 2 Weight of queue 2 2 2 x Weight of queue 1 Weight of queue 1 2 2 x Weight of queue 0 3 Configure QoS port priority mapping mode as shown in the following figure 108 Advanced Configuration Set the Port Priority swe swe _ swa _ sws sws swr __ sws od swe _ sore _ aen sore _ aeeel o aen aeeel O sores _ sore aen O sees aen ae sore22 sore ae Apply Figure 105 Setting QoS Port Priority Mapping Mode SICOM3048 Set the Port Priority Options Highest priority TOS DIFF 802 1P Priority Default 802 1P Priority Function Configure port priority mapping mode Description Only one priority mapping mode can be selected for each port 4 Configure 802 1p priority queue mapping Click lt 802 1P Priority gt in Figure 103 The following page is displayed Advanced Configuration 802 1P Priority 0 7
109. ted for the port in link down state gt Ring alarm If the function is enabled then an alarm will be generated for an open ring Caution Only the master station of a DT ring supports the ring alarm function CAUTION 6 19 2 Web Configuration 1 Set alarm parameters as shown in the following figures IP MAC Conflict Power Alarm Temperature Alarm Port Alarm S1 FE1 S1 FE2 S1 FE3 oO S1 FE4 g S1 FE5 Fi S1 FE6 Oo S1 FE7 F S1 FE8 Fi S2 FE1 F S2 FE2 Fi S2 FE3 Oo S2 FE4 EI S2 FE5 Fi S2 FE6 Fi S2 FE7 Fi S2 FE8 al S3 FE1 Fi S3 FE2 Fi S3 FE3 oO S3 FE4 EI S3 FE5 Fi S3 FE6 Fi S3 FE7 Fi S3 FE8 Fj S4 GE1 O S4 GE2 gog S4 GE3 Fi S4 GE4 Fj DT RING Alarm Figure 116 Alarm Setting SICOM3024P 118 Advanced Configuration IP MAC Conflict 300 180 800sec IP MAC Conflict SO FE4 SO FES SO FE12 SO FE6 SO FE10 SO FE18 SO FE20 EI S0FE22 S0 FE24 o socx go S0 GX4 o E E O o O sore o SO FE16 E O o S1 FE2 S1 FE4 DT RING Alarm Figure 117 Alarm Setting SICOM3048 IP MAC Conflict Options select deselect Default select Function Enable or disable IP MAC conflict alarm Alarm Time Range 180 600s Default 300s Function Configure the interval for detecting IP MAC conflicts Power Alarm Options select deselect Default select Function Enable or disable power alarm Temperature Alarm Alarm Enabl
110. th VLAN 100 VLAN 30 can also communicate with VLAN100 but the devices in different isolation domains cannot communicate with each other such as VLAN 10 cannot communicate with VLAN 30 Note D When a PVLAN enabled Tag port forwards a frame carrying a VLAN tag the NOTE VLAN tag will be removed 40 Advanced Configuration 6 3 2 Web Configuration 1 Enable PVLAN on the port as shown in the following figure VLAN Name vlan VLAN ID 300 Pop VLANMember Priority PVLAN S1 FE1 Untagged v 0 v Disable S1 FE2 Untagged v H v Disable S1 FE3 Tagged D Enable v S1 FE4 Tagged D Enable v S1 FE5 Tagged v Enable v S1 FE6 Tagged v Enable v S1 FE7 7 v 0 Disable SIEER v 0 Disable S4 GE1 p v 0 Disable S4 GE2 L y 0 Disable 4 GE3 i Disable S4 GE4 v 0 Disable Figure 38 Enabling PVLAN You can enable PVLAN on a Tag port in VLAN If the VLAN is a shared domain the uplink port is an Untag port and the downlink port shall be added to the VLAN as a Tag port If the VLAN is an isolation domain the downlink port is an Untag port and the uplink port shall be added to the VLAN as a Tag port 2 Select the member VLANs of PVLAN as shown in the following figure og default 1
111. the interface as shown in the following figure SICOM 3024P Web Management System PX About Collapse BExpand SICOM 3024P Web Manager S Device Status Basic Configuration S Advanced Configuration f Device Management qj Save Configuration Load Default I The system comes with high powered CPU processor Lay 2 switching of high performance Security design at the level of industry i Offer twenty four FE FX ports and four GE GX ports Support VLAN IGMP Snooping Port Mirroring i Port Trunk DT RING DT RING RSTP redundancy protect mechanism Port rate control Used widely in various industry fields KYLAND TELECOM TECHNOLOGY CO LTD ALL RIGHTS RESERVED Figure 9 Web Interface 13 Switch Access You can expand or collapse the navigation tree by clicking lt Expand gt or lt Collapse gt on the top of the navigation tree You can perform corresponding operations by clicking Save Configuration or Load Default in the top menu In the upper right corner you can click lt gt to switch to the Chinese interface Caution CAUTION After you have restored the default settings you need to restart the device to make settings take effect 14 Device Management 3 Device Management Click Device Management Reboot Logout You can reboot the device or exit the Web interface Before rebooting
112. the device you need to save the current settings as required If you have saved the settings the switch automatically configures itself with the saved settings after restart If you have not saved any settings the switch restores the factory default settings after restart 15 Device Status 4 Device Status 4 1 Basic Information The switch basic information includes the MAC address SN IP address subnet mask gateway system name device model software version and BootROM version as shown in the following figure MAC Address 00 1E CD 10 23 38 SN S3MOTXX IP Address 192 168 0 119 Subnet Mask 255 255 255 0 GateWay 192 168 0 1 System Name Switch Device Model SICOM3024P 4GE 24T Software Version ID 1 V1 5 5 2012 9 10 18 04 FW Version v1 1 9 2011 12 28 9 59 Figure 10 Basic Information 4 2 Port Status Port status page displays the port number administration status link status speed duplex and flow control as shown in the following figure S1 FE1 Enable Enable Down kg S1 FE2 Enable Enable Down _ kg _ kg _ S4 FE3 Enable Enable Down aa S1 FE4 Enable Enable Up 100M Full duplex Off Enable Enable S4 FES Enable Enable Down e S4 FE6 Enable Enable Down S1 FE7 Enable Enable Down S1 FE8 Enable Enable Down Kg _ _ _ S4 GE1 Enable Enable Down S4 GE2 Enable Enable Down K
113. the logical AND relationship ACL entries are independent of each other The switch compares a packet with ACL entries in the ascending order of entry IDs Once a match is found the action is taken and no further comparison is conducted as shown in the following figure 56 Advanced Configuration Message Info NO Deny Redir Port Mirror Port Forward Deny Redir Port Mirror Port Forward Deny Redir Port Mirror Port Forward NO Default process a Figure 56 ACL Processing Flowchart Note Default process indicates the processing mode towards packets matching no ACL entry 6 9 3 Web Configuration SICOM3024P 1 Add an ACL entry Click lt Add List gt to add an ACL entry as shown in the following figure Add List Figure 57 Adding an ACL Entry SICOM3024P 2 Set parameters for the ACL entry as shown in the following figure 57 Advanced Configuration Configure Item 1 1 1023 Redir port L I sl an S1FE1 S1 FE2 S1 FE3 S1 FE4 S1 FES 1 FE6 EI o o o o S41 FE7 S1 FE8 S2 FE1 S2 FE2 S2 FE3 S2IFE4 Oo O o o o O S2 FE5 S2 FE6 S2 FE7 S2 FE8 S3 FX1 S3 FX2 o O Fj o O o S3 FX3 S3 FX4 S3 FX5 S3 FX6 S3 FX7 3 FX8 Oo o o o o O S4 GX1 S4 GX2 S4 GX3 S4 GX4 o o oO o 020202020202 mac EE was 040404040404 Mac _FRFFFRFFFFOO vask 192 1650 2602 _ ip 255 255 255 0 MASK 192 165 0 208 Jip 255 255 255 0 MASK
114. the precondition for QoS Congestion management This is mandatory for solving resource competition Congestion management caches packets in queues and determines the sequence of packet forwarding based on a certain scheduling algorithm achieving preferential forwarding for key services Congestion avoidance Excessive congestion may result in damage on network resources Congestion avoidance monitors the use of network resources When detecting increasing congestion the function adopts proactive packet discarding and tunes traffic volume to solve the overload 102 Advanced Configuration 6 15 2 Principle Each port of the switch has four cache queues from 0 to 3 in priority ascending order You can configure the mapping between priority and queues When a frame reaches the port the switch determines the queue for the frame according to the information in the frame header The switch supports five queue mapping modes for priority identification highest priority port based DIFF TOS DIFF and 802 1p gt If the highest priority is configured on a port then packets to be forwarded are put in queue 3 gt If port based queue mapping mode is configured on a port received packets are queued according to the default priority of the port The mapping between the default priority and queues is consistent with that between 802 1p priority and queues gt The DIFF value relies on the DSCP in packets while the TOS DIFF value depen
115. ticast Registration Protocol GMRP is a multicast registration protocol based on GARP It is used for maintaining the multicast registration information of switches All GMRP enabled switches can receive multicast registration information from other switches update local multicast registration information dynamically and distribute local multicast registration information to other switches This information exchange mechanism ensures the consistency of multicast information maintained by all GMRP enabled switches on a network If a switch or terminal wants to join or leave a multicast group then the GMRP enabled port broadcasts the information to all the ports in the same VLAN 6 21 3 Description Agent port indicates the port on which GMRP and the agent function are enabled Propagation port indicates the port on which only GMRP is enabled but not the agent function Dynamically learned GMRP multicast entry and agent entry are forwarded by the propagation port to the propagation ports of the lower level devices All GMRP timers on the same network must keep consistent to prevent mutual 125 Advanced Configuration interference The timers should comply with the following rules Hold timer lt Join timer 2 Join timer lt Leave timer and Leave timer lt LeaveAll timer 6 21 4 Web Configuration 1 Enable the global GMRP protocol as shown in the following figure Protocol Configure Eae 10000 us Figure 122 GMRP Global Co
116. to port 5 The port based mode is configured on port 1 The default priority of port 1 is 6 Packets from port 1 are mapped to queue 3 The 802 1p priority carried by packets from port 2 is 2 which is mapped to queue 1 The 802 1p priority carried by packets from port 3 is 4 which is mapped to queue 2 The DSCP priority carried by packets from port 4 is 6 which is mapped to queue 3 Port 5 adopts the WRR scheduling mode Configuration steps 1 Select WRR for QoS mode and keep the default values for the WRR queue weight ratio as shown in Figure 98 and Figure 99 2 Configure highest priority queue mapping on port 1 802 1p on port 2 and port 3 and DIFF on port 4 as shown in Figure 100 3 Configure 802 1p priority 6 2 and 4 to map to queue 3 1 and 2 respectively as shown in Figure 101 4 Configure DSCP priority 6 to map to queue 3 as shown in Figure 102 Port 1 Port Based Port 2 802 Ip Port 5 Switch 802 Ip Port 3 Port 4 DSCP Figure 109 QoS Configuration Example Packets received through port 1 and port 4 are put into queue 3 packets received through port 2 are put into queue 1 packets received through port 3 are put into queue 2 According to the mapping between queues and weights the weight of queue 1 is 2 the weight of queue 2 is 4 and the weight of queue 112 Advanced Configuration 3 is 8 As a result the packets in queue 1 enjoy 2 2 4 8 bandwidth those in queue 2 enjoy 4 2 4 8 bandwidth
117. ty mapping mode can be selected for each port 4 Configure port based 802 1p priority queue mapping The queue mapping of the port based mode is consistent with that of 802 1p priority mode If you want to configure either of the two modes set parameters in the 802 1p priority mapping table as shown in the following figure Click lt 802 1p Priority gt in Figure 98 The following page is displayed 105 Advanced Configuration 802 1P Priority 0 7 le EI EI EI EJ ES le NTO om amp _ win Oo wiwi mi Nj 9419 Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 101 802 1p Priority Queue Mapping SICOM3024P 802 1P Priority Portfolio Priority Queue Range 0 7 0 3 Default Priority 0 and 1 are mapped to queue 0 priority 2 and 3 are mapped to queue 1 Priority 4 and 5 are mapped to queue 2 priority 6 and 7 are mapped to queue 3 Function Configure the mapping between 802 1p priority and queue 5 Configure DSCP priority queue mapping Click lt DSCP Priority gt in Figure 98 to configure the DSCP priority queue mapping as shown in the following figure 106 Advanced Configuration DSCP Priority 0 63 DscPo 0 DscP1 0 v pscP2 0 v pscP3 0 sw pscp 4 0 v pscrs 0 v DscPs 3 v DscP7 0 Ww pscps 0 eilD chbai D pscr 10 D eilD chil D e pscp 12 0 w
118. ving the LLDPDU the neighbors save this information to MIB for query and link status check by the NMS 6 17 2 Web Configuration View LLDP connection information as shown in the following figure LLDP Information 4 4 0 1 192 168 0 109 00 00 ee ee 02 05 Figure 111 LLDP Information In LLDP information you can view the information about neighboring devices including port number of the neighboring device connected to the local switch IP address and MAC address of the neighboring device Caution CAUTION To display LLDP information LLDP must be enabled on the two connected devices LLDP is a link layer detection protocol enabled by default 6 18 SNTP 6 18 1 Overview The Simple Network Time Protocol SNTP synchronizes time between server and client by means of requests and responses As a client the switch 114 Advanced Configuration synchronizes time from the server according to packets of the server In this case a maximum of four SNTP servers can be configured but only one can be active at a time The switch can also serve as the SNTP server to provide time synchronization for clients The SNTP client sends a request to each server one by one through unicast The server that responds first is in an active state The other servers are in an inactive state Caution CAUTION To synchronize time by SNTP there must be an active SNTP server 6 18 2 Web Configuration 1
119. w View Prompt View Type View Function Switching SWITCH gt User view View recently used Input enable to enter the commands management view View software version View response information for ping operation SWITCH Management Upload Download Input configure terminal view configuration file to enter the configuration Restore default view from the management configuration view View response Input exit to return to the information for ping user view Switch Access operation Restart the switch Save current configuration Display current configuration Update software SWITCH config Configuration Configure switch Input exit or end to view functions return to the management view When the switch is configured through the CLI can be used to get command help In the help information there are different parameter description formats For example lt 1 255 gt means a number range lt H H H H gt means an IP address lt H H H H H H gt means a MAC address word lt 1 31 gt means a string range In addition t and can be used to scroll through recently used commands 2 2 Access through Console Port You can access a switch by its console port and the hyper terminal of Windows OS or other software that supports serial port connection such as HTT3 3 The following example shows how to use Hyper Terminal to access switch by console port 1 Connect the serial
Download Pdf Manuals
Related Search