IFS NS3552-8P-2S and NS3550-2T-8S User Manual
Contents
1. Show Topology Figure 4 19 5 Ring Wizard page screenshot The page includes the following fields Object Description e All Switch Numbers Set all the switch numbers for the ring group The default number is 3 and maximum number is 30 e Number ID The switch where you are requesting ERPS e Port Configures the port number for the MEP e VLAN Set the ERPS VLAN Buttons J Click to configure ERPS se Click to save changes Show Topology Click to show the ring topology 348 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 19 6 Ring Wizard Example Switch 1 RPL None RPL Owner SS SS Port 1 Port 2 MEP 1 MEP 2 VLAN 3001 VLAN 3001 TARA SY z7pPp Port 1 Port 2 Port 1 MEP 6 MEP 5 MEP 4 MEP 3 VLAN 3001 VLAN 3001 VLAN 3001 VLAN 3001 RPL None RPL None RPL None RPL Neighbour Switch 3 Switch 2 Figure 4 19 6 Ring Example Diagram The above topology often occurs on using ERPS protocol The multi switch constitutes a single ERPS ring all of the switches only are configured as an ERPS in VLAN 3001 thereby constituting a single MRPP ring Switch 1 Port 2 2 Owner 3001 Port 1 4 None 3001 Switch 2 Port 2 3 Neighbour 3001 Port 1 6 None 3001 Switch 3 N Port 2 5 ong 3001 Table 4 2 ERPS Configuration Table The scenario described as follows 1 Disable DHCP client and set proper static IP for Switch 1 2 amp 3 In this2. e HTTP HTTPS Indicates the host can access the switch from HTTP HTTPS interface that the host IP address matched the entry e SNMP Indicates the host can access the switch from SNMP interface that the host IP address matched the entry e TELNET SSH Indicates the host can access the switch from TELNET SSH interface that the host IP address matched the entry Buttons Add New Entry Click to add a new access management entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 3 Access Management Statistics This page provides statistics for access management The Access Management Statistics screen in Figure 4 12 3 appears 272 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Access Management Statistics Received Packets Allowed Packets Discarded Packets 0 0 TELNET SSH 0 0 0 0 0 Auto refresh _ Refresh Clear Figure 4 12 3 Access Management Statistics Overview Page Screenshot The page includes the following fields Object Description e Interface The interface that allowed remote host can access the Industrial Managed Switch e Receive Packets The received packets number from the interface under access management mode is enabled e Allowed Packets The allowed packets number from the interface under access management mode is enabled e Discard Packets The discarded packets number from the interface
3. Set ERPS Configuration on Switch 3 Connect PC to switch 3 directly don t connect to port 1 amp 2 Logging on the Switch 3 and click Ring gt Ring Wizard Set All Switch Number 3 and Number ID 3 click Next button to set the ERPS configuration for Switch 3 ALL Switch Number 3 30 3 Number ID 3 Set MEPS Port2 MEP6 Porti and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 3 350 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Neighbour Owner Switch 2 Port 2 Switch 3 Port Switch 1 Wlan A gn To avoid loop please don t connect switch 1 2 amp 3 together in the ring topology before configuring the A end of ERPS Note Follow the configuration or ERPS wizard to connect the Switch 1 2 amp 3 together to establish ERPS application MEP2 lt gt MEP3 Switch1 Port2 lt Switch2 Port2 MEP4 lt gt MEP5 Switch2 Port lt gt Switch3 Port2 MEP1 lt MEP6 Switch1 Port lt gt Switch3 Port1 351 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 5 COMMAND LINE INTERFACE 5 1 Accessing the CLI When accessing the management interface for the Industrial Managed Switch via a Telnet connection the Industrial Managed Switch can be managed by entering command keywords and parameters at the prompt Using the Industrial Managed Switch s command line in
4. MSTI Mapping Object Description e MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped e VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI A unused MSTI should just be left empty l e not having any VLANs mapped to it Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global The MSTI Port Configuration screen in Figure 4 7 9 amp Figure 4 7 10 appears MSTI Port Configuration Select MSTI MSTI y Ger Figure 4 7 9 MSTI Port Configuration Page Screenshot 165 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields MSTI Port Configuration Object Description e Select MSTI Select the bridge instance and set more detail configuration
5. Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 14 Storm Control Configuration Storm control for the switch is configured on this page There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table 212 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 17 appears Storm Control Configuration Frame Type Enable Rate pps 1 v Unicast O Multicast O 1 v Broadcast O i v Figure 4 9 17 Storm Control Configuration Page Screenshot The page includes the following fields Object Description e Frame Type The settings in a particular row apply to the frame type listed here E unicast NE multicast E Broadcast e Enable e Rate Buttons Enable or disable the storm control status for the given frame type The rate unit is packets per second pps Valid values are 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K 1024K 2048K 4096K 8192K 16384K or 32768K Save Click to save changes Click to undo any changes made locally and revert to previously saved
6. It is recommended to use Internet Explorer 7 0 or above to access Indusirial Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface For security reason please change and memorize the new password after this first setup Only accept command in lowercase letter under web interface 62 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 1 Main Web Page The Industrial Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Industrial Managed Switch using the Web browser of your choice This chapter describes how to use the Industrial Managed Switch s Web browser interface to configure and manage it Copper Port Link Status Main Functions Menu SFP Port Link Status NS3552 8P 2S Ring O PWRI1 pur FAULT ifs NS3552 8P 2S Ey System W SNMP E Port Management E Link Aggregation VLANs Ey Spanning Tree Ly Multicast Qos NS3552 8P 2S Access Control List Authentication 8 Port 10 100 1000T 2 100 1000X SFP m Security m MAC Address Table 802 3at PoE Industrial Ethernet Switch m LLDP m Diagnostics Interlogix A UTC Fire amp Security Company All rights reserved POE m Loop Protection m RMON m Ring Welcome to IFS Transmission Figure 4 1 4 Main Page Panel Display The web agent displays an image of the Industrial
7. Buttons 344 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add New Protection Group Click to add a new Protection group entry Refresh Click to refresh the page immediately Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 19 4 Ethernet Ring Protocol Switch Configuration This page allows the user to inspect and configure the current ERPS Instance screen in Figure 4 19 4 appears ERPS Configuration 1 Auto refresh Refresh Instance Data ERPS ID Port 0 Port 1 Port O SF MEP Port 1 SF MEP Port O APS MEP Port 1 APS MEP Ring Type 1 i 2 1 2 1 2 Major Ring Instance Configuration Configured Guard Time WTR Time Hold Off Time Version Revertive VLAN config VLAN Config RPL Configuration RPL Role RPL Port Clear None None Y Instance Command Command Port None v None Y Instance State Protection Transmit Port O Receive Port 1 Receive WTR RPL No APS Port O Block Port 1 Block FOP State APS APS APS Remaining Un blocked Received Status Status Alarm Protected SF DNF BPRO D e Blocked Blocked e Figure 4 19 4 Ethernet Ring Protocol Switch Configuration page screenshot The page includes the following fields Instance Data Object Description e ERPSID The ID of the Protection group e PortO See help on ERPS create WEB e Port1 See help on
8. TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble Destination Source VLAN TAG Ethernet Data FCS Address Address pl Type 6 bytes 6 bytes 4 bytes 2 bytes 46 1500 bytes 4 bytes The Ether Type and VLAN ID are inserted after the MAC source address but before the original Ether Type Length or Logical Link Control Because the packet is now a bit longer than it was originally the Cyclic Redundancy Check CRC must be recalculated Adding an IEEE802 1Q Tag A Length E type Data Old CRC Original Ethernet a i Data New CRC Dest Addr Src Addr gt Priority CFI VLANID New Tagged Packet M Port VLAN ID Packets that are tagged are carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to another with the VLAN information intact This allows 802 1Q VLAN to span network devices and indeed the entire network if all network devices are 802 1Q compliant Every physical port on a switch has a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLAN are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLAN are concerned Tagged packets are forwarded accordin
9. x Disabled a x Disabled El E x Disabled x x Disabled KE Disabled El El El Disabled x x Disabled x Disabled Lx Ea Disabled Figure 4 9 4 QoS Ingres Port Classification Page Screenshot EEE EEE E El 9 9 9 9 E 1 2 3 4 5 6 7 8 9 0 S 9 9 9 9 9 o o o S o 9 9 9 9 9 9 o eo 9 9 9 9 Oo The page includes the following fields Object Description e Port The port number for which the configuration below applies e QoS Class The Configuration All with available values will assign to whole ports Controls the default QoS class i e the QoS class for frames not classified in any other way There is a one to one mapping between QoS class queue and priority A QoS class of O zero has the lowest priority All means all ports will have one specific setting e DP Level The Configuration All with available values will assign to whole ports Controls the default DP level i e the DP level for frames not classified in any other way All means all ports will have one specific setting e PCP The Configuration All with available values will assign to whole ports Controls the default PCP for untagged frames All means all ports will have one specific setting e DEI The Configuration All with available values will assign to whole ports Controls the default DEI for untagged frames
10. Before connecting the other switches workstation or media converter 1 Make sure both sides of the SFP transceiver are with the same media type for example 1000Base SX to 1000Base SX 1000Bas LX to 1000Base LX 2 Check the fiber optic cable type that matches the SFP transceiver model gt To connect to 1000Base SX SFP transceiver use the multi mode fiber cable with one side being the male duplex LC connector type gt To connect to 1000Base LX SFP transceiver use the single mode fiber cable with one side being the male duplex LC connector type Connect the fiber cable 1 Attach the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a media converter 3 Check the LNK ACT LED of the SFP slot on the front of the Industrial Managed Switch Ensure that the SFP transceiver is operating correctly 100Base FX Before connecting the other switches workstation or media converter 1 Make sure both sides of the SFP transceiver are with the same media type or WDM pair for example 100Base FX to 100Base FX 100Base BX20 U to 100Base BX20 D 2 Check the fiber optic cable type that matches the SFP transceiver model gt To connect to MFB FX SFP transceiver use the multi mode fiber cable with one side being the male duplex LC connector type gt To connect to MFB F20 F40 F60 FA20 FB20 SFP transce
11. Default 128 Example Set MST1 priority value in 48 NS3552 8P 2S gt stp msti priority 1 48 STP MSTI Map Description Show or clear MSTP MSTI VLAN mapping configuration Syntax STP Msti Map lt msti gt clear Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 Clear Clear VID to MSTI mapping 468 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Add MST1 priority value in 48 NS3552 8P 2S gt stp msti priority 1 48 STP MSTI Add Description Add a VLAN to a MSTI Syntax STP Msti Add lt msti gt lt vid gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt vid gt VLAN ID 1 4095 Example Add MST1 in vlan1 NS3552 8P 2S gt stp msti add 1 1 STP Port Configuration Description Show STP Port configuration Syntax STP Port Configuration lt port_list gt Parameters lt port_list gt Port list or all Port zero means aggregations Example Show STP status of Port NS3552 8P 2S gt stp port configuration 1 Disabled Disabled Enabled Disabled Disabled Auto 469 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all Port zero means aggregations Enable Enable MSTP protocol Disable Disable MSTP protoc
12. IP NTP Configuration Description Show NTP configuration Syntax IP NTP Configuration Default Setting IP NTP Configuration NTP Mode Disabled Idx Server IP host address a b c d or a host name string 1 pool ntp org 2 europe pool ntp org 3 north america pool ntp org 4 asia pool ntp org 5 oceania pool ntp org IP NTP Mode Description Set or show the NTP mode 369 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax IP NTP Mode enable disable Parameters enable Enable NTP mode disable Disable NTP mode default Show NTP mode Default Setting disable Example Enable NTP mode NS3552 8P 2S gt ip ntp mode enable IP NTP Server Add Description Add NTP server entry Syntax IP NTP Server Add lt server_index gt lt ip_addr_string gt Parameters lt server_index gt The server index 1 5 lt ip_addr_string gt IP host address a b c d or a host name string Example To add NTP server NS3552 8P 2S gt ip ntp server add 160 249 136 151 IP NTP Server IPv6 Add Description Add NTP server IPv6 entry 370 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax IP NTP Server Ipv6 Add lt server_index gt lt server_ipv6 gt Parameters lt server_index gt The server index 1 5 lt server_ipv6 gt IPv6 server address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates ea
13. MST1 MSTI Port Configuration MSTI Aggregated Ports Configuration Auto y MSTI Normal Ports Configuration Port Path Cost 1 2 3 4 5 6 7 8 9 0 Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot The page includes the following fields MSTx MSTI Port Configuration Object Description e Port The switch port number of the corresponding STP CIST and MSTI port e Path Cost The Configuration All with available values will assign to whole items Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 All means all ports will have one specific setting IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Priority The Configuration All with available values will assign to whole items Controls the port priority This can be used to control priority of ports having identical port cost See above All means all ports will have one specific setting Buttons Ser Click to set MSTx configuration Save Click to save changes Click to undo any changes made locally and revert to previous
14. default Show SNMP write community Default Setting private Example Set public value in SNMP write community NS3552 8P 2S gt security switch snmp write community public Security Switch SNMP Trap Mode Description Set or show the SNMP trap mode Syntax Security Switch SNMP Trap Mode enable disable Parameters enable Enable SNMP traps disable Disable SNMP traps default Show SNMP trap mode Default Setting disable Example 408 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Enable SNMP trap mode NS3552 8P 2S gt security switch snmp trap mode enable Security Switch SNMP Trap Version Description Set or show the SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c NS3552 8P 2S gt security switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps Syntax Security Switch SNMP Trap Community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP trap community Default Setting 409 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual public Example Set private value for SNMP trap community NS3552 8P 2S gt securi
15. lt ecs_value gt Ildpmed The value for the Emergency Call Service 491 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP MED Policy Delete Description Delete the selected policy Syntax LLDPMED policy delete lt policy_list gt Parameters lt policy_list gt List of policies to delete Example Delete the policy 1 NS3552 8P 2S gt lldpmed policy delete 1 LLDP MED Policy Add Description Adds a policy to the list of polices Syntax LLDPMED policy add voice voice_signaling guest_voice guest_voice_signaling softphone_voice video_conferencing streaming_video video_si gnaling tagged untagged lt vlan_id gt lt l2_priority gt lt dscp gt Parameters voice Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications voice_signaling Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media guest_voice Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services guest_voice_signaling Guest Voice Signaling conditional for use in network topologies that require a different po
16. lt port_list gt Port list or all default All ports combined combined VLAN Users configuration static static port configuration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration all All VLAN Users configuration default combined VLAN Users configuration Default Setting Promiscous 392 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Show VLAN configuration of port10 NS3552 8P 2S gt status 1 Port VLAN User PortType PVID Frame Type Ing Filter Tx Tag UVID Conflicts Static Unaware Disabled Untag This 1 NAS No MVR No Voice VLAN No MSTP Combined Unaware Disabled Untag This 1 6 6 Private VLAN Configuration Command PVLAN Configuration Description Show Private VLAN configuration Syntax PVLAN Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports 393 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Show private VLAN configuration NS3552 8P 2S gt pvlan configuration Private VLAN Configuration Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 10 Disabled PVLAN ID Ports PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN Add lt pvlan_id gt lt port_list gt Parameters lt pvlan_id gt Private VLAN ID The allowed range for a Private VLA
17. 110 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The number of received and transmitted good and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue Counters The numeric of received and transmitted packet is per input and output queue Receive Error Counters Object Description e Rx Drops The numeric of frames is dropped due to lack of receive buffers or egress congestion e Rx CRC Alignment The number of frames received with CRC or alignment errors e Rx Undersize The number of short frame received with valid CRC e Rx Oversize The number of long frame received with valid CRC e Rx Fragments The number of short frame received with invalid CRC e Rx Jabber The number of long frame received with invalid CRC e Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port g2 1 Short frame is the frames that are smaller than 64 bytes 2 Long frames are frames that are longer than the configured maximum frame length for this port Note Transmit Error Counters Object Description e Tx Drops The number of frames dropped due to output buffer congestion e Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Refresh Clic
18. 161 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 10 60 20 000 2 000 000 Table 4 7 1 Recommended STP Path Cost Range Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 Half Duplex 100 2 000 000 Full Duplex 95 1 999 999 Trunk 90 1 000 000 Half Duplex 19 200 000 Full Duplex 18 100 000 Trunk 50 000 15 Full Duplex 4 10 000 Trunk 3 5 000 Table 4 7 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1w 2001 Half Duplex 2 000 000 Full Duplex 1 000 000 Trunk 500 000 Half Duplex 200 000 Full Duplex 100 000 Trunk 50 000 Full Duplex 10 000 Trunk 5 000 Table 4 7 3 Default STP Path Costs 162 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 7 5 MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Priority screen in Figure 4 7 7 appears MSTI Configuration MSTI Priority Configuration z lt All gt CIST 32768 MSTI1 32768 MSTI2 32768 MSTI3 32768 MSTI4 32768 MSTI5 32768 MSTI6 32768 MSTI7 32768 Reset Figure 4 7 7 MSTI Priority Page Screenshot EJE IEE EME ENED EN The page includes the following fields Object Description e MSTI The bridge instance The CIST is the default instance which is always active e Priority The Configuration All with available values will assign to whole items Controls the bridge priority Lower numerical values have better prior
19. 365 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IP DNS Description Set or show the DNS server address Syntax IP DNS lt ip_addr gt Parameters lt ip_addr gt IP address a b c d default Showdne IP address Default Setting 0 0 0 0 Example Set DNS IP address NS3552 8P 2S gt ip dns 168 95 1 1 IP DNS Proxy Description Set or show the IP DNS Proxy mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function NS3552 8P 2S gt ip dns_proxy enable 366 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Default Setting disable Example Enable IPv6 autoconfig function NS3552 8P 2S gt ip ipv6 autoconfig enable IPv6 Setup Description Set or show the IPv6 setup Syntax IP IPv6 Setup lt ipv6_addr gt lt ipv6_prefix gt lt ipv6_router gt Parameters lt ipv6_addr gt IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a sp
20. Auto Refresh O Figure 4 16 4 PoE Status Screenshot The page includes the following fields Object e Current Power Consumption Description Show the total watts usage of Managed PoE Switch e Total Power Reserved Shows how much the total power is reserved for all PDs e Temperature 1 Display the current operating temperature of the first PoE chip unit e Temperature 2 e Local Port Display the current operating temperature of the second PoE chip unit This is the logical port number for this row 318 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e PD Class Display the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system working on Classification mode A PD shall return Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 e Power Used W The Power Used shows how much power the PD currently is using e Current Used mA e Priority The Power Used shows how much current the PD currently is using The Priority shows the port s priority configured by the user e Port Status The Port Status shows the port s status e AF AT Mode Display per PoE port operates at 802 3af or 802 3at mode NS3552 8P 2S Supports Only e Total Buttons Show the total power and current usage of all PDs Auto refresh Chec
21. Description e Server Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are E Enabled Enable server mode operation E Disabled Disable server mode operation e Server Address Indicates the IPv4 host address of syslog server If the switch provide DNS feature it also can be a host name e Syslog Level Buttons Indicates what kind of message will send to syslog server Possible modes are E Info Send information warnings and errors E Warning Send warnings and errors E Error Send errors Save Click to save changes Click to undo any changes made locally and revert to previously saved values 84 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 15 SMTP Configuration Configuring SMTP Configuration on this page The SMTP Configuration screen in Figure 4 2 18 appears SMTP Mode Figure 4 2 18 SMTP Configuration SMTP Configuration Enable Authentication Password EmailFrom abcd interlogx com lt 128 Digits UTC IFS lt 64 Digits abcd interlogxcom
22. Parameters lt ip_addr gt IP address a b c d default Show IP address Default Setting null Example Set DHCP relay server in 192 168 0 20 NS3552 8P 2S gt security network dhcp relay server 192 168 0 20 Security Network DHCP Relay Information Mode Description Set or show DHCP relay agent information option mode When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remote it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Syntax Security Network DHCP Relay Information Mode enable disable Parameters enable Enable DHCP relay agent information option mode disable Disable DHCP relay agent information option mode default Show DHCP relay agent information option mode Default Setting disable Example Enable DHCP relay agent information option mode NS3552 8P 2S gt security network dhcp relay information mode enable 448 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When enable DHCP relay information mode operation if agent receive a DHCP message that already contains relay agent information lt will enforce the policy Syntax Security Network DHCP Relay Information Policy replace keep drop Parameters replace Replace the
23. Security Switch Privilege Level Configuration 397 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group lt group_name gt lt cro gt lt crw gt lt sro gt lt srw gt Parameters lt group_name gt Privilege group name lt Cro gt lt Crw gt lt sro gt lt srw gt Example Configuration read only privilege level 1 15 Configuration Execute read write privilege level 1 15 Status Statistics read only privilege level 1 15 Status Statistics read write privilege level 1 15 Change privilege level of MVR group NS3552 8P 2S gt security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description Show the current privilege level Syntax Security Switch Privilege Level Current Default Setting 15 Security Switch Auth Configuration Description Show Auth configuration Syntax Security Switch Auth Configuration 398 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Show authentication configuration NS3552 8P 2S gt security switch auth configuration Auth Configuration Client Authentication Method Local Authentication Fallback local Disabled local Disabled local Disabled local Disabled Security Switch Auth Method Description Set or show Auth method default Sh
24. Set or show the system digital output0 1 Syntax DIDO Do_en first second enable disable hightolow lowtohigh Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status hightolow Trigger gt high to low lowtohigh Trigger gt low to high default Set or show digital input output 0 1 trigger DIDO DO Port Alarm Description Set or show the system digital output0 1 port alarm Syntax DIDO Do_port_alr first second lt port_list gt Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select lt port_list gt Port list or all default All ports 597 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual DIDO DO Power Alarm Description Set or show the system digital output0 1 power alarm Syntax DIDO Do_pwr_alr first second dc1 dc2 enable disable Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select dci DC power 1 dc2 DC power 2 default Set or show digital output fault alarm 0 1 power_fail enable Enable digital input0 1 function disable Disable digital input0 1 function
25. Show ECE Status Syntax EVC ECE Status lt ece_id gt Parameters lt ece_id gt ECE ID 1 128 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 509 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 17 Ethernet Protection Switching Command EPS Create Description EPS create Syntax EPS create lt inst gt domport dompath domservice dommpls 1p1 1f1 lt flow_w gt lt flow_p gt lt mep_w gt lt mep_p gt lt mep_aps gt enable disable Parameters lt inst gt Instance number domport dompath domservice dommpls Flow domain 1p1 1f1 EPS architecture lt flow_w gt Working flow instance number lt flow_p gt Protecting flow instance number lt mep_w gt Working MEP instance number lt mep_p gt Protecting MEP instance number lt mep_aps gt APS MEP instance number enable disable enable disable protection EPS Config Description EPS config operation Syntax EPS config lt inst gt aps noaps revert norevert unidir bidir wOs w10s w30s w1 m w5m w12m hOs h100ms h500ms h1s h2s h5s h10s Parameters lt inst gt Instance number aps noaps APS enable disable revert norevert Revertive enable disable 510 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual unidir bidir Unidirectional or bidirectional switching w0s w10s w30s wim w5m w12m Wait to restore timer value h0s h100ms h500ms h1s h2s h5s h10s Hold off timer value EPS Command Description E
26. Supports QoS and In Out bandwidth control on each port Traffic policing policies on the switch port m DSCP remarking gt Multicast E Supports IGMP Snooping v1 v2 and v3 E Supports MLD Snooping v1 and v2 m Querier mode support m IGMP Snooping port filtering m MLD Snooping port filtering m MVR Multicast VLAN Registration gt Security m IEEE 802 1x Port based MAC based network access authentication E Built in RADIUS client to co operate with the RADIUS servers m TACACS login users access authentication m RADIUS TACACS users access authentication m P based Access Control List ACL m MAC based Access Control List E Source MAC IP address binding m DHCP Snooping to filter untrusted DHCP messages m Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address binding m P Source Guard prevents IP spoofing attacks E Auto DoS rule to defend DoS attack m P address access management to prevent unauthorized intruder gt Management Switch Management Interfaces Console Telnet Command Line Interface Web switch management SNMP v1 and v2c switch management SSH SSL and SNMP v3 secure access E Four RMON groups history statistics alarms and events m Pv6 IP Address NTP DNS management Built in Trivial File Transfer Protocol TFTP client m BOOTP and DHCP for IP address assignment m Firmware upload download via HTTP TFTP m DHCP Relay m DHCP Option82 m User Privilege levels
27. To reboot device without changing any of the settings NS3552 8P 2S gt system reboot System DST Offset Description Set or show the daylight saving time offset Syntax System DST Offset lt dst_offset gt Parameters lt dst_offset gt DST offset in minutes 1 to 1440 System Restore Default Description Restore factory default configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address NS3552 8P 2S gt system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero is idle Syntax System Load Example 362 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual To show current CPU load NS3552 8P 2S gt system load Load average 100ms 1s 10s 1 1 1 6 2 IP Command IP Configuration Description Show IP configuration Syntax IP Configuration Example 363 Show IP configuration NS3552 8P 2S gt ip configuration IP Configuration Disabled 192 168 0 101 255 255 255 0 192 168 0 253 0 0 0 0 ad Disabled IPv6 AUTOCONFIG mode Disabled IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 11192 168 0 100 IPv6 Prefix 96 IPv6 Router 3 IP DHCP Description Set or show the DHOP
28. factory default IP Address is shown as follows http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Industrial Managed Switch The login screen in Figure 4 1 2 appears Connect to 192 168 0 100 The server 192 168 0 100 at Web Management requires a username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name admin Password Remember my password Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as Figure 4 1 3 61 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ifs NS3552 8P 2S Welcome to IFS Transmission NS3552 8P 2S 8 Port 10 100 1000T 2 100 1000X SFP 802 3at PoE Industrial Ethernet Switch Interlogix A UTC Fire amp Security Company All rights reserved Soo Ge of ff EE i i Figure 4 1 3 Default Main Page Now you can use the Web management interface to continue the switch management or manage the Indusirial Managed Switch by Web interface The Switch Menu on the left of the web page lets you access all the commands and statistics the Managed Switch provides
29. lt 128 Digits abcd interlogxcom lt 128 Digits SMTP Server interlogix com lt 128 Digits test SMIPPort _ 25 1 65535 Enable 124 lt 64 Digis ene lt 21 Digits Save Reset The page includes the following fields Object e SMTP Mode Description Enabled It is for you to enable SMTP mode function This mode offers you to configure SMTP server and SMTP account information system will refer it to send an E mail for alarm noticing e SMTP Server It is for you to set up a specified SMTP server DNS name or IP address If a DNS name is inputted please remember to input DNS server IP address on the IP configuration page e SMTP Port It is for you to input the SMTP server port number The default is 25 e SMTP Authentication Enabled As usual SMTP server is denied to relay a mail from a different domain so you have to enable this option and input your mail account and password for SMTP sever authorizing to forward a mail from a different domain For example you want an SMTP server which is located on mail 123 com to send a mail to mail 456 net com If you want to send the mail to a SMTP server which is located on the same domain or the same SMTP server you don t have to enable SMTP authentication e Authentic User Name e Authentication Password Itis for you to input your mail account name It is for you to input your mail account password e E mail From It is for
30. lt All Auto OO Active Active Active Active Active Auto Auto Auto Auto Active Active Active Active Auto S LS S 18 8 S S ES Auto Auto Auto MENESES NENE NE popoDoOoOoOoOoO lt lt lt Anto Active Figure 4 5 4 LACP Port Configuration Page Screenshot The page includes the following fields Object Description e Port The switch port number i means selection all ports of Industrial Managed Switch e LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch and 2 GLAGs per stack e Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot The default setting is Auto e Role e Timeout The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to The Timeout controls the period between BPDU
31. lt port_list gt Port list or all default All ports 6 28 IPMC Command IPMC Configuration Description Show IPMC snooping configuration Syntax IPMC Configuration mld igmp Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP IPMC Mode Description Set or show the IPMC snooping mode Syntax IPMC Mode mld igmp enable disable Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC snooping disable Disable IPMC snooping default Show global IPMC snooping mode Default Setting disable Example Enable IGMP snooping IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt ipme mode igmp enable 573 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPMC Flooding Description Set or show the IPMC unregistered addresses flooding operation Syntax IPMC Flooding mld igmp enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC flooding disable Disable IPMC flooding default Show global IPMC flooding mode Default Setting enable Example Enable IGMP flooding NS3552 8P 2S gt ipmc flooding igmp enable IPMC Leave Proxy Description Set or show the mode of IPMC Leave Proxy Syntax IPMC Leave Proxy mldligmp enable disable Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC Leave Proxy disabl
32. Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP All means all ports will have one specific setting Save Click to save changes Click to undo any changes made locally and revert to previously saved values 216 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 17 Voice VLAN OUI Table Configure VOICE VLAN OUI table on this page The maximum entry number is 16 Modifying the OUI table will restart auto detection of OUI process The Voice VLAN OUI Table screen in Figure 4 9 20 appears Voice VLAN OUI Table Delete Telephony OUI Description O 00 03 6b Cisco phones C 00 0f e2 H3C phones C 00 60 b9 Philips and NEC AG phones C 00 d0 1e Pingtel phones O 00 e0 75 Polycom phones C 00 e0 bb 3Com phones O 00 01 e3 Siemens AG phones Figure 4 9 20 Voice VLAN OUI Table Page Screenshot The page includes the following fields Object e Delete Description Check to delete the entry It will be deleted during the next save e Telephony OUI A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit e Description Buttons The description of OUI address Normally it descripts which vendor telephony device The all
33. Default Setting disable Example Enable DHCP snooping mode NS3552 8P 2S gt security network dhcp snooping mode enable Security Network DHCP Snooping Port Mode Description Set or show the DHCP snooping port mode Syntax Security Network DHCP Snooping Port Mode lt port_list gt trusted untrusted 450 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports trusted Configures the port as trusted sources of the DHCP message untrusted Configures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting trusted Example Set untrusted DHCP snooping port mode in port 1 NS3552 8P 2S gt security network dhcp snooping port mode 1 untrusted Security Network DHCP Snooping Statistics Description Show or clear DHCP snooping statistics Syntax Security Network DHCP Snooping Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear DHCP snooping statistics Example Show DHCP snooping statistics of port 1 NS3552 8P 2S gt security network dhcp snooping statistics 1 Port 1 Statistics 0 Tx Discover O Tx Offer O Tx Request 0 Tx Decline 0 Tx ACK O Tx NAK O Tx Release O Tx Inform Rx Lease Query O Tx Lease Query Rx Lease Unassigned O Tx Lease Unassigned Rx Lease Unknown 0 Tx Lease Unknown Rx
34. Description Invoking an administrative command for a given protection group fs ms clear setting or clearing an administrative command for a given group lt port gt forced a block on the ring port where this command is issued lt group_id gt protection group id Syntax Erps command fs ms clear lt port gt lt group id gt Parameters fs ms clear administrative commands lt port gt Port number lt group id gt protection group id 1 64 562 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS Version Description Specifying protocol version for a given protection group v1 v2 specifying protocol version for a given protection group lt group_id gt protection group id Syntax Erps version v1 v2 lt group id gt Parameters vijv2 ERPS protocol version to be supported lt group id gt protection group id 1 64 ERPS Add Description create a new ethernet ring protection group lt group id gt protection group id lt east_port gt protection group Port 0 lt west_port gt protection group Port 1 Port 1 can be 0 for sub rings major sub ring type e major ring or sub ring interconnected interconnection node or not virtual_channel Virtual channel present or not lt major ring id gt major ring group Id for interconnected sub ring Syntax Erps add lt group id gt lt east_port gt lt west_port gt major sub interconnected virtual_channel lt maj
35. ES In the installation steps below this Manual use NS3550 2T 8S IFS 8 Port Industrial Gigabit Switch as the example However the steps for IFS Industrial Gigabit PoE Switch are similar Note Step 1 Screw the DIN Rail on the Industrial Managed Switch Step 2 Lightly insert the bottom of the switch into the track 47 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Step 3 Check if the DIN Rail is tightly on the track Please refer to following procedures to remove the Industrial Managed Switch from the track Step 1 Lightly pull out the bottom of the switch for removing it from the track 48 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 2 3 Wall Mount Plate Mounting To install the Industrial Managed Switch on the wall please follow the instructions below nn ga In the installation steps below this Manual use NS3550 2T 8S IFS 8 Port Industrial Gigabit Switch as the example However the steps for IFS Industrial Gigabit PoE Switch are similar Note Step 1 To remove the Industrial Managed Switch from the DIN Rail use the screwdriver to loosen the screws and remove the DIN Rail Step 2 Place the wall mount plate on the rear panel of the Industrial Managed Switch Step 3 Use the screws to screw the wall mount plate on the Industrial Managed Switch Step 4 Use the hook holes at the corners of the wall mount plate to hang the Industrial Managed Switch on the wall Step
36. IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Voice VLAN Agetime Description Set or show Voice VLAN age time Syntax Voice VLAN Agetime lt age_time gt Parameters lt age_time gt MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example Set Voice VLAN age time in 100sec NS3552 8P 2S gt voice valn agetime 100 Voice VLAN Traffic Class Description Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class lt class gt Parameters lt class gt Traffic class 0 7 Default Setting 7 Example Set 4 traffic class for voice VLAN NS3552 8P 2S gt voice vlan traffic class4 558 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Voice VLAN OUI Add Description Add Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process The maximum entry number is 16 Syntax Voice VLAN OUI Add lt oui_addr gt lt description gt Parameters lt oui_addr gt OUI address xx xx xx The null OUI address isn t allowed lt description gt Entry description Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Example Add Voice VLAN OUI entry NS3552 8P 2S gt voice vlan oui add 00 11 22 test Voice VLAN OUI Delete Description Delete Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete lt oui_addr
37. QoS Class Port VLAN ID Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Auto refresh O Figure 4 11 5 Network Access Server Switch Status Page Screenshot 244 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Object Description e Port The switch port number Click to navigate to detailed NAS statistics for this port e Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values e Port State The current state of the port Refer to NAS Port State for a description of the individual states e Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication e Last ID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication e QoS Class QoS Class assigned to the port by the RADIUS server if enabled e Port VLAN ID The V
38. Syntax Security Switch SNMP User Changekey lt engineid gt lt user_name gt lt auth_password gt lt priv_password gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string lt user_name gt A string identifying the user name that this entry should belong to The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 lt auth_password gt A string identifying the authentication pass phrase lt priv_password gt A string identifying the privacy pass phrase The allowed string length is 8 40 and the allowed content is ASCII characters from 33 to 126 Example Delete SNMPv3 user entry NS3552 8P 2S gt security switch snmp user changekey 800007e5017f000003 admin_snmpv3 87654321 12345678 Security Switch SNMP User Lookup Description Lookup SNMPv3 user entry Syntax Security Switch SNMP User Lookup lt index gt Parameters lt index gt entry index 1 64 Example Lookup SNMPv3 user entry NS3552 8P 2S gt security switch snmp user lookup Idx Engine ID User Name Level Auth Priv 1 Remote admin_snmpv3 Auth Priv MD5 DES Number of entries 1 418 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Group Add Description Add or modify SNMPv3 group entry The entry index key are lt security_model gt and lt security_name gt Syntax
39. default Set or show digital input output fault alarm 0 1 status DIDO Fault Act Description Set or show the system fault alarm action Syntax DIDO Fault_act port power enable disable Parameters port port fail power power fail DI1 DH trigger DI2 DI2 trigger default Set or show digital output fault alarm 0 1 action enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status 598 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual DIDO Fault Enable Description Set or show the system fault alarm Syntax DIDO Fault_en enable disable Parameters enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status DIDO Fault Port Alarm Description Set or show the system fault alarm of port alarm Syntax DIDO Fault_port_alr lt port_list gt Parameters lt port_list gt Port list or all default All ports DIDO Fault Power Alarm Description Set or show the system fault alarm of power alarm Syntax DIDO Fault_pwr_alr dc1 dc2 enable disable Parameters dc1 DC power 1 dc2 DC power 2 default Set or show digital output fault alarm 0 1 power_fail enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm
40. e Enable Continuity Check based on transmitting receiving CCM PDU can be enabled disabled The CCM PDU is always transmitted as Multi cast Class 1 e Priority The priority to be inserted as PCP bits in TAG if any In case of enable of Continuity Check and Loss Measurement both implemented on SW based CCM Priority has to be the same e Frame rate Selecting the frame rate of CCM PDU This is the inverse of transmission period as described in Y 1731 This value has the following uses The transmission rate of the CCM PDU Fault Cause cLOC is declared if no CCM PDU has been received within 3 5 periods see cLOC Fault Cause cPeriod is declared if a CCM PDU has been received with different period see cPeriod Selecting 300f sec or 100f sec will configure HW based CCM if possible Selecting other frame rates will configure SW based CCM In case of enable of Continuity Check and Loss Measurement both implemented on SW based CCM Frame Rate has to be the same APS Protocol Object Description e Enable Automatic Protection Switching protocol information transportation based on transmitting receiving R APS L APS PDU can be enabled disabled Must be enabled to support ERPS ELPS implementing APS This is only valid with one Peer MEP configured e Priority The priority to be inserted as PCP bits in TAG if any e Cast Selection of APS PDU transmitted unicast or multi cast The unicast MAC will be taken f
41. gt Figure 4 2 7 Privilege Levels Configuration Page Screenshot 72 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Group Name The name identifies the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contains more than one The following description defines these privilege level groups in details E System Contact Name Location Time zone Log E Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance E Debug Only present in CLI e Privilege Level Every group has an authorization Privilege level for the following sub groups E Configuration read only E Configuration execute read write E Status statistics read only E Status statistics read write e g for clearing of statistics User Privilege should be the same or greater than the authorization Privilege level to have the access to that group Buttons Save Click to save changes Click to undo any changes made loc
42. gt security switch snmp view lookup Idx View Name View Type OID Subtree included included 1 Number of entries 2 421 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Access Add Description Add or modify SNMPv3 access entry The entry index key are lt group_name gt lt security_model gt and lt security_level gt Syntax Security Switch SNMP Access Add lt group_name gt lt security_model gt lt security_level gt lt read_view_name gt lt write_view_name gt Parameters lt group_name gt Astring identifying the group name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 lt security_model gt any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM lt security_level gt noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy lt read_view_name gt The name of the MIB view defining the MIB objects for which this request may request the current values The name of None is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 lt write_view_name gt The name of the MIB view defining the MIB objects for which this request may potentially SET new values The name of None is reserved The a
43. lt lt gt gt Start from VLAN 1 and group address 224 0 0 0 with 20 entries per page Port Members No more entries as vian 10 Growos apf 5folzffofio No more entries Figure 4 8 9 IGMP Snooping Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Groups Group address of the group displayed e Port Members Ports under this group Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Lk lt Updates the table starting with the first entry in the IGMP Group Table gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 180 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 7 IGMPv3 Information Entries in the IGMP SFM Information Table are shown on this page The IGMP SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port No Different source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the IGMP SFM Information table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of th
44. 295 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Fast Start Repeat Count Object e Fast start repeat count Coordinates Location Object Description Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice network policy to permitted voice capable devices both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Because there is a risk that a LLDP frame
45. Add new VLAN group assign VLAN members to VLAN 2 and VLAN 3 and remove specified ports from VLAN 1 member 141 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual It s important to remove the VLAN members from VLAN 1 configuration Or the ports would become overlap setting About the overlapped VLAN configuration see next VLAN configure sample Es Note 4 Assign PVID to each port Port 1 Port 2 and Port 3 PVID 2 Port 4 Port 5 and Port 6 PVID 3 Port 7 Port 24 PVID 1 5 Enable VLAN Tag for specific ports Link Type Port 3 VLAN 2 and Port 6 VLAN 3 The Per Port VLAN configuration in Figure 4 6 10 appears Acceptable Set out layer Frame Link Type Q in Q Mode VLAN tag Type ether type Ingress Filtering Ka lt lt 2 E lt OOOODODDDOO EEE lt lt lt lt lt lt lt lt lt lt lt 1 2 3 4 5 6 7 6 9 EEE E E _ Figure 4 6 10 Port 1 Port 6 VLAN Configurations 142 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 10 2 VLAN Trunking between two 802 10 aware Switch In most cases it is used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears ea mm m m m m o em ee ee 4 e PC 5 PC 6
46. All means all ports will have one specific setting 198 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Tag Class Shows the classification mode for tagged frames on this port E Disabled Use default QoS class and DP level for tagged frames E Enabled Use mapped versions of PCP and DEI for tagged frames Click on the mode in order to configure the mode and or mapping For more detail information please refer to chapter 4 9 3 1 e DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 4 1 QoS Ingress Port Tag Classification The classification modes for tagged frames are configured on this page The QoS Ingress Port Tag Classification screen in Figure 4 9 5 appears Port 1 y QoS Ingress Port Tag Classification Port 1 Tagged Frames Settings Tag Classification PCP DEI to QoS Class DP Level Mapping pce Der Q05 Cass DP Level a 2 Y O f F Off OFjT Of 0 0 0 amp CH EN CMW HC HH EM EA ECM EN CN ON CC EEE EEN ETET SN OD On amp amp WWM NM OO ch 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 T Reset Cancel Figure 4 9 5 QoS Ingres Port Tag Classification Page Screenshot The page includes the following fields 199 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Object Description e Tag Classificati
47. Comimann EEE E E P suadeyaace ccdaed sessed zecues th cdtsacey stecectee T 485 ELDP Configuration sci oi ede See AAA ede O e E 485 C OA Mode etic asd Secec o eva led den io de eed Ate ese 485 LE DP Optional TIM iveco ta tt a a e 486 A A tbteceeasnachahs A A E ETET 487 LLDP Hold icon A a Ue Ae 487 LDL ts E e a o kd a e o th 488 LLDP Relata nie tai eal aie i dee ee eddie i eta ee lt 488 LDP StatiStiCS css sige Oi iii 489 LL DP NfO nian ade is ee eee poe ee edd ie ee eee lie dl eee ial 489 6 12 LLDP MED Comma d A Aaa He aaae a E Eaa el aaan 490 CEDP MED Configuratio M enin nE E heen sedi eee ee et EA 490 EEDI AVE BEENS A a E hits Agius E E tc E tt is 490 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LE DP MED EGS recordara ta dat ata dit ida 491 LEDP MED Policy Delete si i3 eccecescrsai sided a Taa ar a aaa a eaaa a O aaaea ERARIO AAA aaa 492 LLDP MED Policy Add vcoo ccoo dt a ected 492 LLDP MED Port Policy cio e er a eee Date at 493 LEDEMED Coordinate Siamani e cence slain entertain cerns pat ectie a nei eet div 493 bE DP MED Datum Aia 494 LLDP MED Fast ai 494 ELDPMED Into sve ccccs ccoo toi ie ero a delos do ade id elo dd de do do 495 613 EEE COMMAN eii 496 EEE Configuratio timida ii dd ale ee 496 EEE Modes sitio nee id o 496 EEE TEQUES hsi T eal etabics sedans AEA ERAAN AEE 497 AE eS cedzadtenelsecues thcdSsadezseccadteedeenGgusnias rann 498 Thermal Pro MP NAAA AAA 498 Thermal POH Prio levita aa oa 498 Thermal StatUS ura d
48. Enable Example Disable description of the port for port1 NS3552 8P 2S slldp optional_tlv 1 port_descr disable 486 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP Interval Description Set or show LLDP Tx interval Syntax LLDP Interval lt interval gt Parameters lt interval gt LLDP transmission interval 5 32768 Default Setting 30 Example Set transmission interval in 10 NS3552 8P 2S slldp interval 10 LLDP Hold Description Set or show LLDP Tx hold value Syntax LLDP Hold lt hold gt Parameters lt hold gt LLDP hold value 2 10 Default Setting 3 Example Set LLDP hold value in 10 NS3552 8P 2S gt lldp hold 10 487 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP Delay Description Set or show LLDP Tx delay Syntax LLDP Delay lt delay gt Parameters lt delay gt LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 NS3552 8P 2S slldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Reinit lt reinit gt Parameters lt reinit gt LLDP reinit delay 1 10 Default Setting 2 488 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Set LLDP reinit delay value in 3 NS3552 8P 2S sIldp reinit 3 LLDP Statistics Description Show LLDP Statistics Syntax LLDP Statistics lt port_list gt clear Parameters lt por
49. MEP Loss Measurement state get Syntax MEP Im state lt inst gt Parameters lt inst gt Instance number MEP Loss Measurement State Clear Description MEP Loss Measurement state clear 519 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax MEP Im clear lt inst gt Parameters lt inst gt Instance number MEP Link Trace State Description MEP Link Trace state get Syntax MEP lt state lt inst gt Parameters lt inst gt Instance number MEP Loop Back State Description MEP Loop Back state get Syntax MEP lb state lt inst gt Parameters lt inst gt Instance number MEP Delay Measurement State Description MEP Delay Measurement state get Syntax MEP am state lt inst gt Parameters lt inst gt Instance number 520 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MEP Delay Measurement State Clear Description MEP Delay Measurement state clear Syntax MEP dm clear lt inst gt Parameters lt inst gt Instance number MEP Test Signal State Description MEP Test Signal state get RX rate is shown in 100 Kbps Syntax MEP tst state lt inst gt Parameters lt inst gt Instance number MEP Test Signal State Clear Description MEP Test Signal state clear Syntax MEP tst clear lt inst gt Parameters lt inst gt Instance number 521 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 19 Quality
50. MVR SFM Information Auto refresh C Refresh lt lt gt gt Start from VLAN 1 and Group Address with 20 entries per page VLAN ID Group Port Mode Source Address Hardware Filter Switch No more entries 192 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Figure 4 8 20 MVR Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group ID of the group displayed e Port Switch port number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 When there is no any source filtering address the text None is shown in the Source Address field e Type Indicates the Type It can be either Allow or Deny Hardware Filter Switch Buttons Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Lk lt Updates the table starting from the first entry in the MVR SFM Information Table gt gt gt gt J Updates the table starting with the entry after the last
51. Note that clicking the reopen button causes the page to be refreshed so non committed changes will be lost Buttons Save Click to save changes 270 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Note that non committed changes will be lost 271 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 2 Access Management Configure access management table on this page The maximum entry number is 16 If the application s type matches any one of the access management entries it will allow access to the switch The Access Management Configuration screen in Figure 4 12 2 appears Delete Access Management Configuration Mode Disabled Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH Add New Entry Reset Figure 4 12 2 Access Management Configuration Overview Page Screenshot The page includes the following fields Object Description e Mode Indicates the access management mode operation Possible modes are E Enabled Enable access management mode operation E Disabled Disable access management mode operation e Delete Check to delete the entry It will be deleted during the next save Start IP Address End IP Address Indicates the start IP address for the access management entry Indicates the end IP address for the access management entry
52. QoS Storm MultiCast lt scn272 anit o Reet eee Ae Bee ete a rege eee 538 QoS StormBroadcaS dust veel in hae eee ne athe eee ee ede enero 538 QOS QCA ates 8s hac a tists as asst i125 O O 539 QoS QCL Delete vicio Rotates ei te ie ed es de led a ee ee 540 COS OGame edo eet 541 QoS QUES US ui Mette ta E A ee ee ei 541 QoS ACLARA cies 541 6 20 Mirror COMMANG icon cpeusevavete custeetesceesececube oth ecucevetecebancesutvevanevendececus 543 MirroriGOnniQuratiOn ect AE egies beatae teatime 543 Mirror POft cc nane he a Sa ee A a A a a 543 Mirror ModE ii ti ee 544 6 21 Configuration Command nonnccncccnnnnncnnnrr mnnn nnnn ennn nnnn nnne nnnn nnne nnnn nnmnnn nenne nnn nea 545 Co nfig ration Save aner idad a a a a e a a a a A N 545 Configuration LOad EERE E A A E E E T 545 6 22 Firmware COMMANG viii iii ii ii iia e 546 Firmware Load tacon cicatrices 546 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Firmware IPVO LO dd ermita s 546 Firmware INforrmation ssc ech a a e r a ea a eaa e a E pens ceases ide cphecvacaneya agi ida 546 Firmware Swap aer A E el is E A ee iea 547 6 23 UPRmP Command E EESE ESE E E EE T 548 UPNP Configura iii A N ee a eee a 548 WPAP Mod ir 2225 hon Meta et dl io e de a dec deta o a e o o e ds 548 WRAP OIG bec E E heretic tt titi tt eed tia 549 UPnP Advertising D rat O a r a aa E aaa a e aaa A aa apa pa aa ea aE aeaaeith 549 624 MVR COMMA r ces 0d eesuedet ccrcesncuesatccesucceesdueevssetsuccceseterstaee sesueseneatc
53. Security Switch SNMP Group Add lt security_model gt lt security_name gt lt group_name gt Parameters lt security_model gt v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM lt security_name gt A string identifying the security name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 lt group_name gt A string identifying the group name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 group entry NS3552 8P 2S gt security switch snmp group add usm admin_snmpv3 group_snmpv3 Security Switch SNMP Group Delete Description Delete SNMPv3 group entry Syntax Security Switch SNMP Group Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 group entry NS3552 8P 2S gt security switch snmp group delete 1 419 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Group Lookup Description Lookup SNMPv3 group entry Syntax Security Switch SNMP Group Lookup lt index gt Parameters lt index gt entry index 1 64 Example Lookup SNMPv3 group entry NS3552 8P 2S gt security switch snmp group lookup Idx Model Security Name Group Name public default_ro_group vi private default_rw_group v2c public default_ro_group v2c
54. Set or show the system location Syntax System Location lt location gt Parameters lt location gt System location string 1 255 Use clear or to clear the string In CLI no blank or space characters are permitted as part of a location Default Setting empty 358 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example To set device location NS3552 8P 2S gt System location MyOffice System Log Level Description Show or set the system log level It uses to determine what kind of message will send to syslog server Syntax System Log Level info warning error Parameters info Send informations warnings and errors warning Send warnings and errors error Send errors Default Setting info Example To set log level NS3552 8P 2S gt log level warning System DST Mode Description Set or show the daylight saving time mode Syntax System DST Mode disable recurring non recurring Parameters disable Disable Daylight Saving Time recurring Enable Daylight Saving Time as recurring mode non recurring Enable Daylight Saving Time as non recurring mode Default Setting 359 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Disabled System DST Start Description Set or show the daylight saving time start time settings Syntax System DST start lt week gt lt day gt lt month gt lt date gt lt year gt lt hour gt lt minute gt Parameters
55. This 6 bit field may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 LLDP MED Port Policy Description Set or show LLDP MED port polcies Syntax LLDPMED port policies lt port_list gt lt policy_list gt Parameters lt port_list gt Port list or all default All ports lt policy_list gt List of policies to delete LLDP MED Coordinates Description Set or show LLDP MED Location Syntax LLDPMED Coordinates latitude longitudelaltitude north south west east meters floor coordinate_value Parameters latitude Latitude O to 90 degress with max 4 digits Positive numbers are north of the equator and negative numbers are south of the equator longitude Longitude O to 180 degress with max 4 digits Positive values are East of the prime meridian and negative numbers are West of the prime meridian 493 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual altitude Altitude Meters or floors with max 4 digits default Show coordinate location configuration north south west east meters floor North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters _ Meters Valid for altitude Floor Floor Valid for altitude Ildpmed Coordinate value coordinate_value lldpmed Coordinate value LLDP MED Datum Description Set or sh
56. add del group_addr Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt port_list gt Port list or all default All ports add Add new port group filtering entry del Del existing port group filtering entry default Show IPMC port group filtering list group_addr IPv4 IPv6 multicast group address accordingly IPMC Router Description Set or show the IPMC snooping router port mode Syntax IPMC Router mld igmp lt port_list gt enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt port_list gt Port list or all default All ports enable Enable IPMC router port disable Disable IPMC router port default Show IPMC router port mode Example Enable port 1 in IPMC router port NS3552 8P 2S gt ipmc riuter igmp 1 enable 580 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPMC Status Description Show IPMC operational status accordingly Syntax IPMC Status mld igmp lt vid gt Parameters mldligmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC operational status NS3552 8P 2S gt ipmc status igmp 1 IPMC Group Description Show IPMC group addresses accordingly Syntax IPMC Groups mld igmp lt vid gt Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1
57. communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet e Engine ID Indicates the SNMPv3 engine ID The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users The SNMP Trap Configuration page includes the following fields Object Description e Trap Mode Indicates the SNMP trap mode operation Possible modes are E Enabled Enable SNMP trap mode operation E Disabled Disable SNMP trap mode operation e Trap Version e Trap Community Indicates the SNMP trap supported version Possible versions are E SNMP v1 Set SNMP trap supported version 1 E SNMP v2c Set SNMP trap supported version 2c E SNMP v3 Set SNMP trap supported version 3 Indicates the community access string when send SNMP trap packet The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 e Trap Destination Address Indicates the SNMP trap destination address It allows a valid IP address in dotted decimal notation X y z w And it also allows a valid hostname A valid hostname is a string drawn from the alphabet A Za z digits 0 9 dot dash Spaces are not a
58. e LLC E SSAP Address Valid SSAP Source Service Access Point can vary from 0x00 to OxFF or Any the default value is Any E DSAP Address Valid DSAP Destination Service Access Point can vary from 0x00 to OxFF or Any the default value is Any E Control Address Valid Control Address can vary from 0x00 to OxFF or Any the default value is Any e SNAP PID Valid PID a k a Ethernet type can have value within 0x00 0xFFFF or Any default value is Any e IPv4 E Protocol IP protocol number 0 255 TCP or UDP or Any E Source IP Specific Source IP address in value mask format or Any IP and Mask are in the format x y z w where x y z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 E IP Fragment Pv4 frame fragmented option yes no jany E Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP E Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP e IPv6 E Protocol IP protocol number 0 255 TCP or UDP or Any E Source IP Pv6 source address a b c d or Any 32 LS bits E DSCP Diffserv Code Point value DSCP It can be specific value range of v
59. enable disable MEP LCK Configuration Description 515 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MEP LCK configuration prio is the priority PCP of transmitted AIS frame 1s 1m is the number of AIS frame pr second Syntax MEP Ick config lt inst gt lt prio gt 1s 1m enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority 1s 1m Transmit period for LCK 1s to send OAM Frames in the rate of 1 per second 1m to send OAM frames in the rate of 1 per minute enable disable enable disable MEP Link Trace Configuration Description MEP Link Trace configuration prio is the priority PCP of transmitted LTM frame mac_addr is the unicast MAC of target MEP MIP mep is the peer MEP ID of target MEP only used if mac_adar is all zero tll is the TLL in the transmitted LTM Syntax MEP It config lt inst gt lt prio gt lt mac_addr gt lt mep gt lt ttl gt enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority lt mac_addr gt MAC address XX XX XX XX XX XX OF XX XX XX XX XX XX Or XXXXXXXXXXXX X is a hexadecimal digit lt mep gt This MEP id 0 0x1FFF lt ttl gt LT Time To Live enable disable enable disable MEP Loop Back Configuration Description 516 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MEP Loop Back configuration seticlear is set or clear of DEI of transmit
60. gt gt gt gt Ping Request PoE PD Alive checking PoE Camera z No Response PT PoE Camera A Y gt gt gt E gt _e OFF Checking alive status for 3 times Restart PoE device if without response m PD Ping Alive Check Configuration This page provides you with how to configure PD Alive Check The screen in Figure 4 16 8 appears PD Ping Alive Check perl ee enero i nnes Ping PD IP Address Interval Time 10 300s Retry Count 1 5 Reboot Time 30 180 s 1 2 3 4 5 6 7 8 Figure 4 16 8 PD Alive Check Configuration Screenshot The page includes the following fields Object Description e Mode Allows user to enable or disable per port PD Alive Check function As default value all ports are disabled e Ping PD IP Address This column allows user to set PoE device IP address here for system making ping to the PoE device Please be noted that the PD s IP address must be set to the same network segment as the NS3552 8P 2S PoE Switch e Interval Time 10 300s This column allows user to set how long system should issue a ping request to PD for detecting PD whether it is alive or dead Interval time range is from 10 seconds to 300 seconds e Retry Count 1 5 This column allows user to set how many times system retries ping to PD For example if we set count 2 the meaning is that if system retries ping to the PD and
61. gt qos Port Classification pcp 1 1 523 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Port Classification DEI Description Set or show the default DEI for an untagged frame Syntax QoS Port Classification DEI lt port_list gt lt dei gt Parameters lt port_list gt Port list or all default All ports lt dei gt Drop Eligible Indicator 0 1 Default Setting 0 Example Set the default DEI for an untagged frame in 1 for port1 NS3552 8P 2S gt qos Port Classification dei 1 1 QoS Port Classification Tag Description Set or show if the classification is based on the PCP and DEI values in tagged frames Syntax QoS Port Classification Tag lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable tag classification disable Disable tag classification default Show tag classification mode Default Setting disable Example Enable QoS port classification Tag 524 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt qos Port Classification tag 1 10 enable QoS Port Classification Map Description Set or show the port classification map This map is used when port classification tag is enabled and the purpose is to translate the Priority Code Point PCP and Drop Eligible Indicator DEl from a tagged frame to QoS class and DP level Syntax QoS Port Classification Map lt port_list gt l
62. screen in Figure 4 18 7 appears 335 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RMON Statistics Configuration Delete ib Data Source Add New Entry Save i Figure 4 18 7 RMON Statistics Configuration Page screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 Buttons Add New Entry Click to add a new community entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 18 8 RMON Statistics Status This page provides an overview of RMON Statistics entries Each page shows up to 99 entries from the Statistics table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Statistics table The first displayed will be the one with the lowest ID found in the Statistics table screen in Figure 4 18 8 appears RMON Statistics Status Overview Auto refresh C Start from Control Index fo with 20 entries per page elas Drop Octets Pkts Broad Muti EE Under e Frag Jabb Coll all S T
63. uses and can radiate radio frequency energy and if not installed and used in accordance with the instruction manual may cause harmful interference to radio communications You are cautioned that any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate the equipment Notice This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures This Class A digital apparatus complies with Canadian ICES 003 Cet appareil num rique de la classe A est conforme a la norme NMB 003du Canada 2004 108 EC EMC Directive Hereby UTC Climate Controls amp Security Corporation Inc declares that this device is in compliance with the essential requirements and other relevant provisions of Directive 2004 108 EC For contact information see www interlogix com or www utcfssecurityproducts eu IFS NS3552 8P 2S AND NS3550 2T 8S User Manual TABLE OF CONTENTS IFS NS3552 8P 2S and NS3550 2T 8S User Manual seeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeees 1 1 INTRODUCTION iicsiocicomscaacna asia 24 1 1Packet Conten S iroa aeaea aa Anaa A 24 1 2 Product DeScCriptiON scissa ii a Ea ia a E aaia 25 1 3 How to Use This Manual oooonmononnccncnnnnnncccnccncnnnnnnnnocncrnnnn nece 29 1 4 Product EGAtUT S ccoo ea raaa ded aaaea aces aa a aeea ae ae A FEE aeaaea A rRe aaaeaii
64. 0 1 status 599 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 32 Show Command Show Access Description Show access management configuration Syntax Show access Show ACL Description Show ACL Configuration Syntax Show acl Show Aggregation Description Show link aggregation configuration Syntax Show aggr Show ARP Description Show ARP inspection configuration Syntax Show arp Show Auth Description Show Auth configuration 600 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Show auth Show DHCP Relay Description Show DHCP relay configuration Syntax Show DHCP relay Show EEE Description Show EEE configuration Syntax Show EEE Show HTTPs Description Show HTTPS configuration Syntax Show https Show IGMP Description Show IPMC snooping configuration Syntax Show igmp 601 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Show IP Description Show IP configuration Syntax Show ip Show LACP Description Show LACP configuration Syntax Show lacp Show Limit Control Description Show Limit Control configuration Syntax Show limit control Show LLDP Description Show LLDP configuration Syntax Show Ildp Show LLDP MED Description Show LLDP MED configuration Syntax Show LLDPMED 602 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Show Loop Protect Description Show Loop Protec
65. 1 SNMP System Configuration Page Screenshot The SNMP System Configuration page includes the following fields Object Description e Mode Indicates the SNMP mode operation Possible modes are E Enabled Enable SNMP mode operation E Disabled Disable SNMP mode operation e Version Indicates the SNMP supported version Possible versions are E SNMP v1 Set SNMP supported version 1 E SNMP v2c Set SNMP supported version 2c E SNMP v3 Set SNMP supported version 3 e Read Community Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a 99 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Write Community particular range of source addresses can be used to restrict source subnet Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3
66. 28 PMC Command wecccrscscectecs ccstssccccececcce cc avescetecncccebecdvessaccecccewucteesetecuatczsuccuedhtceusiessucceedebecebdedeenex anteteccaageee 573 IPMG Gonfigurrationy cxceceatsctatescessescid ates ola 573 IPMG Mode sc ito A i ec ec ee Sa 573 PMC Rooding 5 2 a eck a a St i da lll id 574 IPMC Leave ProxY icc ttn ets hee A EA here es Eee tet dace bo 574 IPMG Proxy io es iaa 575 IPMG SSMevieet sist hes ee ces eed ied ese ected dates ee Ac selene ed dad elie ence 575 PME VAN AdE 220i nce e e a eect geet te kd ete cesses 576 IPMC VEAN Delete jiire eener seco dt ede does een ieee te eee 576 IPME State EPE EE A nd A ae ae ae E rote do Rec a 577 PMC Queriet cti Ad ees edt see SEL de Gee ee eden 577 IPMC Compaltibilll Vcc socked bee ad 578 IPMCFastle aves ici ia Sis lod rl Ae I cid 578 PMG Trotta E daran fai 579 PMG Filtering irie ernan aaa 580 IPMC Router isa ear iaa 580 IPMC StA tU SEn ierann seee dt et an 581 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual PMC iG OUD suscitar aia deidad dia 581 IPMEVerSi n ti e a tpevanhedcedauns E A R e 582 IPMG SEM ico Le ADGA ee ed te eee SEL oe Se eA bt 582 IPMCiParameter RV cuina id 582 IPMG Parameter Oliiconsvnica tii oi teeta ee cece ae ected ee cial 583 IPMG Parameter OR Aia 583 IPMG Parameter LEQ sce neti ee ee Ad ie ele ed te ei diel a 584 IPMG Parameter URI curacion api 584 6 29 VLAN Control List COM MAN d a e a Ta r aa rarae aa aa a rea a ae aa a aaea apane naapa paa
67. 2S AND NS3550 2T 8S User Manual mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs ipmc_param_uri 1 Default Value 1 0 31744 Unsolicited Report Interval in seconds default Show IPMC Interface Unsolicited Report Interval 6 29 VLAN Control List Command VCL MAC based VLAN Configuration Description Show VCL MAC based VLAN configuration Syntax VCL Macvlan Configuration VCL MAC based VLAN Add Description Add or modify VCL MAC based VLAN entry Syntax VCL Macvlan Add lt mac_addr gt lt vid gt lt port_list gt Parameters lt mac_addr gt MAC address XX XX XX XX XX XX lt vid gt VLAN ID 1 4095 lt port_list gt Port list or all default All ports Example Add 00 11 22 33 44 55 66 in VLAN 20 for all port VCL MAC based VLAN Delete Description Delete VCL MAC based VLAN entry 585 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax VCL Macvlan Del lt mac_addr gt Parameters lt mac_addr gt MAC address xx xx XX XX XX XX Example Delete 00 11 22 33 44 55 66 in MAC based VLAN list NS3552 8P 2S gt vel macvlan del 00 11 22 33 44 55 66 VCL Stasus Description Show VCL MAC based VLAN users configuration Syntax VCL Status combined static nas all Parameters combined static nas all VCL User VCL Protocol based VLAN Add Ethernet Il Description Add VCL prot
68. 2S only PoE Configuration Description Show PoE configuration Syntax PoE Configuration PoE Mode Description Set or show the PoE mode Syntax PoE Mode lt port_list gt enable disable aflat Parameters lt port_list gt Port list or all default All ports enable Enables PoE disable Disable PoE default Show PoE s mode af PoE to af mode at PoE to at mode default Show PoE s af at mode Default Setting enable PoE Priority Description Show Set PoE Priority Syntax PoE Priority lt port_list gt low high critical 500 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports low _ Set priority to low high Set priority to high critical Set priority to critical default Show PoE priority Default Setting high PoE Mamagement Mode Description Show Set PoE management mode Syntax PoE Mgmt_mode mgt_class mgt_alloc mgt_consumption mgt_priority PoE Allocated Power Description Set or show PoE maximum power allocated per port 0 30 8 with one digit Syntax PoE Alloc_Power lt port_list gt lt alloc_power gt Parameters lt port_list gt Port list or all default All ports lt alloc_power gt PoE maiximum power allocated for the port 0 30 8 Default Setting 30 8 PoE Power Supply Description Set or show the value of the power supply 501 IFS N
69. 2T 8S User Manual IEEE 802 10 Example Set VLAN mode in port base NS3552 8P 2S gt vlan mode portbased VLAN Link Type Description Set or show the port VLAN link type Syntax VLAN LinkType lt port_list gt untagged tagged Parameters lt port_list gt Port list or all default All ports untagged VLAN Link Type Tagged tagged VLAN Link Type Untagged default Show VLAN link type Default Setting Un tagged Example Enable tagged frame for port2 NS3552 8P 2S gt vlan linktype 2 tagged VLAN Q in Q Mode Description Set or show the port Q in Q mode Syntax VLAN QinQ lt port_list gt disable man customer 386 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode default Show VLAN QinQ Mode Example Set port2 in man port NS3552 8P 2S gt vlan qing 2 man VLAN Ethernet Type Description Set or show out layer VLAN tag ether type in Q in Q VLAN mode Syntax VLAN Ethtype lt port_list gt man dot1 q Parameters lt port_list gt Port list or all default All ports man Set out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for p
70. 4 5 2 appears Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address IP Address TCP UDP Port Number Figure 4 5 2 Aggregation Mode Configuration Page Screenshot The page includes the following fields Object e Source MAC Address Description The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled e Destination MAC Address e IP Address The Destination MAC Address can be used to calculate the destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled e TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled 118 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Static Aggregation Group Configuration The Aggregation Group Configuration screen in Figure 4 5 3 appears Aggregation Group Configuration Port Members Port Members Group 10 1 2 3 4 5 6 7 8 9
71. 5 C 104 9 F System Date 2013 11 19 Tue 15 02 42 01 00 System Upti 0d 00 43 45 Software Version v1 5b131009 Software Date 2013 10 14T10 39 50 0800 Auto refresh L Figure 4 2 1 System Information Page Screenshot 65 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Contact The system contact configured in Configuration System Information System Contact e Name The system name configured in Configuration System Information System Name e Location The system location configured in Configuration System Information System Location e MAC Address The MAC Address of this Industrial Managed Switch e Power The Power 1 and Power 2 ON OFF Status display e Temperature The Temperature shows current of the switch inside temperature status e System Date The current GMT system time and date The system time is obtained through the configured SNTP Server if any e System Uptime The period of time the device has been operational e Software Version The software version of the Industrial Managed Switch e Software Date The date when the switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 4 2 2 IP Configuration The IP Configuration includes the IP Address Subnet Mask and Gateway The
72. Add c cooooccocccinccccocccinoncnonccnnnnononcn ronca nn cnn rca ran 415 Security Switch SNMP Community Delete oooococinnccnnnccicocccocccnoncnnnnncnonnn non ccoo na nnn cc nn carr cnn rca nr 416 Security Switch SNMP Community LOOKUD c ceeeceeeeeeeeeeeeeneeeeeeeeaeeeeaeeeeaeeseaeeeeaeeeeaeeeeaeeseaeeseaeeseeeeeeeeseeeeeaees 416 Security SWiteh SNMP User Add eiii optica 416 Security Switch SNMP User Delete cc cccccsscceesenceeeeseeeeeeceaeeesseaeeeseaaneeeceeaeeeesceeessaneeesccaeeesseneeeseseeeesssaeess 417 Security Switch SNMP User Changekey ccccceesceeeeeeeeeeeeeneeeeeeeeaeeeeaeeseaeeeeaeeseaeeeeaeeseaeessaeeseaeesseeeseneeeeieeteaees 418 Security Switch SNMP User Lookup cceesceeeseeeeeeeteeeeeaeeseneeceaeeceaeeeeaeeseaeeseaeeceaeeseaeeseseeseaeeseaeeseaeeseeeseeesenes 418 Security Switech SNMP Group Add 2 0 ae sede arcada Acond arrasadas 419 Security Switch SNMP Group Delete eeccecceeeseeeeneeeeeeeteseeeeaeeeeaeeeeaeeseaeeeeaeeseaeeseaeeseaeeseaeeseaeeseaeeseseeeneetenees 419 Security Switch SNMP Group LOOKUD cceecceeeeeeeeeeeeeeeeeeeeeaeeeeaeeeeaeeeeaeeseaeeseaeeseaeeesaeeseaeeseaeeseaeeseeeeteeeeeeeeeeaees 420 Security Switch SNMP View Add ssi crees rnd epte eaei r iaaea cd a dia 420 Security Switch SNMP View Delete cc cccccsscceeseneeeeeseeeeeeeneeeeeseaaeeceseaeeecesaeeeescaeeeesaaeeesesaeeesseneeeessneeessnaeess 421 Security Switch SNMP View Lookup ccoooccioccccoccc
73. Click to undo any changes made locally and revert to previously saved values 4 9 3 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports The Port Shaping screen in Figure 4 9 2 appears 195 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Egress Port Shapers Shapers A INIA Qu ai o2 oa a os as a7 Port disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled disabled 1 2 3 4 5 6 FA 8 3 10 Figure 4 9 2 QoS Egress Port Shapers Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure the shaper
74. Configured column is used to view or change the IP configuration Fill out the IP Address Subnet Mask and Gateway for the device The screen in Figure 4 2 2 appears 66 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IP Configuration DN NTC ET EC IP Address 192 168 0 100 192 168 0 100 255 255 255 0 255 255 255 0 IP Router 192 168 0 1 192 168 0 1 IP DNS Proxy Configuration 0 0 0 0 0 0 0 0 Figure 4 2 2 IP Configuration Page Screenshot The Current column is used to show the active IP configuration Object Description e DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP server does not respond around 35 seconds and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as host name to provide DNS lookup e IP Address Provide the IP address of this switch in dotted decimal notation e IP Mask Provide the IP mask of this switch dotted decimal notation e IP Router Provide the IP address of the router in dotted decimal notation e VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 e DNS Server Provide the IP address of the DNS Server in dotted decimal notation e DNS Proxy When DNS proxy is enabled DUT will relay DNS requests to the curr
75. Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbor s table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field 293 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Both the CDP and LLDP support system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbor s table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded e Port Description e System Name Optional TLV When checked the port description is included in LLDP information transmitted Optional TLV When checked the system name is included in LLDP information transmitted e System Description Optional TLV When checked the system description is included in LLDP information transmitted e System Capabilities Optional TLV When checked the system capability is included in LLDP information transmitted
76. Direction of the MEP instance lt port gt Port number domport domeve Flow domain lt level gt MEP level 0 7 itulieee MEG format ITU ICC format as defined in Y 1731 ANNEX A IEEE String format Domain Name and Short Name as defined in 802 1ag lt meg gt MEG ID max 8 chars lt mep gt This MEP id 0 0x1FFF lt vid gt C TAG only applicable for Port MEP lt flow gt Flow instance number Port EVC enable disable enable disable 512 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MEP Peer MEP Description MEP Peer MEP id configuration Syntax MEP peer MEP lt inst gt lt mep gt lt mac_addr gt enable disable Parameters lt inst gt Instance number lt mep gt This MEP id 0 0x1FFF lt mac_addr gt MAC address XX XX XX XX XX XX OF XX XX XX XX XX XX OF XXXXXXXXXXXX X is a hexadecimal digit enable disable enable disable MEP Continuity Check Configuration Description MEP Continuity Check configuration prio is the priority PCP of transmitted CCM frame 300s 100s 10s 1s 6m 1m 6h is the number of CCM frame pr second Syntax MEP cc config lt inst gt lt prio gt 300s 100s 10s 1s 6m 1m 6h enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority 300s 100s 10s 1s 6m 1m 6h OAM period 100s gt 100 PDU pr second enable disable enable disable MEP Loss Measurement Configuration Description MEP Loss Measure
77. E 527 QoS Port Policer Flow Controls th 220i inde A ded isin eden 527 QoS Port QueusPolicer Mode can ete os ae ts ast e ce achat i es Ee hat oes ashe cate ae 528 QoS Port QuetiePolic r Rate s c c205 ese aca ee net a eee be eee eevee eee 528 QoS Port Scheduler Mode a ate E aks aL ete ade hes se aes E 529 QoS Port Scheduler Welt iii 529 QoS Port QueueShaper Mode 2 a a A pean e eat 530 QoS Port QueueShaper Rate is tnea a raires ea ep aa a enio ede ietie iiaae aa pao ia 530 QoS Pot Queue Sha OT E O O S r do ae a A o a aate 531 QoS Port TagRemarking MOde ccesccessseceseeteneeeeaceeeaeeeeaeeseaeeseaeeseaeeseaeeseaeeseaeeseaeeeeaeeseaeeseaeeseseessaeeseeeeeeeeeenees 531 oS Port TagRemarking PCR viii saints chest id ee dada pa edge et dd 532 QoS Port TagRemarking DEI ccoo heehee heen otis he doers ene ee deed 532 QoS Port TagRemarking Map sce r a a ae a E a a araa aA eA aaa a a anaa iaia aia 533 QoS Port DSCP Translation iiaa a Ged ede ee ees E a a e E 533 QoS RortrDSCP Classification aaa 534 QOS Port DSCP EgressheMalk urna ad lia 535 CoS DSCR Map 0n croouenid saco ca daban Ecol ed a that akan o Bees Ma o ce AE 535 QoS DSCPTranslati M in ha A Le 536 QoS DSGP TUS e o E a e e e do 536 QoS DSGP Classification iMode isis iio aii LE abla 536 QoS BRIG m o EE EE seden ke shecaad sas seseshgesndecantsnacdagsiagdestssdaispdacejasen tedden sdetagdasasdasessantulasansedaennaae 537 QoS Storm UNICAST etn lv eee ile ei i 537
78. E vMAN Tag 88A8 Default 802 1Q Tag E es The port must be a member of the same VLAN as the Port VLAN ID Note Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 132 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 5 VLAN Membership Adding Static Members to VLANs VLAN Index Use the VLAN Static Table to configure port members for the selected VLAN index The VLAN membership configuration for the selected stack switch unit switch can be monitored and modified here Up to 255 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN The VLAN Membership screen in Figure 4 6 3 appears VLAN Membership Configuration Start from WLAN 1 with 20 entries per page Port Members O TI Delete vuanio ____vtanname aJ2 3J4 5 0 0 9 io Co Cl default MIMIMIMIMIMIMIMIM A Add New VLAN Figure 4 6 3 VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description e Delete To delete a VLAN entry check this box The entry will be deleted on all stack switch units during the next Save e VLAN ID Indicates the ID of this particular VLAN e VLAN Name Indicates the name of the VLAN Maximum length of the VLAN Name String is 32 Port Members VLAN Name can only contain alphabets or numbers VLAN name should contain a
79. ELIN Service identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VolP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Conferencing 5 Streaming Video 6 Control Signaling conditionally support a separate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different polic
80. High performance of Store and Forward architecture and runt CRC filtering eliminates erroneous packets to optimize the network bandwidth E Storm Control support Broadcast Multicast Unicast E Supports VLAN IEEE 802 1Q Tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Protocol based VLAN MAC based VLAN Voice VLAN Supports Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard E Supports Link Aggregation 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel Static Trunk Maximum 5 trunk groups up to 8 ports per trunk group Up to 16Gbps bandwidth Duplex Mode Provides Port Mirror 1 to 1 Port Mirroring to monitor the incoming or outgoing traffic on a particular port m Loop protection to avoid broadcast loops E Supports E R P S Ethernet Ring Protection Switching gt Quality of Service E Ingress Shaper and Egress Rate Limit per port bandwidth control E 8 priority queues on all switch ports m Traffic classification IEEE 802 1p CoS IP TOS DSCP IP Precedence IP TCP UDP port number Typical network application 31 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Strict priority and Weighted Round Robin WRR CoS policies
81. IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 10 1 Two separate 802 1Q VLAN The diagram shows how the Industrial Managed Switch handle Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLAN Each VLAN isolates network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 1 describes the port configuration of the Industrial Managed Switch e ew ee ee eee e ew ewe ew eee Oe ee ee ee eee eK ee em 0 ta a m e o ee eee eee eee ee er ee PC 1 PC 2 PC 3 PC 4 PC 5 PC 6 Untagged Untagged Tagged Untagged Untagged Tagged VLAN 2 VLAN 3 XN Ps s e T nene a e e U UM UM e ee SS Figure 4 6 8 Two Separate VLAN Diagrams VLAN Group 1 1 Port 7 Port 10 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 Table 4 1 VLAN and Port Configuration The scenario described as follows E Untagged packet entering VLAN 2 1 While PC 1 transmitting an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will receive the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 receive no packet 3 While the packet leaves Port 2 it will be stripped away its tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN T
82. IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 576 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPMC State Description Set or show the IPMC snooping state for VLAN Syntax IPMC State mld igmp lt vid gt enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs enable Enable MLD snooping disable Disable MLD snooping Default Setting disable Example Enable IGMP snooping state for VLAN 1 NS3552 8P 2S gt ipmc state igmp 1 enable IPMC Querier Description Set or show the IPMC snooping querier mode for VLAN Syntax IPMC Querier mld igmp lt vid gt enable disable Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs enable Enable MLD querier disable Disable MLD querier 577 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting disable Example Enable IGMP querier for VLAN 1 NS3552 8P 2S gt ipmc querier igmp 1 enable IPMC Compatibility Description Set or show the IPMC Compatibility Syntax IPMC Compatibility mld igmp lt vid gt auto v1 v2 v3 Parameters mid igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs auto v1 v2 v3 auto Auto Compatibility Default Valu
83. Indicates the SNMP trap informs retry times The allowed range is 0 to 255 Save Click to save changes Click to undo any changes made locally and revert to previously saved values 100 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 3 3 SNMP System Information The switch system information is provided here The SNMP System Information screen in Figure 4 3 2 appears System Information Configuration System Contact System Name NS3552 8P 2S System Location Figure 4 3 2 System Information Configuration Page Screenshot The page includes the following fields Object Description e System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 e System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of aname The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 e System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII char
84. It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2431 1 e Variable Indicates the particular variable to be sampled the possible variables are a InOctets The total number of octets received on the interface including framing characters a InUcastPkts The number of uni cast packets delivered to a higher layer protocol a InNUcastPkts The number of broad cast and multi cast packets delivered 329 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual to a higher layer protocol a InDiscards The number of inbound packets that are discarded even the packets are normal a InErrors The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol a InUnknownProtos the number of the inbound packets that were discarded because of the unknown or un support protocol a OutOctets The number of octets transmitted out of the interface including framing characters E OutUcastPkts The number of uni cast packets that request to transmit OutNUcastPkts The number of broad cast and multi cast packets that request to transmit a OutDiscards The number of outbound packets that are discarded event the packet is normal a OutErrors The number of outbound packets that could not be transmitted because of error
85. Lease Active O Tx Lease Active 451 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network IP Source Guard Configuration Description Show IP source guard configuration Syntax Security Network IP Source Guard Configuration Security Network IP Source Guard Mode Description Set or show IP source guard mode Syntax Security Network IP Source Guard Mode enable disable Parameters enable Enable IP Source Guard disable Disable IP Source Guard Default Setting disable Example Enable IP source guard mode NS3552 8P 2S gt security network ip source guard mode enable Security Network IP Source Guard Port Mode Description Set or show the IP Source Guard port mode Syntax Security Network IP Source Guard Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IP Source Guard port disable Disable IP Source Guard port 452 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual default Show IP Source Guard port mode Default Setting disable Example Enable IP source guard port mode for port1 4 NS3552 8P 2S gt security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit lt port_list gt lt dynamic_entry_limit gt unlimit
86. MVR Group Table The MVR Groups Information screen in Figure 4 8 19 appears 191 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MVR Channels Groups Information Auto refresh C Refresh lt lt gt gt Start from VLAN 1 and Group Address with 20 entries per page Port Members No more entries rs wean 10 crouns 2 3 4 5 6 7 6 9 x0 no more mires Figure 4 8 19 MVR Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Groups Group ID of the group displayed e Port Members Ports under this group Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Lk lt Updates the table starting from the first entry in the MVR Channels Groups Information Table gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 4 8 17 MVR SFM Information Entries in the MVR SFM Information Table are shown on this page The MVR SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry The MVR Groups Information screen in Figure 4 8 20 appears
87. Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Link Down Link Up PoE On Ga ml SFP Ports rr Laa Not Supported RJ 45 Ports 63 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Main Menu Using the onboard web agent you can define system parameters manage and control the Industrial Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Industrial Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears Figure 4 1 5 Industrial Managed Switch Main Functions Menu 64 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 System Use the System menu items to display and configure basic administrative details of the Industrial Managed Switch Under the System the following topics are provided to configure and view the system information 4 2 1 System Information The System Info page provides information for the current device information System Info page helps a switch administrator to identify the hardware MAC address software version and system uptime The screen in Figure 4 2 1 appears System Information 9c f 6 1a 03 1c 48 Power1 ON Power2 OFF 40
88. N r PC 2 PC 3 Untagged Tagged Cif Untagged Tagged nee A A A O amp a VLAN 2 VLAN 3 Network Switch PC 4 Untagged PC 1 Untagged 9 5 1 UD R TP AA E E A 0P0P SP CP A UE P P SED gt 0R CD CUR O AP CR O A A E 8 N I w Se eee ee ee oe ES Pad z Z 4 c 3 Z 3 Q a aa a e e a l a a a l a a a a a a a sr l wesw we ew ew ww ew oe x AS ee ee ee o o e e Te ee Setup steps 1 Create VLAN Group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member 143 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 As to the VLAN ports connecting to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk port configuration 1 Specify Port 8 to be the 802 1Q VLAN Trunk port 2 Assign Port 8 to both VLAN 2 and VLAN 3 at the VLAN Member configuration page 3 Define a VLAN 1 as a Public Area that overlaps with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this sample assign Port 8 to be a VLAN 2 and VLAN 3 member port The screen in Figure 4 6 12 appears Port Members IN M
89. Name MVR Name is an optional attribute to indicate the name of the specific MVR VLAN Maximum length of the MVR VLAN Name string is 32 MVR VLAN Name can only contain alphabets or numbers When the optional MVR VLAN name is given it should contain at least one alphabet MVR VLAN name can be edited for the existing MVR VLAN entries or it can be added to the new entries e Mode Specify the MVR mode of operation In Dynamic mode MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode e Tagging Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID The default is Tagged e Priority Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is 0 e LLQI Define the maximum time to wait for GMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of seconds The range is from 0 to 31744 The default LLQI is 5 tenths or one half second e Interface Channel Setting When the MVR VLAN is created click the Edit symbol to expand the corresponding multicast channel settings for the specific MVR VLAN Summary about the Interface Channel Setting of the MVR VLAN will be shown besides the Edit symbol e Port The logical port for the settings e Port
90. Network ARP Inspection ENtY ooncccinnccinnccnncccnoncnnncccnnnncnnnnn non cn nan n cnn rancia 456 Security Network ARP Inspection Status 0 c ccccceeeeeeeneeeeeeeeeneeeeeeeeaeeeeeeeseaeeeeaeeseaeeeeaeeseaeeseaeeseaeeeseeeeeeeeseeeeeaees 457 Security Network ARP Inspection Translation cccccecceeseeeseeeeeeeeseneeeeeeeseaeeeeaeeseaeeeeaeeesaeeseaeeeeaeeeseeeeieeeneeeeeaees 457 Security AAA Configuration ca ado 457 Security AAA TIME Uttar ta id the eet 458 Security AAA Dea ME cti laa a aa aa aldo 459 Security AAA RADIOS oo A A e ts 459 Security AAA ACCT RADIUS vise sete a e o Ste ont a a o e tata 460 security AAA TACAGS 5 cccses ccttnssticotes oe ceitgeekett age sodcavaee ies ba abortos rede ete 460 Security AAA SAUS sata hashes tua passes Ea desis CARAS din abarcan 461 6 8 Spanning Tree Protocol Command coomcnccccccnniconcnncrrncrc rr 462 STP Gonfig rati n ii aa ene 462 STP Version ita ni A A A tt c 463 STP boo lr ecc o li le o ed e o eo eis 463 STP MAX HOPS cr a id a Reeves le 464 RVE Dao e o ech esse th acacas toys cesishd ated AEAEE A ETE 464 STP FwoDelay innin AAA AAA ed ee eee 465 STP ONAM E 2 28 tessseusite a ra aaa aos 465 STP BPDU Piles esees coed sees vee it Se has Je ie teen 466 STPIBPDU Guard EEA see o st onda toso eat bh Le sald pete Rac o salle betes Reg at tet a E 466 STPiReCOvely is aise sabia A Sev ee te 467 A A 467 STP MSTI Prior cicle illa il Deets a ii 468 STPMSTMap ctr kos set Sa att ae Baek Oe a
91. Port Policer Rate lt port_list gt lt rate gt Parameters lt port_list gt Port list or all default All ports lt rate gt Rate in kbps or fps 100 15000000 Default Setting 500 526 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Set the port policer rate in 1000 NS3552 8P 2S gt qos Port Policer Rate 1 10 1000 QoS Port Policer Unit Description Set or show the port policer unit Syntax QoS Port Policer Unit lt port_list gt kbps fps Parameters lt port_list gt Port list or all default All ports kbps Unit is kilo bits per second fps Unit is frames per second default Show port policer unit Default Setting kbps Example Set the port policer unit in fps NS3552 8P 2S gt qos Port Policer unit 1 10 fps QoS Port Policer Flow Control Description Set or show the port policer flow control If policer flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Syntax QoS Port Policer FlowControl lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports 527 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Enable port policer flow control disable Disable port policer flow control default Show port policer flow control mode Default Setting disable QoS Port QueuePolicer Mode Description Set or show the po
92. QoS Control List Syntax QoS QCL Lookup lt qce_id gt Parameters lt qce_id gt QCE ID 1 256 default Next available ID Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S gt QoS Storm multicast enable 2 QoS QCL Status Description Show QCL status This can be used to display if there is any conflict in QCE for differnet user types Syntax QoS QCL status combined static voice_vlan conflicts Parameters combined static voice_vlan conflicts combined Shows the combined status static Shows the static user configured status voice_vlan Shows the status by Voice VLAN conflicts Shows all conflict status default Shows the combined status QoS QCL Refresh Description Resolve QCE conflict status Same H W resource is shared by multiple applications and it may not be available even before MAX QCE entry So user can release the resource in use by other applications and use this command to acquire the resource 541 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax QoS QCL refresh Parameters combined static voice_vlan conflicts combined Shows the combined status static Shows the static user configured status voice_vlan Shows the status by Voice VLAN conflicts Shows all conflict status default Shows the combined status Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S gt QoS Sto
93. Role Configure an MVR port of the designated MVR VLAN as one of the following roles E Inactive The designated port does not participate in MVR operations Source Configure uplink ports that receive and send multicast data as source ports Subscribers cannot be directly connected to source ports NE Receiver Configure a port as a receiver port if it is a subscriber port and should only receive multicast data It does not receive data unless it becomes a member of the multicast group by issuing IGMP MLD messages E Be Caution MVR source ports are not recommended to be overlapped with management VLAN ports Select the port role by clicking the Role symbol to switch the setting indicate Inactive S indicates Source R indicates Receiver The default Role is Inactive e Immediate Leave Buttons Enable the fast leave on the port Add New MVR VLAN Click to add new MVR VLAN Specify the VID and configure the new entry Click Save Save Click to save changes Reset J Click to undo any changes made locally and revert to previously saved values 190 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 15 MVR Status This page provides MVR status The MVR Status screen in Figure 4 8 18 appears MVR Statistics VLAN 1D IGMP MLD IGMP MLD IGMPv1 IGMPv2 MLDv1 IGMPv3 MLDv2 IGMPv2 MLDv1 Queries Received Queries Transmitted Joins Received Reports Received Reports Received Leaves Received No more entr
94. Rx 65 127 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Rx 1527 Bytes Tx 64 Bytes Tx 65 127 Bytes Tx 128 255 Bytes Tx 256 511 Bytes Tx 512 1023 Bytes Tx 1024 1526 Bytes Tx 1527 Bytes Receive Queue Counters Transmit Queue Counters Rx 00 Rx 01 Rx 02 Rx 03 Rx 04 Rx 05 Rx 06 Rx 07 Tx 00 Tx 01 Tx 02 Tx 03 Tx 04 Tx 05 Tx 06 Tx 07 Hogg ogogo t Q Receive Error Counters Transmit Error Counters Rx Drops Rx CRC Alignment Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered Tx Drops Tx Late Exc Coll o Figure 4 4 3 Detailed Port Statistics Port 1 Page Screenshot The page includes the following fields Receive Total and Transmit Total Object Description Rx and Tx Packets The number of received and transmitted good and bad packets Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets Rx and Tx Pause Acount of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters
95. SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail 626 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The SubNetwork Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier SNMP is an acronym for Simple Network Management Protocol It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol for network management SNMP allow diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to p
96. Shutdown Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled All means all ports will have one specific setting e State Specify the port state of this port The allowed values are Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled All means all ports will have one specific setting e Counter Counts the number of frames that match this ACE 229 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page any changes made locally will be undone Click to clear the counters 4 10 5 ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch The ACL Rate Limiter Configuration screen in Figure 4 10 5 appears ACL Rate Limiter Configuration 0 YO M6 WH md ar a oh M NN a QU NN O 0 1 1 1 1 1 1 1 1 1 1 1 1 1 1 1 4 1 CE CN SSB HE mb e Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The page includes the following fields Object Description e Rate L
97. TCP Push Function PSH value for this ACE E 0 TCP frames where the PSH field is set must not be able to match this entry E 1 TCP frames where the PSH field is set must be able to match this entry E Any Any value is allowed don t care e TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE E 0 TCP frames where the ACK field is set must not be able to match this entry E 1 TCP frames where the ACK field is set must be able to match this entry 227 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e TCP URG E Any Any value is allowed don t care Specify the TCP Urgent Pointer field significant URG value for this ACE E 0 TCP frames where the URG field is set must not be able to match this entry E 1 TCP frames where the URG field is set must be able to match this entry E Any Any value is allowed don t care E Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description e EtherType Filter Specify the Ethernet type filter for this ACE E Any No EtherType filter is specified EtherType filter status is don t care E Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering an EtherType value appears e Ethernet Type Value When Specific is selected for the EtherType filter you can enter a
98. Terminal Services Configuration Start B aoo P Terminal Services Manager Figure 4 11 15 Windows 2003 AD Server Setting Path 263 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 7 Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed New Object User xi e Create in ca test pc Users First name test Initials Last name Full name test User logon name test Aca test pc v User logon name pre Windows 2000 cas test Cancel Figure 4 11 16 Add User Properties Screen New Object User xj e Create in ca test pc Users Password eveses Confirm password eveses J User must change password at next logon JV User cannot change password IV Password never expires TF Account is disabled lt Back Cancel Figure 4 11 17 Add User Properties Screen 264 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Set the Ports Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or once the 802 1X is set to work the switch might not be able to access the RADIUS server 4 11 10 802 1X Client Configuration Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is nee
99. The System Log screen in Figure 4 2 15 appears 81 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual System Log Information Auto refresh The total number of entries is O for the given level Start from ID 11 with 20 entries per page ID Level Time Message No system log entries Figure 4 2 15 System Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system log entry e Level The level of the system log entry The following level types are supported E Info Information level of the system log E Warning Warning level of the system log E Error Error level of the system log All All levels e Time The time of the system log entry e Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to update the system log entries starting from the current entry ID ca Flushes the selected log entries Hide Hide system log according to entry page As default System Log Information shows 20 entries for one page Hide button can hide the system log entry that has been over one page ownload am Click this button to download system log with CSV format file ke Updates the system log entries starting from the first available entry ID lt lt Updates the system log entries ending at the last ent
100. The logical port for the settings contained in the same row e PVID Shows the VLAN identifier for that port The allowed values are 1 through 4095 The default value is 1 e Ingress Filtering Shows the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded e Frame Type Shows whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded e UVID Buttons Static Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side Select VLAN Users from this drop down list Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refiesh Click to refresh the page immediately 136 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 8 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLA
101. The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 e Prefix Provide the IPv6 Prefix of this switch The allowed range is 1 to 128 e Router Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 68 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Renew Click to renew IPv6 Auto Configuration This button is only available if IPv6 Auto Configuration is enabled 4 2 4 Users Configuration This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser After setup is completed please press Save button to take effect Please login web interface with new user name and password the screen in Figure 4 2 4 appears Users Confi
102. The system capabilities identify the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB e Management Address Optional TLV When checked the management address is included in LLDP information transmitted The management address protocol packet includes the IPv4 address of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDP MED Configuration This page allows you to configure the LLDP MED The LLDP MED Configuration screen in Figure 4 14 2 appears 294 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP MED Configuration Fast Start Repeat Count Civic Address Location Emergency Call Service Policies Delete Policy 10 application Type Too VIAN 10 2 Priority osc NO entiespresent 3 No entries present Figure 4 14 2 LLDP MED Configuration Page Screenshot
103. User Manual disable Example Enable LACP for port1 4 NS3552 8P 2S gt lacp mode 1 4 enable LACP Key Description Set or show the LACP key Syntax LACP Key lt port_list gt lt key gt Parameters lt port_list gt Port list or all default All ports lt key gt LACP key 1 65535 or auto Default Setting auto Example Set key1 for port1 4 NS3552 8P 2S gt lacp key 1 4 1 LACP Prio Description Set or show the LACP prio Syntax LACP Prio lt port_list gt lt prio gt Parameters lt port_list gt Port list or all default All ports lt prio gt LACP Prio 0 65535 Default Setting 32768 481 LACP System Prio Description Set or show the LACP System prio Syntax LACP System Prio lt sysprio gt Parameters lt sysprio gt LACP System Prio 0 65535 Default Setting 32768 LACP Role Description Set or show the LACP role Syntax LACP Role lt port_list gt active passive Parameters lt port_list gt Port list or all default All ports active Initiate LACP negotiation passive Listen for LACP packets default Show LACP role Default Setting active Example Set passive for port1 4 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt lacp role 1 4 passive 482 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LACP Status Description Show LACP Status Syntax LACP Status lt port_
104. Vibration IEEE 802 3 10Base T IEEE 802 3u 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 Environment Operating 40 75 degrees C 40 75 degrees C Storage 40 85 degrees C 40 85 degrees C Humidity 5 95 Non condensing 5 95 Non condensing 37 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 INSTALLATION 2 1 Hardware Descriptions The Managed Switch provides three different running speeds 10Mbps 100Mbps and 1000Mbps in the same Switch and automatically distinguishes the speed of incoming connection This section describes the hardware features of the Managed Switch For easier management and control of the Managed Switch familiarize yourself with its display indicators and ports Front panel illustrations in this chapter display the unit s LED indicators Before connecting any network device to the Managed Switch read this chapter carefully 2 1 1 Physical Dimensions E Indus
105. Voice VLAN configuration Syntax Voice VLAN Configuration Example Show Voice VLAN configuration NS3552 8P 2S gt voice vlan configuration V oice VLAN Configuration Disabled Voice VLAN VLAN ID 1000 Voice VLAN Age Time seconds 86400 Voice VLAN Traffic Class 7 Voice VLAN OUI Table Cisco phones H3C phones Philips and NEC AG phones Pingtel phones Polycom phones 3Com phones Siemens AG phones Voice VLAN Port Configuration Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled O Disabled Disabled Voice VLAN Mode Description IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 556 Set or show the Voice VLAN mode IFS NS3552 8P 2S AND NS3550 2T 8S User Manual We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Mode enable disable Parameters enable Enable Voice VLAN mode disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting disable Example Enable the Voice VLAN mode NS3552 8P 2S gt voice vlan mode enable Voice VLAN ID Description Set or show Voice VLAN ID Syntax Voice VLAN ID lt vid gt Parameters lt vid gt VLAN ID 1 4095 Default Setting 1000 Example Set ID 2 for Voice VLAN ID NS3552 8P 2S gt voice vlan id 2 557
106. When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set toa number between 10 and 1000000 seconds If reauthentication is enabled and the port is in a 802 1X based mode this is not so critical since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication doesn t cause direct communication between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses E Single 802 1X E Multi 802 1X E MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in the Unauthorized state The hold timer does not count during an on going authentication In MAC based Auth mode the switch will i
107. a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree The STP System Configuration screen in Figure 4 7 4 appears 157 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP Bridge Configuration Basic Settings Protocol Version Bridge Priority Forward Delay Maximum Hop Count Transmit Hold Count Advanced Settings Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout Figure 4 7 4 STP Bridge Configuration Page Screenshot The page includes the following fields Basic Settings Object e Protocol Version Description The STP protocol version setting Valid values are STP RSTP and MSTP e Bridge Priority Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge e Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 e Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Va
108. aaier aaa e 585 VCL MAC based VLAN Configuration oooncccnnnccnoncccnoncnonnnnnncnnnnccnnn conan nera 585 VGL MAG based VLAN Add ciclo A rd las el 585 VCL MAG based VLAN DEE E e a aa aaa ae aaa aE Aaaa a Ea anea SA EAE Aaa Ra RETENE Aiae sisii Eha 585 VOL StaSUS ui A a ede A 586 VCL Protocol based VLAN Add Ethernet Il ecceeeceeseeeeeeeeeneeeeeeeeeaeeeeaeeseaeeeeaeeseaeeenaeeeeaeeseaeeseeesseeeeneeeneeeeeaees 586 VCL Protocol based VLAN Add SNAP Pisses iudeii adaa eataa asiaa aipee eadi aa etaa eaaa iaia ENa 586 VCL Protocol based VLAN Add Livia 587 VCL Protocol based VLAN Delete Ethernet Il oooooonnccnnnnicinnccnnnccnncccnoncnnocncnnrnnnonnc ronca nono ronca rra 587 VCL Protocol based VLAN Delete SNAP ecccesseeseseeeeseeeeseeeeaeeseseeeeaeeseaeeseaeesueeseaeeseaeeseaeeseaeessaeeseaeeseeeeenes 587 VCL Protocol based VEAN Delete LLG oir ee aT h 588 VOL Protocol based VEAN Add cocos Aa 588 VCL Protocol based VLAN Delete ooooconncconnccinncccncccconcconcncnonononnn ccoo conc cnn rca rene 588 VCL Protocol based VLAN ConfiguratiON ooonocccinnnnnnnccnnncnnncncnnnncnnnnnnnrna nan cc narran cnn carr 589 VCL IP Subnet based Vlan ConfiguratiON oooocccinnnnnonccinncnnocncnnnnanannn ronca non nc roca n nr 589 VCL IP Subnet based Vlan Add ccescececceeesceteneeeeseeseseeenaceseneeseaeesaeeeeaeeseaeeseaeesaeessacessaeeseaeeseseeseaeeseeeseeeseaees 589 VCL IP Subnet based Vlan Delete ooooooccconiccnocccionoconacononccnnn
109. aaka naana 30 1 5 Product Specifi atO S id 34 2 INSTALLATION eee ee ae ee ee ee eee 38 2 1 Hardware Descriptions coccion RR ri radar 38 2 1 t Physical DIMENSIONS A Arta 38 ca A O 39 2 18 LED IndiGators ci A i AA A eA ee 41 2 14 Wiring the Power Input f5 ccce eee LS ee a aa a a G 42 2 1 5 Wining the Fault Alarm Contactarse litio tides end olaa Treen 42 2 06 Wiring the Digital Input OUI U a e eea a a a aaa e E aa a aE a Ae aa a aaa A Aara aAA AE a Anion ni Edera ia 44 2 2 Install the Industrial Managed Switch coomnnccocncnnnnonnccnnncccanecnnrnnce rr 46 AS ES TO 46 2 2 2 DIN Rall Mou soutbas ii A ee 47 2 2 3 Wall Mount Plate MOUNtNg i nuiir tanien aaa ace 49 PAKA Ai 50 2351 Installing the SFP TransScelVer cian aa 51 2 9 2 Remove the MOGUIC cimas ad tt bd ss 53 3 SWITCH MANAGEMENT ea 54 A A ON 54 3 2 Management Access OvVerVie Wenn 55 3 3 CLI Mode Management s iic cc5ccccccetteedeccesinnt soncedcntcedantevensecectocdsntscanseeenccndsoacrensedsaguedenucuenceuedseaed siahseceecentes 56 3 4 Web Management sciccccnccccccsces ratas dl cian encina 58 3 5 SNMP Based Network ManageMent oonnnocnccccnniconnnnncncnnncccnrec er 59 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual A WEB CONFIGURATION oosiaa ia anaai taa ranana araara RE GE 60 4 1 M in E A O 63 AS SUC A A A 65 4 21 System into Malin LosTO pr hee ario eatin nah risa 65 ADRIAN UNA naar 66 4 2 3 Pv6 Configura ie 68 4 2 4 Users Configuration intes
110. all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Frame Income a a Pranic eave Income Frame is tagged Income Frame is untagged Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 6 1 Ingress Egress port with VLAN VID Tag Untag table Ml IEEE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to maintain customer specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require inte
111. allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears 309 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Remote IP Ping Test Remote IP Address Ping Button h 2 3 4 5 6 8 9 Qy LV Vl Vl Vl V Vi Bl Bl SB o Figure 4 15 3 Remote IP Ping Test Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings e Remote IP Address The destination IP Address e Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes e Result Display the ping result Buttons Ping Click to start ping process Save Click to save changes Reset J Click to undo any changes made locally and revert to previously saved values Clear _ clear Clears the local counters All counters including global counters are cleared upon reboot 310 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 15 4 Cable Diagnostics This page is used for running the Cable Diagnostics Press to run the diagnos
112. are disabled e Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period e Aging Period If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from 269 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual the end host and if such frames are not seen within the next Aging Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch Port Configuration The table has o
113. are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregationing group then the number of ports must be the same as the group member ports The aggregation code ensures that frames belonging to the same frame flow for example a TCP connection are always forwarded on the same link aggregation member port Reording of frames within a flow is therefore not possible The aggregation code is based on the following information e Source MAC e Destination MAC e Source and destination IPv4 address e Source and destination TCP UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may consist of up to 10 member ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed 117 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 5 1 Static Aggregation This page is used to configure the Aggregation hash mode and the aggregation group The aggregation hash mode settings are global whereas the aggregation group relate to the currently selected stack unit as reflected by the page header Hash Code Contributors The Static Aggregation screen in Figure
114. available for MAC based Auth e MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached e VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module e State The client can either be authenticated or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hold Time seconds Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Refresh This button is available in the following modes e Force Authorized e Force Unauthorized e Port based 802 1X e Single 802 1X Click to clear the counters for the selected port Clear All This button is available in the following m
115. be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry e OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons _ Add New User Click to add a new view entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 3 4 5 SNMPv3 Access Configure SNMPv3 accesses table on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access screen in Figure 4 3 7 appears 105 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual SNMPv3 Access Configuration Security Model Security Level Read View Name Write View Name default_ro_group any NoAuth NoPriv default view None default_nw_group any NoAuth NoPriv default_view a Add New Entry Reset Figure 4 3 7 SNMPv3 Accesses Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Security Model Indicates the security model that this entry should belong to Possible secu
116. by releasing the resource required by the QCE and pressing Refresh button be Select the QCL status from this drop down list Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 9 13 Queue Policing This page allows you to configure the Queue Policer settings for all switch ports The QoS Ingress Queue Policers screen in Figure 4 9 16 appears 211 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Ingress Queue Policers fai enste Jai abi abi abi abi abi OOOOOOO0OO0000 OOOOOOOO000 OOOOOOOO000 OOOOOOOO0000 OOOOOOOO0O00 OOOOOOOO000 OOOOOOOO0000 OOOOOOOOO0O0 1 2 3 4 5 6 7 8 9 0 Figure 4 9 16 QoS Ingress Queue Policers Page Screenshot The page includes the following fields Object Description e Port The port number for which the configuration below applies e Enable E Controls whether the queue policer is enabled on this switch port e Rate Controls the rate for the queue policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps This field is only shown if at least one of the queue policers is enabled e Unit Controls the unit of measure for the queue policer rate as kbps or Mbps The default value is kbps This field is only shown if at least one of the queue policers is enabled
117. can be done in Ingress or Egress The DSCP Translation screen in Figure 4 9 11 appears DSCP Translation A AA ANA ES Translate Classify Remap DPO Remap DP1 v lt ll gt v 0 BE 1 lt lt bo lt EASES 56 087 56 CS7 57 58 59 60 61 62 63 lt lt lt lt i un oo Ln oo lt 3 ii lt O v F v v O v 59 v Fi 59 v v O v Fi v O v O v lt lt lt lt Figure 4 9 11 DSCP Translation Page Screenshot IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e DSCP Maximum numbers of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 e Ingress Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation E Translate E Classify e Translate The Configuration All with available values will assign to whole DSCP values DSCP at Ingress side can be translated to any of 0 63 DSCP values e Classify Click to enable Classification at Ingress side e Egress There are the following configurable parameters for Egress side E Remap DPO Controls the remapping for frames with DP level 0 E Remap DP1 Controls the remapping for frames with DP level 1 e Remap DPO The Configuration All with av
118. client mode Syntax IP DHCP enable disable Parameters enable Enable or renew DHCP client disable Disable DHCP client Default Setting Disable Example Disable DHCP sever NS3552 8P 2S gt ip dhcp disable IP Setup Description Set or show the IP setup Syntax 364 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IP Setup lt ip_addr gt lt ip_mask gt lt ip_router gt lt vid gt Parameters lt ip_addr gt IP address a b c d default Show IP address lt ip_mask gt IP subnet mask a b c d default Show IP mask lt ip_router gt IP router a b c d default Show IP router lt vid gt VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 21 Example Set IP address IP Ping Description Ping IP address ICMP echo Syntax IP Ping lt ip_addr_string gt Length lt ping_length gt Count lt ping_count gt Interval lt ping_interval gt Parameters lt ip_addr_string gt IPv4 host address a b c d or a host name string length PING Length keyword lt ping_length gt Ping ICMP data length 2 1452 Default is 56 excluding MAC IP and ICMP headers count PING Count keyword lt ping_count gt Transmit ECHO_REQUEST packet count 1 60 Default is 5 interval PING Interval keyword lt ping_interval gt Ping interval 0 30 Default is 0
119. clients and servers support both PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia In a private VLAN PVLANs provide layer 2 isolation between ports within the same broadcast domain Isolated ports 624 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual configured as part of PVLAN cannot communicate with each other Member ports of a PVLAN can communicate with each other QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application QCL is an acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects Each accessible traffic object contains an identifier to its QCL The privileges determine specific traffic object to specific QoS class QL In SyncE this is the Quality Level of a given clock source This is received on a port in a SSM indicating the quality of the clock received in the port QoS
120. community when trap is sent the string lengh is 0 127 default public lt description gt The string for describing this event the string lengh is 0 127 default null string Security Switch RMON Event Delete Description Delete RMON Event entry The entry index key is lt event_id gt Syntax Security Switch RMON Event Delete lt event_id gt Parameters lt event_id gt Event ID 1 65535 427 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch RMON Event Lookup Description Show RMON Event entries Syntax Security Switch RMON Event Lookup lt event_id gt Parameters lt event_id gt Event ID 1 65535 Security Network Psec Switch Description Show Port Security status Syntax Security Network Psec Switch lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show port security status NS3552 8P 2S gt security network psec switch Users L Limit Control 8 802 1X D DHCP Snooping V Voice VLAN Port Users State MAC Cnt No users No users No users No users No users No users No users No users No users O No users ceo 00000000 428 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network Psec Port Description Show MAC Addresses learned by Port Security Syntax Security Network Psec Port lt port_list gt Parameters lt por
121. configuration Access Mgmt Configuration System Access Mode Disabled System Access number of entries 0 Security Switch Access Mode Description Set or show the access management mode Syntax 402 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch Access Mode enable disable Parameters enable Enable access management disable Disable access management default Show access management mode Default Setting disable Example Enable access management function NS3552 8P 2S gt security switch access mode enable Security Switch Access Add Description Add access management entry default Add all supported protocols Syntax Security Switch Access Add lt access_id gt lt start_ip_addr gt lt end_ip_addr gt web snmp telnet Parameters lt access_id gt entry index 1 16 lt start_ip_addr gt Start IP address a b c d lt end_ip_addr gt End IP address a b c d web Indicates that the host can access the switch from HTTP HTTPS snmp Indicates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 192 168 0 1 to 192 168 0 200 via web interface Security Switch Access IPv6 Add Description 403 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add access management IPv6 entry default Add all supported protocols Syntax Security Switch Acc
122. control 32 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NTP Network Time Protocol Link Layer Discovery Protocol LLDP Protocol SFP DDM Digital Diagnostic Monitor Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues Reset button for system reboot or reset to factory default IFS Smart Discovery Utility for deploy management 33 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 1 5 Product Specifications Hardware Specification Copper Ports 2 10 100 1000Base T RJ 45s 2 10 100 1000Base T Ethernet interface SFP mini GBIC 8 1000Base SX LX BX SFP interfaces 8 100 1000Base SX LX mini GBIC SFP slots Slots Compatible with 100Base FX SFP 1 x RJ 45 to RS 232 serial port 115200 8 N 1 Switch Avchitacture Store and Forward Store and Forward Switch Fabric 20Gbps non blocking 20Gbps non blocking Throughput packet per 14 8MppsO 64Bytes packet 14 8Mpps second Address Table 8K entries automatic source address learning and 8K entries automatic source address learning and ageing ageing Share Data IEEE 802 3x Pause Frame for Full Duplex IEEE 802 3x Pause Frame for Full Duplex Back Back pressure for Half Duplex pressure for Half Duplex 9Kbytes 9Kbytes Reset Buton 5 sec System reboot lt 5 sec System reboot gt 10 sec Factory Default gt 10 sec Factory Default ESD Protection EFT Protection 6KV DC 6KV DC Enclosure IP30 Aluminum Metal Ca
123. disable Parameters enable disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard NS3552 8P 2S gt stp bpduguard enable 466 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery lt timeout gt Parameters lt timeout gt Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Disable Example Set STP recovery value in 30 sec NS3552 8P 2S gt stp recovery 30 STP Status Description Show STP Bridge status Syntax STP Status lt msti gt lt port_list gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports Default Setting Disable Example Show STP Bridge status NS3552 8P 2S gt stp status CIST Bridge STP Status 467 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 80 00 00 30 4F 24 04 D1 80 00 00 30 4F 24 04 D1 Regional Root 80 00 00 30 4F 24 04 D1 Int PathCost 0 20 Steady STP MSTI Priority Description Set or show the bridge instance priority Syntax STP Msti Priority lt msti gt lt priority gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt priority gt STP bridge priority 0 16 32 48 224 240
124. does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 e Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e Port based 802 1X e Single 802 1X e Multi 802 1X For trouble shooting VLAN assignments use the Monitor gt VLANs gt VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received in the meanwhile the switch considers entering the Guest VLAN The interval between transmissions of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check
125. ead tives ines Wiese cated ete eds eae oe eee 358 System DST Configurations taras ad ed ENEE 358 System LOC e io o o e oo 358 System Log velan a A A ee ee e r era a e aiat 359 System DST Mode i e a Ai a ec aaa 359 System DST Salteras ts aaa ato ini ds il lei pb e 360 SISTEMLO LAR oir 360 SystEMDST Envia oc 360 SystemiLog Clear orde cent pane 361 System REDO Otitis da td id ica tn 361 SystemDST Ostia AA T E TTA ATANT 362 System Restore Defaulltiuvononidn is le aa ved E E dido 362 System LoT 1o REE E EE le et aed EEEE E E aid ai dd tia cada 362 AA TTo ea E E E E A T A ee eres cdeees 363 IP GOntiguratiOnis tenian a air 363 PDA Prusia lll dai td a td see ee 364 IPS a A AAA A A A TE 364 IP PING ennen e Moa a e ee cA a a O 365 EN EE cs e e o o a o ETE 366 IPIDNS PROXY nostre te ogee slat cane te sl Beas cectyirie dais Goan be caldo 366 IP VE sAWTOGIIN FIG Ls oO eae iS 367 IPV6 Setups ia a eels Aen ee ee ee 367 IPVO Staten iii ie pia ica 368 Rae E E EAE tl btt tt il ita 368 IPN TP GonfiguratiOn titanio tada 369 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IP NTP Mode vieros uri oda taa ata dt ie 369 AAA A A A A EE 370 IP NTP Server IPv6 Add iia nl eT il ee ee eee td 370 IP NTP Server Delete coco Se SS ao a 371 6 3 Port Management CoOMMaANd nnncccnnncnnnnnnnnncnanrn cr 372 Port Config Uration cia a 372 PORE MOEYA ae oeenn ol dt evade et te as 372 Port Flow Controla cat aida 373 Pott State uti A eee A i e a
126. ee edn eee ee 104 4 3 4 4 SNMP VICWS 228 ot ein e el hoe e do e 105 4 3 4 5 SNMPV3 ACCESS ida lr de tt 105 AAA PRE aaa in aaia ia 107 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 41 Rort GonfiguratiONta seei nenn ea dd dad ld 107 4 42 Port Statistics Overviewe iis totor a 109 4 4 3 Port Statistics Details como Ri 110 4 4 4 SEP Information cito pla GL ad 111 4 45 ROM MION tata inte eee alien ade ee 113 4 5 Link AU ideas 115 4 51 Static Aggregat OMi isn aean aaas renee aaa ti tota il 118 45 2 ACP Configurations ct e a a a a a a a aa Aa a a Ea aaa Eaa aieea 120 4 5 3 LACP System Status i eaae e a E a a aarda 121 4 5 4 LAGP Port Stats capota lo id pad 122 4 5 9LAGP Port Statistics ira o a iO ie bee eve 122 A Ann dc euecetue E E E E 124 A621 NLAN OVGrViOW ssc Seceteh sete tabs cs aed bee etnchaadeth E A A EEATT 124 4 6 2 IEEE 802 1Q VIAN ces nda oie ed esta ee ie ee a 124 4 6 3 VLAN Basic Informations 2 0 4ohvihed ese eet eats an ok 128 4 6 4 VEAN Port Configuration szeress da aie ts che Seer coe te heii 128 4 6 5 VLAN Membership O 133 4 6 6 VLAN Membership Statuss c s ectc00 beets corvette ei bd dade dese iaeio 134 4 6 7 VWLAN POM Status cto ip Le 136 4 6 9 Private VLAN ico a li ia 137 A ISOlANOM suzec sade as cteh cen siddec vende A A dasa bsdecusdecag aeteasesads sad agsads agungptagdsaatsinisnaniadisaesedicaiane 138 4 6 10 VLAN Setting Explain 139 4 6 10 1 Two separate 802 1Q VLAN sisri kinna E OAK ea NEEE a aa
127. expire default Show current hold time Default Setting 10 Example Set NAS hold time in 100sec NS3552 8P 2S gt security network nas holdtime 100 Security Network NAS RADIUS QoS Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned QoS Syntax Security Network NAS RADIUS_QoS global lt port_list gt enable disable Parameters global Select the global RADIUS assigned QoS setting lt port_list gt Select the per port RADIUS assigned QoS setting default Show current per port RADIUS assigned QoS enabledness enable Enable RADIUS assigned QoS either globally or on one or more ports disable Disable RADIUS assigned QoS either globally or on one or more ports default Show current RADIUS assigned QoS enabledness Default Setting disable Example Enable NAS RADIUS QoS NS3552 8P 2S gt security network nas radius_qos enable 438 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network NAS RADIUS_VLAN Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global lt port_list gt enable disable Parameters global Select the global RADIUS assigned VLAN setting lt port_list gt Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enabl
128. for VLAN users The VLAN Membership Status screen in Figure 4 6 4 appears VLAN Membership Status for Combined Users R Combined M Start from WLAN 1 with 20 entries per page Port Members Portmembers vtan 10 1 2 314 5 6 7 8 9 10 M a al al al alvalval al al l Auto refresh C Figure 4 6 4 VLAN Membership Status for Static User Page Screenshot The page includes the following fields Object Description e VLAN ID Indicates the ID of this particular VLAN e Port Members The VLAN Membership Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users and this is the default VLAN membership allows the frames Classified to the VLAN ID to be forwarded to the respective VLAN member ports e VLAN User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID and UVID Currently we support following VLAN E CLI Web SNMP This is referred as static E NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server E MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a sing
129. for port 1 4 of Voice VLAN port mode NS3552 8P 2S gt voice vlan port mode 1 4 auto Voice VLAN Security Description Set or show the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Syntax Voice VLAN Security lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Voice VLAN security mode disable Disable Voice VLAN security mode default Show flow Voice VLAN security mode Default Setting disable Example Enable the Voice VLAN port security mode for port 1 4 NS3552 8P 2S gt voice vlan security 1 4 enable Voice VLAN Discovery Protocol Description Set or show the Voice VLAN port discovery protocol mode lt only work under auto detect mode is enabled We should enable LLDP feature before configure discovery protocol to LLDP or Both Change discovery protocol to OUI or LLDP will restart auto detect process 561 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Voice VLAN Discovery Protocol lt port_list gt ouillldp both Parameters lt port_list gt Port list or all default All ports OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP Both Both OUI and LLDP default Show Voice VLAN discovery protocol Default Setting OUI 6 26 Ethernet Ring Protection Switching Command ERPS Command
130. gt Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot 1 2 3 4 5 6 7 8 9 0 The page includes the following fields Object Description e Mode of ARP Enable the Global ARP Inspection or disable the Global ARP Inspection Inspection Configuration e Port Mode Specify ARP Inspection is enabled on which ports Only when both Global Mode Configuration and Port Mode on a given port are enabled ARP Inspection is enabled on this given port All means all ports will have one specific setting 284 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons dynamic to static f a Tanski Click to translate all dynamic entries to static entries Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 13 ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears Static ARP Inspection Table Delete Port VLAN ID MAC Address IP Address Add New Entry Reset Figure 4 12 13 Static ARP Inspection Table Screen Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The
131. is a switch feature that monitors the exchange of IGMP messages and copies them to the CPU for feature processing The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine if multicast packets should be forwarded to a given sub network or not The router can check using IGMP to see if there is at least one member of a multicast group on a given subnet work If there are no members on a sub network packets will not be forwarded to that sub network Multicast Receiver Multicast Switch Transmitter A gt NAS IPTV EA tae am Server Router a Switch Switch C E f ulticast 1 PON f A s Ci Multicast gt Receiver D Figure 4 8 1 Multicast Service 170 IF
132. is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources Every incoming frame is classified to a QoS class which is used throughout the device for providing queuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a 625 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS is an acronym for Remote Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network service A router port is a port on the Ethernet switch that leads switch towards
133. link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Multi 802 1X variant Multi 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant since th
134. lt week gt Week 1 5 0 ignored lt day gt Day 1 7 0 ignored lt month gt Month 1 12 0 ignored lt date gt Date 1 31 0 ignored lt year gt Year 2000 2097 lt hour gt Hour 0 23 lt minute gt Minutes 0 59 System Log Lookup Description Show the system log Syntax System Log Lookup lt log_id gt alllinfo warning error Parameters lt log_id gt System log ID or range default All entries all Show all levels default info Show informations warning Show warnings error Show errors System DST End Description 360 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual end Set or show the daylight saving time end time settings Syntax System DST end lt week gt lt day gt lt month gt lt date gt lt year gt lt hour gt lt minute gt Parameters lt week gt Week 1 5 0 ignored lt day gt Day 1 7 0 ignored lt month gt Month 1 12 0 ignored lt date gt Date 1 31 0 ignored lt year gt Year 2000 2097 lt hour gt Hour 0 23 lt minute gt Minutes 0 59 System Log Clear Description Clear the system log Syntax System Log Clear alllinfo warning error Parameters all Show all levels default info Show informations warning Show warnings error Show errors System Reboot Description Reboot the system Syntax System Reboot Example 361 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual
135. multi mode 9 125um single mode LC Multi Single mode 1000Base SX LX 50 125um or 62 5 125um multi mode 9 125um single mode LC Multi Single mode Any Ethernet devices like hubs PCs can connect to the Industrial Managed Switch by using straight through wires The two 10 100 1000Mbps ports are auto MDI MDI X which can be used on straight through or crossover cable 50 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 3 1 Installing the SFP Transceiver The sections describe how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Industrial Managed Switch as the Figure 2 9 appears Insert SFP Gently Figure 2 9 Plugging in the SFP Transceiver Approved IFS SFP Transceivers IFS Industrial Managed Switch supports 100 1000 dual mode with both Single mode and Multi mode SFP transceiver The following list of approved IFS SFP transceivers is correct at the time of publication Gigabit SFP Transceiver Modules S30 1SLC A 10 SFP LC Connector Single Mode Gigabit 1 fiber 1310nm 1550nm 10km A End S30 1SLC A 20 SFP LC Connector Single Mode Gigabit 1 fiber 1310nm 1550nm 20km A End S30 1SLC A 60 SFP LC Connector Single Mode Gigabit 1 fiber 1310nm 1550nm 60km A End S30 1SLC B 10 SFP LC Connector Single Mode Gigabit 1 fiber 1550nm 1310nm 1
136. multi supplicant mode Currently X 243 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Restart Buttons Refresh Click to refresh the page Save Click to save changes clients are authorized and Y is unauthorized Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Click to undo any changes made locally and revert to previously saved values 4 11 4 Network Access Overview This page provides an overview of the current NAS port states for the selected switch The Network Access Overview screen in Figure 4 11 5 appears 1 2 3 4 5 6 Zz 8 3 10 The page includes the following fields Network Access Server Switch Status Admin State Port State Last ID
137. network management access using the following options m Remote Authentication Dial in User Service RADIUS m Terminal Access Controller Access Control System Plus TACACS m Local user name and Priviledge Level control RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN Until the client is authenticated 802 1X access control allows only Extensible Authentication Protocol over LAN EAPOL traffic through the port to which the client is connected After authentication is successful normal traffic can pass through the port This section includes this conceptual information e Device Roles e Authentication Initiation and Message Exchange e Ports in Authorized and Unauthorized States 233 IFS NS3552 8P 2S AND NS3550 2T 8S User Manua
138. nnnnnns 233 4 11 2 Authentication Configuration oo cceecceecseceseteneeeeeeteneeeeaeeceseeeeaeeseaeeseaeeseaeeseaeeseaeessaceseseeenaeeseseeseaeeseeeseieetenes 237 4 11 3 Network Access Server ConfiQguration ccccccceseeseeeceneeeeeeeseaeeeneeeceaeeseaeeseaeeeeaeeseaeeseaeeseaeeseaeeseaeeenaeeseneeseatenias 238 4 11 4 Network Access Overview 00 eeceeecceeeeeeesceeeaeeteseeeeaeeseaeeeaeesaeeeacessaeeseaeeseaeessaceseaeeseaeeseaeeseaeeseseeseaeeseeeseaeetenees 244 411 5 Network ACCESS Statistics ia AE E Eanan haina e 245 4 11 6 Authentication Server ConfiguratiON oonnoccnnnccinnncnncccnoncnnonncnnrnn non cnn nn nn crac 251 4A1 7 RADIUS OVEIVIOW isis naci dia alas 253 4 11 98 RADIUS Details i iia a id ad 256 4 11 9 Windows Platform RADIUS Server ConfiguratiON ooooncninccinnnnnncccnoncnnocncnnrnnnnnncnnrnc nn cnn carr cnn 260 4 11 10 802 1X Client ConfiguratioN cimas aa podias 265 A NA 268 4 1121 Port EimitsGontrol cisco cui a A a 268 4 t2 2 Access Management mica ti cil ba ole aia 272 4 12 3 Access Management Statistics eccceeceeseeeeeeeeeeeeceaeeesaeeseaeeeaeessaeesaeesaeesaeeseaeeseaeeseaeesnaeeseaeeseaeeseaeeseaeenias 272 41 2 4 A TPS geez pelev ee diee N E a idee eae n 274 AAD DS Shea Silas oo Siete ees Ae ces eee tase caer Mada eda Se dal sense Maze 275 4 1 2 6 Port Security Status ici tata deen eee ae desi ei 275 4 12 7 Port Security Detalla ile 278 4 1 2 8 DHGPSnOOping Msi tania a ed A a Se ie 278 4 12
139. of RMON History entries Each page shows up to 99 entries from the History table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the History table The first displayed will be the one with the lowest History Index and Sample Index found in the History table screen in Figure 4 18 6 appears RMON History Overview Auto refresh O Start from Control Index 0 and Sample Index 0 with 20 entries per page History Sample Sample F Broad Multi CRC Under Over rr Start Drop Octets Pkts act ol ATA as Frag Jabb Coll Utilization No more entries 334 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Figure 4 18 6 RMON history overview page screenshot The page includes the following fields Object Description History Index Indicates the index of History control entry Sample Index Indicates the index of the data entry associated with the control entry Sample Start The total number of events in which packets were dropped by the probe due to lack of resources e Drops The total number of events in which packets were dropped by the probe due to lack of resources e Octets The total number of octets of data including those in bad packets received on the network e Pkts The total number of packets including bad packets broadcast packets and multicas
140. of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked 146 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual wW c fo 5 o Add new entry Click to add a new MAC based VLAN entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values y Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refres E Click to refresh the page immediately lt lt i Updates the table starting from the first entry in the MAC based VLAN Table i Updates the table starting with the entry after the last entry currently displayed 4 6 12 MAC based VLAN Status This page shows MAC based VLAN entries configured by various MAC based VLAN users The MAC based VLAN Status screen in Figure 4 6 18 appears MAC based VLAN Membership Configuration for User Static Statice Auto refresh Ol Port Members N No data exists for the user ES Mac address vcan 10 3 2 3 4 5 6 7 8 x0 No data exists for the user Figure 4 6 18 MAC based VLAN Membership Configuration for User Static Page Screenshot The page includes the following fields Object Description e MAC Addr
141. on MEP create WEB e Mode See help on MEP create WEB 341 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Direction See help on MEP create WEB e Residence Port See help on MEP create WEB e Flow Instance See help on MEP create WEB e Tagged VID See help on MEP create WEB e This MAC See help on MEP create WEB Instance Configuration Object Description e Level See help on MEP create WEB e Format This is the configuration of the two possible Maintenance Association Identifier formats ITU ICC This is defined by ITU ICC can be max 6 char MEG id can be max 7 char IEEE String This is defined by IEEE Domain Name can be max 8 char MEG id can be max 8 char e ICC Domain Name This is either ITU ICC MEG ID value 1 6 or IEEE Maintenance Domain Name depending on Format See Format e MEG Id This is either ITU UMC MEG ID value 7 13 or IEEE Short MA Name depending on Format See Format In case of ITU ICC format this can be max 7 char If only 6 char is entered the MEG ID value 13 will become NULL e MEP Id This value will become the transmitted two byte CCM MEP ID e CLevel Fault Cause indicating that a CCM is received with a lower level than the configured for this MEP e cMEG Fault Cause indicating that a CCM is received with a MEG ID different from configured for this MEP e cMEP Fault Cause indicating that a CCM is receiv
142. on the Windows 2003 server Internet Authentication Service File Action View Help EC gt Internet Authentication Service Local RADIUS Clients Remote Acce Mn ae oy Remote Acce Connection R Protocol 4 CATest 192 168 0 5 RADIUS New b View Refresh Export List Help New Client Figure 4 11 11 Windows Server Add New RADIUS Client Setting Assign the client IP address to the Industrial Managed Switch New RADIUS cent x Name and ddress Type a friendly name and either an IP Address or DNS name for the client Friendly name e021 x Managed Switch Client address IP or DNS i 92 168 0 100 Verify lt Back Cancel Figure 4 11 12 Windows Server RADIUS Server Setting 261 4 5 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The shared secret key should be the same as the key configured on the Industrial Managed Switch New RADIUS Client RADIUS Standard v Figure 4 11 13 Windows Server RADIUS Server Setting Configure ports attribute of 802 1X the same as 802 1X Port Configuration Port Admin State RADIUS Assigned QoS Enabled RADIUS Assigned LAN Enabled Guest VLAN Enabled Fete OO mo ebay 2 Pos O 0 a o Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data need
143. original relay information when receive a DHCP message that already contains it keep Keep the original relay information when receive a DHCP message that already contains it drop Drop the package when receive a DHCP message that already contains relay information default Show DHCP relay information policy Default Setting replace Example Keep the original relay information when receive a DHCP message that already contains it NS3552 8P 2S gt security network dhcp relay information policy keep Security Network DHCP Relay Statistics Description Show or clear DHCP relay statistics Syntax Security Network DHCP Relay Statistics clear Parameters clear Clear DHCP relay statistics Example Show DHCP relay statistics NS3552 8P 2S gt security network dhcp relay statistics 449 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network DHCP Snooping Configuration Description Show DHCP snooping configuration Syntax Security Network DHCP Snooping Configuration Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports disable Disable DHCP snooping mode default Show flow DHCP snooping mode
144. osocos aia tala 427 Security Switch RMON Event Delete cccccscceessseeeeeeneeeeeeeaeeeeecaeeeeseaaeeeseaeeeeseaeeesesaaeeescaeeesssneeeesseneeessnaeess 427 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch RMON Event LOOKUP isss eerste inae aeneae E Rr cn rn nn nn EE nro nn nn nn rra Oa REEE Ra cana 428 security Network Psec Within iia 428 Security Network Psec Polt ici seth ici id A A td 429 Security Network Limit Configuration c ceeecceeeeeeeeeeeeneeeeeeeeeaeeeeaeeeeaeeeeaeeseaeeeeaeeseseeeeaeeseaeeseaeeseeessieeeeneeseeeeeeaees 429 Security Network Limit Mode iccoocoitsia or eae activision nade esa atera teeters dine 430 Security Network Limit AGING eaa a a aaa aaa r aaa aa e ae a aS Aa aa OAA E Aaa aRar aR a OE n Ran E haiie 430 Security Network Limit AgetiM ooonoconccinnccinncnnoccnnocncnoncnnncnnnonnnnnn cn nnnc nn nc arrancaron cnn rra rra rara 431 Security Network Limit POM sa sici n a oa 431 Security Network Limit Limit cia atone to an ein cio ned hl 432 Security Network Limit Acticin tica iaa 432 Security Network Limit Reopen cceccceeceeeesceteneeeeaeeseseeeeaeeseaeeseaeeseaeeeeaeeseaeeseaeeseseeseaeeseaeeseaeeseaeeseaeeteeeeeeetenes 433 Security Network NAS Configuration eccceeeceeseeeeeeeeeneeeeeeeeeeeeeaeeseaeeeeaeeseaeeseaeeseaeeeeaeeseaeeseaeeseaeesseeeeeieeeneeeeenees 433 Security Network NAS Moe ceecceeseeeeseeeeeeseseeeeaeeceaeeeaeecaeeseaeeseaees
145. packets for system DHCP client The DHCP Snooping Port Statistics screen in Figure 4 12 9 appears DHCP Snooping Port Statistics Port 1 Portl iv Rx Discover Tx Discover Rx Offer Tx Offer Rx Request Tx Request Rx Decline Tx Decline Rx ACK Tx ACK Tx NAK Tx Release Tx Inform Tx Lease Query Tx Lease Unassigned Tx Lease Unknown Tx Lease Active Rx NAK Rx Release Rx Inform Rx Lease Query Rx Lease Unassigned Rx Lease Unknown Rx Lease Active f O O E O 8 O Auto refresh C Figure 4 12 9 DHCP Snooping Port Statistics Screen Page Screenshot The page includes the following fields Object Description e Rxand Tx Discover The number of discover option 53 with value 1 packets received and transmitted e Rxand Tx Offer The number of offer option 53 with value 2 packets received and transmitted e Rxand Tx Request The number of request option 53 with value 3 packets received and transmitted e Rxand Tx Decline The number of decline option 53 with value 4 packets received and transmitted e Rxand Tx ACK The number of ACK option 53 with value 5 packets received and transmitted e Rxand Tx NAK The number of NAK option 53 with value 6 packets received and transmitted e Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted e Rxand Tx Inform The number of inform option 53 with value 8 packets received and transmitte
146. page provides an overview for LACP statistics for all ports The LACP Port Statistics screen in Figure 4 5 7 appears 122 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LACP Statistics Received Transmitted Unknown Illegal 0 E O a oO a o a o a o O E O E Om OO o OO E oO E o G o e o e o 1 2 3 4 5 6 7 8 9 0 EN O MEN OO ME OO E OO se Auto refresh C Figure 4 5 7 LACP Statistics Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP Received Shows how many LACP frames have been sent from each port e LACP Transmitted Shows how many LACP frames have been received at each port e Discarded ae how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh i i Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear cea Clears the counters for all ports 123 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 VLAN 4 6 1 VLAN Overview A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme rather than the physical layout VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corre
147. range Leave Proxy Enable Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side Proxy Enable Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side Router Port Specify which ports act as IGMP router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier The Switch forwards IGMP join or leave packets to an IGMP router port a Auto Select Auto to have the Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP query packets 174 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a Static The Managed Switch always uses the specified port as an IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera which applied with multicast protocol to the port a None The Industrial Managed Switch will not use the specified port as an IGMP Router port The Managed Switch will not keep any record of an IGMP router being connected to this port Use this mode when you connect other IGMP multicast servers directly on the non querier Managed Switch and don t want the multicast stream to be flood to uplink switch through the port that connected to the IGMP querier e Fast Leave Enable the fast leave on the port e Throtting The Configuration All with available values w
148. refer to Chapter 5 Remote Telnet Interface Management 57 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 4 Web Management The Industrial Managed Switch offers management features that allow users to manage the Industrial Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the Industrial Managed Switch you can access the Industrial Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Industrial Managed Switch IFS Industrial Managed Switch RJ 45 UTP Cable IP Address 192 168 0 x IP Address 192 168 0 100 Figure 3 3 Web Management You can then use your Web browser to list and manage the Industrial Managed Switch configuration parameters from one central location the Web Management requires Microsoft Internet Explorer 7 0 or later NS3552 8P 2S ing O PWR1 a AUL NS3552 8P 2S System E SNMP Ey Port Management Link Aggregation W VLANs Spanning Tree Ey Multicast QoS NS3552 8P 2S Access Control List Authentication 8 Port 10 100 1000T 2 100 1000X SFP m Security m MAC Address Table 802 3at PoE Industrial Ethernet Switch m LLDP i Diagnostics Interlogix A UTC Fire amp Security Company All rights reserved m POE m Loop Protection mRMON m Ring Welcome to IFS Transmission Figure 3 4 Web Main Screen of Industrial Managed Swi
149. specific EtherType value The allowed range is 0x600 to OxFFFF but excluding 0x800 IPv4 Ox806 ARP and 0x86DD IPv6 A frame that hits this ACE matches this EtherType value Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Cancel Cancel Return to the previous page 4 10 4 ACL Ports Configuration Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The ACL Ports Configuration screen in Figure 4 10 4 appears 228 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ACL Ports Configuration lt All v lt All gt lt l gt vi lt Ab lt Al gt lt All gt lt All gt v e lt lt J Disabled v Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled SSNS J Aa alee aaa 1 2 3 4 5 6 7 8 9 E3 SLOLoLol oy oo oy ol ol eo aaa ae Ae ESE ERES MERECE SIS S ETICA daa aaa aaa e SSNS o Figure 4 10 4 ACL Ports Configuration Page
150. sure you have your TFTP server ready and the firmware image is on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 24 appears TFTP Firmware Upgrade TTP Sewer Firmware File Name fs Figure 4 2 24 TFTP Firmware Update Page Screenshot The page includes the following fields Object Description e TFTP Server IP Fill in your TFTP server IP address e Firmware File Name The name of firmware image Maximum length 24 characters Buttons 91 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Click to upgrade firmware Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply for the new firmware User has to repeat the firmware upgrade processes again gh DO NOT Power OFF the Industrial Managed Switch until the update progress is complete 4 2 21 Configuration Backup This function allows backup and reload the current configuration of the Industrial Managed Switch to the local management station The Configuration Backup screen in Figure 4 2 25 appears Configuration Save Save configuration Save configuration except IP Address Figure 4 2 25 Configuration Save Page Screenshot Save configuration except IP Address feature is almost the same as Save configuration except the IP address which will not be saved You can save view or load the switch configuration The configuration file is in XML format
151. the PD doesn t response continuously the PoE port will be reset e Action Allows user to set which action will be applied if the PD is without any response The NS3552 8P 2S PoE Switch offers 3 actions as follows gt PD Reboot It means system will reset the PoE port that is connected to the PD 324 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual gt Reboot amp Alarm lt means system will reset the PoE port and issue an alarm message via Syslog SMTP gt Alarm It means system will issue an alarm message via Syslog SMTP e Reboot Time 30 180s This column allows user to set the PoE device rebooting time due to there is so many kinds of PoE devices on the market and they have different rebooting times The PD Alive check is not a defining standard so the PoE device on the market doesn t report reboots done information to the NS3552 8P 2S PoE Switch so user has to make sure how long the PD will be finished to boot and then set the time value to this column System is going to check the PD again according to the reboot time If you cannot make sure precisely what booting time is we suggest you to set it longer Buttons Save Click it to save changes Click it to reset configuration which doesn t want to be saved yet 325 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 17 Loop Protection This page allows the user to inspect the current Loop Protection configurations and possibly chang
152. the Industrial Managed Switch on the DIN Rail track or wall 4 Power on the Industrial Managed Switch Please refer to the Wiring the Power Inputs section for knowing the information about how to wire the power The power LED on the Industrial Managed Switch will light up Please refer to the LED Indicators section for indication of LED lights 5 Prepare the twisted pair straight through Category 5 cable for Ethernet connection 6 Insert one side of RJ 45 cable category 5 into the Industrial Managed Switch Ethernet port RJ 45 port and another side of RJ 45 cable category 5 to the network device s Ethernet port RJ 45 port ex Switch PC or Server The UTP port RJ 45 LED on the Industrial Managed Switch will light up when the cable is connected with the network device Please refer to the LED Indicators section for LED light indication a ES Make sure that the connected network devices support MDI MDI X if it does not support or a use the crossover category 5 cable Note 7 When all connections are set and LED lights all show normal the installation is completed 46 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 2 2 DIN Rail Mounting This section describes how to install the Industrial Managed Switch There are two methods to install the Industrial Managed Switch DIN Rail Mounting and Wall Mount Plate Mounting Please read the following topics and perform the procedures in the order being presented a
153. the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1 X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality e RADIUS Assigned QoS Enabled When RADIUS Assigned QoS is both globally enabled and enabled checked for a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffi
154. the priority level for the 802 1Q frame It is also known as PCP It is Virtual LAN It is a method to restrict communication between switch ports VLANs can be used for the following applications 629 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice V
155. to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPA Radius is an acronym for Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 111 standard Wikipedia WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WRED is an acronym for Weighted Random Early Detection It is an active queue management mechanism that provides p
156. to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently e BPDU Guard If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not affect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well e Point to Point Buttons Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or forced either true or false A transition to the forwarding state is faster for point to point LANs than for shared media All means all ports will have one specific setting Save Click to save changes Click to undo any changes made locally and revert to previously saved values By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 802 1w standard exceeds 65 535 the default is set to 65 535 Port Type Ethernet IEEE 802 1D 1998 IEEE 802 1w 2001 50 600 200 000 20 000 000
157. to receive BPDU packets that may tell the port to go back to the blocking state a LT Learning the port is adding addresses to its forwarding database but not yet forwarding packets a Forwarding the port is forwarding packets a Disabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows a From initialization switch boot to blocking a From blocking to listening or to disabled a From listening to learning or to disabled From learning to forwarding or to disabled E From forwarding to disabled 152 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a From disabled to blocking Switch Blocking Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up If properly configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanni
158. to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is u
159. together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the low
160. 0 7 1000 QoS Port QueueShaper Excess Description Set or show the port queue excess bandwidth mode Syntax QoS Port QueueShaper Excess lt port_list gt lt queue_list gt enable disable Parameters lt port_list gt Port list or all default All ports lt queue_list gt Queue list or all default All queues 0 7 enable Enable use of excess bandwidth disable Disable use of excess bandwidth default Show port queue excess bandwidth mode Default Setting disable Example Enable the port queue excess bandwidth mode NS3552 8P 2S gt qos Port QueueShaper Excess 1 10 0 7 enable QoS Port TagRemarking Mode Description Set or show the port tag remarking mode Syntax QoS Port TagRemarking Mode lt port_list gt classified default mapped Parameters lt port_list gt Port list or all default All ports classified Use classified PCP DEI values 531 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual default Use default PCP DEI values mapped Use mapped versions of QoS class and DP level default Show port tag remarking mode Default Setting classified Example Set the port tag remarking mode in mapped NS3552 8P 2S gt qos Port TagRemarking Mode 1 10 mapped QoS Port TagRemarking PCP Description Set or show the default PCP This value is used when port tag remarking mode is set to default Syntax QoS Port TagRemarking PCP lt port_list gt
161. 00 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 7 appears QoS Egress Port Tag Remarking Classified Classified Classified Classified Classified Classified Classified Classified Classified Classified 1 2 3 4 5 6 8 3 10 Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure tag remarking For more detail please refer to chapter 4 9 6 1 e Mode Shows the tag remarking mode for this port E Classified Use classified PCP DEI values E Default Use default PCP DEI values E Mapped Use mapped versions of QoS class and DP level 4 9 6 1 QoS Egress Port Tag Remarking The QoS Egress Port Tag Remarking for a specific port is configured on this page The QoS Egress Port Tag Remarking screen in Figure 4 9 8 appears Port QoS Egress Port Tag Remarking Port 1 Tag Remarking Mode Cassia v Figure 4 9 8 QoS Egress Port Tag Remarking Page Screenshot 201 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Mode Controls the tag remarking mode for this port E Classified Use classified PCP D
162. 00 00 00 02 1 2 4 10 CPU Static 1 33 33 ff 16 81 68 1 2 4 10 CPU Static 1 33 33 ff a8 00 64 1 2 4 10 CPU Static 1 __ ff ff ff ff ff ff 1 10 CPU NS3552 8P 2S gt 381 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MAC Statistics Description Show MAC address table statistics Syntax MAC Statistics lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Set all of MAC statistics NS3552 8P 2S gt mac statistics Port Dynamic Addresses 1 0 0 0 0 0 0 0 0 0 o Total Dynamic Addresses 1 Total Static Addresses 6 NS3552 8P 2S gt MAC Flush Description Flush all learned entries Syntax MAC Flush 382 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 5 VLAN Configuration Command VLAN Configuration Description Show VLAN configuration Syntax VLAN Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show VLAN status of port1 NS3552 8P 2S gt vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type Disabled All UnTag Disable N A VID VLAN Name default VID VLAN Name VLAN forbidden table is empty 383 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAV PVID Description Set or show the port VLAN ID Syntax VLAN PVID lt port_list gt lt vid gt none Pa
163. 0000000 seconds It used when security mode or auto detect mode is enabled In other cases it will based hardware age time The actual age time will be situated in the age_time 2 age_time interval 215 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Traffic Class e Port Mode Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Indicates the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible port modes are E Disabled Disjoin from Voice VLAN E Auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically E Forced Forced join to Voice VLAN E All means all ports will have one specific setting e Port Security Indicates the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Possible port modes are E Enabled Enable Voice VLAN security mode operation E Disabled Disable Voice VLAN security mode operation E All means all ports will have one specific setting e Port Discovery Protocol Buttons Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both
164. 0km B End S30 1SLC B 20 SFP LC Connector Single Mode Gigabit 1 fiber 1550nm 1310nm 20km B End S30 1SLC B 60 SFP LC Connector Single Mode Gigabit 1 fiber 1550nm 1310nm 60km B End S30 2MLC SFP LC Connector Multi Mode Gigabit 2 fiber 850nm 850nm 550m S30 2MLC 2 SFP LC Connector Multi Mode Gigabit 2 fiber 1310nm 1310nm 2km 30 2SLC 10 SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 10km 30 2SLC 30 SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 30km 51 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 30 2SLC 70 SFP LC Connector Single Mode Gigabit 2 fiber 1550nm 1550nm 70km S30 RJ SFP RJ 45 Gigabit 100m S35 2MLC SFP LC Connector Multi Mode Gigabit 2 fiber 850nm 850nm 550m Hardened 40 75 C 35 2SLC 10 SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 10km Hardened 40 75 C SFP LC Connector Single Mode Gigabit 2 fiber 1310nm 1310nm 30km S35 2SLC 30 Hardened 40 75 C SFP LC Connector Single Mode Gigabit 2 fiber 1550nm 1550nm 70km 35 2SLC 70 Hardened 40 75 C Fast Ethernet SFP Transceiver ModulesError Not a valid link transceiver that is not supported the Industrial Managed Switch will not recognize it x 1 Itis recommended to use IFS SFPs on the Industrial Managed Switch If you insert an SFP 2 Please choose the SFP transceiver which is appropriate for the operating environment Note 1000Base SX LX
165. 1 time to 60 times e Ping Interval The interval of the ICMP packet Values range from O second to 30 seconds ga Be sure the target IP Address is within the same network subnet of the switch or you had setup the correct gateway IP address Note Button Star Click to start transmitting ICMP packets Click to re start diagnostics with PING 308 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv6 Ping screen in Figure 4 15 2 appears ICMPv6 Ping IP Address 0 0 0 0 0 0 0 0 Ping Length 64 Figure 4 15 2 ICMPv6 Ping Page Screenshot The page includes the following fields Object Description e IP Address The destination IP Address e Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes e Ping Count The count of the ICMP packet Values range from 1 time to 60 times e Ping Interval The interval of the ICMP packet Values range from 0 second to 30 seconds Button Start Click to start transmitting ICMP packets Click to re start diagnostics with PING 4 15 3 Remote IP Ping Test This page
166. 10 Figure 4 5 3 Aggregation Group Configuration Page Screenshot The page includes the following fields Object Description e Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port e Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 119 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG This page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected stack unit as reflected by the page header The LACP Configuration screen in Figure 4 5 4 appears 1 2 3 4 5 6 7 8 9 0 LACP Port Configuration lt All gt
167. 2p 1 disable STP Port RestrictedRole Description Set or show the MSTP restrictedRole port parameter Syntax STP Port RestrictedRole lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable MSTP restricted role disable Disable MSTP restricted role Default disable Example Eisable STP restricted role on port1 NS3552 8P 2S gt stp port restrictedrole 1 enable STP Port RestrictedTcn Description Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn lt port_list gt enable disable 472 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default disable Example Eisable STP restricted TCN on port1 NS3552 8P 2S gt stp port restrictedicn 1 enable STP Port bpduGuard Description Set or show the bpduGuard port parameter Syntax STP Port bpduGuard lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port BPDU Guard disable Disable port BPDU Guard Default disable Example Eisable BPDU guard on port1 NS3552 8P 2S gt stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics 473 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Sy
168. 33 33 F4 10 02 00 static 33 33 FF 10 02 00 Y Static 33 33 FF A8 00 64 y Dynamic 40 61 86 04 18 69 Y Static FF FF FF FF FF FF Y Y f YW VW VV VV VV Figure 4 13 2 MAC Address Table Status Page Screenshot Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the lt lt button to start over 288 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Type Indicates whether the entry is a static or dynamic entry e VLAN The VLAN I
169. 373 Port Maxim m Frame cota a pe tad 374 O cee eee A deve Daye UME a esters 374 POMEXCOS VE co ceabes ct caguslae ees udacpacsuceencaagetagdesassastssapsadadaatsaacshaauaidesassanisaiacad duabcageeaiaca asiessanesiare 375 Port Statistic Snie i Say es Ae ee ee 376 O 376 Pot SFP id ie in eevee de ia 376 Port Descrip A NAAA A O 377 6 4 MAC Address Table Command cnncincccinnnnnnncconinnrc cr 378 MAG Configurations sisses eeni nan A need Se ea 378 MAG Add e e a a e Ste 378 MAG Deleteinains ai o dl seh hie be pectin ie 379 MAGO dai 379 MAG Age Mie A AD cia 380 MAG Lcd enes g eede a evbstebcies serach A at ies eed tie eee hohe nt E 380 MAG DUMP sota titan 381 MAG Statistics AE EAA stapes o eos e EE 382 MAC Flush sc2cisite tett etd i eine ech ela dade de eee aed ee ele le 382 6 5 VLAN Configuration COMMANO aaa aaraa aa aa rc 383 VLAN Configuration 383 VEAV PMID cu a e et ed tn e aad ed ne ae 384 VLAN Frame Ty pele sra darla a needs td 384 VLAN Ingress Rief ei a T a a aa aE A a aa e Aa a E Ea Eae a rE E TEA aa E aae aaea 385 VLAN Mode io di 385 MEAN Link Type ra ate a e e e e e e o e 386 VEAN CEinO Modevtenconas aint o o a 386 MAN AT 387 VLAN untagVID iia A ia 387 VEAN Add 20 nc a a a eo date doc 388 VEAN Forbidden Add irsiesi ersen iied depte tl ta een 388 VAAN DEEE a a a S 389 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN Forbidden Delete dra tt 389 VLAN Forbidden LOOKUp iii raa a a ion shasaceeae ste dnasaleceagaageahd Aap aaea
170. 4 The Port Isolate VLAN Diagram Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 are in Promiscuous port The screen in Figure 4 6 15 appears Port Number 1112 3 4 5 6 7 8 9 10 OOO0O0d 145 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Figure 4 6 15 The Configuration of Isolate and Promiscuous Port 2 Assign VLAN Member VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The screen in Figure 4 6 16 appears Port Members rare embers 77 Delete van w 1 2 3 4 5 6 7 e 9 x0 OoOoogd Figure 4 6 16 Private VLAN Port Setting 4 6 11 MAC based VLAN The MAC based VLAN entries can be configured here This page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This page shows only static entries The MAC based VLAN screen in Figure 4 6 17 appears MAC based VLAN Membership Configuration Auto refresh Refresh lt lt gt gt Port Members E Delete mac Address viaw 10 a gt ao o r o o zo Add New Entry Reset Figure 4 6 17 MAC based VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description e Delete To delete a MAC based VLAN entry check this box and press save The entry will be deleted in the stack e MAC Address Indicates the MAC address e VLAN ID Indicates the VLAN ID e Port Members A row
171. 4095 or any default Show all VLANs Example Show VLAN 1 IPMC group addresses accordingly NS3552 8P 2S gt ipme groups igmp 1 581 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPMC Version Description Show IPMC Versions Syntax IPMC Version mld igmp lt vid gt Parameters mldligmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs Example Show VLAN 1 IPMC Versions NS3552 8P 2S gt ipmc version igmp 1 IPMC SFM Description Show SFM including SSM related information for IPMC Syntax IPMC SFM mldligmp lt vid gt lt port_list gt Parameters mid igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs lt port_list gt Port list or all default All ports IPMC Parameter RV Description Set or show the IPMC Robustness Variable 582 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax IPMC Parameter RV mldligmp lt vid gt ipmc_param_rv Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs ipmc_param_rv 1 Default Value 2 1 255 Robustness Variable default Show IPMC Interface Robustness Variable IPMC Parameter Ql Description Set or show the IPMC Query Interval Syntax IPMC Parameter QI mld igmp lt vid gt i
172. 5 Port Policies Configuration Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration Object Description 299 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Port The port number for which the configuration applies The set of policies that shall apply for a given port The set of policies is selected by check marking the checkboxes that corresponds to the policies e Policy ID Buttons Add New Policy Click to add new policy Save Click to save changes Click to undo any changes made locally and revert to previously saved values 300 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 14 4 LLDP MED Neighbor This page provides a status overview for all LLDP MED neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP MED Neighbor Information screen in Figure 4 14 3 appears The columns hold the following information LLDP MED Neighbour Information Local Port No LLDP MED neighbour information found Auto refresh E Refresh Figure 4 14 3 LLDP MED Neighbor Information with no LLDP MED device detected LLDP MED Neighbour Information Port 2 Device Type Capabilities Endpoint Class III LLDP MED Capabilities Network Policy Extended Power via MDI PD Inventory 7 Application Type Policy Tag VLAN ID Prior
173. 5 To remove the wall mount plate reverse steps above 49 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 3 Cabling 10 100 1000Base T and 100Base FX 1000Base SX LX All 10 100 1000Base T ports come with Auto Negotiation capability They automatically support 1000Base T 100Base TX and 10Base T networks Users only need to plug a working network device into one of the 10 100 1000Base T ports and then turn on the Industrial Managed Switch The port will automatically run in 10Mbps 20Mbps 100Mbps or 200Mbps and 1000Mbps or 2000Mbps after the negotiation with the connected device The Industrial Managed Switch has eight SFP interfaces that support 100 1000Mbps dual speed mode optional multi mode single mode 100Base FX 1000Base SX LX SFP module Cabling Each 10 100 1000Base T port uses RJ 45 sockets similar to phone jacks for connection of unshielded twisted pair cable UTP The IEEE 802 3 802 3u 802 3ab Fast Gigabit Ethernet standard requires Category 5 UTP for 100Mbps 100Base TX 10Base T networks can use Cat 3 4 5 or 1000Base T use 5 5e 6 UTP see table below Maximum distance is 100meters 328 feet The 100Base FX 1000Base SX LX SFP slot is used as LC connector with optional SFP module Please see table below and know more about the cable specifications Port Type Cable Type Connector 10Base T Cat 3 4 5 2 pair 100Base TX Cat 5 UTP 2 pair 1000Base T Cat 5 5e 6 UTP 2 pair RJ 45 100Base FX 50 125um or 62 5 125um
174. 52 8P 2S AND NS3550 2T 8S User Manual System restart in progess The system is now restarting v Completed Figure 4 2 33 Image Select Page Screenshot After the system reboot you can use the Alternate Image of Industrial Managed Switch 4 2 24 Factory Default You can reset the configuration of the stack switch on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary The Factory Default screen in Figure 4 2 34 appears Factory Defaults Are you sure to reset the configuration to Factory Defaults The default configuration here doesn t involve IP address You can reset configuration included IP by means of pushing the reset button on the machine Figure 4 2 34 Factory Default Page Screenshot Buttons Yes E f Le Click to reset the configuration to Factory Defaults Configuration Factory Reset Done The configuration has been reset The new configuration is available immediately Figure 4 2 35 Factory Default Page Screenshot No Click to return to the web main page without resetting the configuration 96 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual o After the Factory button is pressed and rebooted the system will be loaded default settings except IP address To reset the Industrial Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel for
175. 64 octets received with invalid CRC e Jabb The number of frames which size is larger than 64 octets received with invalid CRC e Coll The best estimate of the total number of collisions on this Ethernet segment e 64 The total number of packets including bad packets received that were 64 octets in length e 65 127 The total number of packets including bad packets received that were from 65 to 127 octets in length e 128 255 The total number of packets including bad packets received that were from 128 to 255 octets in length e 256 511 The total number of packets including bad packets received that were from 256 to 511 octets in length e 512 1023 The total number of packets including bad packets received that were from 512 to 1023 octets in length e 1024 1588 The total number of packets including bad packets received that were from 1024 to 1588 octets in length Buttons Auto refresh i Refresh Check this box to refresh the page automatically Automatic refresh occurs every 6 seconds Click to refresh the page immediately Lk Updates the table starting from the first entry in the Statistics table i e the entry with the lowest ID gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 337 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 19 Ring ITU T G 8032 Ethernet Ring protection switching ERPS is a link layer protocol applied on Ethernet l
176. 8 RMON RMON is the most important expansion of the standard SNMP RMON is a set of MIB definitions used to define standard network monitor functions and interfaces enabling the communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets MID of RMON consists of 10 groups The switch supports the most frequently used group 1 2 3 and 9 NW Statistics Maintain basic usage and error statistics for each subnet monitored by the Agent History Record periodical statistic samples available from Statistics E Alarm Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON Agent records Ml Event A list of all events generated by RMON Agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 18 1 RMON Alarm Configuration Configure RMON Alarm table on this page The entry index key is ID screen in Figure 4 18 1 appears RMON Alarm Configuration Sample Startup Rising Rising Falling Falling Figure 4 18 1 RMON Alarm configuration page screenshot The page includes the following fields Object Description e Delete Check to delete the entry
177. 8P 2S Supports Only In this mode the Maximum Power fields have no effect a Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields The ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver In this mode the port power is not turned on if the PD requests more available power 314 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a Consumption mode In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down E Priority mode In this mode the user assign the priority to the ports PD When the total POE power consumption request is over the allowed power supply limitation the system shut down PoE ports by port priority setting Power over Ethernet Configuration This section allows the user to inspect and configure the current PoE configuration settings screen in Figure 4 16 2 appears Power Over Ethernet Configuration System PoE Admin Mode Enable PoE Temperature Protection Enable v PoE Managemen
178. 9 DHGP Snooping Statistics uides india gil daddies dah eis clea 280 4 12 10 IP Source Guard Configuration ssis nanea eaa ea a ane aa AA E AERES 282 4 12 11 P Source Guard Static Table aaa a Eaa a a a Aa aa Aa aa aAa aana haita ei 283 4 12 12 ARP INSPECTOR ee 284 4 1 2 13 ARP Inspection Static Table 285 4 13 MAC AddresS Table tic aia iaa iia 286 4 13 1 MAC Address Table Configurati0N ooooncnnccnnnncnnnccnnncnconcncnncnnonnncnnn nro n cnn aran rana rra 286 4 13 2 MAG Address Table Status isc llo li aii la LE dni 288 4 13 3 Dynamic ARP Inspection Table c cececsccsastascensscececpascesanaaicaecdscecapseazceneesadscnpacsazesaecsastagdeaassiccenaptacteneneigestase 289 4 13 4 Dynamic IP Source Guard Table oooncocinnccinncononcconccononcnoncnononcnnnncnnnnc cnn cn rra rn nr 290 AMADO Ne ec oS ST oR ee ER PE Seo PEP TEC oe 292 4 14 1 Link Layer Discovery Protocol ss iicccccccesccedexees rs a aa Seared eee 292 4 1 4 2 EL DP Configurations cc2 s cteitindd atten ted etch aver ea deea a ia lit 292 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 14 3 LLDP MED Configuration sica dada dales caidni 294 4 14 4 EEDP MED Neighbor a a E td 301 4 14 5 Neighbor vicio ta ae ais 304 4 14 6 Port Statistics de eg 304 TAS DIAQMOSUICS A zs bec eee NE E E EEEE 307 LADA e o e a e a e edo den de e o de dd 308 AA ee Atti eee need Rapier eee wa Aaa etait etn 309 4 15 3 Remote IP Ping TeSt a io ion ni PaRa ARANA 309 4 15 4 Gable Diagnostics tit
179. 91 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv6 instead of using a separate protocol In 2002 the IEEE introduced an evolution of RSTP the Multiple Spanning Tree Protocol The MSTP protocol provides for multiple spanning tree instances while ensuring RSTP and STP compatibility The standard was originally defined by IEEE 802 1s but was later incorporated in IEEE 802 1D 2005 Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the VLANs where hosts have requested it them Wikipedia NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard access to
180. A ane ee ae ifIndex y 127 255 511 1023 1588 No more entries Figure 4 18 8 RMON Statistics Status page screenshot The page includes the following fields 336 Object IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Description ID Indicates the index of Statistics entry Data Source idIndex The port ID which wants to be monitored e Drop The total number of events in which packets were dropped by the probe due to lack of resources e Octets The total number of octets of data including those in bad packets received on the network e Pkts The total number of packets including bad packets broadcast packets and multicast packets received e Broad cast The total number of good packets received that were directed to the broadcast address e Multi cast The total number of good packets received that were directed to a multicast address e CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error e Under size The total number of packets received that were less than 64 octets e Over size The total number of packets received that were longer than 1518 octets e Frag The number of frames which size is less than
181. AC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this SMAC value e DMAC Filter a the destination MAC filter for this ACE Any No DMAC filter is specified DMAC filter status is don t care a MC Frame must be multicast E BC Frame must be broadcast E UC Frame must be unicast E Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears e DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this DMAC value E VLAN Parameters Object Description e 802 1Q Tagged Specify whether frames can hit the action according to the 802 1Q tagged The allowed values are E Any Any value is allowed don t care E Enabled Tagged frame only E Disabled Untagged frame only The default value is Any VLAN ID Filter Specify the VLAN ID filter for this ACE E Any No VLAN ID filter is specified VLAN ID filter status is don t care E Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears e VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value e Tag
182. ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The maximum number of ACEs is 256 on each switch The Voice VLAN OUI Table screen in Figure 4 10 1 appears ACL Status Ingress Port Frame Type Rate Limiter Port Redirect No entries Combined Y Auto refresh O Figure 4 10 1 ACL Status Page Screenshot The page includes the following fields Object Description e User Indicates the ACL user e Ingress Port Indicates the ingress port of the ACE Possible values are E All The ACE will match all ingress port E Port The ACE will match a specific ingress port e Frame Type Indicates the frame type of the ACE Possible values are E Any The ACE will match any frame type E EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP E IPv6 The ACE will match all IPv6 standard frames e Action Indicates the forwarding action of the ACE E Permit Frames matching the ACE may be forwarded and lear
183. ACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links a Static LAGs Port Trunk Force aggregared selected ports to be a trunk group a Link Aggregation Control Protocol LACP LAGs LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them 115 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Network Switch Link Aggregation 4 ports aggregate up to 4Gbps k Network Switch Yyy Figure 4 5 1 Link Aggregation Topology The Link Aggregation Control Protocol LACP provides a standardized means for exchanging information between Partner Systems that require high speed redundant links Link aggregation lets you group up to eight consecutive ports into a single dedicated connection This feature can expand bandwidth to a device on the network LACP operation requires full duplex mode more detail information refer to the IEEE 802 3ad standard Port link aggregations can be used to increase the bandwidth of a network connection or to ensure fault recovery Link aggregation lets you group up to 4 consecutive ports into a single dedicated connection between any two the S
184. AP Response Identity RADIUS Access Request _ _ EAP Request OTP RADIUS Access Challenge AMM EAP Response OTP RADIUS Access Request EAP Success RADIUS Access Accept Yt Port Authorized EAPOL Logoff Port Unauthorized Figure 4 11 2 EAP Message Exchange a Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network The port starts in the unauthorized state While in this state the port disallows all ingress and egress traffic except for 802 1X protocol packets When a client is successfully authenticated the port transitions to the authorized state allowing all traffic for the client to flow normally If a client that does not support 802 1X is connected to an unauthorized 802 1X port the switch requests the client s identity In this situation the client does not respond to the request the port remains in the unauthorized state and the client is not granted access to the network In contrast when an 802 1 X enabled client connects to a port that is not running the 802 1X protocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authen
185. Auto x Auto c Auto y Auto y Auto y Auto y Auto y Auto y Auto x Auto Figure 4 7 6 STP CIST Port Configuration Page Screenshot The page includes the following fields Object Description 160 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Port e STP Enabled The switch port number of the logical STP port Controls whether RSTP is enabled on this switch port i means to select all ports of Industrial Managed Switch e Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 All means all ports will have one specific setting e Priority e operEdge state flag Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 All means all ports will have one specific setting Operational flag describing whether the port is connecting directly to edge devices No Bridges attached Transition to the forwarding state is faster for edge ports having operEdge true than for other ports The value of this f
186. D of the entry e MAC Address The MAC address of the entry e Port Members The ports that are members of the entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address Vv Gig Updates the table starting with the entry after the last entry currently displayed 4 13 3 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 13 3 appears Dynamic ARP Inspection Table Start from Port 1 v VLAN 1 MAC address 00 00 00 00 00 00 land IP address 0 0 0 0 with 20 entries per page Port LAN ID MAC Address IP Address No more entries Auto refresh O Figure 4 13 3 Dynamic ARP Inspection Table Screenshot Navigating the ARP Inspection Table Each page shows up to 999 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from th
187. Default Setting disable Example Enable RADIUS assigned VLAN NS3552 8P 2S gt security network nas radius_vlan enable Security Network NAS EapolTimeout Description Set or show the time between EAPOL retransmissions 436 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Security Network NAS EapolTimeout lt eapol_timeout gt Parameters lt eapol_timeout gt Time between EAPOL retransmissions 1 65535 seconds default Show current EAPOL retransmission timeout Default Setting 30 Example Set the time between EAPOL retransmissions for 100sec NS3552 8P 2S gt security network nas eapoltimeout 100 Security Network NAS Agetime Description Time in seconds between check for activity on successfully authenticated MAC addresses Syntax Security Network NAS Agetime lt age_time gt Parameters lt age_time gt Time between checks for activitiy on a MAC address that succeeded autentication default Show current age time Default Setting 300 Example Set NAS age time in 1000sec NS3552 8P 2S gt security network nas agetime 1000 Security Network NAS Holdtime Description 437 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime lt hold_time gt Parameters lt hold_time gt Hold time before MAC addresses that failed authentication
188. Delete lt access_id gt Parameters lt access_id gt entry index 1 16 Example Delete access management ID 1 404 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt security switch access delete 1 Security Switch Access Lookup Description Lookup access management entry Syntax Security Switch Access Lookup lt access_id gt Parameters lt access_id gt entry index 1 16 Example Lookup access management entry NS3552 8P 2S gt security switch access lookup 1 Security Switch Access Clear Description Clear access management entry Syntax Security Switch Access Clear Example Clear access management entry NS3552 8P 2S gt security switch access clear Security Switch Access Statistics Description Show or clear access management statistics Syntax Security Switch Access Statistics clear Parameters 405 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual clear Clear access management statistics Example Show access management statistics NS3552 8P 2S gt security switch access statistics Access Management Statistics HTTP Receive 0 Allow 0 Discard HTTPS Receive 0 Allow 0 Discard SNMP Receive 0 Allow O Discard TELNET Receive O Allow O Discard SSH Receive 0 Allow 0 Discard Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration Security Switch SNMP Mode
189. Description Set or show the SNMP mode Syntax Security Switch SNMP Mode enable disable Parameters enable Enable SNMP disable Disable SNMP default Show SNMP mode Default Setting enable Example Disable SNMP mode NS3552 8P 2S gt security switch snmp mode disable 406 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Version Description Set or show the SNMP protocol version Syntax Security Switch SNMP Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting 2c Example Set SNMP in version 3 NS3552 8P 2S gt security switch snmp version 3 Security Switch SNMP Read Community Description Set or show the community string for SNMP read access Syntax Security Switch SNMP Read Community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP read community Default Setting public Example Set SNMP read community private 407 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Switch SNMP Write Community lt community gt Parameters lt community gt Community string Use clear or to clear the string
190. Description Set or show the link aggregation traffic distribution mode Syntax Aggr Mode smac dmaclip port enable disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled 478 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Disable SMAC mode NS3552 8P 2S gt Aggr mode smac disable 479 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 10 Link Aggregation Control Protocol Command LACP Configuration Description Show LACP configuration Syntax LACP Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LACP configuration NS3552 8P 2S gt lacp configuration Key Role Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto Disabled Auto O Disabled Auto Active LACP Mode Description Set or show LACP mode Syntax LACP Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable LACP protocol disable Disable LACP protocol default Show LACP mode Default Setting 480 IFS NS3552 8P 2S AND NS3550 2T 8S
191. Digital input0 1 described string Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact 595 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual DIDO DI Enable Description Set or show the system digital input0 1 Syntax DIDO Di_en first second enable disable hightolow lowtohigh Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status hightolow Trigger gt high to low lowtohigh Trigger gt low to high default Set or show digital input output 0 1 trigger DIDO DO Act Description Set or show the system digital output0 1 action Syntax DIDO Do_act first second port power enable disable Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select port port fail power power fail Di1 Dii trigger DI2 DI2 trigger default Set or show digital output fault alarm 0 1 action 596 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status DIDO DO Enable Description
192. Disabled Unlimited Disabled y Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Disabled Unlimited Reset Figure 4 12 10 IP Source Guard Configuration Screen Page Screenshot ENKA ENKAN KAEN ENERET 1 2 3 4 5 6 7 8 9 0 The page includes the following fields Object Description e Mode of IP Source Enable the Global IP Source Guard or disable the Global IP Source Guara All Guard Configuration configured ACEs will be lost when the mode is enabled e Port Mode Specify IP Source Guard is enabled on which ports Only when both Global Mode Configuration and Port Mode on a given port are enabled IP Source Guard is enabled on this given port All means all ports will have one specific setting e Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports This value can be O 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port All means all ports will have one specific setting Buttons 282 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual dynamic to static f f f Tanke Click to translate all dynamic entries to static entries Save Click to save changes Clic
193. E Ae eee deeded Ld 601 Show eee cs See e e a e o an 602 Show LACP sucia ria ceded a deers ol Sekar nee eee E e oer 602 show Elmit Control pitae A shes cdf ikea sade pn tceavhnd E A 602 Show LLDP iii td 602 Show LLDP MED ivan tigen Rachie ete ete t 602 Show Loop Protection dd od etek cad 603 SOOWMAC a a ai da boris e lnea 603 E 603 Show MVR aisinn A eee 603 SHOW ROE cuanta os 603 EALO A m O N KETE EEE E E e ad dr dd 604 SNOWiRrIVIlEDO EEEE AE AAA A ET AE E 604 Show Private VLAN iia A A et et 604 SHOW QOS cit ad dd e a da o de 604 Show SNMP nara apa iio lan ds caol n Lei labs 605 O A E 605 Show System A NO 605 SHOWTIME ZOMG vecinita 605 SNOW URAP ctra tidad 605 SNOW USES cat aia 606 22 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Show VEAN cessare aaeanoa reee ne aaae ea AAA ia tad 606 Show VOICE VAN AAAA AEE ed T 606 Show FirMmW re siasii ieres aorar aad ae ae de add a ii dds sd a i a id 606 SOI E AAA eee A E E E E E nd A 3 607 1 SWITCH OPERATION occur 608 A AA non 608 PA AAA A nen 608 7 3 Forwarding amp Filtering ccsecccceeseeceeeeeeeeeeeeneeseeeneee seen seeeeeenseeeseenseeeeeenaeeeseeeseeeaeenseaeeeeaseaeeeenseeeeeenseeeeenees 608 T A StOre AN FORWANG ccrccccici ii in ains 608 7 5 Nor ole fol fF C0 ds 609 8 TROUBLE SHOOTING cacao nanana aanne a nannaa aannaaien ad 610 APPENDEX E E cose core E E E A A E E E A 612 A 1 Switch s Data RJ 45 Pin Assignments 1000Mbps 1000Base T csse
194. EI values E Default Use default PCP DEI values E Mapped Use mapped versions of QoS class and DP level e PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default e QoS class DP level to Controls the mapping of the classified QoS class DP level to PCP DEI values PCP DEI Mapping when the mode is set to Mapped Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Cancel Cancel Click to undo any changes made locally and return to the previous page 4 9 7 Port DSCP This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports The Port DSCP screen in Figure 4 9 9 appears QoS Port DSCP Configuration a rons lt All gt lt All gt Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Figure 4 9 9 QoS Port DSCP Configuration Page Screenshot aura 4 2 3 4 5 6 7 8 9 0 202 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object e Port Description The Port column shows the list of ports for which you can configure dscp ingress and egress settings e Ingress In Ingress settings you can change ingress translation and classification settings for indiv
195. ERPS create WEB e Port 0 SF MEP See help on ERPS create WEB e Port1 SF MEP See help on ERPS create WEB e Port 0 APS MEP See help on ERPS create WEB e Port1 APS MEP See help on ERPS create WEB 345 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Ring Type Type of Protecting ring It can be either major ring or sub ring Instance Configuration Object Description e Configuration Red This ERPS is only created and has not yet been configured is not active Green This ERPS is configured is active e Guard Time Guard timeout value to be used to prevent ring nodes from receiving outdated R APS messages The period of the guard timer can be configured in 10 ms steps between 10 ms and 2 seconds with a default value of 500 ms e WTR Time The Wait To Restore timing value to be used in revertive switching The period of the WTR time can be configured by the operator in 1 minute steps between 5 and 12 minutes with a default value of 5 minutes e Hold Off Time The timing value to be used to make persistent check on Signal Fail before switching The range of the hold off timer is 0 to 10 seconds in steps of 100 ms e Version ERPS Protocol Version v1 or v2 e Revertive In Revertive mode after the conditions causing a protection switch has cleared the traffic channel is restored to the working transport entity i e blocked on the RPL In Non Revertive mode the traffic channel
196. Eaa E aaa AE Epe Eea aaa aE Ega 390 VEAN LOokUp Avett He ea a ees eee a ee a aa 390 VLAN Name Add ao ted eects See AE di a 391 VEAN Name Delete ici a o o vee onlin pet etree 391 WEAN Namie O O 392 VLAN Sl Abe eaten ees iv ei ls ae ve ee es 392 6 6 Private VLAN Configuration Command ccccescceseeeeeeeeeeeeeee seas rr 393 PVLAN GonfiguratiON acc Ae lee A ee ads 393 PYEAN AGG toco o oR ies et Ts et e Shai os a a al e 394 PVLAN Delete inira an ene A ede eee hs aac 394 PVLAN LOOKUP oi es cuagetaddasatscsessdpsad dea teacevagataideaessaseshdacad suabcasevaascagasiessan siase 395 PVLAN Isolate icici ee A AAA 395 6 7 Security Command iezssace E ec accel r a a a eae cece a e ea aaa ed id occa ae Nae Ke aae aaaeeeaa 396 Security Switch User Configuration ka ana e aeaaea a e aaa aaa E ea A a Eaa aN Naa 396 Security Switch UserAddt cas rd da 396 Security SWitch User Deleg nea aa laa tics 397 Security Switch Privilege Level Configuration ooooncccinnnnnnnccnnncnnocccnoncnnonncnnrnnnnrn cnc nn rca 397 Security Switch Privilege Level GrOUP ooonccccncccionccnocccnonccnonccnnnnnnnnccnnncnnnn nn nn narran 398 Security Switch Privilege Level CurTOMt ooooccinnccinnccnocccnonccnonncnnnncnornnnnrnn non cc nora rca 398 Security Switch Auth Configuration ooooccconncccncccnoncnnncnononcnnnncnnoncnnnncnrnnnnnnn carr nn rra rn rca rre 398 Security Switch Auth Methods pias 399 Security Switch SSH Configuration ooonoconnccnnoconannnnnanorannnnnnnor
197. FS NS3552 8P 2S AND NS3550 2T 8S User Manual Configure SNMPv3 users table on this page The entry index keys are Engine ID and User Name The SNMPv3 Users screen in Figure 4 3 4 appears SNMPv3 User Configuration Delet Engine ID Security Authentication Authentication Privacy Privacy Se ngne Level Protocol Password Protocol Password al 800007e5017f000001 default_user NoAuth NoPriv None None None None Add New Entry Save Reset Figure 4 3 4 SNMPv3 Users Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName are the entry s keys Ina simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In other words if user engine ID equal system engine ID then it is local user otherwise it s remote user e User Name A string identifyin
198. ID NS3552 8P 2S gt security switch snmp trap security engine id 800007e5017f000011 Security Switch SNMP Trap Security Name Description Set or show SNMP trap security name Syntax Security Switch SNMP Trap Security Name lt security_name gt Parameters lt security_name gt A string representing the security name for a principal default Show SNMP trap security name The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Set the SNMP trap security name NS3552 8P 2S gt security switch snmp trap security name 12345678 414 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Engine ID Description Set or show SNMPv3 local engine ID Syntax Security Switch SNMP Engine ID lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPv3 local engine ID NS3552 8P 2S gt security switch snmp engine id 800007e5017f000002 Security Switch SNMP Community Add Description Add or modify SNMPv3 community entry The entry index key is lt community gt Syntax Security Switch SNMP Community Add lt community gt lt ip_addr gt lt ip_mask gt Parameters lt community gt Community string lt ip_addr gt IP address a b c d default Show IP address lt ip_
199. ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once assigned all traffic arriving on the port will be classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the 242 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RADIUS assignea This option is only available for single client modes e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use the Monitor gt VLANs gt VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag value and fulfill the following requirements if Tag 0 is used the Tunnel Private Group ID
200. IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields System Configuration Object Mode Description Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames Reauthentication Enabled If checked successfully authenticated supplicants clients are reauthenticated after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port Reauthentication Period EAPOL Timeout Determines the period in seconds after which a connected client must be reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds Determines the time between retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 255 seconds This has no effect for MAC based ports Aging Period Hold Time This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses E Single 802 1X E Multi 802 1X E MAC Based Auth
201. IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 19 appears Voice VLAN Configuration Disabled El Soe 1000 Aging Time 86400 seconds Traffic Class 7 High El Port Configuration lt All gt lt All gt la lt All gt bea Disabled OU Disabled Disabled OUI Disabled Disabled OUI Disabled 7 Disabled OUI Disabled Disabled OUI Disabled Disabled OUI Disabled 7 Disabled OUI Disabled Disabled OUI Disabled Disabled OUI Disabled 7 Disabled OUI Reset Figure 4 9 19 Voice VLAN Configuration Page Screenshot 1 2 3 4 5 6 7 8 9 0 h The page includes the following fields Object Description e Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible modes are E Enabled Enable Voice VLAN mode operation E Disabled Disable Voice VLAN mode operation e VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed range is 1 to 4095 e Age Time Indicates the Voice VLAN secure learning age time The allowed range is 10 to 1
202. ISS 510 EPSCOM iaa ai 510 EPS Command isis pita 511 EPS Slale eis ct tata io id at tia ette oda 511 6 18 Maintainence entity End Point COMMANd mmmccnncnnnnnnnnnccnnnrc rr 512 MEP CONTO sie oos cane ce catoto cti era tedio ono co dd Me ode A o a e teas Aer lee erat 512 MEP Peer MEP cciucscito tii desi nie dee ee ee eH ee Sa 513 MEP Continuity Check Configuration ecceeeceeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeseaeeesaeesaeeeaaeeseaeeeeeeseaeesaeeseaeesneeeseaeeenatess 513 MEP Loss Measurement Configuration ooooncccnncnnncccnnccnnocnnoncnnnnncnnnnnnann crac cnn cnn carac nr r nn r nn rana rra ran nc rn nin 513 MEPAPS Configuration ssc shccectsics c ecds sale Ae cect eset sa sizing stag ius saaiesiasajddsatsigedicetadieassecedssgntag csateas igsiaianiensasiedeae 514 MEP Client Gontigurations 2 2n 4 dni dale eet eat a ee eine 514 MEP AIS GontiguratiOn i hata iin d athe vate Bit Wands ete eat Bia eat eats Whee ee een 515 MEP LOK Configuration tito arde deen dare lata ted este 515 MEP Link Trace Configurator e a aaa e a aae EE a Eaa aaa R a a aaa 516 MEP Loop Back Configuration vomita iien i a ei dt oe 516 MEP Delay Measurement Configuration ooooocccncccnncoconcnnnnncnoncncnnnnnnnnnnnnnn nan ca nan nn nan nn ran rnn car an nn rc nr nn nn narra ran nennen eat 517 MEP Test Signal Configuration italia rico eto ei Deedee sa dni 518 MER State cists sleet e hata Ma os De ec ahaha ed see EAE tee 519 MEARER EU nennen nne 519 MEP Loss
203. ITIN COMU NOOO 5 6 7 a a so default Bele Pel IPI EIMIMIMI LAN AOOO AL VLAN3 LILII ALL Figure 4 6 12 VLAN overlap port setting amp VLAN 1 The Public Area Member Assign 5 Specify Port 8 to be the 802 1Q VLAN Trunk port and the Trunking port must be a Tagged port while egress The Port 8 configuration is shown in the following screen in Figure 4 6 13 e o AL ov Tee Die y 802 10 Tag Figure 4 6 13 The configuration of VLAN Trunk Port That is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets from VLAN 2 or VLAN 3 are not able to access to the other VLAN 6 Repeat Steps 1 to 5 set up the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk Repeat Steps 1 to 3 to assign the Trunk port to the VLANs 144 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 10 3 Port Isolate The diagram shows how the Managed Switch handles isolate and promiscuous ports and the each PC is not able to access each other PCs of each isolate port But they all need to access with the same server AP Printer The screen in Figure 4 6 14 appears This section will show you how to configure the port for the server that could be accessed by each isolate port Promiscuous Public Servers MES aa Pi or iiscuous isolate VLAN 1 Private VLAN VLAN 2 Private VLAN Figure 4 6 1
204. It is also the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address and Source Specific Query messages The allowed range is 0 to 31744 in tenths of seconds default last listener query interval is 10 in tenths of seconds 1 second e URI Buttons Refresh Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a node s initial report of interest in a multicast address The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Refreshes the displayed table starting from the VLAN input fields Lk lt J Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt gt Updates the table starting with the entry after the last entry currently displayed Save Click to save changes Reset_ Click to undo any changes made locally and revert to previously saved values 184 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 10 MLD Snooping Port Group Filtering In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service is based on a specific subscription plan The MLD filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port
205. L2CP lt port_list gt lt l2cp_list gt lt mode gt Parameters lt port_list gt Port list or all default All ports lt l2cp_list gt L2CP ID list 0 31 BPDU range 0 15 GARP range 16 31 lt mode gt The mode takes the following values normal Default forwarding forward Forward redirect Redirect to CPU EVC Policer Description Set or show EVC bandwidth profile Syntax EVC Policer lt policer_id gt enable disable lt policer_mode gt lt cir gt lt cbs gt lt eir gt lt ebs gt Parameters lt policer_id gt Policer ID 1 128 504 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Enable policer disable Disable policer lt policer_mode gt Policer_mode coupled aware lt cir gt Committed Information Rate kbps lt cbs gt Committed Burst Size bytes lt eir gt Excess Information Rate kbps lt ebs gt Excess Burst Size bytes EVC Add Description Add or modify EVC Syntax EVC Add lt evc_id gt lt vid gt lt ivid gt lt nni_list gt lt learning gt inner lt it_type gt lt it_vid_mode gt lt it_vid gt lt it_preserve gt lt it_pcp gt lt it_dei gt outer lt ot_vid gt Parameters lt evc_id gt EVC ID 1 128 lt vid gt EVC VLAN ID lt ivid gt Internal VLAN ID lt nni_list gt NNI port list 1 10 or none lt learning gt Learning mode enable disable inner Inner tag action
206. LAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality WEP is an acronym for Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802 11 wireless networks Wireless networks broadcast messages is using radio so are more susceptible to eavesdropping than wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional wired network Wikipedia WiFi is an acronym for Wireless Fidelity It is meant to be used generically when referring of any type of 802 11 network whether 802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA is an acronym for Wi Fi Protected Access It was created in response to several serious weaknesses researchers had found in the previous system Wired Equivalent Privacy WEP WPA implements the majority of the IEEE 802 11i standard and was intended as an intermediate measure to take the place of WEP while 802 11i was prepared WPA is specifically designed to also work with pre WPA wireless network interface cards through firmware upgrades but not necessarily with first generation wireless access points WPA2 implements the full standard but will not work with some older network cards Wikipedia 630 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual WPA PSK is an acronym for Wi Fi Protected Access Pre Shared Key WPA was designed
207. LAN ID 100 Port Port Mode Port Type Immediate Leave Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled O Disabled Receive Disabled MVR Mode Description Set or show the MVR mode Syntax MVR Mode enable disable Parameters enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable 550 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Enable MVR mode NS3552 8P 2S gt mvr mode enable MVR VLAN Setup Description Set or show per MVR VLAN configuration Syntax MVR VLAN Setup lt mvid gt add del upd Name lt mvr_name gt Parameters lt mvid gt MVR VLAN ID 1 4095 add Add operation del Delete operation upd Update operation name MVR Name keyword lt mvr_name gt MVR VLAN name Maximum of 32 characters MVR VLAN Mode Description Set or show per MVR VLAN mode Syntax MVR VLAN Mode lt vid gt lt mvr_name gt dynamic compatible Parameters lt vid gt lt mvr_name gt MVR VLAN ID 1 4095 or Name Maximum of 32 characters dynamic Dynamic MVR mode compatible Compatible MVR mode default Show MVR VLAN mode MVR VLAN Port Description 551 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Set or show per MVR VLAN por
208. LAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 11 5 Network Access Statistics This page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen in Figure 4 11 6 appears NAS Statistics Port 1 Port Auto refresh Ol Port State Admin State Force Authorized Port State Globally Disabled Figure 4 11 6 Network Access Statistics Page Screenshot The page includes the following fields Port State Object Description e Admin State The port s current administrative state Refer to NAS Admin State for a description 245 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Port State e QoS Class of possible values The current state of the port Refer to NAS Port State for a descriptio
209. Measurement State Clar cccecceeseceeeeeeeseeeceeeeeseeeceaeeesaeesaeeeseeeceaeeesaeeseaeeesaeesaeesaeeseaeeeaeeseaeeeaeens 519 MEP Link Trace State necia titan 520 MEP Loop Back State attention AS 520 MEP Delay Measurement State 0 cccceeccceeceeeseeeeeeeeeeeeceaeeesaeecaeeesaeeseaeeesaeecsaeeesaeeseaeeesaeeseaeeesaeeseaeeeaeeneaeeeaeess 520 MEP Delay Measurement State Clear ooooncccincccincccnoccconcnnnnncnoncncnnnnnnncn non cnn nana n cnn rar an narra ran nr rra r nn rn rana n cnn 521 MEP Test Signal Sales do BAS o a A A ae ete 521 MEP Test Signal State lea sence edsnjccuetenacingatedesacivatshascadacaateaqezbdecagdeasteestuagnsad euatsaseziasta deersaniiiie 521 6 19 Quality of Service Command concccnnccnnnnnnnnccnnacarr rc 522 QOS CONA e insano edo a stat dde Lao ere eo ad Lado a e e AA 522 QoS Port Classification Clas Sii A en 522 GosS Port Classification DP LL o de ahs ee e i at a 523 QoS Pont Classification POP cuisine else heer De ea eer bs 523 Gos Port Classification DEL iria 524 QoS Port Classification Tag ia aiiadis 524 QoS Port Classification Maps sis r il ateo fla culta bala 525 QoS Port Classification DSCP kirden ta ala dale dadas 525 Qos Port Policer Mode 222 222 2242 45 18 228i ve zcchietd Succes roles he att dodo Dd o Baczash iat 526 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Port Policer Rate ccoo dt edn inte eda te tada e io 526 Gos Pon Policer Unit 00xt ccoo cet toner alt a E A E
210. Members Bree Ree Eee Ae Key Parameters Action Parameters osa Deak v DMAC Type Frame Type Figure 4 9 14 QCE Configuration Page Screenshot The page includes the following fields Object Description e Port Members Check the checkbox button in case you what to make any port member of the QCL entry By default all ports will be checked e Key Parameters Key configuration is described as below E Tag Value of Tag field can be Any Untag or Tag E VID Valid value of VLAN ID can be any value in the range 1 4095 or Any user can enter either a specific value or a range of VIDs E PCP Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any E DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any E SMAC Source MAC address 24 MS bits OUI or Any E DMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any E Frame Type Frame Type can have any of the following values 1 Any 2 Ethernet 3 LLC 4 SNAP 209 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 5 IPv4 6 IPv6 Note All frame types are explained below e Any Allow all types of frames e Ethernet Ethernet Type Valid Ethernet type can have value within 0x600 OxFFFF or Any but excluding 0x800 IPv4 and 0x86DD IPv6 default value is Any
211. N ID is the same as the switch port number range lt port_list gt Port list or all default All ports Example Add port1 to port4 in PVLAN10 NS3552 8P 2S gt pvlan add 10 1 4 PVLAN Delete Description Delete Private VLAN entry 394 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax PVLAN Delete lt pvlan_id gt Parameters lt pvlan_id gt Private VLAN ID The allowed range for a Private VLAN ID is the same as the switch port number range Example Delete PVLAN10 NS3552 8P 2S gt pvlan delete 10 PVLAN Lookup Description Lookup Private VLAN entry Syntax PVLAN Lookup lt pvlan_id gt Parameters lt pvlan_id gt Private VLAN ID default Show all PVLANs The allowed range for a Private VLAN ID is the same as the switch port number range Example Lookup PVLAN NS3552 8P 2S gt pvlan lookup PVLAN Isolate Description Set or show the port isolation mode Syntax PVLAN Isolate lt port_list gt enable disable Parameters 395 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt port_list gt Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation port list Default Setting disable Example Enable isolate for port10 6 7 Security Command Security Switch User Configuration Description Show users configuration Syntax Security Switch Users Configuration De
212. N ID of the entry e Querier Version Working Querier Version currently e Host Version Working Host Version currently e Querier Status Show the Querier status is ACTIVE or IDLE e Queriers Transmitted The number of Transmitted Queriers e Queriers Received The number of Received Queriers e V1 Reports Received The number of Received V1 Reports e V2 Reports Received The number of Received V2 Reports e V3 Reports Received The number of Received V3 Reports V2 Leaves Received The number of Received V2 Leaves Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear _ Gear J Clears all Statistics counters 179 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 6 IGMP Group Information Entries in the IGMP Group Table are shown on this page The IGMP Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the IGMP Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMP Group Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 9 appears IGMP Snooping Groups Information Auto refresh Refresh
213. N and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs The Private VLAN screen in Figure 4 6 6 appears Auto refresh Refresh Private VLAN Membership Configuration Port Members Td Por Members pas evn no 3 510 leoo v E Y A Y MM v y Add New Private VLAN Reset Figure 4 6 6 Private VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description e Delete To delete a private VLAN entry check this box The entry will be deleted during the next Save e Private VLAN ID Indicates the ID of this particular private VLAN e Port Members A row of check boxes for each port is displayed for each private VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Buttons Add new Private VLAN J Glick to add new VLAN Save Click to save changes Glick to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 137 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Refresh Click to refr
214. N functionality When checked the individual ports ditto setting determines whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports e Guest VLAN Enabled A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled for all ports e Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 e Max Reauth Count The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 e Allow Guest VLAN if EAPOL Seen Port Configuration The switch remembers if an EAPOL frame has been received on the port for the life
215. ND NS3550 2T 8S User Manual distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling for use in network topologies that require a separate policy for the video signaling than for the video media e Policy e TAG e VLAN ID Policy Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined TAG is indicating whether the specified application type is using a tagged or an untagged VLAN Can be Tagged or Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead e Priority Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 e DSCP e Auto negotiation DSCP is the DSCP value to be
216. NS3552 8P 2S AND NS3550 2T 8S User Manual lt port_copy gt Port list for copy of frames or disable lt mirror gt Mirror of frames enable disable lt logging gt System logging of frames log log_disable lt shutdown gt _ Shut down ingress port shut shut_disable Security Network ACL Delete Description Delete ACE Syntax Security Network ACL Delete lt ace_id gt Parameters lt ace_id gt ACE ID 1 256 Example Delete ACE 1 NS3552 8P 2S gt security network acl delete 1 Security Network ACL Lookup Description Show ACE default All ACEs Syntax Security Network ACL Lookup lt ace_id gt Parameters lt ace_id gt ACE ID 1 256 Example Lookup ACE 1 NS3552 8P 2S gt security network acl lookup 1 Security Network ACL Clear Description 445 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Clear all ACL counters Syntax Security Network ACL Clear Example Clear all ACL counters NS3552 8P 2S gt security network acl clear Security Network ACL Status Description Show ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ipmcl ip_source_guard conflicts Parameters combined Shows the combined status static Shows the static user configured status dhcp Shows the status by DHCP upnp Shows the status by UPnP arp_inspection Shows the status by ARP Inspection ip_source_guard Shows the status by IP Sour
217. O IFS NS3552 8P 2S and NS3550 2T 8S User Manual P N 1072687 REV A ISS 19DEC13 Copyright Trademarks and patents Manufacturer Intended use Certification FCC compliance ACMA compliance Canada European Union directives Contact Information IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2013 United Technologies Corporation Interlogix is part of UTC Climate Controls amp Security a unit of United Technologies Corporation All rights reserved The IFS NS3552 8P 2S and NS3550 2T 8S name and logo are trademarks of United Technologies Other trade names used in this document may be trademarks or registered trademarks of the manufacturers or vendors of the respective products Interlogix 3211 Progress Drive Lincolnton NC 28092 USA Authorized EU manufacturing representative UTC Climate Controls amp Security B V Kelvinstraat 7 6003 DH Weert Netherlands Use this product only for the purpose it was designed for refer to the data sheet and user documentation for details For the latest product information contact your local supplier or visit us online at www interlogix com C EG N4131 This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates
218. OOPING Status diarios ainia 179 4 8 6 IGMP Group IO MON iii di 180 4 8 7I6MPv3S Information escrita rapid 181 4 8 8 MLD Snooping Configuratio cridiri teisine aai aaa aa ea aiaa a i ele aoaea r rana 181 4 8 9 MLD Snooping VLAN Configuration ecceecceeeseeeeeeeceneeeeeeeceaeeenaeeceaeeseeeeseaeeeeaeeseaeeseaeeseaeessaeeseaeeeeaeeseaeesearenas 183 4 8 10 MLD Snooping Port Group Filteridg ooooncccnnnnnnnncnnnncnnncccnnncannccnn anna n arc c ronca 185 4 31 MLD Snooping Status etc diia ia it dd i Ee eee 186 4 38 12 MLD Groups Information sail eee ate o dile 187 4 819 MEDv2 OT 188 A en a ean een ed decile E E a a e 189 4 6 15 MVR O Seated eae aie eel 191 4 8 10 MVR Groups Information esisin neie aiea aa tdi Sheers 191 4 8 17 MVR SFM Information cisco oa 192 AS Quality DESC tido dsd 194 4 91 Understand DOS ci A ee A aaao aS 194 49 2 Port Poll oia tidad 195 4 93 POM Shapiro il root radianes teflon 195 4 9 3 1 QoS Egress Port Schedule and Shapers cecceeeceeeeeeeeeeeceeeeeeeeeceaeeeeeeeceaeeeeaeeseaeeseaeeseaeeseaeeseeeeeaeetias 196 4 9 4 Port Classification ii ac 198 4 9 4 1 QoS Ingress Port Tag Classification ooooonnnccnnnnninnnnnncnnncnnncnnnccnnncn no nrn nn nr rana rra 199 4 9 5Port Schequler coto il dd oo alas ed dis 200 4 9 6 PortTag RemarkINd sita il to a o id tad neve 201 4 9 6 1 QoS Egress Port Tag ReEmarking eccceceseesseseneeeeeeeceaeeeeeeeceaeeeeaeeseaeeeeaeeseaeeseaeeseaeeseaeeseaeesnaeeseeeeeaeeni
219. P 2S AND NS3550 2T 8S User Manual 4 9 11 QoS Control List This page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 13 appears QoS Control List Configuration QCE Port Frame Type SMAC DMAC VID PCP cet port Frame Type smac omac vio pco ox ree DSCP Figure 4 9 13 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description e QCE Indicates the index of QCE e Port Indicates the list of ports configured with the QCE e Frame Type Indicates the type of frame to look for incoming frames Possible frame types are E Any The QCE will match all frame type E Ethernet Only Ethernet frames with Ether Type 0x600 OxFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames e SMAC Displays the OUI field of Source MAC address i e first three octet byte of MAC address e DMAC Specify the type of Destination MAC addresses for incoming frame Possible values are E Any All types of Destination MAC addresses are allowed E Unicast Only Unicast MAC addresses are allowed E Multicast Only Multicast MAC addresses are
220. P level A DP level of 0 zero corresponds to Committed Green frames and a DP level of 1 corresponds to Discard Eligible Yellow frames DSCP is an acronym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes 617 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame FTP is an acronym for File Transfer Protocol It is a transfer protocol that uses the Transmission Control Protocol TCP and provides file writing and reading lt also provides directory service and security features Multicast snooping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously This processing applies to IGMP and MLD HTTP is an acronym for Hypertext
221. P to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained later in this help file m UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file E TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file 225 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IP protocol value e IP TTL Specify the Time to Live settings for this ACE E zero Pv4 frames with a Time to Live field greater than zero must not be able to match this entry E non zero Pv4 frames with a Time to Live field greater than zero must be able to match this entry E Any Any value is allowed don t care e IP Fragment Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame E No Pv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry E Yes Pv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to matc
222. PS command set operation Syntax EPS command lt inst gt clear lockout forced manualp manualwlexercise freeze lockoutlocal Parameters lt inst gt Instance number clear lockout forced manualp manualw exercise freeze lockoutlocal EPS protection command type clear is no command active EPS State Description Get protection state Syntax EPS state lt inst gt Parameters lt inst gt Instance number 511 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 18 Maintainence entity End Point Command MEP Config Description MEP instance configuration mep mip this entity is either a MEP or a MIP end point or intermediate point ingress egress this entity is either a Ingress down or Egress up type of MEP MIP domport domevc the domain is either Port or EVC level is the MEG level port is the residence port flow is the related flow instance number Port number in Port domain EVC number in EVC domain vid is used for TAGGED OAM in port domain itulieee is the MEG ID format meg is the MEG ID max 8 char in case of ieee 6 or 7 char in case of itu mep is the MEP ID Syntax MEP config lt inst gt mep mip ingress egress lt port gt domport domevc lt level gt itulieee lt meg gt lt mep gt lt vid gt lt flow gt enable disable Parameters lt inst gt Instance number mep mip Mode of the MEP instance ingress egress
223. Permit Disabled Disabled Disabled Disabled Disabled 0 Security Network ACL Policy Description Set or show the ACL port policy Syntax Security Network ACL Policy lt port_list gt lt policy gt Parameters lt port_list gt Port list or all default All ports lt policy gt Policy number 1 8 Default Setting 1 Example Set ACL policy 2 for port 1 442 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt security network acl policy 1 2 Security Network ACL Rate Description Set or show the ACL rate limiter Syntax Security Network ACL Rate lt rate_limiter_list gt lt rate_unit gt lt rate gt Parameters lt rate_limiter_list gt Rate limiter list 1 16 default All rate limiters lt rate_unit gt IP flags pps kbps default pss lt rate gt Rate in pps 0 100 or kbps 0 100 2 100 3 100 1000000 Default Setting 1 Example Set rate limit value in 100 for port 1 NS3552 8P 2S gt security network acl rate 1 100 Security Network ACL Add Description Add or modify Access Control Entry ACE If the ACE ID parameter lt ace_id gt is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specified the next available ACE ID will be used If the next ACE ID parameter lt ace_id_next gt is specified the ACE will be placed before this ACE in the list If the ne
224. Port Status Displays VLAN port status g Private VLAN Creates removes primary or community VLANs Eg Port Isolation Enables disables port isolation on port a MAC based VLAN Configures the MAC based VLAN entries a MAC based VLAN Status Displays MAC based VLAN entries ja IP Subnet based VLAN Configures the IP Subnet based VLAN entries a Protocol based VLAN Configures the protocol based VLAN entries a Protocol based VLAN Membership Displays the protocol based VLAN entries 4 6 2 IEEE 802 1Q VLAN In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong 124 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R amp D usage groups such as e mail or multicast groups used for multimedia applications such as videoc
225. Priority Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care E ARP Parameters The ARP parameters can be configured when Frame Type ARP is selected Object Description e ARP RARP Specify the available ARP RARP opcode OP flag for this ACE E Any No ARP RARP OP flag is specified OP is don t care E ARP Frame must have ARP RARP opcode set to ARP E RARP Frame must have ARP RARP opcode set to RARP E Other Frame has unknown ARP RARP Opcode flag e Request Reply e Sender IP Filter Specify the available ARP RARP opcode OP flag for this ACE E Any No ARP RARP OP flag is specified OP is don t care E Request Frame must have ARP Request or RARP Request OP flag set E Reply Frame must have ARP Reply or RARP Reply OP flag Specify the sender IP filter for this ACE E Any No sender IP filter is specified Sender IP filter is don t care E Host Sender IP filter is set to Host Specify the sender IP address in 224 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual the SIP Address field that appears NE Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear e Sender IP Address When Host or Network is selected for the sender IP fil
226. RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Request packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a IFS NS3552 8P 2S AND NS3550 2T 8S User Manual different server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name RFC4668 Name Description IP Address IP address and UDP port for the
227. S NS3552 8P 2S AND NS3550 2T 8S User Manual Multicast Receiver Multicast Switch Transmitter A IPTV Server Router Switch Switch Multicast Switch Receiver NN Multicast Receiver Figure 4 8 2 Multicast Flooding B Multicast Receiver Multicast IGMP Snooping Transmitter Switch A a IPTV Server Router f IGMP Snooping IGMP Snooping Switch Switch IGMP Snooping Multicast Switch Receiver Multicast Receiver D Figure 4 8 3 IGMP Snooping Multicast Stream Control 171 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below Meaning Membership Query if Group Address is 0 0 0 0 Specific Group Membership Query if Group Address is Present Membership Report version 2 Leave a Group version 2 Membership Report version 1 IGMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated
228. S3552 8P 2S AND NS3550 2T 8S User Manual Syntax PoE Power_Supply lt supply_power gt Parameters lt supply_power gt PoE power for a power supply POE Status Description Show POE status Syntax POE Status 502 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 16 Ethernet Virtual Connections Command EVC Configuration Description Show EVC configuration Syntax EVC Configuration lt port_list gt lt policer_id gt Parameters lt port_list gt Port list or all default All ports lt policer_id gt Policer ID 1 128 EVC Port DEI Description Set or show port DEI mode Syntax EVC Port DEI lt port_list gt lt dei_mode gt Parameters lt port_list gt Port list or all default All ports lt dei_mode gt DEI mode coloured fixed EVC Port Tag Description Set or show port tag match mode Syntax EVC Port Tag lt port_list gt lt tag_mode gt Parameters lt port_list gt Port list or all default All ports lt tag_mode gt Tag mode innerjouter 503 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual EVC Port Addr Description Set or show port address match mode Syntax EVC Port Addr lt port_list gt lt addr_mode gt Parameters lt port_list gt Port list or all default All ports lt addr_mode gt IP MAC address mode source destination EVC Port L2CP Description Set or show port L2CP mode Syntax EVC Port
229. Save Click to save changes Click to undo any changes made locally and revert to previously saved values 203 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 8 DSCP Based QoS This page allows you to configure the basic QoS DSCP based QoS Ingress Classification settings for all switches The DSCP Based QoS screen in Figure 4 9 10 appears DSCP Based QoS Ingress Classification asco ireas cs et 56 C57 57 58 59 60 61 62 63 Figure 4 9 10 DSCP Based QoS Ingress Classification Page Screenshot The page includes the following fields Object Description e DSCP Maximum number of supported DSCP values is 63 e Trust Click to check if the DSCP value is trusted means to select all ports of Industrial Managed Switch e QoS Class The Configuration All with available values will assign to whole DSCP values QoS Class value can be any of 0 7 e DPL The Configuration All with available values will assign to whole DSCP values Drop Precedence Level 0 1 204 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 9 9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation
230. Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e Policy ID Select the policy to apply to this port The allowed values are 1 through 8 The default value is 1 e Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit All means all ports will have one specific setting e Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 1 through 15 The default value is Disabled All means all ports will have one specific setting e Port Redirect Select which port frames are redirected on The allowed values are Disabled or a specific port number The default value is Disabled All means all ports will have one specific setting e Mirror Specify the mirror operation of this port The allowed values are Enabled Frames received on the port are mirrored Disabled Frames received on the port are not mirrored The default value is Disabled All means all ports will have one specific setting e Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited All means all ports will have one specific setting e
231. Show Voice VLAN configuration Syntax Show voice vlan Show Firmware Description Display information about active and alternate firmware images Syntax Show firmware 606 Show STP Description Show STP Port configuration Syntax Show STP IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 607 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 7 SWITCH OPERATION 7 1 Address Table The Industrial Managed Switch is implemented with an address table This address table composed of many entries Each entry is used to store the address information of some node in network including MAC address port no etc This in formation comes from the learning process of Industrial Managed Switch 7 2 Learning When one packet comes in from any port the Industrial Managed Switch will record the source address port no And the other related information in address table This information will be used to decide either forwarding or filtering for future packets 7 3 Forwarding amp Filtering When one packet comes from some port of the Industrial Managed Switch it will also check the destination address besides the source address learning The Industrial Managed Switch will lookup the address table for the destination address If not found this packet will be forwarded to all the other ports except the port which this packet comes in And these ports will transmit this packet to the network it connected If found and the des
232. Tables in G8032 Remaining WTR timeout in milliseconds e RPL Un blocked APS is received on the working flow e No APS Received e Port 0 Block Status e Port 1 Block Status RAPS PDU is not received from the other end Block status for Port 0 Both traffic and R APS block status R APS channel is never blocked on sub rings without virtual channel Block status for Port 1 Both traffic and R APS block status R APS channel is never blocked on sub rings without virtual channel e FOP Alarm Buttons Failure of Protocol Defect FOP status If FOP is detected red LED glows else green LED glows Save Click to save changes Auto refresh l Refresh Check this box to refresh the page automatically Automatic refresh occurs every 6 seconds Click to refresh the page immediately Click to undo any changes made locally and revert to previously saved values 4 19 5 Ring Wizard This page allows the user to configure the ERPS by wizard screen in Figure 4 19 4 appears 347 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Ring Wizard Note 1 Please make sure the DHCP client function has been disabled 2 Please be noticed that the ring port can not be applied to spanning tree function at the same time ALL Switch Number 3 30 3 Number ID Configuration Owner Neighbour Switch 3 Switch 1 Switch 2 pica Port 1 pea Port 2 SO Mep 1 ae Mep 2 Wlan 3001
233. The DHCP Snooping Configuration screen in Figure 4 12 8 appears 278 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual DHCP Snooping Configuration Port Mode Configuration lt All gt Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Trusted Reset Figure 4 12 8 DHCP Snooping Configuration Screen Page Screenshot 4 2 3 4 5 6 f 8 9 0 The page includes the following fields Object Description e Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation e Port Mode Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message All means all ports will have one specific setting 279 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 9 DHCP Snooping Statistics This page provides statistics for DHCP snooping The statistics only counter packet under DHCP snooping mode is enabled and relay mode is disabled And it doesn t count the DHCP
234. The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For example the domain name www example com might translate to 192 168 0 1 DoS is an acronym for Denial of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 Every incoming frame is classified to a Drop Precedence Level DP level which is used throughout the device for providing congestion control guarantees to the frame according to what was configured for that specific D
235. The page includes the following fields Object Description e Delete This box is used to mark an ERPS for deletion in next Save operation e PortO This will create a Port 0 of the switch in the ring e Port 1 This will create Port 1 of the switch in the Ring As interconnected sub ring will have only one ring port Port 1 is configured as 0 for interconnected sub ring 0 in this field indicates that no Port 1 is associated with this instance e Port 0 SF MEP The Port 0 Signal Fail reporting MEP e Port 1 SF MEP The Port 1 Signal Fail reporting MEP As only one SF MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 SF MEP is associated with this instance e Port 0 APS MEP The Port 0 APS PDU handling MEP e Port 1 APS MEP The Port 1 APS PDU handling MEP As only one APS MEP is associated with interconnected sub ring without virtual channel it is configured as 0 for such ring instances 0 in this field indicates that no Port 1 APS MEP is associated with this instance e Ring Type Type of Protecting ring It can be either major ring or sub ring e Major Ring ID Major ring group ID for the interconnected sub ring It is used to send topology change updates on major ring If ring is major this value is same as the protection group ID of this ring e Alarm There is an active alarm on the ERPS
236. Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example when you enter a URL in your browser this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing a Transmission Control Protocol TCP connection to a particular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message 618 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons HTTPS is really just the use of Netscape s S
237. US port 1813 Example Set RADIUS accounting server configuration Security AAA TACACS Description Set or show TACACS authentication server setup Syntax Security AAA TACACS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt 460 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters The server index 1 5 default Show TACACS authentication server configuration enable Enable TACACS authentication server disable Disable TACACS authentication server default Show TACACS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration NS3552 8P 2S gt security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statistics lt server_index gt Parameters The server index 1 5 default Show statistics for all servers Example Show RADIUS statistics NS3552 8P 2S gt security aaa statistics 461 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 8 Spanning Tree Protocol Command STP Confi
238. User Manual Syntax Security Network NAS Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show 802 1X configuration of port 1 NS3552 8P 2S gt security network nas configuration 1 802 1X Configuration Disabled Disabled Reauth Period 3600 EAPOL Timeout 30 Age Period 300 Hold Time 10 RADIUS QoS Disabled RADIUS VLAN Disabled Guest VLAN Disabled Guest VLANID 1 Max Reauth Count 2 Allow Guest VLAN if EAPOL Frame Seen Disabled Port Admin State Port State Last Source Last ID Security Network NAS Mode Description Set or show the global NAS enabledness Syntax Security Network NAS Mode enable disable Parameters enable Globally enable 802 1X disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function 434 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt security network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network NAS State lt port_list gt auto authorized unauthorized single multi macbased Parameters lt port_list gt Port list or all default All ports auto Port based 802 1X Authentication authorized Port access is allowed unauthorized Port access is not allowed single Single Host 802 1X Authentic
239. VLAN ID for the settings e MAC Address Allowed Source MAC address in ARP request packets e IP Address Allowed Source IP address in ARP request packets Buttons Add New Entry Click to add a new entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 285 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 13 MAC Address Table Switching of frames is based upon the DMAC address contained in the frame The Managed Switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 4 13 1 MAC Address Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here The MAC Address Table Configuration screen in Figure 4 13 1 app
240. VLAN10 NS3552 8P 2S gt vlan delete 10 VLAN Forbidden Delete Description Delete VLAN entry Syntax LAN Forbidden Delete lt vid gt lt name gt Parameters lt vid gt lt name gt VLAN ID 1 4095 or VLAN Name Example Forbidden delete VLAN10 NS3552 8P 2S gt vlan forbidden delete 10 389 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN Forbidden Lookup Description Lookup VLAN Forbidden port entry Syntax VLAN Forbidden Lookup lt vid gt name lt name gt Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs name VLAN name string lt name gt VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet VLAN Lookup Description Lookup VLAN entry Syntax VLAN Lookup lt vid gt name lt name gt combined static nas mvr voice_vlan all Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs name VLAN name string lt name gt VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration default combined VLAN User
241. VLANs Switch e Current number of Display the current number of VLANs VLANs e VLAN Learning Display the VLAN learning mode The Industrial Managed Switch supports IVL IVL Independent vlan learning e Configurable PVID Indicates whether or not configurable PVID tagging is implemented Tagging 4 6 4 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of the Switch 128 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Ml IEEE 802 10 Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged e Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions e Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus
242. a 140 4 6 10 2 VLAN Trunking between two 802 1Q aware Switch ooooococinnccnnnccnnnccnocccnnnnananncnnrnnnanc cnn cana ccrnrcarnrcnnn 143 a aoe D moa Eo E AEEA E TEE TE 145 4 60 11 MAC based VLAN dosni neor e dilate elie a lone decd Ea ae e e 146 4 6 12 MAC based VLAN Status c ocooncccnncccnnoccnncnnnnecinnnnnrennn nene 147 4 6 13 Protocol based VLAN oia o eee ey EAL ee 148 4 6 14 Protocol based VLAN Membership 000 ceeesceesesneeeeeeneeeeeeeeeeeeaeeeseeneeeeeaeeeeeeaaeeeseeaeeeeesaeeeeseaeeeseeeeeesenneeess 149 4 7 Spanning Tree Protocols ic ccsccesceccesecescvessete coteceseetensece iria 151 ATW E D ETEO EEEE AAA A ako degen ts cayeabs A TE EET 151 4 7 2 STP System Configuration aid A ee et ee a tdi 157 4573 Bridge Stallone aaa 159 4 4 GIST Port Configuration ir id ld eden ede ibe 160 4 MSTUP OS e diante let DiR 163 ETOMSTICON UA ai 164 4 7 1 MSTI Ports Configuration tits elsa 165 O 167 4 79 POR SISI idad 168 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual AM Stoni ane o enn O E o ceeede aT aa Rin 170 SN E NT 170 4 8 2 IGMP Snooping Configuration ooonocccnccnnnccnncccnnoncnonnconnnnnnn cc norris 174 4 8 3 IGMP Snooping VLAN Configuration cccceccceseseeeceeseneeeeeeeeeaeeeeaeeseaeeeaeeseaeeseaeeseaeeesaeeseaeeseaeeseieeseaeeseaeeseaeetias 175 4 8 4 IGMP Snooping Port Group Filtering eeececeeeeeeeeeeneeeeeee cece eeaeeseaeeeeaeeseaeeseaeeeeaeeeeaeeseaeeeeaeeeeaeeseeeeeieeseeeeeenaes 176 4 35 IGMP SN
243. a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS is an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model 622 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NFS is an acronym for Network File System It allows hosts to mount partitions on a remote system and use them as though they are local file systems NFS allows the system administrator to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagrams as transport layer A LLDP frame contains multiple TLVs For some TLVs it is configurable if th
244. able Disable SNMP trap authentication failure default Show SNMP trap authentication failure mode Default Setting enable Example Disable SNMP trap authentication failure Security Switch SNMP Trap Link up Description Set or show the port link up and link down trap mode Syntax Security Switch SNMP Trap Link up enable disable Parameters enable Enable SNMP trap link up and link down disable Disable SNMP trap link up and link down default Show SNMP trap link up and link down mode Default Setting 411 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Example Disable SNMP trap link up NS3552 8P 2S gt security switch snmp trap link up disable Security Switch SNMP Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap Inform Mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode NS3552 8P 2S gt security switch snmp trap inform mode disable Security Switch SNMP Trap Inform Timeout Description Set or show the SNMP trap inform timeout usecs Syntax Security Switch SNMP Trap Inform Timeout lt timeout gt Parameters lt timeout gt SNMP trap inform timeout 0 2147 seconds default Show SNMP trap inform timeout 412 IFS NS3552 8P 2S AND NS3550 2T 8S Us
245. about more than 10 seconds After the device is rebooted all configurations will be loaded to default setting including IP address You can login the management WEB interface within the same subnet of 192 168 0 xx Console a E z Pi po FAULT ee 11520014 ing R ifs r3 al 1 1 0 1000x She M Reset Button RESET 4 Uk ACT Y POE Ingo 4 2 25 System Reboot The Reboot page enables the device to be rebooted from a remote location Once the Reboot button is pressed user will re access the WEB interface about 60 seconds later The System Reboot screen in Figure 4 2 36 appears Restart Device Are you sure you want to perform a Restart Figure 4 2 36 System Reboot Page Screenshot Buttons Yes Crs Click to reboot the system LNo Click to return to the web main page without rebooting the system 97 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 3 Simple Network Management Protocol 4 3 1 SNMP Overview The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices lt is part of the Transmission Control Protocol Internet Protocol TCP IP protocol suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth An SNMP managed network consists of three key components Network management stations NMSs SNMP agents Managem
246. accounting server in question State Round Trip radiusAuthClient Time ExtRoundTrip Tim e RADIUS Accounting Servers Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is Up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS accounting server packet counter There are five receive and four transmit counters Direction Na
247. acters from 32 to 126 Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 101 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 3 4 SNMPv3 Configuration 4 3 4 1 SNMPv3 Communities Configure SNMPv3 communities table on this page The entry index key is Community The SNMPv3 Communities screen in Figure 4 3 3 appears SNMPv3 Community Configuration public 0 0 0 0 0 0 0 0 private 0 0 0 0 0 0 0 0 Add New Entry Save Reset Figure 4 3 3 SNMPv3 Communities Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and mapa SNMPv1 or SNMPv2c community string e Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with source mask e Source Mask Indicates the SNMP access source address mask Buttons Add New User Click to add a new community entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 102 4 3 4 2 SNMPv3 Users I
248. ady to accept access attempts E Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Object Description o The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e Status The current state of the server This field takes one of the following values E Disabled The server is disabled 254 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E Not Ready The server is enabled but IP communication is not yet up and running E Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconas left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Buttons Auto refresh i Refresh i Check this box to
249. ag 2 140 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a Tagged packet entering VLAN 2 5 While PC 3 transmitting a tagged packet with VLAN Tag 2 enters Port 3 PC 1 and PC 2 will receive the packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away its tag becoming an untagged packet a Untagged packet entering VLAN 3 1 While PC 4 transmitting an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will receive the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away its tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 ot For this example just set VLAN Group 1 as default VLAN but only focus on VLAN 2 and VLAN 8 traffic flow a Note Setup steps 1 Create VLAN Group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 3 Remove VLAN Member for VLAN 1 Remember to remove Port 1 Port 6 from VLAN 1 membership since Port 1 Port 6 has been assigned to VLAN 2 and VLAN 3 a ACT Bee mano waves af sf6f leeg EERE ES E Ea ES va a A va E Figure 4 6 9
250. ailable values will assign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 e Remap DP1 The Configuration All with available values will assign to whole DSCP values Select the DSCP value from select menu to which you want to remap DSCP value ranges from 0 to 63 Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 206 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 10 DSCP Classification This page allows you to map DSCP value to a QoS Class and DPL value The DSCP Classification screen in Figure 4 9 12 appears DSCP Classification QoS Class DSCP O O O 2 O 0 25 0 0 0 0 1 1 2 2 3 3 4 4 5 5 6 6 7 7 Reset Figure 4 9 12 DSCP Classification Page Screenshot The page includes the following fields Object Description e QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters e DPL Drop Precedence Level 0 1 can be configured for all available QoS Classes e DSCP The Configuration All with available values will assign to whole QoS Class Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 207 IFS NS3552 8
251. all the PoE ports in the system In order to maintain the majority of ports active power management is implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is lower than the power level at which additional PDs cannot be connected When this value is exceeded ports will be deactivated according to user defined priorities The power budget is managed according to the following user definable parameters maximum available power ports priority maximum allowable power per port Reserved Power determined by There are five modes for configuring how the ports PDs may reserve power and when to shut down ports a Classification mode In this mode each port automatic determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exist and one for 4 7 15 4 and 30 8 Watts Class Usage Range of maximum power used by the PD Class Description Default 0 44 to 12 95 Watts Classification unimplemented Optional 0 44 to 3 84 Watts Very low power 1 _2 Optional 3 84 to 6 49 Watts 3 Optional 6 49 to 12 95 Watts or to 15 4Watts High power Optional 12 95 to 25 50 Watts or to 30 8Watts NS3552
252. allowed E Broadcast Only Broadcast MAC addresses are allowed The default value is Any e VID Indicates VLAN ID either a specific VID or range of VIDs VID can be in the range 1 4095 or Any e PCP e DEI Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any e Action Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP E Class Classified QoS Class if a frame matches the QCE it will be put in the queue E DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column E DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column e Modification Buttons You can modify each QCE in the table using the following buttons O Inserts a new QCE before the current row e Edits the QCE 208 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Moves the QCE up the list Moves the QCE down the list 69 Deletes the QCE O The lowest plus sign adds a new entry at the bottom of the list of QCL 4 9 11 1 QoS Control Entry Configuration The QCE Configuration screen in Figure 4 9 14 appears ACE Configuration Port
253. ally Automatic refresh occurs every 3 seconds Click to refresh the page immediately Click to clear the counters Remove All Click to remove all ACEs 221 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 10 3 ACE Configuration Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type selected A frame that hits this ACE matches the configuration that is defined here The ACE Configuration screen in Figure 4 10 3 appears ACE Configuration 802 10 Tagged VLAN ID Filter Figure 4 10 3 ACE Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port e Policy Filter Select the ingress port for which this ACE applies E All The ACE applies to all port E Portn The ACE applies to this port number where nis the number of the switch port Specify the policy number filter for this ACE E Any No policy filter is specified policy filter status is don t care E Specific If you want to filter a specific policy with this ACE choose this value Two field for entering a policy value and bitmask appears e Policy Value When Specific is selected for the policy filter you can enter a specifi
254. ally and revert to previously saved values 4 2 6 NTP Configuration Configuring NTP on this page NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP data grams as transport layer You can specify NTP Servers and set GMT Time zone The NTP Configuration screen in Figure 4 2 8 appears 73 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NTP Configuration Timezone GMT 8 Beijing Chongqing Hong Kong Singapore Taipei pool ntp org europe pool ntp org north america pool ntp org asla pool ntp org oceania pool ntp org Figure 4 2 8 NTP Configuration Page Screenshot The page includes the following fields Object Description e Mode Indicates the NTP mode operation Possible modes are E Enabled Enable NTP mode operation When NTP mode operation is enabled the agent forwards NTP messages between the clients and the server when they are not on the same subnet domain E Disabled Disable NTP mode operation e Time zone Allows to select the time zone according to current location of switch e Server Provides the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing mult
255. als to enable you to repack the product in case there is a need to return it to us for repair 24 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 1 2 Product Description Environmentally Hardened Design The Industrial Switches are equipped with rugged IP30 metal case for stable operation in heavy Industrial demanding environments With IP30 industrial case protection the switches provide a high level of immunity against electromagnetic interference and heavy electrical surges which are usually found on plant floors or in curb side traffic control cabinets Being able to operate in wide temperature range from 40 to 75 degrees C the Industrial Switches can be placed in almost any difficult environment The Industrial Switches also allows for either DIN rail or wall mounting for efficient use of cabinet space Redundant Power Inputs 2 100 1000 SFP Slots PA n Din Rail Mount A OT NS3552 8P 25 IP30 R ed Case 8 Ports of Gigabit PoE ugg Built in Unique PoE Functions for Powered Devices Management NS3552 8P 2S only As a managed PoE Switch for surveillance wireless and VolP network the NS3552 8P 2S features three special PoE Management functions PD ALIVE Check Schedule Power Recycle gt SMTP SNMP Trap Event Alert PoE Schedule Intelligent Alive Check for Powered Device The NS3552 8P 2S can be configured to monitor connected PD Powered Device status in real time via ping action Once the PD stops work
256. alue or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 E Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP E Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP e Action Parameters Buttons E Class QoS class 0 7 or Default E DP Valid Drop Precedence Level can be 0 1 or Default E DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Default means that the default classified value is not modified by this QCE Save Click to save the configuration and move to main QCL page Click to undo any changes made locally and revert to previously saved values Cancel Return to the previous page without saving the configuration change 4 9 12 QoS Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The QoS Control List Status screen in Figure 4 9 15 appears 210 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Combined Auto refresh Resolve Conflict Refresh QoS Control List Status Action User QCE Frame Type por Action Conflict Figure 4 9 15 QoS Control List Status Page Screenshot The page includes the f
257. ameters lt vid gt VLAN ID 1 4095 lt group id gt protection group id 1 64 ERPS MEP Description Associating Port 0 1 MEP to a protection group lt east_sf_mep gt Mep_ID for finding out Continuity Check errors on Port 0 lt west_sf_mep gt Mep_ ID for finding out Continuity Check errors on Port 1 lt east_raps_mep gt Mep_ID for transmitting R APS frames on Port 0 lt west_raps_mep gt Mep_ID for transmitting R APS frames on Port 1 lt group_id gt protection group id for which mep is associating Syntax Erps mep lt east_sf_mep gt lt west_sf_mep gt lt east_raps_mep gt lt west_raps_mep gt lt group id gt Parameters lt east_sf_mep gt SF mep id for Port O lt west_sf_mep gt SF mep id for Port 1 lt east_raps_mep gt CC RAPS mep id for Port 0 lt west_raps_mep gt CC RAPS mep id for Port 1 lt group id gt protection group id 1 64 ERPS RPL Neighbour Description Selection of RPL neighbour for a protection group east west selected east Port 0 or west Port 1 as RPL neighbour lt group id gt protection group id for selecting RPL Block Syntax Erps rpl neighbour lt rpl_port gt lt group id gt Parameters lt rpl_port gt RPL Block lt group id gt protection group id 1 64 565 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS RPL Owner Description Selection of RPL Block for a protection group by default this node is considered as RPL Owner east west s
258. an requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain 616 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number
259. and Web browser interface support are embedded in the Industrial Managed Switch software and are available for immediate use Each of these management methods has their own advantages Table 3 1 compares the three management methods Method Remote Telnet Web Browser SNMP Agent Advantages Text based Telnet functionality built into Windows XP 2003 Vista Windows 7 operating systems Can be accessed from any location Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Communicates with switch functions at the MIB level Based on open standards Disadvantages Security can be compromised hackers need only know the IP address Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need only know the community name Table 3 1 Management Methods Comparaison 55 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 3 CLI Mode Management There are two ways for CLI mode management one is remote telnet and the other is operating from console port Remote telnet is an IP based protocol and console port is for user to operate the Industrial Managed Switch on local only however their operation is the same The command
260. annnnne nara 400 Security Switch SSH MOE mesianiti t ii 400 Security Switch AT TPs Configuration cuidat aji 401 Security Switch HTEPS ModE ooo eee dav eee eel dee aie deed eee 401 Sec rity Switch HTI Ps Redirect uu ae ld ee eden Ake ties diate 401 Security Switch Access Configuration c cceecceeeceeeeeeeeneeeeeeeeeeeeeaeeeeaeeeeaeeseaeeseaeeeeseeeeaeesceeseaeeseaeeseieeeeieesseeeeeaees 402 security SWEM ACCESS Modesa sachs Sol a aaa a e aa a aa a a E A Aa Aaa aa aT EE Aiae Sasiain 402 Security SWitch ACCESS Addison AA A nee 403 Security Switch Access IPV6 Add cios aia A ed ete al 403 Security Switch Access Delete o cinco dat ti 404 Security SWItch AccessS LookuP nmirii A e a eE EE E AE ERa detest EE EA R a Aaa Ea 405 Security Switch Access Olea incinin oiri A ATA eaa iett 405 Security Switch Access StatistiCs oooonnncinnncnnnconnnannccnrorannncnnrarnnnn E a aa aaa a aaa a a aaea 405 Security Switch SNMP Configuration ssanie aae eaa a e A Ne 406 ELA EEREN L alo e EEE ATA E E T 406 Security Switch SNMP Versions ioaren a ae aE A Eee e TEE a e ar e aadatan ts 407 Security Switch SNMP Read Community c ooocccoccccnoccnocccionnnnoncnnnncnnnnncnnn cnn nnn rra 407 Security Switch SNMP Write Community c oooocncccincconoccconnnnnonccnnnncnnn coronan cnn n narrar crec 408 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Trap MOJE sheers a ite ede dee 408 Security Switch SNMP Trap Version iii ca 409 Securit
261. anual The page includes the following fields Object e VLAN ID Description The VLAN ID of the entry e MLD Snooping Enable Enable the per VLAN MLD Snooping Only up to 64 VLANs can be selected e MLD Querier Enable the MLD Querier in the VLAN e Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network The allowed selection is MLD Auto Forced MLDv1 Forced MLDv2 default compatibility value is MLD Auto Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a link The allowed range is 1 to 255 default robustness variable value is 2 Ql Query Interval The Query Interval variable denotes the interval between General Queries sent by the Querier The allowed range is 1 to 255 seconds default query interval is 125 seconds e QRI Query Response Interval The Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds e LLQI Last Listener Query Interval The Last Listener Query Interval is the Maximum Response Delay used to calculate the Maximum Response Code inserted into Multicast Address Specific Queries sent in response to Version 1 Multicast Listener Done messages
262. ara dad ii alta 498 Thermal Configura dilata 499 6 15 PoE Command NS3552 8P 2S Only c ccceeseeceeeseeeeeeesnaeeeensnaeeeensnaeseenseaeeeenseaeeeenseaeeeenseaeeeenseeeeeenas 500 PoE Configurationiys cc csesce seth oe ee ee ee i 500 POE Mode spin id eee is 500 PORRO Vias a sl o ptes od tocata 500 PoE Mamagement Mode sy e esas daazsecsezaancnpiceaiedachiassagdesassigessansuaecandeapeniasta d auscegessaacapasaesedsesscia 501 PoE Allocated Powelis custnin A A e aaa da 501 POE Powe r Supply iuris a a A A a A AA E bet 501 POE Mall a e bdo detonar edo do 502 6 16 Ethernet Virtual Connections Command coccion 503 EVG Configuration Pee A a ee ee tebe 503 EVG Port DE ccc a A A oes ei 503 EVG Port Tag tachi eh es ee Ae AAA ee ee 503 EVO Port Addts i 20t c e e o tee kd ete e nd 504 EVG Port LCP stand td dd Hed oes een tada ote tia 504 EVO Policia A e O Ios 504 EVG Add ccoo a bt Ae ee 505 EVO Dell A a cee a oe eee 505 EVG LOOKUP anat o to a lod inal Mena see hed te re ide Pee Dog tat deen ee 506 EVG Status E An fasts pessansnacaaateabessarassasdecsaniapeacasaseatsdetagha 506 EVE Statistics ee Abed vice ed nie ele eae e 506 EVG ECE Add irc ech iter e on a a ed dende dde e dea el o e tag 507 EVG ECE Delete cio tdo ti aha ited een 508 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual EVC EGE LOOKUP isa ar aid da da ds dida 508 EVG EGE A A A N NS 509 6 17 Ethernet Protection Switching Command ommonnncnnnnnnninccnninrc rr 510 ESTI a OOO
263. aracters from 33 to 126 e Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons _ Add New User Click to add a new group entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 104 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 3 4 4 SNMPv3 Views Configure SNMPv3 views table on this page The entry index keys are View Name and OID Subtree The SNMPv3 Views screen in Figure 4 3 6 appears SNMPv3 View Configuration View Type OID Subtree default_view included w Add New Entry Save Reset Figure 4 3 6 SNMPv3 Views Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e View Type Indicates the view type that this entry should belong to Possible view type are E included An optional flag to indicate that this view subtree should be included E excluded An optional flag to indicate that this view subtree should be excluded General if a view entry s view type is excluded it should
264. arm to the administrators The Digital Output could be used to alarm the administrators if the Industrial Switches port is link down link up or power failed 26 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Digital Input RJ 45 Cable Fiber Cable Link Down Link Down DC Power Failure Robust Layer 2 Feafures The Industrial Switches can be programmed for advanced switch management function such as dynamic port link aggregation Q in Q VLAN private VLAN rapid spanning tree protocol layer2 to layer4 QoS bandwidth control and IGMP MLD snooping The NS3552 8P 2S provides 802 1Q tagged VLAN and the VLAN groups allowed will be maximally up to 255 The NS3552 8P 2S not only allows the operation of a high speed trunk combining multiple ports but also supports connection fail over Efficient Management For efficient management the Industrial managed switch is equipped with console web and SNMP management interfaces With the built in web based management interface the Industrial Switches offer an easy to use platform independent management and configuration facility The NS3552 8P 2S supports SNMP and it can be managed via any based on standard of SNMP v1 and v2 management software For text based management mode the NS3552 8P 2S can be accessed via Telnet and the console port Moreover they also offer remote secure management by supporting SSH SSL and SNMPv3 connection which can be encrypted the packet content at each session Power
265. as 201 4 9 7 Port DSCP ai ee ee debe a ee eee A eee de ee st ele a 202 4 9 8 DSCP Based O0S seicvie ne ioe hed ine eet a Steet 204 4 9 9 DSGP Translation sisena aeaa ds hed dd id 205 4 9 10 DSGP Classifications tota ade 207 49 11 QoS Control ld A A A ee e ee et aE 208 4 9 11 1 QoS Control Entry Configuration ooooncccnnnccconcconncnconcnnnncnnnnc ccoo ncnnn crac narrar 209 49 12 QOS al iii ii Di E ii i later ete 210 A tists shes oe oes acc dacs pace sulsce sas cpadcoesacesancadisanscdseagstaads sa sasasgipendcsanteaacandsiapdesnteaaiepaste jase sedan 211 4 9 14 Storm Control Configuration NE E a e SEOC adai vave erias 212 4 9 15 QoS Statistics 2 E E A E eee e N 213 4 9 16 Voice VEAN Configuration da 215 491 7 Voce VLAN OU Table 2is22585 cc ca a vac gehts ace e a a Ba ctaahl ioe 217 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 10 Access Control LiSts ion ii 217 4 10 1 Access Gontrol List Status cn notarial 218 4 10 2 Access Control List Configurati0N omocnnnncnnnccinnncnncccnoncnnncncnnrnnnnnc cnc ran 220 A A033 AGE Contig uration iss ii eR A A da 222 4 10 4 ACL Ports Contig uration tesis atadas eos ano eet a ai E e 228 4 10 5 ACL Rate Limiter Configuration oo eeceecceeseeeeeneeeeeeeceaeeeeeeeseaeeeaeeseaeeeaeeseaeeeaeeseaeeseaeeseaeeseaeeseaeeseaeeseueeseaeenias 230 AAA nn E aa Eaa 232 4 11 1 Understanding IEEE 802 1X Port Based AuthenticatiON oo oconnnnccnnonocccononcncnnnonnnnnonononnnon cnn naar non nnno cerrar
266. as full Entries Dropped e Total Neighbors Shows the number of entries deleted due to Time To Live expiring Eniries Aged Out 305 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Local Counters The displayed table contains a row for each port The columns hold the following information Object Description e Local Port The port on which LLDP frames are received or transmitted e Tx Frames The number of LLDP frames transmitted on the port e Rx Frames The number of LLDP frames received on the port e Rx Errors The number of received LLDP frames containing some kind of error e Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out e TLVs Discarded Each LLDP frame can contain multiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded e TLVs Unrecognized The number of well formed TLVs but with an unknown type value e Org Discarded The number of organizationally TLVs received e Age Outs Each LLDP frame contains information about
267. at would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants 241 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form XX XX XX XX XX XX that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete
268. ate ge i MAC based VLAN Private VLAN Protocol based VLAN MAC based VLAN Voice VLAN Protocol based VLAN MVR Multicast VLAN Registration Voice VLAN a Up to 255 VLAN groups out of 4094 VLAN IDs MVR Multicast VLAN Registration Up to 255 VLAN groups out of 4095 VLAN IDs Link IEEE 802 3ad LACP Static Trunk IEEE 802 3ad LACP Static Trunk Aggregation Supports 5 groups of 8 Port trunk support Support 5 groups of 10 Port trunk support Traffic classification based Strict priority and WRR Traffic classification based Strict priority and WRR 8 Level priority for switching 8 level priority for switching Port Number Port Number Configuration 35 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP Packet IGMP v1 v2 V3 Snooping up to 255 multicast MP Snooping Groups MLD Snooping Access Control List Bandwidth Control IGMP Querier mode support MLD v1 v2 Snooping up to 255 multicast Groups MLD Querier mode support IP based ACL MAC based ACL Up to 123 entries Per port bandwidth control Ingress 500Kb 1000Mbps Egress 500Kb 1000Mbps RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Standards Conformance lar
269. ate gt Parameters enable Enable multicast storm control disable Disable multicast storm control lt packet_rate gt Rate in fps 1 2 4 512 1k 2k 4k 32768k Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S gt QoS Storm multicast enable 2 QoS Storm Broadcast Description Set or show the broadcast storm rate limiter The limiter will only affect flooded frames i e frames with a VLAN ID DMAC pair not present in the MAC Address table 538 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax QoS Storm Broadcast enable disable lt packet_rate gt Parameters enable Enable broadcast storm control disable Disable broadcast storm control lt packet_rate gt Rate in fps 1 2 4 512 1k 2k 4k 1024k Default Setting disable QoS QCL Add Description Add or modify QoS Control Entry QCE If the QCE ID parameter lt qce_id gt is specified and an entry with this QCE ID already exists the QCE will be modified Otherwise a new QCE will be added If the QCE ID is not specified the next available QCE ID will be used If the next QCE ID parameter lt qce_id_next gt is specified the QCE will be placed before this QCE in the list If the next QCE ID is not specified and if it is a new entry added the QCE will be placed last in the list Otherwise if the next QCE ID is not specified and if existing QCE is modified QCE will
270. ation Description Show VCL IP Subnet based VLAN configuration Syntax VCL IPVlan Configuration lt vce_id gt Parameters lt vce_id gt Unique VCE ID 1 128 for each VCL entry VCL IP Subnet based Vian Add Description Add or modify VCL IP Subnet based VLAN entry The maximum IPVlan entries are limited to 128 Syntax VCL IPVlan Add lt vce_id gt lt ip_addr_mask gt lt vid gt lt port_list gt Parameters lt vce_id gt Unique VCE ID 1 128 for each VCL entry lt ip_addr_mask gt Source IP address and mask Format a b c d n lt vid gt VLAN ID 1 4095 lt port_list gt Port list or all default All ports 589 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VCL IP Subnet based Vlan Delete Description Delete VCL IP Subnet based VLAN entry Syntax VCL IPVlan Delete lt vce_id gt Parameters lt vce_id gt Unique VCE ID 1 128 for each VCL entry 590 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 30 SMTP Command SMTP Configuration Description Show SMTP configure Syntax SMTP Configuration Default Setting disable SMTP Mode Description Enable or disable SMTP configure Syntax SMTP Mode enable disable Parameters enable Enable SMTP mode disable Disable SMTP mode default Show SMTP mode Default Setting Disable SMTP Server Description Set or show SMTP server configure Syntax SMTP Server lt server gt lt p
271. ation multi Multiple Host 802 1X Authentication macbased Switch authenticates on behalf of the client default Show 802 1X state Default Setting none Example Show the port 1 security state NS3552 8P 2S gt security network nas state 1 Port Admin State Port State Last Source Security Network NAS Reauthentication Description Set or show Reauthentication enabledness Syntax Security Network NAS Reauthentication enable disable Parameters 435 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Enable reauthentication disable Disable reauthentication default Show current reauthentication mode Default Setting disable Example Enable reauthentication function NS3552 8P 2S gt security network nas reauthentication enable Security Network NAS ReauthPeriod Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global lt port_list gt enable disable Parameters global Select the global RADIUS assigned VLAN setting lt port_list gt Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness
272. ation server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Rx Access radiusAuthClientExtA The number of RADIUS Accepts ccessAccepts Access Accept packets valid or invalid received from the server Rx Access Rejects radiusAuthClientExtA The number of RADIUS Access Reject packets valid 256 Rx Rx Rx Rx Rx Tx Tx Tx Tx IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Access Challenges Malformed Access Responses Bad Authenticators Unknown Types Packets Dropped Access Requesis Access Retransmissio ns Pending Requesis Timeouts ccessRejects radiusAuthClientExtA ccessChallenges radiusAuthClientExt MalformedAccessRe sponses radiusAuthClientExtB adAuthenticators radiusAuthClientExtU nknownTypes radiusAuthClientExtP acketsDropped radiusAuthClientExtA ccessRequests radiusAuthClientExtA ccessRetransmission s radiusAuthClientExtP endingRequests radiusAuthClientExtT imeouts 257 or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of
273. ations are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded by certain applications and or devices to indicate the level of service required by the packet across a network Service Level defines the priority that will be given to a set of classified traffic You can create and modify service levels Policy comprises a set of rules that are applied to a network so that a network meets the needs of the business That is traffic can be prioritized across a network according to its importance to that particular business type QoS Profile consists of multiple sets of rules classifier plus service level combinations The QoS profile is assigned to a port s Rules comprises a service level and a classifier to define how the Switch will treat certain types of traffic Rules are associated with a QoS Profile see above To implement QoS on your network you need to carry out the following actions 1 2 3 4 Define a service level to determine the priority that will be applied to traffic Apply a classifier to determine how the incoming traffic will be classified and thus treated by the Switch Create a QoS profile which associates a service level and a classifi
274. ault All ports policy Policy ACE keyword lt policy gt Policy number 1 8 lt tagged gt Tagged of frames any enable disable lt vid gt VLAN ID 1 4095 or any lt tag_prio gt VLAN tag priority 0 7 or any lt dmac_type gt DMAC type any unicast multicast broadcast etype Ethernet Type keyword lt etype gt Ethernet Type 0x600 OxFFFF or any but excluding 0x800 IPv4 0x806 ARP and 0x86DD IPv6 lt smac gt Source MAC address Xxx XX XX XX XX XX or any lt dmac gt Destination MAC address xx xx Xxx xx XX xx or any arp ARP keyword lt sip gt Source IP address a b c d n or any lt dip gt Destination IP address a b c d n or any lt arp_opcode gt ARP operation code any arp rarp other lt arp_flags gt ARP flags request smac tmac len ip ether 0 1 any ip IP keyword lt protocol gt IP protocol number 0 255 or any lt ip_flags gt IP flags ttlloptions fragment 0 1 any icmp ICMP keyword lt icmp_type gt ICMP type number 0 255 or any lt icmp_code gt ICMP code number 0 255 or any udp UDP keyword lt sport gt Source UDP TCP port range 0 65535 or any lt dport gt Destination UDP TCP port range 0 65535 or any tcp TCP keyword lt tcp_flags gt TCP flags fin syn rst psh ack urg 0 1 any permit Permit forwarding default deny Deny forwarding lt rate_limiter gt Rate limiter number 1 15 or disable 444 IFS
275. ax Port Statistics lt port_list gt lt command gt up down Parameters lt port_list gt Port list or all default All ports lt command gt The command parameter takes the following values clear Clear port statistics packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard statistics filtered Show filtered statistics 0 7 Show priority statistics default Show all port statistics up Show ports which are up down Show ports which are down default Show all ports Port VeriPHY Description Run cable diagnostics Syntax Port VeriPHY lt port_list gt Parameters lt port_list gt Port list or all default All ports Port SFP Description Show SFP port information 376 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Port SFP lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show SFP information for port9 10 NS3552 8P 2S gt port sfp Speed Wave Length nm Distance m 9 1000Base LX 1000 Base 1310 10000 10 1000Base LX 1000 Base 1310 10000 Port Description Description Set or show Port Description Syntax Port Description lt port_list gt lt descr_text gt Parameters lt port_list gt Port list or all default All ports lt descr_text gt Text of port description 377 IFS NS3552 8P 2S AND NS3550 2T 8S User Manua
276. ayer and provides multiplexing mechanisms that make it possible for several network protocols IP IPX to coexist within a multipoint network LLC header consists of 1 byte DSAP Destination Service Access Point 1 byte SSAP Source Service Access Point 1 or 2 bytes Control field followed by LLC information 620 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP LLDP MED is an extension of IEEE 802 1ab and is defined by the telecommunication industry association TIA 1057 LLQI Last Listener Query Interval is the maximun response time used to calculate the Maximun Respse Code inserted into Specific Queries It is used to detect t
277. be in the same location in the list To modify and move the entry to last in the list use the word last for lt qce_id_next gt Syntax QoS QCL Add lt qce_id gt lt qce_id_next gt lt port_list gt lt tag gt lt vid gt lt pcp gt lt dei gt lt smac gt lt dmac_type gt etype lt etype gt LLC lt DSAP gt lt SSAP gt lt control gt SNAP lt PID gt ipv4 lt protocol gt lt sip gt lt dscp gt lt fragment gt lt sport gt lt dport gt ipv6 lt protocol gt lt sip_v6 gt lt dscp gt lt sport gt lt dport gt lt class gt lt dp gt lt classified_dscp gt Parameters lt qce_id gt QCE ID 1 256 default Next available ID lt qce_id_next gt Next QCE ID next_id 1 256 or last lt port_list gt Port List port lt port_list gt or all default All ports lt tag gt Frame tag untag tag any lt vid gt VID 1 4095 or any either a specific VID or range of VIDs lt pcp gt Priority Code Point specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or any lt dei gt Drop Eligible Indicator 0 1 or any lt smac gt Source MAC address xx xx xx or any 24 MS bits OUI lt dmac_type gt Destination MAC type unicast multicast broadcast any etype Ethernet Type keyword 539 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt etype gt Ethernet Type 0x600 OxFFFF or any but
278. be longer than the Max Age Otherwise a configuration error will occur Max Age The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the Root Bridge your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state Max Age _ 2 x Forward Delay 1 second Observe the following formulas when setting the above parameters Es Max Age _ 2 x Hello Time 1 second Note Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP Asimple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch Aand so
279. being lost during transmission between neighbors it is recommended to repeat the fast start transmission multiple times to increase the possibility for that the neighbors has received the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of links Description e Latitude e Longitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 ula to specify the direction to either North of the equator or South of the Traine SHOULD be normalized to within 0 180 degrees with a maximum of 4 des to specify the direction to either East of the prime meridian or West of the prime meridian e Altitude Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters E Meters Representing meters of Altitude defined by the vertical datum specified E Floors Representing altitude in a form more rele
280. below Inserting the wires 42 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual the Industrial Managed Switch will detect the fault status of the power failure or port link failure available for managed model The following illustration shows an application example for wiring the fault alarm contacts ett yy tf aks E Y Insert the wires into the fault alarm contacts 1 The wire gauge for the terminal block should be in the range of 12 24 AWG 2 When performing any of the procedures like inserting the wires or tighten the wire clamp screws make sure the power is OFF to prevent from getting an electric shock 43 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 1 6 Wiring the Digital Input Output The 6 contact terminal block connector on the rear panel of NS3552 8P 2S is used for Digital Input and Digital Output Please follow the steps below to insert wire 1 The NS3552 8P 2S offers two DI and DO groups 1 and 2 are DI groups 3 and 4 are DO groups and 5 and 6 are GND ground p00000 LJ ty DCi Fault DC2 Input DC 48 0000000000 ooo0oo0oo0oo0oo0o0o00 ooo0oo0oo0oo0oo0oo0o0o0 ooo0oo0oo0oo0oo0oo0o0o0 Figure 2 6 Wiring the Redundant Power Inputs 2 Tighten the wire clamp screws for preventing the wires from loosening 1 2 3 4 5 6 DIO DH DOO DO1 GND GND Figure 2 7 6 Pin Terminal Block DI DO Wiring Input 3 There are two Digital Input groups for you to monitor two different
281. between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN an explicit leave message and query messages that are specific to a given group The states a computer will go through to join or to leave a multicast group are shown below 172 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Non Member Leave Group Stop Timer Join Group Send Report Start Timer Leave Group Query Recelved Start Timer Report Received Stop Timer Timer Expried Send report Figure 4 8 4 IGMP State Transitions Delaying Member Idle Member a IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one rou
282. ble Disable aging 430 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual default Show current enabledness of aging Default Setting disable Example Enable limit aging NS3552 8P 2S gt security network limit aging enable Security Network Limit Agetime Description Time in seconds between check for activity on learned MAC addresses Syntax Security Network Limit Agetime lt age_time gt Parameters lt age_time gt Time in seconds between checks for activity on a MAC address 10 10000000 seconds default Show current age time Default Setting 3600 Example Set age time in 100sec NS3552 8P 2S gt security network limit agetime 100 Security Network Limit Port Description Set or show per port enabledness Syntax Security Network Limit Port lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port security on this port 431 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual disable Disable port security on this port default Show current port enabledness of port security limit control Default Setting disable Example Enable port limit for port 1 NS3552 8P 2S gt security network limit port 1 enable Security Network Limit Limit Description Set or show the max number of MAC addresses that can be learned on this set of ports Syntax Security Network Limit Limit lt port_list gt
283. c policy value The allowed range is 0 to 255 e Policy Bitmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to Oxff e Frame Type Select the frame type for this ACE These frame types are mutually exclusive E Any Any frame can match this ACE 222 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or equal to 1536 decimal equal to 0600 hexadecimal E ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with ethernet type E Pv4 Only IPv4 frames can match this ACE Notice the IPv4 frames won t match the ACE with ethernet type Action Specify the action to take with a frame that hits this ACE E Permit The frame that hits this ACE is granted permission for the ACE operation E Deny The frame that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 16 Disabled indicates that the rate limiter operation is disabled EVC Policer Select whether EVC policer is enabled or disabled The default value is Disabled EVC Policer ID Select which EVC policer ID to apply on this ACE The allowed values are Disabled or the values 1 through 128 Port Redirect Frames that hit the ACE are redirected to th
284. c received on the supplicant s port will be classified to the given QoS Class If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assignea This option is only available for single client modes i e e Port based 802 1X Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description of the RADIUS attributes needed in order to successfully identify a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 3 which translates into the desired QoS Class in the range 0 3 e RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN
285. c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 enable Enable the designated IPv6 Interface disable Disable the designated IPv6 Interface IPv6 Ping6 Description Ping IPv6 address ICMPv6 echo Syntax IP IPv6 Ping6 lt ipv6_addr gt Length lt ping_length gt Count lt ping_count gt Interval lt ping_interval gt Parameters 368 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt ipv6_addr gt IPv6 host address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 length PING Length keyword lt ping_length gt Ping ICMP data length 2 1452 Default is 56 excluding MAC IP and ICMP headers count PING Count keyword lt ping_count gt Transmit ECHO REQUEST packet count 1 60 Default is 5 interval PING Interval keyword lt ping_interval gt Ping interval 0 30 Default is 0
286. cal Ports Shows which ports are a part of this aggregation for this switch Buttons Refresh Click to refresh the page immediately Auto refresh Automatic refresh occurs every 3 seconds 121 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 5 4 LACP Port Status This page provides a status overview for LACP status for all ports The LACP Port Status screen in Figure 4 5 6 appears LACP Status Partner Partner Partner LACP Aggr ID System ID Partner Priority No O 000 UN h Auto refresh C Figure 4 5 6 LACP Status Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled e Key The key assigned to this port Only ports with the same key can aggregate together e Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs e Partner System ID The partners System ID MAC address e Partner Port The partner port number connected to this port Buttons Refresh Click to refresh the page immediately Auto refresh i i Automatic refresh occurs every 3 seconds 4 5 5 LACP Port Statistics This
287. cal access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information from the client verifying that information with the authentication server and relaying a response to the client The switch includes the RADIUS client which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol EAP frames and interacting with the authentication server When the switch receives EAPOL frames and relays them to the authentication server the Ethernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the switch receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet and sent to the client E Authentication Initiation and Message Exchange The switch or the client can initiate authentication If you enable authentication on a port by using the dot1x port control auto interface configuration command the switch must initiate authentication when it determines that the port link state transitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial ide
288. can join MLD filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled MLD join reports received on the port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group The MLD Snooping Port Group Filtering Configuration screen in Figure 4 8 13 appears MLD Snooping Port Group Filtering Configuration Filtering Groups Add New Filtering Group Save Reset Figure 4 8 13 MLD Snooping Port Group Filtering Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e Filtering Group The IP Multi
289. cast Group that will be filtered Buttons Add New Filtering Group Save Click to save changes Click to undo any changes made locally and revert to previously saved values Click to add a new entry to the Group Filtering table 185 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 11 MLD Snooping Status This page provides MLD Snooping status The IGMP Snooping Status screen in Figure 4 8 14 appears Auto refresh C Refresh Clear MLD Snooping Status Statistics VLAN Querier Host Querier Queries Queries V1 Reports V2 Reports V1 Leaves ID Version Version Status Transmitted Received Received Received Received Router Port 7 2 3 4 5 6 f 8 9 0 h Figure 4 8 14 MLD Snooping Status Page Screenshot The page includes the following fields Object Description e VLAN ID The VLAN ID of the entry e Querier Version Working Querier Version currently e Host Version Working Host Version currently e Querier Status Show the Querier status is ACTIVE or IDLE e Queriers Transmitted The number of Transmitted Queriers e Queriers Received The number of Received Queriers e V1 Reports Received The number of Received V1 Reports e V2 Reports Received The number of Received V2 Reports V1 Leave Received The number of Received V1 Leaves Buttons Auto refresh i Check this box to refresh the page automatically Automatic refres
290. ccsseeeeeseeesseeseseeeeneeeeeeeeees 612 A 2 10 100Mbps 10 00B ase TA a a Gal ea dan inalienable 612 APPENDEX B GLOSSAR Visiosiarnicaaaianaconan ancadiievcncaddes cncudicaunccadesanccddevanccadavanccaisvercctiavenaetics 614 23 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 1 INTRODUCTION IFS Industrial Managed Switches 40 75 degree C are managed switches with multiple Gigabit copper ports or Gigabit SFP mini GBIC slots with connective ability and robust layer 2 features DEEPEST Industrial 8 Port 10 100 1000T 802 3at PoE 2 100 1000X SFP Managed Switch 40 75 degrees C Industrial 8 port Gigabit Fiber SFP Industrial Managed Switch 2 10 100 1000T 40 75 degrees C The text Industrial Managed Switch mentioned in this User Guide represents the above two models This manual represents multiple products which have similar features and functions however there may be some differences between products such as the number or type of connectivity ports and PoE functions 1 1 Packet Contents Open the box of the Industrial Managed Switch and carefully unpack it The box should contain the following items M Industrial Managed Switch x1 M Quick Installation Guide x1 M User s Manual CD x1 M DIN Rail Kit x 1 M Wall Mounting Kit x 1 M RS232 Console Cable x1 M Dust Cap x 11 If any of these are missing or damaged please contact your dealer immediately If possible retain the carton including the original packing materi
291. ce Guard conflicts Shows all conflict status default Shows the combined status Example Show ACL status NS3552 8P 2S gt security network acl status Security Network DHCP Relay Configuration Description Show DHCP relay configuration Syntax Security Network DHCP Relay Configuration 446 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Show DHCP relay configuration NS3552 8P 2S gt security network dhcp relay configuration DHCP Relay Configuration DHCP Relay Mode Disabled DHCP Relay Server NULL DHCP Relay Information Mode Disabled DHCP Relay Information Policy replace Security Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered disable Disable DHCP relaly mode default Show flow DHCP relaly mode Default Setting disable Example Enable DHCP relay mode NS3552 8P 2S gt security network dhcp relay mode enable Security Network DHCP Relay Server Description Show or set DHCP relay server 447 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Security Network DHCP Relay Server lt ip_addr gt
292. ch field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example To add IPv6 NTP server NS3552 8P 2S gt ip ntp server ipv6 add 1 2001 7b8 3 2c 123 IP NTP Server Delete Description Delete NTP server entry Syntax IP NTP Server Delete lt server_index gt Parameters lt server_index gt The server index 1 5 Example To delete NTP server NS3552 8P 2S gt ip ntp server delete 1 371 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 3 Port Management Command Port Configuration Description Show port configuration Syntax Port Configuration lt port_list gt up down Parameters lt port_list gt Port list or all default All ports up Show ports which are up down Show ports which are down default Show all ports Example Display port1 4 status NS3552 8P 2S gt port configuration 1 4 Port Configuration Flow Control MaxFrame Power Excessive Link Enabled Auto Disabled Disabled Discard Down Enabled Auto Disabled Disabled Discard Down Enabled Auto Disabled Disabled Discard Down Enabled Auto Disabled Disabled Discard Down Port Mode Description Set or show the port speed and duplex mode Syntax Port Mode lt port_list g
293. cne reas cez See hn ete aees Seats lS A amt Neate 468 STP MSTI Addis 469 SPP Port GombiQur ethos csn tek aaa ias 469 STP Port Mode ltd do hide lo di 470 SIP PorEdge id ias 470 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP Port AltoE dge cuna edad ENEA 471 SIP Port PROP PTAA E A e E e Td 471 STP Port RestrictedRole ocio ace ie ae teh ie A eee eee A ds 472 STP Port Restricted Tenia ee dit 472 STP PoOrtbpauGuard is cri ii air airada bes cerco alii Pi 473 AS LE OERE E TE EE 473 STP Port Moche kia a 474 STP MST Port Gontiguration ictericia 474 STEMS TIPON COS turca Aton ad Rohe win ae latin io ei edt hadi 475 STP MST PO Priority ra aliada 475 6 9 Link Aggregation Command coccion 477 Aggregation Configurations sccs0 sch iis EE TAE A EAA AOT 477 AQ GPEC ALO MA iia AA A ee 477 Aggregation Delete vicio ai a ee cepa 477 Aggregation LOOKUP aos did dee eies 478 Aggregation Mode oia AA ee 478 6 10 Link Aggregation Control Protocol Command nmminccccccconnnocnnnnnnnncr carr 480 LAGP ConfigUratiO iii A A ll lee ee A td 480 LACP Mode una a e o e e o o e EL a 480 LACP KeoYis tas A et eae eri la at tae ae bi t 481 LACP Pros is de a e A A e Piedra ti 481 LACP System Pri e seein deol eet 482 EAGPRoleais ten eeth o e her e tee dale den eat dede len Seas 482 LAGP SIAlUS airada ette 483 EAGP StaliStiGS c aisiscteget eters hacectet o a cpcablacs ceed ab azeiietes se Rasas a 483 LAGP Timeouts sca c tt ents oa A A A eT ee 484 6 1 LEDP
294. cnnoncnnnncnnoncnnnn cnn nc cnn cnn rca 590 6 30 SMTP Command oi ii er detained 591 SMIP ConfiguradtiON lt a cotilla dali ls ia 591 SMTP Mode riscos Mie Aer et ee A ee ee ii 591 O IO 591 SMTP Auth csc tities ei tied eee ns ee dd eee de eee ede de ee 592 SMUPsAuUth USGI aie A A A Sex gia ae ed eee a Bie ei 592 SMTP Auth passat dsd eds Jeena nes eden ante dad des 593 SMTP Mail roma tr NIE loro an 593 SMTP MallSUD SC tion eee dee a ai 593 SIM Pail da ct o e e e toate eee cd 594 SMTP MalltO Dido atte dee hee taa RAS deception ee ve eee edie 594 SMTP Est ts E 594 6 31 DIDO COMMAND ieee iii ida ia 595 DIDOI DEA A E 595 21 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual DIDO DIDesciptiO secure cdt dz tidad ada 595 DIDO DIEnables 0 oa 596 DIDO DO Altuna ies AS A vo ee A 596 DIDO DO Enable cio eck ee ea de a ee Dd 597 DIDO DO Port Alain dl lui iba ist 597 DIDODO Power UE A T inn naaa ina 598 DIDO Fault Actie nan r a ie 598 DIDO Fault Enables naaa api 599 DIDO Fault Port Alar totalidad dicte a toa 599 DIDO Fault Power Alan aa E iaa iia 599 6 32 SHOW COMMAND ad 600 NN Ie 600 SNOW AGL we gig ei A AA AA AA Aa 600 Show Aggregati Miena a a a a aa oo 600 SHOWARP ici id EE ei ee ee 600 SHOW AGH ii AAA ie es ee ce cde eet 600 Show DHCP Relay ivi iaa hea ead 601 SHOW EEE cuecen tt eed dees dt eu ti 601 SNOW ATMS minar ati do dle ce ok sib bt aro dad 81S ozs reid ae Past oes sare Raed ooh th e seat ee Rac MU 601 SHOW IGMP ovocitos ee ee
295. continues to use the RPL if it is not failed after a protection switch condition has cleared e VLAN Config VLAN configuration of the Protection Group Click on the VLAN Config link to confure VLANs for this protection group PRL Configuration Object Description e PRL Role It can be either RPL owner or RPL Neighbour e PRL Port This allows to select the east port or west port as the RPL block e Clear If the owner has to be changed then the clear check box allows to clear the RPL Instance Command Object owner for that ERPS ring Description e Command Administrative command A port can be administratively configured to be in either manual switch or forced switch state e Port Instance State Port selection PortO or Port1 of the protection Group on which the command is applied Object Description e Protection State ERPS state according to State Transition Tables in G 8032 346 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e PortO0 e Port1 OK State of East port is ok SF State of East port is Signal Fail OK State of West port is ok SF State of West port is Signal Fail e Transmit APS The transmitted APS according to State Transition Tables in G 8032 e Port 0 Receive APS The received APS on Port 0 according to State Transition Tables in G8032 e Port 1 Receive APS e WTR Remaining The received APS on Port 1 according to State Transition
296. cronym for Automatic Protection Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Using multiple ports in parallel is to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device Auto negotiation is the process where two different devices establish the mode of operation and the speed settings that can be shared by those devices for a link CC is an acronym for Continuity Check It is a MEP functionality that is able to detect loss of continuity in a network by 615 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual transmitting CCM frames to a peer MEP CCM is an acronym for Continuity Check Me
297. cter must not be a minus sign System Timezone Offset Description Set or show the system timezone offset Syntax System Timezone Offset lt offset gt 356 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt offset gt Time zone offset in minutes 7200 to 7201 relative to UTC System Contact Description Set or show the system contact Syntax System Contact lt contact gt clear Parameters lt contact gt System contact string 1 255 Use clear or to clear the string In CLI No blank or space characters are permitted as part of a contact clear Clear system contact Default Setting empty System Log Server Address Description Show or set the system log server address Syntax System Log Server Address lt ip_addr_string gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string Default Setting empty Example To set log server address NS3552 8P 2S gt log server address 192 168 0 21 357 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual System Timezone Acronym Description Set or show the system timezone acronym Syntax System Timezone Acronym lt acronym gt Parameters lt acronym gt Time zone acronym 0 16 characters Default Setting empty System DST Configuration Description Show Daylight Saving Time configuration Syntax System DST Configuration System Location Description
298. d 280 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted e Rxand Tx Lease The number of lease unassigned option 53 with value 11 packets received and Unassigned transmitted e Rxand Tx Lease The number of lease unknown option 53 with value 12 packets received and Unknown transmitted e Rxand Tx Lease The number of lease active option 53 with value 13 packets received and Active transmitted Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Refresh Clear _ clear J Clears the counters for the selected port 281 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Source Guard related configuration The IP Source Guard Configuration screen in Figure 4 12 10 appears IP Source Guard Configuration ede ocea Translate dynamic to static Port Mode Configuration Port Mode Max Dynamic Clients lt All gt lt All gt
299. d Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Description Set or show LLDP mode Syntax LLDP Mode lt port_list gt enable disable rx tx Parameters lt port_list gt Port list or all default All ports enable Enable LLDP reception and transmission disable Disable LLDP rx Enable LLDP reception only tx Enable LLDP transmission only default Show LLDP mode 485 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting disable Example Enable port1 LLDP function NS3552 8P 2S gt Ildp mode 1 enable LLDP Optional TLV Description Show or Set LLDP Optional TLVs Syntax LLDP Optional_TLV lt port_list gt port_descr sys_name sys_descr sys_capa mgmt_addr enable disable Parameters lt port_list gt Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr _ Description of the system sys_capa System capabilities mgmt_addr _ Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting Description of the port Enable System name Enable Description of the system Enable System capabilities Enable Master s IP address
300. d Span PSE NS3552 8P 2S Complies with IEEE 802 3af Power over Ethernet End Span PSE Up to 8 IEEE 802 3af 802 3at devices powered NS3552 8P 2S Supports PoE Power up to 15 4watts or 30 8 watts for each PoE port NS3552 8P 2S Auto detect powered device PD Circuit protection prevents power interference between ports Remote power feeding up to 100m PoE Management features e IEEE 802 3af and IEEE 802 3at mode switch control NS3552 8P 2S e Total PoE power budget control e Per port PoE function enable disable e PoE Admin mode control e PoE Port Power feeding priority e Per PoE port power limit e PD classification detection e Temperature Threshold Control e PoE Usage Threshold Control e PD Alive Check e PoE Schedule e PD Power Recycling Schedule gt Industrial Case Installation IP30 aluminum metal case protection DIN rail and wall mount design 48V DC redundant power with polarity reverse protect function Supports EFT protection 6000 VDC for power line Supports 6000 VDC Ethernet ESD protection 40 to 75 degrees C operating temperature 30 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual gt Digital Input Digital Output 2 Digital Input Dl m 2 Digital Output DO Integrate sensors into auto alarm system E Transfer alarm to IP network via email and SNNP trap gt Layer 2 Features Prevents packet loss with back pressure half duplex and IEEE 802 3x PAUSE frame flow control full duplex E
301. d duplex mode of the partner device The Industrial Managed Switch is run at Auto negotiation mode and if the partner is set to half duplex then the performance will be poor Per port LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Why the Industrial Managed Switch doesn t connect to the network Solution Check per port LED on the Industrial Managed Switch Try another port on the Industrial Managed Switch Make sure the cable is installed properly Make sure the cable is the right type Turn off the power After a while turn on power again Can install MGB SX or other non wide temperature SFP module into SFP slot of Industrial Managed Switch Solution Yes it does However since the MGB SX and other non wide temperature SFP module cannot operate under 40 to 75 Degree C Please pay attention to this point and consider use IFS wide temperature SFP module for Industrial Managed Switch 610 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E while IP Address be changed or forgotten admin password To reset the IP address to the default IP Address 192 168 0 100 or reset the password to default value Press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the manag
302. d values Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 6 14 Protocol based VLAN Membership This page allows you to map an already configured Group Name to a VLAN for the switch The Group Name to VLAN Mapping Table screen in Figure 4 6 20 appears Group Name to VLAN mapping Table Port Members ESA Delete Group Name vian x0 2JaJa5 o 7 9 9 50 No GGroupentries Ci No Group entries Add New Entry Reset Auto refresh L Refresh Figure 4 6 20 Group Name to VLAN Mapping Table Page Screenshot The page includes the following fields Object Description e Delete To delete a Group Name to VLAN map entry check this box The entry will be deleted on the switch during the next Save e Group Name A valid Group Name is a string of almost 16 characters which consists of a combination of alphabets a z or A Z and integers 0 9 no special character is allowed Whichever Group name you try mapping to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page e VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 e Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To rem
303. d when Ethernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 Oxffff 2 For LLC Valid value in this case is comprised of two different sub values a DSAP 1 byte long string 0x00 Oxff b SSAP 1 byte long string 0x00 Oxff 3 For SNAP Valid value in this case also is comprised of two different sub values a OUI OUI Organizationally Unique Identifier is value in format of XX XX xx where each pair xx in string is a hexadecimal value ranges from Ox00 Oxff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if value of OUI field is 00 00 00 then value of PID will be etype 0x0600 Oxffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to Oxffff e Group Name A valid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed 148 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Add New Enty Click to add a new entry in mapping table Save Click to save changes Click to undo any changes made locally and revert to previously save
304. ded The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again E Configure Sample EAP MD5 Authentication 1 Goto Start gt Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window 3COM 3C940 Status General Support Connection Status Connected Duration 03 35 37 Speed 100 0 Mbps Activity Sent 53 Received Cab 146 938 760 110 212 126 z Figure 4 11 18 265 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 Select Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type 4 3COM 3C940 Properties General Authentication Advanced Select this option to provide authenticated network access for Ethernet networks Enable IEEE 802 1 authentication for this network EAP type Protected EAP PEAP MD5 Challenge Protected EAP PEAP Smart Card or other Certificate Authenticate as computer when computer information is available C Authenticate as quest whe
305. dentification Extended Power via MDI PSE Extended Power via MDI PD Inventory Reserved NOOR WOND e Application Type Application Type indicating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The possible application types are shown below Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services Streaming Video for use by broadcast or multicast based video content 302 IFS NS3552 8P 2S A
306. devices The following topology shows how to wire DIO and DI1 44 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Door Open Detector Power Source GND Smoke Sensor Figure 2 8 Wires DIO and DI1 to Open Detector There are two Digital Output groups for you to sense the Industrial Switches port failure or power failure and issue a high or low signal to external device The following topology shows how to wire DOO and DO1 GND Sprinkler System Figure 2 9 Wires DOO and DO1 to Open Detector 45 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 2 Install the Industrial Managed Switch This section describes how to install the Industrial Managed Switch and make connections to it Please read the following topics and perform the procedures in the order being presented To install your Industrial Managed Switch on a desktop or shelf simply complete the following steps In this paragraph we will describe how to install the Industrial Managed Switch and the installation points attended to it 2 2 1 Installation Steps 1 Unpack the Industrial Managed Switch 2 Check if the DIN Rail is screwed on the Industrial Managed Switch or not If the DIN Rail is not screwed on the Industrial Managed Switch please refer to DIN Rail Mounting section for DIN Rail installation If users want to wall mount the Industrial Managed Switch please refer to the Wall Mount Plate Mounting section for wall mount plate installation 3 To hang
307. dol paid 443 Security NetWwork AGL Add ici o o A i co E he dence 443 Security Network ACL Delete 2 sec yeeecseicads spaicecevigatad dea aa a aE aa a a a Aa Aa Aa aa E A EEan an ainidi 445 Security Network ACL Lookup sheret eed E E ai 445 Security Network AGL Clean ia aa oil 445 Security Network ACI StatUS cotarro dd dd des do 446 Security Network DHCP Relay Configurati0N oooooocnnccinnncnncccnoncnnncncnonnnnnnccnnnca nan cc ronca rn cnn rca rra cnn 446 Security Network DHCP Relay Mode coooooooccccoccccoocccocccooncononccnoncnnnn cc non cnn cnc ron narran rra nr 447 Security Network DHCP Relay Servet c cceccceesceeeeeeeeneeeeeeeeeaeeseaeeeeaeeeeaeeseaeeseaeeseaeeeeaeeseaeeseaeeseeeeseeeeeneeenieeeeaees 447 Security Network DHCP Relay Information Mode oooociocccnncccnocccnocccnonccnonccnnnnn nan cc non ca nnn corn carr rn rra cnn rana 448 Security Network DHCP Relay Information POliCY ooooncnnnccinnncnnnccnoncnnncccnonnnnnrncnnrnc nan cc roca nn nc nr 449 Security Network DHCP Relay Statistics oooonocinicicnnninnnnnncccnoccnnorncnnrnn non crac nan n nn carr cnn 449 Security Network DHCP Snooping ConfiguratiON oococionccnnnccinncnnncccnocnnnnnncnnnnnnnncc ronca nan cn rana 450 Security Network DHCP Snooping Mode oooococccccocccoccconoccnonccnnnnononccnnnnannn cnn rca nn cr nn narran rra 450 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network DHCP Snooping Port Mode cccccccceeseeeeeeeeeeeeeeneeeeae
308. e v1 Forced Compatibility of IGMPv1 or MLDv1 v2 Forced Compatibility of IGMPv2 or MLDv2 v3 Forced Compatibility of IGMPv3 default Show IPMC Interface Compatibility IPMC Fastleave Description Set or show the IPMC snooping fast leave port mode Syntax IPMC Fastleave mld igmp lt port_list gt enable disable Parameters mld igmp mld IPMC for IPv6 MLD 578 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual igmp IPMC for IPv4 IGMP lt port_list gt Port list or all default All ports enable Enable MLD fast leave disable Disable MLD fast leave default Show IPMC fast leave mode Default Setting disable Example Enable IGMP fast leave for all port NS3552 8P 2S gt ipmc fastleave igmp 1 10 enable IPMC Throttling Description Set or show the IPMC port throttling status Syntax IPMC Throttling mld igmp lt port_list gt limit_group_number Parameters mid igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt port_list gt Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IPMC Port Throttling Default Setting Unlimited Example Set the max learn 10 groups for ICMP port throttling NS3552 8P 2S gt ipmc throttling igmp 1 10 10 579 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IPMC Filtering Description Set or show the IPMC port group filtering list Syntax IPMC Filtering mld igmp lt port_list gt
309. e Disable IPMC Leave Proxy default Show global IPMC Leave Proxy mode 574 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting disable Example Enable IGMP Leave Proxy NS3552 8P 2S gt ipmc leave proxy igmp enable IPMC Proxy Description Set or show the mode of IPMC Proxy Syntax IPMC Proxy mldligmp enable disable Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP enable Enable IPMC Proxy disable Disable IPMC Proxy default Show global IPMC Proxy mode Default Setting disable Example Enable IGMP Proxy NS3552 8P 2S gt ipmc proxy igmp enable IPMC SSM Description Set or show the IPMC SSM Range Syntax IPMC SSM mld igmp Range lt prefix gt lt mask_len gt 575 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP range SSM Range keyword lt prefix gt IPv4 IPv6 multicast group address accordingly lt mask_len gt Mask length for IPv4 4 32 IPv6 8 128 ssm range accordingly IPMC VLAN Add Description Add the IPMC snooping VLAN interface Syntax IPMC VLAN Add mldligmp lt vid gt Parameters mld igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 IPMC VLAN Delete Description Delete the IPMC snooping VLAN interface Syntax IPMC VLAN Delete mld igmp lt vid gt Parameters mld igmp mid
310. e is reserved The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 md5 An optional flag to indicate that this user using MD5 authentication protocol The allowed length is 8 32 and the allowed content is ASCII characters from 33 to 126 sha An optional flag to indicate that this user using SHA authentication protocol The allowed length is 8 40 and the allowed content is ASCII characters from 33 to 126 lt auth_password gt A string identifying the authentication pass phrase des An optional flag to indicate that this user using DES privacy protocol privacy protocol should belong to The allowed string length is 8 32 and the allowed content is ASCII characters from 33 to 126 lt priv_password gt A string identifying the privacy pass phrase The allowed string length is 8 40 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 user entry NS3552 8P 2S gt security switch snmp user add 800007e501 7f000003 admin_snmpv3 md5 12345678 des abcdefgh Security Switch SNMP User Delete Description Delete SNMPv3 user entry Syntax Security Switch SNMP User Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 user entry NS3552 8P 2S gt security switch snmp user delete 1 417 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP User Changekey Description Change SNMPv3 user password
311. e the entry with the lowest VLAN ID gt gt L gt J Updates the table starting with the entry after the last entry currently displayed Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 4 IGMP Snooping Port Group Filtering In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service is based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the act
312. e IGMP SFM Information Table The Start from VLAN and Group input fields allow the user to select the starting point in the IGMP SFM Information Table The IGMPv3 Information screen in Figure 4 8 10 appears IGMP SFM Information Auto refresh Refresh lt lt gt gt Start from VLAN 1 and Group 224 0 0 0 with 20 entries per page No more entries VLAN ID Group Port Mode Source Address Hardware Filter Switch Figure 4 8 10 IGMP SFM Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group address of the group displayed e Port Switch port number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 e Type Indicates the Type It can be either Allow or Deny e Hardware Filter Indicates whether data plane destined to the specific group address from the Switch source IPv4 address could be handled by chip or not Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Lk Updates the table starting with the first entry in the IGMP Group Table Updates the table starting with th
313. e RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting disable Example Enable NAS RADIUS VLAN NS3552 8P 2S gt security network nas radius_vlan enable Security Network NAS Guest_VLAN Description Set or show either global enabledness and parameters use the global keyword or per port enabledness of Guest VLAN Unless the global keyword is used the lt reauth_max gt and lt allow_if_eapol_seen gt parameters will not be unused Syntax Security Network NAS Guest_VLAN global lt port_list gt enable disable lt vid gt lt reauth_max gt lt allow_if_eapol_seen gt Parameters global Select the global Guest VLAN setting lt port_list gt Select the per port Guest VLAN setting default Show current per port Guest VLAN enabledness enable disable enable Enable Guest VLAN either globally or on one or more ports 439 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual disable Disable Guest VLAN either globally or on one or more ports default Show current Guest VLAN enabledness lt vid gt Guest VLAN ID used when entering the Guest VLAN Use the global keyword to change it default Show current Guest VLAN ID lt reauth_max gt The value can only be set if you use the global keyword in the beginning of the command The number of times a Reque
314. e beginning of the Dynamic ARP Inspection Table The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address 289 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The gt gt will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Port Switch Port Number for which the entries are displayed e VLAN ID VLAN ID in which the ARP traffic is permitted e MAC Address User MAC address of the entry e IP Address User IP address of the entry Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refiesh Refreshes the displayed table starting from the input fields Lk Updates the table starting from the first entry in the Dynamic ARP Inspection Table gt gt gt Updates the table starting with the e
315. e entry after the last entry currently displayed 4 8 8 MLD Snooping Configuration This page provides MLD Snooping related configuration The MLD Snooping Configuration screen in Figure 4 8 11 appears 181 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MLD Snooping Configuration Global Configuration Snooping Enabled Unregistered IPMCv6 Flooding Enabled MLD SSM Range Leave Proxy Enabled Proxy Enabled Router Port Throttling lt All gt E unlimited E unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited 1 2 3 4 5 6 7 8 9 0 unlimited Figure 4 8 11 MLD Snooping Configuration Page Screenshot The page includes the following fields Object Description e Snooping Enabled Enable the Global MLD Snooping e Unregistered IPMCv6 Enable unregistered IPMCv 6 traffic flooding Please note that disabling Flooding Enabled unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery e MLD SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range e Leave Proxy Enable Enable MLD Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side e Proxy Enable Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side e Router Port Specify
316. e file selection menu to choose saved Choose file Look in Config Backup gt e eE My Recent Documents esktop My Network File name cortig xml z Places Files of type All Files v Cancel A Figure 4 2 29 Windows File Selection Menu Popup Upload 2 Select on the configuration file and then click Unoa the bottom of the browser shows the upload status 3 After down the main screen appears Transfer Completed 94 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 23 Image Select This function provides dual image deposit in the Industrial Managed Switch user can select any one of the images as Active image of Industrial Managed Switch The Image Select screen in Figure 4 2 30 appears Software Image Selection Active Image A Image managed Version v1 5b131009 Date 2013 10 14T10 39 50 0800 Alternate Image Image managed bk Version 1 28f130520 Date 2013 05 20T15 04 44 0800 Activate Alternate Image Cancel Figure 4 2 30 Image Select Page Screenshot Button Activate Altemate Image Click to choose Alternate Image as Activate Image Message from webpage 2 j Sre you sure you want to activate the alternate software image Figure 4 2 31 Image Select Page Screenshot System restart in progess The system is now restarting Waiting please stand by Figure 4 2 32 Image Select Page Screenshot 95 IFS NS35
317. e first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first when the port s
318. e length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow m If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer Ifthe link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available Coupling between cable pairs m Cable pair termination Cable Length 307 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 15 1 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Start 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears ICMP Ping IP Address 0 0 0 0 Ping Length 64 Figure 4 15 1 ICMP Ping Page Screenshot The page includes the following fields Object Description e IP Address The destination IP Address e Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes e Ping Count The count of the ICMP packet Values range from
319. e port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Mirror Specify the mirror operation of this port The allowed values are E Enabled Frames received on the port are mirrored E Disabled Frames received on the port are not mirrored The default value is Disabled Logging Specify the logging operation of the ACE The allowed values are E Enabled Frames matching the ACE are stored in the System Log E Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Shutdown Specify the port shut down operation of the ACE The allowed values are E Enabled If a frame matches the ACE the ingress port will be disabled E Disabled Port shut down is disabled for the ACE Counter The counter indicates the number of times the ACE was hit by a frame 223 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E MAC Parameters Object Description e SMAC Filter Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE E Any No SMAC filter is specified SMAC filter status is don t care E Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears e SMAC Value When Specific is selected for the SMAC filter you can enter a specific source M
320. e switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in the LLDP frame OUl is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority PD is an acronym for Powered Device In a PoE system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY is an abbreviation for Physical Interface Transceiver and is the device that implements the Ethernet physical layer IEEE 802 3 ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the 623 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin computer and the PING Reply is the packet response from t
321. e them as well 4 17 1 Configuration This page allows the user to inspect the current Loop Protection configurations General Settings Enable Loop Protection seconds Shutdown Time Port Configuration seconds port Enabie acion remos lt All gt Shutdown Port Shutdown Port Shutdown Port Shutdown Port Shutdown Port Shutdown Port Shutdown Port Shutdown Port lt All gt E Enable Enable Enable E Enable Enable Enable x Enable Enable 1 2 3 4 5 6 7 8 9 Shutdown Port Shutdown Port Figure 4 17 1 Loop Protection Configuration Page Screenshot Enable x Enable The page includes the following fields General Settings Object Description e Enable Loop Protection Controls whether loop protections is enabled as a whole The interval between each loop protection PDU sent on each port Valid values are 1 to 10 seconds e Transmission Time e Shutdown Time The period in seconds for which a port will be kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are O to 604800 seconds 7 days A value of zero will keep a port disabled until next device restart 326 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Port Configuration Object Description e Port The switch port number of the port e Enable Controls whether loop protecti
322. e three levels of power priority named Low High and Critical The priority is used in the case when total power consumption has been over total power budget In this case the port with the lowest priority will be turned off and offer power for the port of higher priority e Power Allocation It can limit the port PoE supply watts Per port maximum value must be less than 15 4 30 8 watts and total ports values must be less than the Power Reservation value Once power overload is detected the port will auto shut down and keep on detection mode until PD s power consumption is lower than the power limit value NS3552 8P 2S 30 8 watts for per port PoE output 317 Buttons IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 16 4 PoE Status This page allows the user to inspect the total power consumption and total power reserved and current status for all PoE ports The screen in Figure 4 16 4 appears Power Over Ethernet Status Current Power Consumption 0 270 VWV Total Power Reserved 0 270 W Temperature 76 C 169 F The total value add from port 1 to 8 should not more than 270 watt There is 30WY resvered for PoE chip set Local Port PD Class Power Used W Current Used mA Port Status AF AT Mode PoE Search PoE Search PoE Search PoE Search PoE Search PoE Search PoE Search PoE Search
323. eaeesaeeseaeeseaeeseaeeseaeeseaeeseaeessaeeseeeseeeseaees 434 security Network NAS State ici Spat a a e aa E a a aaa e eE aaa aAA AnA IS ASER 435 Security Network NAS Reauthentication oooocccinnnnnnnccnnncnnncccnnnncnnnnnnnnnnnnn coronan nc n rca rr 435 Security Network NAS ReauthPeri0d oooooiocccincconoccccnccononcnonccnnoncnonncononcnnnncnnnnc cnn canon rra rara ner nn rn nena rara n crac 436 Security Network NAS EapolTime out coooocncccnnccononcconcccnoncnonnconancnnnncnnnncnnnn cnn rca n carne rn nr 436 Security Network NAS Age M E a a a lili 437 Security Network NAS Holdtime oooooconnccinnccnnccnnococnncccnoncnonncnnnncnnnn cn roncnnnnc aran anna ronca rare 437 Security Network NAS RADIUS_QOS cooococnccccccccnooncnonccnoncnnoncnnnncnnnn nc non carne nc nn 438 Security Network NAS RADIUS_VLAN ooonccccccccconcnnoncononnnnoncnnnnnannnnnnnncnnnn cnn rana rn rnrr nn rranrrnn 439 Security Network NAS Guest_VLAN 0 ceceeesceteseeeeseeseeeeeaeeteneeeeaeeseaeeseaeeseaeeeeaeeseaeeseaceseseeseaeeseaeessaeeseeesseeeeaes 439 Security Network NAS Authenticate oooncccnnnnnncccinncccocccnonncnonnconnncnnn nn ronca nn cnn rancia 440 Security Network NAS Statistic 30 apio patea aiii 441 Security Network ACL Configuration ooomccnncnnnnccnnnccnccccnonncnanncnnnnc nan cc non carne 441 Security Network ACL Action ici tirita ie 442 Security Network ACL PolicYioiciioiisia id e a di 442 Security Network ACL Rate ccoo iii le battle odas dd dede
324. ears MAC Address Table Configuration Aging Configuration Disable Automatic Aging E Aging Time 300 seconds MAC Table Learning Port Members li 2 3 4 5 6 7 8 9 10 Auto 09000000000 Static MAC Table Configuration Port Members EA Delete vran 10 mac address e 5 e 7 9 9 10 Add New Static Entry Figure 4 13 1 MAC Address Table Configuration Page Screenshot 286 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Aging Configuration By default dynamic entries are removed from the MAC table after 300 seconds This removal is also called aging Object Description e Disable Automatic Enables disables the automatic aging of dynamic entries Aging e Aging Time The time after which a learned entry is discarded By default dynamic entries are removed from the MAC after 300 seconds This removal is also called aging Range 10 10000000 seconds Default 300 seconds MAC Table Learning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description e Auto Learning is done automatically as soon as a frame with unknown SMAC is received e Disable No learning is done e Secure Only static MAC entries are learned all other frames are dropped Note Make sure that t
325. ecial syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once lt also used a following legally IPv4 address For example 192 1 2 34 lt ipv6_prefix gt IPv6 subnet mask default Show IPv6 prefix lt ipv6_router gt IPv6 router default Show IPv6 router IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 367 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 6082 cdb9 19ab c0e2 IPv6 Address 1192 168 0 100 IPv6 Prefix 96 IPv6 Router Example Set IPv6 address NS3552 8P 2S gt ip ipv6 setup 2001 0002 64 2100 0001 IPv6 State Description Set or show the IPv6 Interface operational state Syntax IP IPv6 State lt ipv6_addr gt enable disable Parameters lt ipv6_addr gt IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example four hexadecimal digits with a colon separates each field For example fe80 215
326. econds A value of zero disables re enabling the port Default Setting 10 Loop Protect Port Configuration Description Show Loop Protection port configuration Syntax Loop Protect Port Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Loop Protect Port Mode Description Set or show the Loop Protection port mode Syntax Loop Protect Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports 571 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual enable Enable Loop Protection disable Disable Loop Protection Loop Protect Port Action Description Set or show the Loop Protection port action Syntax Loop Protect Port Action lt port_list gt shutdown shut_log log Parameters lt port_list gt Port list or all default All ports shutdown Shutdown the port shut_log Shutdown the port and Log event log Only Log the event Loop Protect Port Transmit Description Set or show the Loop Protection port transmit mode Syntax Loop Protect Port Transmit lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Loop Protection disable Disable Loop Protection Loop Protect Status Description Show the Loop Protection status Syntax Loop Protect Status lt port_list gt 572 Parameters
327. ection all ports of Industrial Managed Switch e Mode Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Both Frames received and frames transmitted are mirrored to the mirror port For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on aA ES the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Note Buttons Save Click to save changes 114 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Click to undo any changes made locally and revert to previously saved values 4 5 Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups LAGs Port Aggregation multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol L
328. ecure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size for the RC4 stream encryption algorithm which is considered an adequate degree of encryption for commercial exchange ICMP is an acronym for Internet Control Message Protocol It is a protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections IGMP can be us
329. ed Parameters lt port_list gt Port list or all default All ports lt dynamic_entry_limit gt unlimited dynamic entry limit 0 2 or unlimited Default Setting unlimited Example Set IP source guard limit NS3552 8P 2S gt security network ip source guard 1 1 Security Network IP Source Guard Entry Description Add or delete IP source guard static entry Syntax Security Network IP Source Guard Entry lt port_list gt add delete lt vid gt lt allowed_ip gt lt allowed_mac gt Parameters 453 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt port_list gt Port list or all default All ports add Add new port IP source guard static entry delete Delete existing port IP source guard static entry lt vid gt VLAN ID 1 4095 lt allowed_ip gt IP address a b c d IP address allowed for doing IP source guard lt allowed_mac gt MAC address xx xx xx xx xx xx MAC address allowed for doing IP source guard Example Add IP source guard static entry NS3552 8P 2S gt security network ip source guard eniry 1 add 1 192 168 0 20 Security Network IP Source Guard Status Description Show IP source guard static and dynamic entries Syntax Security Network IP Source Guard Status lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show IP source guard static and dynamic entries NS3552 8P 2S gt security network ip s
330. ed Select any available link speed for the given switch port Draw the menu bar to select the mode All Setup whole ports with the same setting Auto Copper Setup Auto negotiation Auto Fiber Setup Auto negotiation 10 Half Force sets 10Mbps Half Duplex mode 10 Full Force sets 10Mbps Full Duplex mode 100 Half Force sets 100Mbps Half Duplex mode 100 Full Force sets 100Mbps Full Duplex mode 1000 Full Force sets 10000Mbps Full Duplex mode Disable Shutdown the port manually e Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed e Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes for TP port and 9000 bytes for Fiber port e Excessive Collision Configure port transmit collision behavior Mode E Discard Discard frame after 16 collisions default E Restart Restart back off algorithm after 16 collisions e Power Contr
331. ed an event Buttons Add New Entry Click to add a new community entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 332 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 18 4 RMON Event Status This page provides an overview of RMON Event table entries Each page shows up to 99 entries from the Event table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table screen in Figure 4 18 4 appears RMON Event Overview Auto refresh C Start from Control Index 0 and Sample Index 0 with 20 entries per page Event EN No more entries Figure 4 18 4 RMON Event Overview page screenshot The page includes the following fields Object Description e Event Index Indicates the index of the event entry e Log Index Indicates the index of the log entry e LogTime Indicates Event log time e LogDescription Indicates the Event description Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately e Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID gt
332. ed for online video and gaming and allows more efficient use of resources when supporting these uses A router sends IGMP Query messages onto a particular link This router is called the Querier IMAP is an acronym for Internet Message Access Protocol It is a protocol for email clients to retrieve email messages from a mail server IMAP is the protocol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server 619 IPMC IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP is an acronym for Internet Protocol It is a protocol used for communicating data across an internet network IP is a best effort system which means that no packet of information sent over is assured to reach its destination in the same condition it was sent Each device connected to a Local Area Network LAN or Wide Area Network WAN is given an Internet Protocol address and this IP address is used to identif
333. ed with a MEP ID different from all Peer MEP ID configured for this MEP e CAIS Fault Cause indicating that AIS PDU is received e cLCK Fault Cause indicating that LCK PDU is received e cSSF Fault Cause indicating that server layer is indicating Signal Fail e aBLK The consequent action of blocking service frames in this flow is active e aTSF The consequent action of indicating Trail Signal Fail to wards protection is active e Delete This box is used to mark a Peer MEP for deletion in next Save operation e Peer MEP ID This value will become an expected MEP ID in a received CCM see cMEP e Unicast Peer MAC This MAC will be used when unicast is selected with this peer MEP Also this MAC is used to create HW checking of receiving CCM PDU LOC detection from this MEP e cLOC Fault Cause indicating that no CCM has been received in 3 5 periods from this peer MEP e cRDI Fault Cause indicating that a CCM is received with Remote Defect Indication from this peer MEP e cPeriod Fault Cause indicating that a CCM is received with a period different what is configured for this MEP from this peer MEP 342 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e cPriority Fault Cause indicating that a CCM is received with a priority different what is configured for this MEP from this peer MEP Buttons Add New Peer MEP Click to add a new peer MEP Functional Configuration Instance Data Object Description
334. eeeaeeeeaeeseaeeseaeeseaeeseaeeseaeeenieeeeeeeeeeeennees 450 Security Network DHCP Snooping Statistics ceecececeeeeeeeeneeeeeeeeeeeeeaeeeeaeeeeaeeseaeeeeaeeseaeeseaeeseaeesseeeeeieeeseeeeeaees 451 Security Network IP Source Guard Configuration cccceeeccececeeeeeeeeneeeeeeeeeeeeeaeeseaeeeeeeeecaeeseaeeseaeeeeieeeeieeeeeeeeeaees 452 Security Network IP Source Guard MOde cceccceeeceeeneeeeeeeeeneeeeeeeeeaeeeeaeeseaeeeeaeeseaeeeeaeeseaeeseaeeeeaeesseeeseneeeeeeeeeaees 452 Security Network IP Source Guard Port Mode c ccooocococccioccccocccconccnonccnnn canon ccoo nn nnn cnn rca r nc rra rra 452 Security Network IP Source Guard Limit oooooncocinnccnnnccinncnnocccnnnnnnonncnnrnn non cnn nn n arc nn rca rra rana 453 Security Network IP Source Guard Entry oooooncccncccccocccnonncnonccnnnncnoncnnnn cn nnn cnn nn rara 453 Security Network IP Source Guard Status eccececeeeeeeeeeeeeeneeeeeeeeaeeeeaeeseaeeeeaeeeeseeesaeeeeeeeeaeeseeeesieeteieeeseeeeeaees 454 Security Network IP Source Guard Translation oooonnnicinnncnnnccnnncnnncccnonnnnncnnnnrnnn occ nn carr rca 454 Security Network ARP Inspection Configurati0N oomcinnnnnnnccinnccnncccnonnnnncnnnnnnnnnn cnn ca narco rn rca nn nc rra 455 Security Network ARP Inspection Mode ooooocncccinncccocccnonccnoncconnncnnnccnnnnnnnn nc rra nn crac rra 455 Security Network ARP Inspection Port Mode ooooioccccocccconcccocccnonncnonccnoncnnnnncnnn nn nnn nc nn carr cnn rra 455 Security
335. eeeeeseeeseseeeeeeeeeseeeseseeesneeeeeseeeess 562 A at sede edie tec tac T A E E A EET 562 ERPS VersiOnsccrtaaiteeviee ni tiv eed ee Abe aia deel 563 ERP ist o e o ocr aaa ees eat e a each dde at oa ne de si nce the leo e tcagsh 563 ERPS ReVversionivnaies sith ited da et wn oad 564 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS VLAN AGG a sercu cuartilla edad bata dit si n 564 ERPS VEAN Delete scooter orde taste 564 ERPS MEP ociosos Adee ee ee te elite SEL de Saeed eA a bt 565 ERPS APL Neighbour occasion 565 ERPS RARE Ownie hi cctecscieeces neces t cette Di oi teeta hee cect rd at isis 566 ERPS RAPE Neighbour Clear diria iaa 567 ERPS APL Owner Clear oa 567 ERPS Hold Off Timoteo 567 ERPS Guard timeout sccur ti atad Alo ta ah inh el eee 568 ERPS WRT OUE a a e a a a aca del caida 568 ERPS Deletennn ias A AAA AA tec 569 ERPS Topologychande siciia did et ed 569 ERPS Gontigurationt ts hain ete a c a 569 6 27 Loop Protect Command A reee e raaa eaa ee aeaea a eaae aaa aE AE aere aai eaea eaaa EESAN Eaa aana 570 Eoop Protect Configurations isossa ciel de dada ad oe 570 Eoop Protect Mode iii AAA ee ee 570 Loop Protect Transmitir Saat Wee ed ee ee a ete eet ei 570 Loop Protect SHUT OWN macia dar tdi 571 loop Protect PortGonfiguratiON aio a R e R aa 571 Loop Protect Port Mode acopio A ee ee Ee A 571 Loop Protect Port Actis ads 572 Loop Protect Por Trans Mitine de olle a a 572 Loop Protect Statuses EE A E E ET 572 6
336. elect east Port 0 or west Port 1 as RPL Block lt group id gt protection group id for selecting RPL Block Syntax Erps rpl owner lt rpl_port gt lt group id gt Parameters lt rpl_port gt RPL Block lt group id gt protection group id 1 64 566 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS RPL Neighbour Clear Description make this node as non neighbour for a protection group lt group id gt protection group id for selecting RPL Block Syntax Erps rpl neighbour clear lt group id gt Parameters lt group id gt protection group id 1 64 ERPS RPL Owner Clear Description making a node as Non RPL Block for a protection group After clear this node is nore an rpl owner for the given group east west selected east Port 0 or west Port 1 as RPL Block lt group id gt protection group id for selecting RPL Block Syntax Erps rpl owner clear lt group id gt Parameters lt group id gt protection group id 1 64 ERPS Hold Off Timeout Description configuring hold off timeout for a protection group in milliseconds 0 10000 in the increments of 100ms lt hold_timeout gt hold off timeout lt group id gt protection group id for configuring hold off time Syntax Erps hold off timeout lt hold_timeout gt lt group id gt 567 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt hold_timeout gt timer timeout values lt group id gt protectio
337. ement WEB interface within the same subnet of 192 168 0 xx Reset Button 611 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual APPENDEX A A 1 Switch s Data RJ 45 Pin Assignments 1000Mbps 1000Base T o O BLDA BIDB 2 BI_DA BI_DB 2 3 BB BIDA 2 4 BDO BIDD 5 BDC BiDD 2 6 BIDB BIDA BI_DD BI_DC 8 BI_DD BI_DC Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard A 2 10 100Mbps 10 100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment MDI MDI X Media Dependant Interface Media Dependant Interface Cross Tx transmit Tx transmit Tx transmit a l na Tx transmit 612 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The standard cable RJ 45 pin assignment The standard RJ 45 receptacle connector There are 8 wires on a standard UTP STP cable and each wire is color coded The following shows the pin allocation and color of straight cable and c
338. en Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation e DIP Mask ICMP Parameters Object When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation Description e ICMP Type Filter Specify the ICMP filter for this ACE E Any No ICMP filter is specified ICMP filter status is don t care E Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears e ICMP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value e ICMP Code Filter Specify the ICMP code filter for this ACE E Any No ICMP code filter is specified ICMP code filter status is don t care E Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears 226 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e ICMP Code Value When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 Aframe that hits this ACE matches this ICMP code value TCP UDP Parameters Object Description e TCP UDP Source Filter Specif
339. enshot After changing the default password if you forget the password please press the Reset button on the front panel of the Industrial Managed Switch over 10 seconds and then release The current setting includes VLAN and will be lost and the Industrial Managed Switch will restore to the default mode 4 2 5 Privilege Levels This page provides an overview of the privilege levels After setup is completed please press Save button to take effect Please login web interface with new user name and password the screen in Figure 4 2 7 appears Privilege Level Configuration Privilege Levels Group Name configuration Configuration Execute Status Statistics Status Statistics Read only Read write Read only Read write Aggregation 10 v 10 v DIDO 10 y 5 v Diagnostics EPS 10 v 10 pe ERPS 10 v 5 v 10 v Evc IPMC_Snooping 10 pe LACP Ec LLDP Loop_Protect 10 m 10 v MAC_Table 5 le MEP MVR 10 v 5 m 10 Maintenance 15 m 15 15 m 15 m Mirroring 5 vl PHY 10 v 5 v 10 v 71 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual o Aj Al ei 511 gt HIE A Al Al Al F 9 vo leo 10 10 LO Lo LO LO LO Lo on AA AAA Ba Bo i A gt i gt gt o uo o um un o o o Lo o Lo gt S D E Zz gt gt z 5 T D E E Ea B a oe e L SEGS CC q a JHUHHEBHHBUHUBHE O MA O a 0 MOR 0 MENA oao MO O MOR gt
340. ent configured DNS server on DUT and reply as a DNS resolver to the client device on the network Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 67 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Renew Click to renew DHCP Client This button is only available if DHCP Client is enabled 4 2 3 IPv6 Configuration Configure the switch managed IPv6 information on this page The Configured column is used to view or change the IPv6 configuration The Current column is used to show the active IPv6 configuration The screen in Figure 4 2 3 appears IPv6 Configuration Auto Configuration 192 168 0 100 Link Local Address fe80 230 4fff fe16 8163 Address 192 168 0 100 Router Figure 4 2 3 IPv6 Configuration Page Screenshot The page includes the following fields Object Description e Auto Configuration Enable IPv6 auto configuration by checking this box If system cannot obtain the stateless address in time the configured IPv6 settings will be used The router may delay responding to a router solicitation for a few seconds The total time needed to complete auto configuration can be significantly longer e Address Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7
341. ent information base MIB and network management protocol o Network management stations NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules Network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP Operations SNMP itself is a simple request response protocol NMSs can send multiple requests without receiving a response Get Allows the NMS to retrieve an object instance from the agent Set Allows the NMS to set values for object instances within an agent Trap Used by the agent to asynchronously inform the NMS of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group tha
342. entry currently displayed 193 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 Quality of Service 4 9 1 Understand QOS Quality of Service QoS is an advanced traffic prioritization feature that allows you to establish control over network traffic QoS enables you to assign various grades of network service to different types of traffic such as multi media video protocol specific time critical and file backup traffic QoS reduces bandwidth limitations delay loss and jitter It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network You can define exactly how you want the switch to treat selected applications and types of traffic You can use QoS on your system to Control a wide variety of network traffic by Classifying traffic based on packet attributes Assigning priorities to traffic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter Improve performance for specific types of traffic and preserve performance as the amount of traffic grows Reduce the need to constantly add bandwidth to the network Manage network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classific
343. er Apply a QoS profile to a port s 194 4 9 2 Port Policing IFS NS3552 8P 2S AND NS3550 2T 8S User Manual This page allows you to configure the Policer settings for all switch ports The Port Policing screen in Figure 4 9 1 appears QoS Ingress Port Policers Port Enabled Rate Unit Flow Control O lt Alb gt vw O 500 500 500 500 500 500 500 500 500 500 kbps Figure 4 9 1 QoS Ingress Port Policers Page Screenshot OOO 1000 amp UN h pooooooooOo OOOOOO0O0000O S S ILS SS ISIS The page includes the following fields Object Description e Port The port number for which the configuration below applies e Enabled Controls whether the policer is enabled on this switch port means selection all ports of Industrial Managed Switch e Rate Controls the rate for the policer The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps e Unit The Configuration All with available options will assign to whole ports Controls the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps All means all ports will have one specific setting e Flow Control If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Buttons Save Click to save changes
344. er Manual Default Setting 1 Example Set SNMP trap inform timeout in 20sec NS3552 8P 2S gt security switch snmp trap inform timeout 20 Security Switch SNMP Trap Inform Retry Times Description Set or show the SNMP trap inform retry times Syntax Security Switch SNMP Trap Inform Retry Times lt retries gt Parameters lt retries gt SNMP trap inform retransmited times 0 255 default Show SNMP trap inform retry times Default Setting 5 Example Set SNMP trap inform retry times in 10 NS3552 8P 2S gt security switch snmp trap inform retry times 10 Security Switch SNMP Trap Probe Security Engine ID Description Show SNMP trap security engine ID probe mode Syntax Security Switch SNMP Trap Probe Security Engine ID enable disable Parameters enable Enable SNMP trap security engine ID probe disable Disable SNMP trap security engine ID probe 413 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Example Set the SNMP trap security engine
345. er cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is 232 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported The 802 1X and MAC Based Authentication configuration consists of two sections a system and a port wide Overview of User Authentication It is allowed to configure the Managed Switch to authenticate users logging into the system for management access using local or remote authentication methods such as telnet and Web browser This Managed Switch provides secure
346. er central controlled IP phone system IP Camera system AP group for the enterprise For instance 8 camera AP can be easily installed around the corner in the company for surveillance demands or build a wireless roaming environment in the office Without the power socket limitation the NS3552 8P 2S PoE Switch makes the installation of cameras or WLAN AP more easily and efficiently Power Over Ethernet Status Current Power Consumption 9 22 2 240 W Total Power Reserved 9 22 7 240 W Temperature 86 C 187 F The total value add from port 1 to 8 should not more than 270 watt Local Port PD Class Power Used W Current Used mA Priority Port Status PoE Search PoE Search PoE ON PoE ON PoE Search PoE ON PoE Search PoE Search Auto Refresh C Figure 4 16 1 Power over Ethernet Status 312 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 1 Power over Ethernet Powered Device 3 5 Watts 6 12 Watts E 10 12 Watts 3 12 Watts Voice over IP phones Enterprise can install POE VolP Phone ATA and other Ethernet non Ethernet end devices to the central where UPS is installed for un interrupt power system and power control system Wireless LAN Access Points Museum Sightseeing Airport Hotel Campus Factory and Warehouse can install the Access Point anywhere with no hesitation IP Surveillance Enterprise Museum Campus Hospital Bank can install IP Camera without limits of insta
347. er dot1xAuthBackendOther 802 1X based Requesis Requests ToSupplicant Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth dot1xAuthBackendAuth 802 1X and MAC based Successes Successes Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Rx Auth dot1xAuthBackendAuth 802 1X and MAC based Failures Fails Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server Tx Responses dotixAuthBackendResp 802 1X based onses Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the 247 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted e Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the follo
348. er it if necessary e To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow e The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity Port Mirroring UP Link Source Port Target Port Monitor Client With Ethereal or Sniffer Pro Figure 4 4 5 Port Mirror Application The traffic to be copied to the mirror port is selected as follows e All frames received on a given port also known as ingress or source mirroring e All frames transmitted on a given port also known as egress or destination mirroring 113 Mirror Port Configuration IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The Port Mirror screen in Figure 4 4 6 appears The page includes the following fields Mirror Configuration Port to mirror to Mirror Port Configuration 1 2 3 4 5 6 7 8 9 0 See E Figure 4 4 6 Mirror Configuration Page Screenshot Description Object e Portto mirror on Port to mirror also known as the mirror port Frames from ports that have either source rx or destination tx mirroring enabled are mirrored on this port Disabled disables mirroring e Port The logical port for the settings contained in the same row j means sel
349. er modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refiesh Click to refresh the page immediately 277 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 7 Port Security Detail This page shows the MAC addresses secured by the Port Security module Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The Port Security Detail screen in Figure 4 12 7 appears Port Security Port Status Port 1 Portl No MAC addresses attached Auto refresh J Figure 4 12 7 Port Security Detail Screen Page Screenshot The page includes the following fields Object Description e MAC Address amp VLAN The MAC add
350. erflow happens d2ford1 Enable to use DMM DMR packets to calculate one way DM enable disable enable disable MEP Test Signal Configuration Description MEP Test Signal configuration set clear is set or clear of DEI of transmitted LBM frame prio is the priority PCP of transmitted TST frame mep is the peer MEP ID of target MEP only used if mac_adar is all zero no_seq seq is without and with transmitted sequence numbers rate is the TST frame transmission bit rate in Mbps size is the size of the un tagged TST frame four bytes will be added for each tag allzero allone onezero is pattern contained in the TST frame data TLV Syntax MEP tst config lt inst gt set clear lt prio gt lt mep gt no_seq seq lt rate gt lt size gt allzero allone onezero enable disable 518 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt inst gt Instance number set clear OAM DEI set clear lt prio gt OAM PDU priority lt mep gt This MEP id 0 0x1 FFF no_seq seq TST sequence number transmission lt rate gt Transmission bit rate of TST frames in Mbps lt size gt Size of TST data field in bytes max 1518 allzero allone onezero Data pattern to be filled in TST PDU enable disable enable disable MEP State Description MEP state get Syntax MEP state lt inst gt Parameters lt inst gt Instance number MEP Loss Measurement State Description
351. erform shortest path forwarding within the stack Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SSIDs and can choose one to connect to base on pre configuration or by displaying a list of SSIDs in range and asking the user to select one wikipedia SSH is an acronym for Secure SHell It is a network protocol that allows data to be exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsolete by RSTP SyncE Is an abbreviation for Synchronous Ethernet This functionality is used to make a network clock frequency synchronized Not to be confused with real time clock synchronized IEEE 1588 j 627 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual TACACS is an acronym for Terminal Acess Controller Access Control System Plus It is a networking protoco
352. erver IP address a b c d lt file_name gt Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load lt ip_server gt lt file_name gt check Parameters lt ip_server gt TFTP server IP address a b c d lt file_name gt Configuration file name check Check configuration file only default Check and apply file 545 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 22 Firmware Command Firmware Load Description Load new firmware from TFTP server Syntax Firmware Load lt ip_addr_string gt lt file_name gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string lt file_name gt Firmware file name Firmware IPv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load lt ipv6_server gt lt file_name gt Parameters lt ipv6_server gt TFTP server IPv6 address lt file_name gt Firmware file name Firmware Information Description Display information about active and alternate firmware images Syntax Firmware Information 546 Firmware Swap Description Activate the alternate firmware image Syntax Firmware Swap IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 547 6 23 UPnP Command UPnP Configuration Description Show UPnP configuration Syntax UPnP Configuration Example Show UPnP configuration NS3552 8P 2S gt
353. erver is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet 259 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately _ clear Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation 4 11 9 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key Authentication Server Configuration Common Server Configuration Timeout p seconds 300 seconds RADIUS Authentication Server Configuration 192 168 0 253 00000000 Figure 4 11 10 RADIUS Server Configuration Screenshot 260 2 3 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add New RADIUS Client
354. es FCC Part 15 Class A CE FCC Part 15 Class A CE Stability Testing Standards Compliance 1EC60068 2 32 Free fall 1EC60068 2 27 Shock IEC60068 2 6 Vibration IEEE 802 3 10Base T IEEE 802 3u 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP IEEE 802 3af Power over Ethernet IEEE 802 3at Power over Ethernet NS3552 8P 2S 36 802 1p priority 802 1Q VLAN tag DSCP field in IP Packet IGMP v1 v2 V3 Snooping up to 255 multicast Groups IGMP Querier mode support MLD v1 v2 Snooping up to 255 multicast Groups MLD Querier mode support IP Based ACL MAC Based ACL Up to 256 entries Per port bandwidth control Ingress 500Kb 1000Mbps Egress 500Kb 1000Mbps RFC 1213 MIB II RFC 2236 IGMPv2 RFC 2710 MLDv1 RFC 3376 IGMPv3 RFC 2879 RMON 1 2 3 9 RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC3411 SNMP Frameworks MIB IEEE 802 1X PAE IF MIB LLDP MAU MIB IEC60068 2 32 Free fall IEC60068 2 27 Shock IEC60068 2 6
355. escription Add or delete ARP inspection static entry Syntax Security Network ARP Inspection Entry lt port_list gt add delete lt vid gt lt allowed_mac gt lt allowed_ip gt Parameters lt port_list gt Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing port ARP inspection static entry lt vid gt VLAN ID 1 4095 lt allowed_mac gt MAC address xx xx xx xx xx xx MAC address allowed for doing ARP request lt allowed_ip gt IP address a b c d IP address allowed for doing ARP request Example Add ARP inspection static entry 456 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network ARP Inspection Status Description Show ARP inspection static and dynamic entries Syntax Security Network ARP Inspection Status lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show ARP inspection static and dynamic entries NS3552 8P 2S gt security network arp inspection status Security Network ARP Inspection Translation Description Translate ARP inspection dynamic entries into static entries Syntax Security Network ARP Inspection Translation Security AAA Configuration Description Show Auth configuration Syntax Security AAA Configuration Example Show Auth configuration NS3552 8P 2S gt security aaa configuration AAA Configuration Server Timeou
356. esh the page immediately 4 6 9 Port Isolation Overview When a VLAN is configured to be a private VLAN communication between ports within that VLAN can be prevented Two application examples are provided in this section e Customers connected to an ISP can be members of the same VLAN but they are not allowed to communicate with each other within that VLAN e Servers in a farm of web servers in a Demilitarized Zone DMZ are allowed to communicate with the outside world and with database servers on the inside segment but are not allowed to communicate with each other Promiscuous Promiscuous Permit Public Servers A ARS Access Deny Access Deny Access Deny Private VLAN Port Isolate For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups E Promiscuous ports Ports from which traffic can be forwarded to all ports in the private VLAN Ports which can receive traffic from all ports in the private VLAN 138 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E Isolated ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to al
357. eshold Buttons Allows setting how much PoE power budget could be limited Save Click to save changes Click to undo any changes made locally and revert to previously saved values aA a For NS3552 8P 2S the total PoE power reservation from Port 1 8 is up to 270 watts Note PD Classifications A PD may be classified by the PSE based on the classification information provided by the PD The intent of PD classification is to provide information about the maximum power required by the PD during operation Class 0 is the default for PDs However to improve power management at the PSE the PD may opt to provide a signature for Class 1 to 4 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD shall return Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 Class Usage Range of maximum power used by the PD Class Description Default 0 44 to 12 95 Watts Classification unimplemented Optional 0 44 to 3 84 Watts Very low power Optional 3 84 to 6 49 Watts Low power Optional 6 49 to 12 95 Watts or to 15 4Watts Mid power High power Optional 12 95 to 25 50 Watts or to 30 8Watts Table 4 16 1 Device class 316 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 3 Port Configuration This section allows the user to inspect and configure the current PoE po
358. ess Indicates the MAC address e VLANID Indicates the VLAN ID e Port Members Port members of the MAC based VLAN entry Buttons Auto refresh i i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 147 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 13 Protocol based VLAN This page allows you to add new protocols to Group Name unique for each Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 19 appears Protocol to Group Mapping Table No Group entry found Add New Entry Save Reset Auto refresh Refresh Figure 4 6 19 Protocol to Group Mapping Table Page Screenshot The page includes the following fields Object Description e Delete To delete a Protocol to Group Name map entry check this box The entry will be deleted on the switch during the next Save e Frame Type Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you select e Value Valid value that can be entered in this text field depends on the option selected from the preceding Frame Type selection menu Below is the criteria for three different Frame Types 1 For Ethernet Values in the text fiel
359. ess Ipv6 Add lt access_id gt lt start_ipv6_addr gt lt end_ipv6_addr gt web snmp telnet Parameters lt access_id gt entry index 1 16 lt start_ipv6_addr gt Start IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 lt end_ipv6_addr gt End IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 web Indicates that the host can access the switch from HTTP HTTPS snmp Indicates that the host can access the switch from SNMP telnet Indicates that the host can access the switch from TELNET SSH Example Add access management list from 2001 0001 to 2001 0100 via web interface Security Switch Access Delete Description Delete access management entry Syntax Security Switch Access
360. etting Disabled 496 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Enable EEE mode for port1 4 NS3552 8P 2S gt eee mode enable 1 4 EEE Urgent Queues Description Set or show EEE Urgent queues Syntax EEE Urgent_queues lt port_list gt lt queue_list gt Parameters lt port_list gt Port list or all default All ports lt queue_list gt List of queues to configure as urgent queues 1 8 or none Default Setting None 497 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 14 Thermal Command Thermal Prio_temp Description Set or show the temperature at which the ports shall be shut down Syntax Thermal prio_temp lt prio_list gt lt shut_down_temp gt Parameters lt prio_list gt List of priorities 0 3 lt shut_down_temp gt Temperature at which ports shall be shut down 0 255 degree C Thermal Port_prio Description Set or show the ports priority Syntax Thermal port_prio lt port_list gt lt prio gt Parameters lt port_list gt Port list or all default All ports lt prio gt Priority 0 3 Thermal Status Description Shows the chip temperature Syntax Thermal status 498 Thermal Configuration Description Show thermal_protect configuration Syntax Thermal configuration IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 499 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 15 PoE Command NS3552 8P
361. example switch 1 is 192 168 0 101 switch 2 is 192 168 0 102 and switch 3 is 192 168 0 103 2 On switch 1 2 amp 3 disable spanning tree protocol to avoid confliction with ERPS 349 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Setup steps Set ERPS Configuration on Switch 1 Connect PC to switch 1 directly don t connect to port 1 8 2 Logging on the Switch 1 and click Ring gt Ring Wizard Set All Switch Number 3 and Number ID 1 click Next button to set the ERPS configuration for Switch 1 ALL Switch Number 3 30 3 Number ID 1 Set MEP1 Port1 MEP2 Port2 and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 1 Owner Neighbour po pon E Sh pon p pas wane Mep b Mep 1 E Mep 2 Mep 3 I Wlan 13001 Set ERPS Configuration on Switch 2 Connect PC to switch 2 directly don t connect to port 1 amp 2 Logging on the Switch 2 and click Ring gt Ring Wizard Set All Switch Number 3 and Number ID 2 click Next button to set the ERPS configuration for Switch 2 ALL Switch Number 3 30 3 Number ID 2 Set MEP3 Port2 MEP 4 Porti and VLAN ID 3001 click Set button to save the ERPS configuration for Switch 2 Owner Neighbour Switch 1 itch itch wite Pon 2 Switch 2 Port I Switch 3 Wlan
362. excluding 0x800 IPv4 and 0x86DD IPv6 lic LLC keyword lt dsap gt Destination Service Access Point 0x00 0xFF or any lt ssap gt Source Service Access Point 0x00 OxFF or any lt control gt LLC control 0x00 OxFF or any snap SNAP keyword lt pid gt Protocol ID EtherType or any ipv4 IPv4 keyowrd lt protocol gt IP protocol number 0 255 TCP or UDP or any lt sip gt Source IP address a b c d n or any lt dscp gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 or any specific range lt fragment gt IPv4 frame fragmented yes no any lt sport gt Source TCP UDP port 0 65535 or any specific or port range lt dport gt Dest TCP UDP port 0 65535 or any specific or port range ipv6 IPv6 keyowrd lt sip_v6 gt IPv6 source address a b c d n or any 32 LS bits lt class gt QoS Class class 0 7 default basic classification lt dp gt DP Level dp 0 1 default basic classification lt classified_dscp gt DSCP dscp 0 63 BE CS1 CS7 EF or AF11 AF43 QoS QCL Delete Description Delete QCE entry from QoS Control list Syntax QoS QCL Delete lt qce_id gt Parameters lt qce_id gt QCE ID 1 256 default Next available ID Default Setting disable Example Enable multicast storm control in 2fps NS3552 8P 2S gt QoS Storm multicast enable 2 540 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS QCL Lookup Description Lookup
363. factory default mode Console Reset Button RESET 4 LNk acy PoE In Use Figure 2 3 Reset button of Industrial Managed Switch AAA lt 5 sec System Reboot Reboot the Industrial Managed Switch Reset the Industrial Managed Switch to Factory Default configuration The Industrial Managed Switch will then reboot and load the default settings as below gt 10 sec Factory Default Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 40 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 1 3 LED Indicators E System Function Lights to indicate that the Switch is powered on by DC1 input Lights to indicate that the Switch is powered on by DC2 input Lights to indicate that Switch DC or port has failed Lights to indicate that the ERPS Ring has been created successfully Lights to indicate that Switch has enabled Ring Owner features to be expected in the future m Per 10 100 1000Mbps port with PoE 8 D Color Function 10 100 1000 Lights to indicate the port is running in 10 100 1000Mbps speed and successfully LNK ACT established ye o Blink indicates that the switch is actively sending or receiving data over that port Lights To indicate the port is providing 48 56V DC in line power Orange Off To indicate the connected device is not a POE Powered Device PD m Per SFP Interface Port 9 Port 10 m
364. fault Setting User Name Privilege admin 15 Example Show users configuration NS3552 8P 2S gt security switch user configuration Users Configuration Security Switch User Add Description Add or modify users entry Syntax 396 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch Users Add lt user_name gt lt password gt lt privilege_level gt Parameters lt user_name gt _ Astring identifying the user name that this entry should belong to The allowed string length is 1 32 The valid user name is a combination of letters numbers and underscores lt password gt The password for this user name The allowed string length is 0 32 Use clear or as null string lt privilege_level gt User privilege level 1 15 Example Add new user username test password test amp privilege 10 NS3552 8P 2S gt security switch users add test test 10 Security Switch User Delete Description Delete users entry Syntax Security Switch Users Delete lt user_name gt Parameters lt user_name gt A string identifying the user name that this entry should belong to The allowed string length is 1 32 The valid user name is a combination of letters numbers and underscores Example Delete test account NS3552 8P 2S gt security switch users delete user Security Switch Privilege Level Configuration Description Show privilege configuration Syntax
365. fault Setting Disable SMTP Mail to 1 Description Set or show SMTP e mail 1 to configure Syntax SMTP Mailto1 lt mailto1_text gt Parameters lt mailto1_text gt SMTP e mail 1 to address Default Setting Disable SMTP Mail to 2 Description Set or show SMTP e mail 2 to configure Syntax SMTP Mailto2 lt mailto2_text gt Parameters lt mailto1_text gt SMTP e mail 2 to address Default Setting Disable SMTP Test Description Test the status for linking to SMTP server Syntax SMTP Test 594 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 31 DIDO Command DIDO DI Act Description Set or show the system digital input0 1 action Syntax DIDO Di_act first second 1 2 enable disable Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select 1 System Log 2 SNMP Trap default set or show digital input 0 1 action enable Enable digital input0 1 function disable Disable digital input0 1 function default Set or show digital input output fault alarm 0 1 status DIDO DI Desciption Description Set or show the system digital input0 1 description Syntax DIDO Di_desc first second lt description gt Parameters first Digital Input Output O second Digital Input Output 1 default Set or show digital input output first 0 second 1 select lt description gt
366. following fields Server Statistics Object Description e Transmit to Server The number of packets that are relayed from client to server e Transmit Error The number of packets that resulted in errors while being sent to clients e Receive form Server The number of packets received from server 79 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Receive Missing Agent Option Receive Missing Circuit ID The number of packets received without agent information options The number of packets received with the Circuit ID option missing Receive Missing Remote ID The number of packets received with the Remote ID option missing Receive Bad Circuit ID The number of packets whose Circuit ID option did not match known circuit ID Receive Bad Remote ID Client Statistics Object The number of packets whose Remote ID option did not match known Remote ID Description Transmit to Client The number of relayed packets from server to client Transmit Error The number of packets that resulted in error while being sent to servers Receive from Client Receive Agent Option The number of received packets from server The number of received packets with relay agent information option e Replace Agent Option The number of packets which were replaced with relay agent information option e Keep Agent Option The number of packets whose relay agent information was retained e Dr
367. forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 NS3552 8P 2S gt stp maxage 10 464 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP FwdDelay Description Set or show the CIST MSTI bridge forward delay Syntax STP FwdDelay lt delay gt Parameters lt delay gt MSTP forward delay 4 30 and max_age lt forward_delay 1 2 Default Setting 15 Example Set STP forward delay value in 25 NS3552 8P 2S gt stp fwddelay 25 STP CName Description Set or Show MSTP configuration name and revision Syntax STP CName lt config name gt lt integer gt Parameters lt config name gt MSTP Configuration name A text string up to 32 characters long Use quotes to embed spaces in name lt integer gt Integer value Default Setting Configuration name MAC address Configuration rev 0 Example Set MSTP configuration name and revision NS3552 8P 2S gt stp cname 9f_NS3552 8P 2S 1 465 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP BPDU Filter Description Set or show edge port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BPDU Filtering for Edge ports Default Setting Disable Example Set edge port BPDU filtering NS3552 8P 2S gt stp bpdufilter enable STP BPDU Guard Description Set or show edge port BPDU Guard Syntax STP bpduGuard enable
368. ful Security 27 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The Industrial Switches offer comprehensive layer2 to layer4 access control list ACL for enforcing security to the edge lt can be used to restrict to network access by denying packets based on source and destination IP address TCP UDP port number or defined typical network applications Its protection mechanism also comprises 802 1x Port based and MAC based user and device authentication With the private VLAN function communication between edge ports can be prevented to ensure user privacy The Industrial Switches also provide DHCP Snooping IP Source Guard and Dynamic ARP Inspection functions to prevent IP snooping from attack and discard ARP packets with invalid MAC address The network administrator can now construct highly secured corporate networks with considerably less time and effort than before Flexibility and Extension Solution The mini GBIC slots built in the Industrial Switches supports dual speed that 100Base FX and 1000Base SX LX SFP Small Form factor Pluggable fiber optic modules Now the administrator can flexibly choose the suitable SFP transceiver according to not only the transmission distance but also the transmission speed required The distance can be extended from 550 meters to 2km Multi Mode fiber up to above 10 20 30 40 50 70 kilometers Single Mode fiber or WDM fiber They are well suited for applications within the enterprise data centers and distribu
369. g minute e Month End Time Setting e Date End Time Setting Select the ending month Select the ending date e Year End Time Setting e Hours End Time Setting e Minutes End Time Setting Select the ending year Select the ending hour Select the ending minute Offset Buttons e Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 8 UPnP Configuring UPnP on this page UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components The UPnP Configuration screen in Figure 4 2 10 appears UPnP Configuration Figure 4 2 10 UPnP Configuration Page Screenshot 76 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Mode Indicates the UPnP operation mode Possible modes are E Enabled Enable UPnP mode operation E Disabled Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled e TTL The TTL value is used by UPnP
370. g the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Security Level Indicates the security model that this entry should belong to Possible security models are E NodAuth NoPriv None authentication and none privacy E Auth NoPriv Authentication and none privacy E Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly e Authentication Protocol Indicates the authentication protocol that this entry should belong to Possible authentication protocol are E None None authentication protocol E MD5 An optional flag to indicate that this user using MD5 authentication protocol E SHA An optional flag to indicate that this user using SHA authentication protocol E The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly e Authentication Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 e Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are E None None privac
371. g to The allowed string length is 1 to 32 The valid user name is a combination of letters numbers and underscores e Password The password of the user The allowed string length is 0 to 32 e Privilege Level Buttons The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e which is granted the full control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access to that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Save Click to save changes Click to undo any changes made locally and revert to previously saved values Cancel Cancel Click to undo any changes made locally and return to the Users Delete User Delete the current user This button is not available for new configurations Add new user Users Configuration User Name Privilege Level i Test 1 Add New User 70 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Figure 4 2 6 User Configuration Page Scre
372. g to the VID contained within the tag Tagged packets are also assigned a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of 126 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the packet Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Ml Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to the default As new VLAN are configured in Port based mode their respective member ports are removed from the default M Assigning Ports to VLANs Before enab
373. ge shows the Access Control List ACL which is made up of the ACEs defined on this switch Each row describes the ACE that is defined The maximum number of ACEs is 256 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed and the priority is highest The Access Control List Configuration screen in Figure 4 10 2 appears Access Control List Configuration Auto refresh Refresh Clear Remove All Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port Indicates the ingress port of the ACE Possible values are E All The ACE will match all ingress port E Port The ACE will match a specific ingress port e Policy Bitmask Indicates the policy number and bitmask of the ACE e Frame Type Indicates the frame type of the ACE Possible values are E Any The ACE will match any frame type E EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE w
374. gnore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned QoS Enabled below for a detailed description The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned QoS Class functionality When checked the individual ports ditto setting determines whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS 239 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e RADIUS Assigned VLAN Enabled Class is disabled for all ports RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned VLAN Enabled below for a detailed description The RADIUS Assigned VLAN Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned VLA
375. groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Mi Untagged VLANs 127 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 6 3 VLAN Basic Information The VLAN Basic Information page displays basic information on the VLAN type supported by the Managed Switch The VLAN Basic Information screen in Figure 4 6 1 appears VLAN Basic Information YLAN Basic Information Mode IEEE 802 10 Maximum VLAN ID 4094 Maximum Number of Supported VLANs 255 Current Number of VLANs 1 VLAN Learning PL Configurable PVID Tagging Yes Figure 4 6 1 VLAN Basic Information Page Screenshot The page includes the following fields Object Description e Mode Display the current VLAN mode used by this Managed Switch a Port Based E IEEE 802 1Q VLAN e Maximum VLAN ID Maximum VLAN ID recognized by this Industrial Managed Switch e Maximum Number of Maximum number of VLANs that can be configured on this Industrial Managed Supported
376. gt Parameters lt oui_addr gt OUI address xx xx xx The null OUI address isn t allowed Example Delete Voice VLAN OUI entry NS3552 8P 2S gt voice vlan oui delete 00 11 22 Voice VLAN OUI Clear Description 559 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Clear Example Clear Voice VLAN OUI entry NS3552 8P 2S gt voice vlan oui clear Voice VLAN OUI Lookup Description Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Clear Example Lookup Voice VLAN OUI entry NS3552 8P 2S gt voice vlan oui lookup Voice VLAN Port Mode Description Set or show the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Port Mode lt port_list gt disable auto force Parameters lt port_list gt Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically 560 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual force Forced join to Voice VLAN default Show Voice VLAN port mode Default Setting disable Example Set auto mode
377. gt L gt J Updates the table starting with the entry after the last entry currently displayed 4 18 5 RMON History Configuration Configure RMON History table on this page The entry index key is ID screen in Figure 4 18 5 appears 333 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RMON History Configuration E Buckets Detete 10 Data Source intervat Buckets Pokey Figure 4 18 5 RMON history configuration page screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Data Source Indicates the port ID which wants to be monitored If in stacking switch the value must add 1000 switch ID 1 for example if the port is switch 3 port 5 the value is 2005 e Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds e Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 e Buckets Granted The number of data shall be saved in the RMON Buttons Add New Entry Click to add a new community entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 18 6 RMON History Status This page provides an overview
378. guration coooooonccninnncinccconcnnnnnnconononnnncnno cnn non cnn n cananea rra rn nana 341 4 119 3 Ethern t Ring Protocol SWitch iviicisionicon tt dada sac see eternal eas 344 4 19 4 Ethernet Ring Protocol Switch Configuration eecccecceeeeceseeeeeeeeeceeeeeeeeceaeeeeaeeseaeeseaeeseaeeesaeeseaeessaeeseaeeseaeenas 345 4 19 5 Ring Wizardwiisncist sivas es ese et ee Fe ee 347 4 19 6 Ring Wizard Example isisisi ect eeececeneceloedek E he heeds Wise ton eis ee bee 349 5 COMMAND LINE INTERFACE esis sccsicccccsscccecccsietscssecscecssnistecssncseecssaietecsendeescsenietsdsvessteceeess 352 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 5 1 Accessing the Cll cancceveay dase taadaa ao aapea a eaa a Erat oti scucseutacesacetesisssecvenceeeces 352 A AS AO 352 6 COMMAND LINE MODE e cicoiiirniiriaa aria 353 ARES EA A e aaa aaee i apaa aaa aaa siaceceouded scadezaceeesusedseQdenstadessecdsuadedcenuessncevecaeesbiadsaceevean 354 system COM niin le isi ee eee sles a eee 354 System LOG ConfQuration sc osicidaai a rosales 354 System TimeZone Configuration isss kinadai ai aaa aaa aa e a a a i ia a aa ga la a a a 355 SISTEMA EEA AA ASE TTA OTA E ATT 355 System l og Server Mode siisiniiisi unninn e a e O n 355 System Name AEE O E EE EA A E E A ala 356 Syst m Timezone Offset ais lo aN a aea hates e aa ee A lan bt 356 system Contact IO 357 System Log Server Added ee ie ede dla eae dead 357 System Timezone ACrOnyM o ea a ae Seats pad
379. guration Description Show STP configuration Syntax STP Configuration Example Show STP configuration NS3552 8P 2S gt stp cofiguration STP Configuration 15 Tx Hold Count 6 Max Hop Count 20 BPDU Filtering Disabled BPDU Guard Disabled Error Recovery Disabled 462 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP Version Description Set or show the STP Bridge protocol version Syntax STP Version lt stp_version gt Parameters lt stp_version gt mstp rstp stp Default Setting MSTP Example Set the STP Bridge protocol version NS3552 8P 2S gt stp version rstp STP Tx Hold Description Set or show the STP Bridge Transmit Hold Count parameter Syntax STP Txhold lt holdcount gt Parameters lt holdcount gt STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 NS3552 8P 2S gt stp txhold 10 463 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual STP MaxHops Description Set or show the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops lt maxhops gt Parameters lt maxhops gt STP BPDU MaxHops 6 40 Default Setting 20 Example Set STP maximum hops in 25 NS3552 8P 2S gt stp maxhops 25 STP MaxAge Description Set or show the bridge instance maximum age Syntax STP MaxAge lt max_age gt Parameters lt max_age gt STP maximum age time 6 40 and max_age lt
380. guration Privilege Level admin 1 Add New User Figure 4 2 4 Users Configuration Page Screenshot The page includes the following fields Object Description e User Name The name identifies the user e Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the full control of the device But others value need to refer to each group privilege level User s privilege should be the same or greater than the group privilege level to have the access to that group By default setting almost group privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults etc needs user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 fora guest account Buttons _ Add New User Click to add a new user Add Edit User This page configures a user add edit or delete user 69 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add User User Settings Password again Privilege Level Save Reset Cancel Figure 4 2 5 Add Edit User Configuration Page Screenshot The page includes the following fields Object Description e User Name A string identifies the user name whose entry should belon
381. h incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduce the overall load on the network The Industrial Managed Switch performs Store and Fforward therefore no error packets occur More reliably it reduces the re transmission rate No packet loss will occur 608 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 7 5 Auto Negotiation The STP ports on the Industrial Managed Switch have built in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode 1000Base T can be only connected in Full duplex mode 609 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 8 TROUBLE SHOOTING This chapter contains information to help you solve problems If the Industrial Managed Switch is not functioning properly make sure the Ethernet Switch was set up according to instructions in this manual The per port LED is not lit Solution Check the cable connection of the Industrial Managed Switch Performance is bad Solution Check the spee
382. h occurs every 3 seconds Refresh Click to refresh the page immediately Clear Cta Clears MLD Snooping Status counters 186 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 12 MLD Groups Information Entries in the MLD Group Table are shown on this page The MLD Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD Group Table The MLD Groups Information screen in Figure 4 8 15 appears MLD Snooping Groups Information Auto refresh 7 Refresh lt lt gt gt Start from VLAN 1 and group address ff00 with 20 entries per page Port Members No more entries vian 0 rows a J 5 o o ro Figure 4 8 15 MLD Snooping Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Groups Group address of the group displayed e Port Members Ports under this group Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Lk lt Updates the table starting with the firs
383. h this entry E Any Any value is allowed don t care e IP Option Specify the options flag setting for this ACE E No Pv4 frames where the options flag is set must not be able to match this entry E Yes Pv4 frames where the options flag is set must be able to match this entry E Any Any value is allowed don t care e SIP Filter Specify the source IP filter for this ACE E Any No source IP filter is specified Source IP filter is don t care E Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears NE Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear e SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation e SIP Mask When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation e DIP Filter yer the destination IP filter for this ACE Any No destination IP filter is specified Destination IP filter is don t care E Host Destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears E Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear e DIP Address Wh
384. hanges the key used for each packet UDP is an acronym for User Datagram Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers UDP is an alternative to the Transmission Control Protocol TCP that uses the Internet Protocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components User Priority is a 3 bit field storing
385. hapter explains the methods that you can use to configure management access to the Industrial Managed Switch It describes the types of management applications and the communication and management protocols that deliver data between your management device workstation or personal computer and the system lt also contains information about port connection options This chapter covers the following topics a Requirements a Management Access Overview E Remote Telnet Access E Web Management Access E SNMP Access a Standards Protocols and Related Reading 3 1 Requirements E Workstations of subscribers running Windows XP 2003 Vista Windows 7 MAC OS X Linux Fedora Ubuntu or other platform compatible with TCP IP protocols a The Workstation is installed with Ethernet NIC Network Interface Card a Ethernet Port connection e Network cables Use standard network UTP cables with RJ45 connectors e The above Workstation is installed with WEB Browser and JAVA runtime environment Plug in Es It is recommended to use Internet Explorer 7 0 or above to access Industrial Managed Switch Note 54 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 2 Management Access Overview The Industrial Managed Switch gives you the flexibility to access and manage it using any or all of the following methods E Remote Telnet Interface E Web browser Interface E An external SNMP based network management application The Remote Telnet
386. he departure of the last listener for a multicast address or source In IGMP this term is called LMQI Last Member Query Interval LOC is an acronym for Loss Of Connectivity and is detected by a MEP and is indicating lost connectivity in the network Can be used as switch criteria by EPS Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if there s no frame with the corresponding SMAC address have been seen after a configurable age time MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash 621 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual function with a 128 bit hash value It was designed by Ron Rivest in 19
387. he link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC table is sorted first by VLAN ID and then by MAC address Object Description e Delete Check to delete the entry It will be deleted during the next save e VLAN ID The VLAN ID of the entry e MAC Address The MAC address of the entry e Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry 287 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Add New Static Entry Click to add a new entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 13 2 MAC Address Table Status Dynamic MAC Table Entries in the MAC Table are shown on this page The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address The MAC Address Table screen in Figure 4 13 2 appears MAC Address Table Start from WLAN and MAC address 00 00 00 00 00 00 with 20 entries per page Port Members O EAT ome wean mac a aress Jero 213 5 6 To o io Static
388. he multicast VLAN are called MVR source ports It is allowed to create at maximum 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will be totally at maximum 256 group addresses for channel settings This page provides MVR related configuration The MVR screen in Figure 4 8 17 appears MVR Configurations MVR Mode Disabled VLAN Interface Setting Role I Inactive S Source R Receiver Delete MUR Vib MVR Name Mode Tangina Priority LLQi Interface Channel Setting Add New MVR VLAN Immediate Leave Setting Immediate Leave Disabled v Disabled v h Disabled Disabled Disabled Disabled v Disabled Disabled Disabled Disabled Figure 4 8 17 MVR Configuration Page Screenshot OOO 0042 WwW N IS SS SNS SNS h 189 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object e MVR Mode e Delete Description Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full Check to delete the entry The designated entry will be deleted during the next save e MVR VID Specify the Multicast VLAN ID Be Caution MVR source ports are not recommended to be overlapped with management VLAN ports e MVR
389. he port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status The SSH Configuration screen in Figure 4 12 5 appears SSH Configuration Mode Disabled Figure 4 12 5 SSH Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly 275 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addre
390. he port maximum frame size Syntax Port MaxFrame lt port_list gt lt max_frame gt Parameters lt port_list gt Port list or all default All ports lt max_frame gt Port maximum frame size 1518 9600 default Show maximum frame size Default Setting 9600 Example Set 2048 frame size for porti NS3552 8P 2S gt port maxframe 1 2048 Port Power Description Set or show the port PHY power mode 374 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Port Power lt port_list gt enable disable actiphy dynamic Parameters lt port_list gt Port list or all default All ports enable Enable all power control disable Disable all power control actiphy Enable ActiPHY power control dynamic Enable Dynamic power control Default Setting disable Example Disable port power function for port1 4 NS3552 8P 2S gt port power 1 4 enable Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive lt port_list gt discard restart Parameters lt port_list gt Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm after 16 collisions default Show mode Default Setting Discard Example NS3552 8P 2S gt port excessive 1 restart 375 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Port Statistics Description Show port statistics Synt
391. he target PoE is an acronym for Power Over Ethernet Power Over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply A policer can limit the bandwidth of received frames It is located in front of the ingress queue POP3 is an acronym for Post Office Protocol version 3 It is a protocol for email clients to retrieve email messages from a mail server POP3 is designed to delete mail on the server as soon as the user has downloaded it However some implementations allow users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are the two most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail
392. henticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch is special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page and suppose that th
393. how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear l cea Clears the local counters All counters including global counters are cleared upon reboot 306 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 15 Diagnostics This section provide the Physical layer and IP layer network diagnostics tools for troubleshoot The diagnostic tools are designed for network manager to help them quickly diagnose problems between point to point and better service customers Use the Diagnostics menu items to display and configure basic administrative details of the Managed Switch Under System the following topics are provided to configure and view the system information This section has the following items m Ping m IPv6 Ping m Remote IP Ping m Cable Diagnostics PING The ping and IPv6 ping allow you to issue ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmits ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics is performing tests on copper cables These functions have the ability to identify the cabl
394. i tania a A AA A eee 311 416 Power over Ethernet td ideas 312 4 16 1 Power over Ethernet Powered Device ooooococcinonccconoocccononcconnnoncncnnno cnn rro n nn rra nr r rra n nr ren rn rn r ran n nr rra n nr rr nnn rar nnnn nenas 313 416 2 System Configuration iii ai ll ito ride la ie 314 4 16 3 POr CONQUE 317 416 4 PoE Status Li A A AA ee tad 318 4 16 5 ROE Schedutile cia a ets ea ae tee ea 320 4 16 6 LLDP POE Neighbors tit a Seer ee ate teres 323 4 16 7 POE Alive Check Configuration ee e a r e aaa A A aa aA Ero E fos saggaveet E aa aa ias 324 AIr LOOD ca a E lt cuesank tuedesuacuesducuseeeactscesscuepeececkaveeessa 326 412 1 Config ration nn A A EE e I o aio 326 A O 327 ASS RAMONA it 329 418 1 RMON Alarm Configuration ote ra la 329 418 2 RMON Alarm Stat Ssss ie eiiie e td tt ti 331 4 18 3 RMON Eve nt Configura liviana 332 4 18 4 AMON Event SalUsuias conidios ie e aed dell a td 333 4 18 5 RMON History Configuratio Mr i Aerate ae a Ea aaaea eaa a a Eea aaa Ea a aaa 333 4 13 6 RMON History StatUS ita le Ah co ba 334 4 18 7 RMON Statistics Configuration ceccceseeeeeeeeeneeeeeeeceaeeeeeeeceaeeeaeeceaeeseaeeseaeeeeaeeseaeeseaeeseaeessaeeseaeeseaeeseeeseaeeteas 335 4 18 8 RMON Statisti s Status s ne A genie eet ie ide eee i ed 336 An ese sence cee end E ce sdaebanapeshsdesussehanagesesvestsnuveuhuecteasuusteceaneversn lt ducuecheseversas 338 4 19 17 MEP Configura cima ce ee ei A Dd 340 4 19 2 Detailed MEP Confi
395. idEapolF The number of EAPOL ramesRx frames that have been received by the switch in which the frame type is not recognized Rx Invalid Length dotixAuthEapLengthErr The number of EAPOL Tx Total orFramesRx dot1xAuthEapolFrames Tx 246 frames that have been received by the switch in which the Packet Body Length field is invalid The number of EAPOL frames of any type that has been transmitted by the switch e Backend Server Counters IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Tx Request ID dotixAuthEapolReqldFr The number of EAPOL amesTx Request Identity frames that have been transmitted by the switch Tx Requests dotixAuthEapolRegFra The number of valid EAPOL mesTx Request frames other than Request Identity frames that have been transmitted by the switch These backend RADIUS frame counters are available for the following administrative states E Port based 802 1X E Single 802 1X E Multi 802 1X E MAC based Auth Direction Name IEEE Name Description Rx Access dotixAuthBackendAcce 802 1X based Challenges ssChallenges Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table Rx Oth
396. idual ports There are two configuration parameters available in Ingress m Translate m Classify e Translate To Enable the Ingress Translation click the checkbox means to select all ports of Industrial Managed Switch Classify The Configuration All with available options will assign to whole ports Classification for a port has 4 different values All means all ports will have one specific setting m Disable No Ingress DSCP Classification DSCP 0 Classify if incoming or translated if enabled DSCP is 0 Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP m All Classify all DSCP e Egress Buttons The Configuration All with available options will assign to whole ports Port Egress Rewriting can be one of All means all ports will have one specific setting m Disable No Egress rewrite m Enable Rewrite enabled without remapping m Remap DP Unaware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DP0 table m Remap DP Aware DSCP from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation gt Egress Remap DP0 table or from the DSCP Translation gt Egress Remap DP1 table
397. ies Auto refresh E Refresh Clear Figure 4 8 18 MVR Status Page Screenshot The page includes the following fields Object Description e VLAN ID The Multicast VLAN ID e IGMP MLD The number of Received Queries for IGMP and MLD respectively Queries Received e IGMP MLD The number of Transmitted Queries for IGMP and MLD respectively Queries Transmitted e IGMPv1 Joins The number of Received IGMPv1 Joins Received e IGMPv2 MLDv1 The number of Received IGMPv2 Joins and MLDv1 Reports respectively Reports Received e IGMPv3 MLDv2 The number of Received IGMPv3 Joins and MLDv2 Reports respectively Reports Received e IGMPv2 MLDv1 Leaves The number of Received IGMPv2 Leaves and MLDv1 Dones respectively Received Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Refresh clear J Clears MVR Statistics counters 4 8 16 MVR Groups Information Entries in the MVR Group Table are shown on this page The MVR Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MVR Group Table The Start from VLAN and group input fields allow the user to select the starting point in the
398. ies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description e Delete Check to delete the policy It will be deleted during the next save 298 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Policy ID ID for the policy This is auto generated and shall be used when selecting the polices that shall be mapped to the specific ports e Application Type Intended use of the application types Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application
399. ill assign to whole items Enable to limit the number of multicast groups to which a switch port can belong All means all ports will have one specific setting Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 3 IGMP Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The IGMP Snooping VLAN Configuration screen in Figure 4 8 6 appears IGMP Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page Figure 4 8 6 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description e VLAN ID The VLAN ID of the entry e IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 64 VLANs can be selected 175 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e IGMP Querier Enable the IGMP Querier in the VLAN e Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network The allowed selec
400. ill match IPv4 frames which are not ICMP UDP TCP E IPv6 The ACE will match all IPv6 standard frames e Action Indicates the forwarding action of the ACE E Permit Frames matching the ACE may be forwarded and learned E Deny Frames matching the ACE are dropped e Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled e Port Redirect Indicates the ingress port of the ACE Possible values are E All The ACE will match all ingress port E Port The ACE will match a specific ingress port e Mirror Specify the mirror operation of this port Frames matching the ACE are mirrored to the destination mirror port The allowed values are E Enabled Frames received on the port are mirrored E Disabled Frames received on the port are not mirrored The default value is Disabled e Counter The counter indicates the number of times the ACE was hit by a frame 220 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons O Inserts a new ACE before the current row Edits the ACE row O Moves the ACE up the list Moves the ACE down the list 69 Deletes the ACE O The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Auto refresh Check this box to refresh the page automatic
401. ime configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled Daylight Saving Time Recurring Mode Object Description e Week Start Time Setting Select the starting week number e Day Start Time Setting Select the starting day e Month Start Time Setting Select the starting month e Hours Start Time Setting Select the starting hour 75 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Minutes Start Time Setting Select the starting minute e Week End Time Setting Select the ending week number e Day End Time Setting Select the ending day e Month End Time Setting Select the ending month e Hours End Time Setting Select the ending hour e Month End Time Setting Select the ending minute e Offset Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Daylight Saving Time Non Recurring Mode Object Description e Month Start Time Setting Select the starting month e Date Start Time Setting Select the starting date e Year Start Time Setting Select the starting year e Hours Start Time Setting Select the starting hour e Minutes Start Time Setting Select the startin
402. ime the limit gets exceeded Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port and no new will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Boot the stack or elect a new master the switch 2 Disable and re enable Limit Control on the port or the stack switch 3 Click the Reopen button Trap amp Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken e State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shut down or Trap amp Shutdown e Reopen Button If a port is shut down by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shut down in the Action section
403. imiter ID The rate limiter ID for the settings contained in the same row 230 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Rate The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps e Unit Specify the rate unit The allowed values are E pps packets per second E kbps Kbits per second All means all ports will have one specific setting Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 231 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 11 Authentication This section is to control the access of the Managed Switch includes the user access and management control The Authentication section contains links to the following main topics m IEEE 802 1X Port Based Network Access Control m MAC Based Authentication m User Authentication Overview of 802 1X Port Based Authentication In the 802 1 X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch is special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packets RADIUS packets also encapsulate EAP PDUs
404. ine PoE schedule The screen in Figure 4 16 5 appears Please press Power Over Ethernet Schedule COIE Week Day Start Hour Start Min End Hour End Min Reboot Enable Reboot Only Reboot Hour Reboot Min HA PoE Schedule PoE Reboot 02h 02h 04h 05h 08h 07h 08h O9h 10h 11h 12h 13h 14h 15h 16h 17h 18h 19h 20h 21h 22h 23h 00h Figure 4 16 5 PoE Schedule Screenshot Add New Rule button to start set PoE Schedule function You have to set PoE schedule to profile then go back to PoE Port Configuration and select Schedule mode from per port PoE Mode option Then you can indicate which schedule profile could be applied to the PoE port The page includes the following fields Object Description e Profile Set the schedule profile mode Possible profiles are Profile1 Profile2 Profile3 Profile4 e Week Day Allows user to set week day for defining PoE function which should be enabled on the day e Start Hour Allows user to set at what hour that best enables PoE function e Start Min Allows user to set at what minute that best enables PoE function e End Hour Allows user to set at what hour that best disables PoE function e End Min Allows user to set at what minute that best disables PoE function Reboot Enable Allows user to enable or disable whole PoE port reboot by PoE reboot schedule Please be noted that if you want PoE schedule and PoE reboot schedule to work at the same time
405. ing 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Alarm table The first displayed will be the one with the lowest ID found in the Alarm table screen in Figure 4 18 2 appears Port Statistics Overview Auto refresh O Start from Control Index 0 with 120 entries per page i Sample Startup Rising Rising Falling Falling No more entries Figure 4 18 2 Port Statistics Overview page screenshot The page includes the following fields Object Description e ID Indicates the index of Alarm control entry e Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold e Variable Indicates the particular variable to be sampled e Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds e Value The value of the statistic during the last sampling period e Startup Alarm The alarm that may be sent when this entry is first set to valid e Rising Threshold Rising threshold value e Rising Index Rising event index e Falling Threshold Falling threshold value e Falling Index Falling event index Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 331 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Refresh Click to refresh
406. ing and responding the NS3552 8P 2S will resume the PoE port power and bring the PD back to work It will greatly enhance the network reliability through the PoE port resetting the PD s power source and reducing administrator management burden 25 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual POE PD Alive checking PoE Camera PT PoE Camera PoE gt gt gt Ping Request PoE Schedule for Energy Saving Checking alive status for 3 times Restart PoE device if without response Under the trend of energy saving worldwide and contributing to environmental protection the NS3552 8P 2S can effectively control the power supply besides its capability of giving high watts power The built in PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise save power and money viz BAM tiw SPM bald d 6 Watts 6 leal lead Watts 2 ea 6 Watts 6 Watts la Watts ll Watts Total lon of 36 Ds Saves 24watts hr during off business hours otal consumption of 36watts Total Saved 10800watts month HOB aT UTE with POE Digital Input and Digital Output for external Alarm The Industrial Switches support Digital Input and Digital Output on its front panel This external alarm enables users to use Digital Input to detect log external device status such as door intrusion detector and send event al
407. ini GBIC Color Function LED Light Indicates the link through that port is successfully established LNK ACT Indicates that the Switch is actively sending or receiving data over that port Light Indicates that the port is successfully connecting to the network at 1000Mbps Orange o Indicates that the port is successfully connecting to the network at 100Mbps 41 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 1 4 Wiring the Power Input The 6 contact terminal block connector on the top panel of the Industrial Managed Switch is used for two DC redundant power inputs Please follow the steps below to insert the power wire 1 Insert positive negative DC power wires into the contacts 1 and 2 for DC POWER 1 or 5 and 6 for DC POWER 2 DIO DI1 DOO DO 1 GHD GHD DCi Fault Input DC 48 00O00000000oO0 000000000oO0 Figure 2 4 NS3552 8P 2S Upper Panel 2 Tighten the wire clamp screws for preventing the wires from loosening 12 3 4 5 6 DC 1 DC 2 o Figure 2 5 6 Pin Terminal Block Power Wiring Input 1 The wire gauge for the terminal block should be in the range of 12 24 AWG 2 When performing any of the procedures like inserting the wires or tighten the wire clamp screws make sure the power is OFF to prevent from getting an electric shock 2 1 5 Wiring the Fault Alarm Contact The fault alarm contacts are in the middle 3 amp 4 of the terminal block connector as the picture shows
408. ion Please refer to the following example as shown in Figure 4 16 7 If LLDP function from port1 to port3 is enabled administrator has to plug a PD that supports PoE LLDP function and then administrator is going to see the PoE information of the PD from LLDP LLDP Configuration LLDP Parameters LLDP Port Configuration Optional TLVs Mode CDP Aware Port Description System Name System Description System Capabilities Management Address lt All gt w E T E T 1 Disabled a F F F 2 Disabled y a F a Y 3 Disabled w F E F E 4 Disabled y Y y E El 5 Disabled y a F E Y El 6 Disabled y a F a F 7 Disabled y A F Ea Ea El 8 Disabled Y 7 E El 9 Disabled al a E F F 10 Disabled E Y y El Figure 4 16 7 LLDP Configuration Screenshot 323 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 7 POE Alive Check Configuration The NS3552 8P 2S PoE Switch can be configured to monitor connected PD s status in real time via ping action Once the PD stops working and is without response the NS3552 8P 2S PoE Switch is going to restart PoE port power and bring the PD back to work It will greatly enhance the reliability and reduces administrator management burden
409. ion is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group The IGMP Snooping Port Group Filtering Configuration screen in Figure 4 8 7 appears 176 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual IGMP Snooping Port Group Filtering Configuration petete por Fiering Groups Figure 4 8 7 IGMP Snooping Port Group Filtering Configuration Page Screenshot 177 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e Filtering Group Buttons The IP Multicast Group that will be filtered Add New Filtering Group Click to add a new entry to the Group Filtering table Save Click to save changes Click to undo any changes made locally and revert to previously saved values 178 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 5 IGMP Snooping Status This page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 8 appears Auto refresh C Refresh Clear IGMP Snooping Status Statistics 1 2 3 4 5 6 7 8 9 0 bh Figure 4 8 8 IGMP Snooping Status Page Screenshot The page includes the following fields Object Description e VLAN ID The VLA
410. ion screen in Figure 4 6 2 appears VLAN Port Configuration mode EEE 802 10 If Untag VID 0 then disable untag VID function Acceptable Set out layer Frame Link Type Q in Q Mode VLAN tag ether Type type lt All gt Disable Ingress Filtering Disable Disable Disable Disable Disable Disable Disable 4 2 3 4 5 6 F 8 9 Disable d d d loe e e loe o e ll e SS NSS NLS IS NS LSS IS INS SSS IS ES SS SSIES ILS SNS NS NS NLS IIS IS LS NS IS INS o Disable MOMO Figure 4 6 2 VLAN Port Configuration Page Screenshot The page includes the following fields Object Description e Port This is the logical port number for this row e PVID Allows to assign PVID to selected port The range for the PVID is 1 4094 The PVID will be inserted into all untagged frames entering the ingress port The PVID must be the same as the VLAN ID in that the port belongs to VLAN group or the untagged traffic will be dropped Untag VID Allows user to set the port to remove default VID This option could be edited when Link Type selected to Tagged Ingress Filtering Enable ingress filtering for a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress
411. iple 16 bit groups of contiguous zeros but it can appear only once lt can also represent a legally valid IPv4 address For example 192 1 2 34 Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 7 Daylight Saving The Reboot page enables the device to be rebooted from a remote location Once the Reboot button is pressed user will re access the WEB interface about 60 seconds later The System Reboot screen in Figure 4 2 9 appears 74 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Time Zone Configuration Time Zone Configuration v L _ 0 16 characters Daylight Saving Time Configuration Daylight Saving Time Mode Daylight Saving Time Disabled Y Start Time settings Offset settings Offset 1 1440 Minutes Figure 4 2 9 System Reboot Page Screenshot The page includes the following fields Object Description e Time Zone Allows to select the time zone according to current location of switch e Acronym User can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 alpha numeric characters and can contain or e Daylight Saving Time It is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving T
412. iption Set or show DSCP ingress translation mode If translation is enabled for a port incoming frame DSCP value is translated and translated value is used for QoS classification Syntax QoS Port DSCP Translation lt port_list gt enable disable 533 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports enable Enable DSCP ingress translation disable Disable DSCP ingress translation default Show DSCP ingress translation mode Default Setting disable Example Enable DSCP ingress translation on all port NS3552 8P 2S gt qos Port DSCP Translation 1 10 enable QoS Port DSCP Classification Description Set or show DSCP classification based on QoS class and DP level This enables per port to map new DSCP value based on QoS class and DP level Syntax QoS Port DSCP Classification lt port_list gt none zero selected all Parameters lt port_list gt Port list or all default All ports none No DSCP ingress classification zero Classify DSCP if DSCP 0 selected Classify DSCP for which class mode is enable all Classify all DSCP default Show port DSCP ingress classification mode Default Setting none Example Set DSCP classification based on QoS class and DP level in zero NS3552 8P 2S gt QoS Port DSCP Classification 1 10 zero 534 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Port DSCP EgressRe
413. istics Example Show 802 1X statistics in port 1 NS3552 8P 2S gt security network nas statistics 1 Port 1 EAPOL Statistics Rx Total 0 Tx Total Rx Response ld 0 Tx Request ld Rx Response 0 Tx Request Rx Start 0 Rx Invalid Length 0 Port 1 Backend Server Statistics Rx Access Challenges 0 Tx Responses Rx Other Requests Rx Auth Successes 0 Rx Auth Failures 0 Security Network ACL Configuration Description Show ACL Configuration Syntax Security Network ACL Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports 441 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network ACL Action Description Set or show the ACL port default action Syntax Security Network ACL Action lt port_list gt permit deny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Parameters lt port_list gt Port list or all default All ports permit Permit forwarding default deny Deny forwarding lt rate_limiter gt Rate limiter number 1 15 or disable lt port_copy gt Port number for copy of frames or disable lt logging gt System logging of frames log log_disable lt shutdown gt Shut down ingress port shut shut_disable Example Show ACL action in port 1 NS3552 8P 2S gt security network acl action 1 Port Action Rate Limiter Port Copy Mirror Logging Shutdown Counter 1
414. ith a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class I and Media Endpoint Class Il classes and are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management e LLDP MED Capabilities LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are LLDP MED capabilities Network Policy Location I
415. its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled e Port State The current state of the port It can undertake one of the following values E Globally Disabled NAS is globally disabled E Link Down NAS is globally enabled but there is no link on the port E Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized E Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server E X Auth Y Unauth The port is in a
416. ity The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier bi means all MSTI items will have one priority setting Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 163 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 7 6 MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 8 appears MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 9c f6 1a 02 7d 70 Configuration Revision O MSTI Mapping MSTI VLANs Mapped Figure 4 7 8 MSTI Configuration Page Screenshot 164 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Configuration Identification Object Description e Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters e Configuration Revision The revision of the MSTI configuration named above This must be an integer between 0 and 65535
417. ity DSCP VoicesDefined Untagged a46 Voice SignalingaDefinedeUntaggeds s 232 Auto negotiation Auto negotiation Capabilities MAU Type Auto negotiation status Supported Enabled 1000BASE T half duplex mode 1000BASE X LX SX CX full duplex mode Asymmetric and 100BaseTXFD 2 pair category 5 UTP inca able Symmetric PAUSE for full duplex inks Symmetric PAUSE for full duplex links full duplex mode Auto refresh C Refiesh Figure 4 14 4 LLDP MED Neighbor Information with LLDP MED device detected The page includes the following fields Fast Start Repeat Count Object Description e Port The port on which the LLDP frame was received e Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition Within the LLDP MED Endpoint Device category
418. iver use the single mode fiber cable with one side being the male duplex LC connector type Connect the fiber cable 1 Attach the duplex LC connector on the network cable into the SFP transceiver 2 Connect the other end of the cable to a device switches with SFP installed fiber NIC on a workstation or a media converter 52 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 Check the LNK ACT LED of the SFP slot of the switch converter Ensure that the SFP transceiver is operating correctly 4 Check the Link mode of the SFP port if the link fails Co works with some fiber NICs or media converters Set the Link mode to 100 Force when needed 2 3 2 Remove the Module 1 Make sure there is no network activity by checking with the network administrator or through the management interface of the switch converter if available to disable the port in advance 2 Remove the Fiber Optic Cable gently 3 Lift up the lever of the MGB MFB module and turn it to a horizontal position 4 Pull out the module gently through the lever SFP Transceiver Removal Figure 2 10 How to Pull Out the SFP Transceiver Module La Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP Note module slot of the Managed Switch 53 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 SWITCH MANAGEMENT This c
419. k this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately 319 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 5 PoE Schedule The PoE Schedule of the NS3552 8P 2S features two advanced PD power control functions a PD power ON OFF Schedule a Schedule Power Recycle PD Power ON OFF Schedule Under the trend of energy saving worldwide and contribute to environment protection on the earth the NS3552 8P 2S can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMB or Enterprise save power and money 1 y A w SAM AA SPM Y Power Power cl a E cr On 6 Watts 6 Watts 12 Watts 12 Watts s G H 6 Watts 6 Watts 12 Watts 12 Watts Saves 24watts hr during off business hours Total consumption of 36watts hr Total Saved 10800watts month Q 1000Ba50 T UTP with PoE Schedule Power Recycle The NS3552 8P 2S allows each of the connected PoE powered device to reboot in a specific time each week Therefore it will reduce the chance of powered device crash resulting from buffer overflow 320 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Power over Ethernet Schedule Configuration This page allows the user to def
420. k to refresh the page immediately Clear ciar Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 4 4 SFP Information You can check the physical or operational status of an SFP module via the SFP Module Information page This page shows the operational status such as the transceiver type speed and wavelength and supports distance of SFP module on a specific interface You can also use the hyperlink of port no to check the statistics on a specific interface The SFP Module Information 111 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual screen in Figure 4 4 4 appears Port Type 1000Base LX 100Base me FX ko 1000 Base 100 Base SFP Module Information Wave Distance Temperature Voltage Current TX power RX power y m C v ma dBm dBm 1310 10000 1310 2000 SFP Moniter Event Alert send trap Warning Temperature Degree C Auto refresh CJ Figure 4 4 4 SFP Module Information for Switch Page Screenshot The page includes the following fields Object Description e Type Display the type of current SFP module the possible types are M 1000Base SX M 1000Base LX MH 100Base FX e Speed Display the speed of current SFP module The speed value or description is gotten from the SFP module Different vendors of SFP modules might show different speed information e Wave Length n
421. k to undo any changes made locally and revert to previously saved values 4 12 11 IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Static IP Source Guard Table VLAN ID IP Address MAC address Add New Entry Reset Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The VLAN ID for the settings e IP Address Allowed Source IP address e MAC address Allowed Source MAC address Buttons Add New Entry Click to add a new entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 283 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 12 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears ARP Inspection Configuration Translate dynamic to static Port Mode Configuration lt All
422. keyword lt it_type gt Inner tag type none c tag s tag s custom tag lt it_vid_mode gt Inner VID mode normal tunnel lt it_vid gt Inner tag VLAN ID 1 4095 lt it_preserve gt Inner tag preserved or fixed PCP DEI preserved fixed lt it_pcp gt Inner tag PCP value 0 7 lt it_dei gt Inner tag DEI value 0 1 outer Outer tag action keyword lt ot_vid gt EVC outer tag VID for UNI ports EVC Delete Description Delete EVC 505 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax EVC Delete lt evc_id gt Parameters lt evc_id gt EVC ID 1 128 EVC Lookup Description Lookup EVC Syntax EVC Lookup lt evc_id gt Parameters lt evce_id gt EVC ID 1 128 EVC Status Description Show EVC Status Syntax EVC Status lt evc_id gt Parameters lt evc_id gt EVC ID 1 128 EVC Statistics Description Show or clear EVC statistics Syntax EVC Statistics lt port_list gt lt class_list gt lt command gt 506 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports lt class_list gt QoS class list 0 7 lt command gt Statistics command clear green yellow red discard EVC ECE Add Description Add or modify EVC Control Entry ECE If lt ece_id gt is specified and the ECE exists the ECE will be modified If lt ece_id gt is omitted or the ECE does not exist a ne
423. kup 33 33 4F a1 01 d2 379 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MAC Age Time Description Set or show the MAC address age timer Syntax MAC Agetime lt age_time gt Parameters lt age_time gt MAC address age time 0 10 1000000 O disable default Show age time Default Setting 300 Example Set agetime value in 30 NS3552 8P 2S gt mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning lt port_list gt auto disable secure Parameters lt port_list gt Port list or all default All ports auto Automatic learning disable Disable learning secure Secure learning default Show learn mode Default Setting Auto Example Set secure learning mode in port1 380 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt mac learning 1 secure MAC Dump Description Show sorted list of MAC address entries Syntax MAC Dump lt mac_max gt lt mac_addr gt lt vid gt Parameters lt mac_max gt Maximum number of MAC addresses 1 8192 default Show all addresses lt mac_addr gt First MAC address xx xx xx xx xx xx default MAC address zero lt vid gt First VLAN ID 1 4095 default 1 Example Show all of MAC table NS3552 8P 2S gt mac dump Type VID MAC Address Ports Static 1 00 30 4F a6 34 9d None CPU Dynamic 1 33 33 4F a1 01 d2 1 Static 1 33 33 00 00 00 01 1 2 4 10 CPU Static 1 33 33
424. l 6 4 MAC Address Table Command MAC Configuration Description Show MAC address table configuration Syntax MAC Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show Mac address state NS3552 8P 2S gt mac configuration MAC Configuration MAC Address 9c f6 1a 03 1c 48 MAC Age Time 300 MAC Add Description Add MAC address table entry Syntax MAC Add lt mac_addr gt lt port_list gt lt vid gt Parameters lt mac_addr gt MAC address xx xx XX XX XX XX lt port_list gt Port list or all or none lt vid gt VLAN ID 1 4095 default 1 378 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Add Mac address 00 30 4F 01 01 02 in port1 and vid1 NS3552 8P 2S gt mac add 9c f6 1a 03 1c 48 1 1 MAC Delete Description Delete MAC address entry Syntax MAC Delete lt mac_addr gt lt vid gt Parameters lt mac_addr gt MAC address xx xx XX XX XX XX lt vid gt VLAN ID 1 4095 default 1 Example Delete Mac address 00 30 4F a1 01 d2 in vid1 NS3552 8P 2S gt mac delete 33 33 4F a1 01 d2 MAC Lookup Description Lookup MAC address entry Syntax MAC Lookup lt mac_addr gt lt vid gt Parameters lt mac_addr gt MAC address xx xx XX XX XX XX lt vid gt VLAN ID 1 4095 default 1 Example Lookup state of Mac address 00 30 4F a1 01 d2 NS3552 8P 2S gt mac loo
425. l The page includes the following fields LLDP Parameters Object Description e Tx Interval The switch is periodically transmitting LLDP frames to its neighbors for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier lt 65536 and Transmission Interval gt 4 Delay Interval e Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Hold time Multiplier lt 65536 Therefore the default TTL is 4 30 120 seconds e Tx Delay If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval lt Transmission Interval e Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted t
426. l a Device Roles With 802 1X port based authentication the devices in the network have specific roles as shown below Authentication server Authentication server RADIUS Server TACACS Server Internet ae Authenticator C In 802 1X aware Switch Figure 4 11 1 o Client the device workstation that requests access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1 X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicantin the IEEE 802 1X specification o Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial In User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server it is available in Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients 234 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual o Switch 802 1X device controls the physi
427. l private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to which forwarding can be done to just the promiscuous ports within the private VLAN This page is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN The Port Isolation screen in Figure 4 6 7 appears Auto refresh Refresh Port Isolation Configuration Port Number 11 213 4 5 6 7 8 9 10 Reset Figure 4 6 7 Port Isolation Configuration Page Screenshot The page includes the following fields Object Description e Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 6 10 VLAN Setting Example Separate VLAN 802 1Q VLAN Trunk Port Isolate 139
428. l use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Port Switch Port Number for which the entries are displayed e VLAN ID VLAN ID in which the IP traffic is permitted e IP Address User IP Address of the entry e MAC Address Source MAC Address Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refiesh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields e Updates the table starting from the first entry in the Dynamic IP Source Guard Table gt gt gt Updates the table starting with the entry after the last entry currently displayed 291 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 14 LLDP 4 14 1 Link Layer Discovery Protocol Link Layer Discovery Protocol LLDP is used to discover basic information about neighboring devices on the local broadcast domain LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration setting
429. l which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create connections to one another It is known as a connection oriented protocol which means that a connection is established and maintained until such time as the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual co
430. lag is based on AdminEdge and AutoEdge fields This flag is displayed as Edge in Monitor gt Spanning Tree gt STP Detailed Bridge Status e Admin Edge e Auto Edge Controls whether the operEdge flag should start as being set or cleared The initial operEdge state when a port is initialized All means all ports will have one specific setting Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not e Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard e Restricted TCN If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator
431. ld not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy e Tag Tag indicating whether the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 e VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 e L2 Priority L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 e DSCP DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 247
432. le multicast VLAN 134 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Buttons a Select VLAN Users from this drop down list Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately Lk Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt gt gt J Updates the table starting with the entry after the last entry currently displayed 135 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 6 7 VLAN Port Status This page provides VLAN Port Status The VLAN Port Status screen in Figure 4 6 5 appears VLAN Port Status for Static User Static wi Port PVID Ingress Filtering Frame blas UVID Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Auto refresh C Figure 4 6 5 VLAN Port Status for Static User Page Screenshot 0000000000 3 2 3 4 5 6 T 8 9 0 b dh dh dd dd dl dd dd db h The page includes the following fields Object Description e Port
433. led and login is not possible E local use the local user database on the switch stack for authentication E RADIUS use a remote RADIUS server for authentication E TACACSt use a remote TACACS server for authentication e Fallback Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to something else than none or local Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 237 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 11 3 Network Access Server Configuration This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Configuration gt Security gt AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same por
434. licy for the guest voice signaling than for the guest voice media softphone_voice Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN 492 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual video conferencing Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services streaming video Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type video_signaling Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media tagged The device is using tagged frames unragged The device is using untagged frames lt vlan_id gt VLAN id lt I2_priority gt This field may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 3 lt dscp gt This field shall contain the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 5
435. lid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 e Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 6 to 40 hops e Transmit Hold Count Advanced Settings The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second 158 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Object Description e Edge Port BPDU Control whether a port explicitly configured as Edge will transmit and receive Filtering BPDUs e Edge Port BPDU Guard Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology e Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot e Port Error Recovery The time that has to pass before a port in the error disabled state can be enabled Timeout Valid
436. line user interface is for performing system administration such as displaying statistics or changing option settings Using this method you can access the Industrial Managed Switch remote telnet interface from personal computer or workstation in the same Ethernet environment as long as you know the current IP address of the Industrial Managed Switch IFS Industrial Managed Switch RJ 45 UTP Cable IP Address 192 168 0 x IP Address 192 168 0 100 IFS Industrial Managed Switch PC Workstation with Terminal emulation software EY RJ 45 to DB9 RS 232 Cable Serial Port IP Address 192 168 0 100 Figure 3 1 Remote Telnet and Console Port Interface Management In Windows system you may click Start and then choose Acessories and Command Prompt Please input telnet 192 168 0 100 and press enter from your keyboard The following screen see Figure 3 2 will appear 56 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual HyperTerminal File Edit View Call Transfer Help De 532 Welcome to IFS Command Line Interface Port Numbers NS3552 8P 2S t 111315171 191 4 4 121 41 61 81 1101 4 4 Username Connected 00 00 07 ANSIW 115200 8 N 1 SCROLL Print echo Figure 3 2 Remote Telnet Interface Main Screen of Industrial Managed Switch For more information about using the Remote Telnet interface
437. ling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices or the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port es VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that Note does not support VLAN tagging Hi VLAN Classification When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame E Port Overlapping Port overlapping can be used to allow access to commonly shared network resources among different VLAN
438. list gt Parameters lt port_list gt Port list or all default All ports Example Show LACP status of port1 4 NS3552 8P 2S gt lacp status 1 4 Key AggrID Partner System ID Partner Port Disabled Disabled Disabled LACP Statistics Description Show LACP Statistics Syntax LACP Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 NS3552 8P 2S gt lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 0 0 0 0 483 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LACP Timeout Description Set or show the LACP timeout Syntax LACP Timeout lt port_list gt fast slow Parameters lt port_list gt Port list or all default All ports fast Fast PDU transmissions fast timeout slow Slow PDU transmissions slow timeout default Show LACP timeout Default Setting fast 484 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 11 LLDP Command LLDP Configuration Description Show LLDP configuration Syntax LLDP Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LLDP configuration of port1 4 NS3552 8P 2S gt Ildp configuration 1 4 LLDP Configuration Port Mode Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness Enable
439. ll location no need electrician to install AC sockets POE Splitter PoE Splitter split the PoE 52V DC over the Ethernet cable into 5 12V DC power output It frees the device deployment from restrictions due to power outlet locations which eliminate the costs for additional AC wiring and reduces the installation time 3 25 Watts 30 Watts High Power PoE Splitter High PoE Splitter split the PoE 52V DC over the Ethernet cable into 24 12V DC power output It frees the device deployment from restrictions due to power outlet locations which eliminate the costs for additional AC wiring and reduces the installation time High Power Speed Dome This state of the art design is considerable to fit in various network environments like traffic centers shopping malls railway stations warehouses airports and production facilities for the most demanding outdoor surveillance applications no need electrician to install AC sockets 313 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 2 System Configuration In a power over Ethernet system operating power is applied from a power source PSU power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum available power provided by the PSU The system may a prior be planned with a PSU capable of supplying less power than the total potential power consumption of
440. llowed the first character must be an alpha character and the first and last characters must not be a dot or a dash e Trap Destination IPv6 Address Indicates the SNMP trap destination IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can appear only once It can also represent a legally valid IPv4 address For example 192 1 2 34 e Trap Authentication Failure e Trap Link up and Link down Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes are E Enabled Enable SNMP trap authentication failure E Disabled Disable SNMP trap authentication failure Indicates the SNMP trap link up and link down mode operation Possible modes are E Enabled Enable SNMP trap link up and link down mode operation E Disabled Disable SNMP trap link up and link down mode operation e Trap Inform Mode e Trap Inform Timeout seconds Indicates the SNMP trap inform mode operation Possible modes are E Enabled Enable SNMP trap inform mode operation E Disabled Disable SNMP trap inform mode operation Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 e Trap Inform Retry Times Buttons
441. llowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 Example Add SNMPv3 access entry Security Switch SNMP Access Delete Description Delete SNMPv3 access entry Syntax 422 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Access Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 access entry NS3552 8P 2S gt security switch snmp access delete 3 Security Switch SNMP Access Lookup Description Lookup SNMPv3 access entry Syntax Security Switch SNMP Access Lookup lt index gt Parameters lt index gt entry index 1 64 Example Lookup SNMPv3 access entry NS3552 8P 2S gt security switch snmp access lookup Idx Group Name Model Level 1 default_ro_group any NoAuth NoPriv 2 default_rw_group any NoAuth NoPriv Number of entries 2 Security Switch RMON Statistics Add Description Add or modify RMON Statistics entry The entry index key is lt stats_id gt Syntax Security Switch RMON Statistics Add lt stats_id gt lt data_source gt Parameters lt stats_id gt Statistics ID 1 65535 423 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt data_source gt The OID that indicates that the iflndex in ifEntry The value should be like 1 3 6 1 2 1 2 2 1 1 xxx Security Switch RMON Statistics Delete Description Delete RMON Statistics entry The entry index key is
442. lorer The Web based Management supports Internet Explorer 7 0 It is based on Java Applets with an aim to reduce network bandwidth consumption enhance access speed and present an easy viewing screen gn By default IE7 0 or later version does not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports Note The Industrial Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address as the Industrial Managed Switch For example the default IP address of the Industrial Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Industrial Managed Switch to 192 168 1 1 with subnet mask 255 255 255 0 via console then the manager PC should be set at 192 168 1 x where x is a number between 2 and 254 to do the relative configuration on manager PC IFS Industrial Managed Switch Pay _ RJ 45 UTP Cable IP Address 192 168 0 x IP Address 192 168 0 100 Figure 4 1 1 Web Management m Gentlogging on the Industrial Managed Switch 1 Use Internet Explorer 7 0 or above Web browser Enter the factory default IP address to access the Web interface The 60 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual
443. lt limit gt Parameters lt port_list gt Port list or all default All ports lt limit gt Max number of MAC addresses on this port default Show current limit Default Setting 4 Example Set limit in 5 NS3552 8P 2S gt security network limit limit 1 10 5 Security Network Limit Action Description Set or show the action involved with exceeding the limit Syntax Security Network Limit Action lt port_list gt none trap shut trap_shut 432 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports none trap shut trap_shut Action to be taken in case the number of MAC addresses exceeds the limit none Don t do anything trap Send an SNMP trap shut Shutdown the port trap_shut Send an SNMP trap and shutdown the port default Show current action Default Setting none Example Set trap mode for limit action for port 1 NS3552 8P 2S gt security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security Network Limit Reopen lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Reopen port 1 NS3552 8P 2S gt security network limit reopen 1 Security Network NAS Configuration Description Show 802 1X configuration 433 IFS NS3552 8P 2S AND NS3550 2T 8S
444. lt pcp gt Parameters lt port_list gt Port list or all default All ports lt pcp gt Priority Code Point 0 7 Default Setting 0 Example Set the default PCP in 1 NS3552 8P 2S gt qos Port TagRemarking PCP 1 10 1 QoS Port TagRemarking DEI Description Set or show the default DEI This value is used when port tag remarking mode is set to default Syntax QoS Port TagRemarking DEI lt port_list gt lt dei gt 532 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports lt dei gt Drop Eligible Indicator 0 1 Default Setting 0 Example Set the default EDI in 1 NS3552 8P 2S gt qos Port TagRemarking EDI 1 10 1 QoS Port TagRemarking Map Description Set or show the port tag remarking map This map is used when port tag remarking mode is set to mapped and the purpose is to translate the classified QoS class 0 7 and DP level 0 1 to PCP and DEI Syntax QoS Port TagRemarking Map lt port_list gt lt class_list gt lt dpl_list gt lt pcp gt lt dei gt Parameters lt port_list gt Port list or all default All ports lt class_list gt QoS class list or all default All QoS classes 0 7 lt dpl_list gt DP level list or all default All DP levels 0 1 lt pcp gt Priority Code Point 0 7 lt dei gt Drop Eligible Indicator 0 1 QoS Port DSCP Translation Descr
445. lt stats_id gt Syntax Security Switch RMON Statistics Delete lt stats_id gt Parameters lt stats_id gt Statistics ID 1 65535 Security Switch RMON Statistics Lookup Description Show RMON Statistics entries Syntax Security Switch RMON Statistics Lookup lt stats_id gt Parameters lt stats_id gt Statistics ID 1 65535 Security Switch RMON History Add Description Add or modify RMON Hisotry entry The entry index key is lt history_id gt Syntax Security Switch RMON History Add lt history_id gt lt data_source gt lt interval gt lt buckets gt Parameters lt history_id gt History ID 1 65535 lt data_source gt The OID that indicates that the iflndex in ifEntry The value should be like 1 3 6 1 2 1 2 2 1 1 xxx 424 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt interval gt Sampling interval 1 3600 default 1800 lt buckets gt The maximum data entries associated this History control entry stored in RMON 1 65535 default 50 Security Switch RMON History Delete Description Delete RMON Hisotry entry The entry index key is lt history_id gt Syntax Security Switch RMON History Delete lt history_id gt Parameters lt history_id gt History ID 1 65535 Security Switch RMON History Lookup Description Show RMON History entries Syntax Security Switch RMON History Lookup lt history_id gt Parameters lt history_id gt Hist
446. ly saved values 4 7 8 Port Status This page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 11 appears STP Port Status CIST Role CIST State Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Non STP Forwarding Auto refresh C Figure 4 7 11 STP Port Status Page Screenshot L 3 4 5 6 8 9 0 _ The page includes the following fields Object Description e Port The switch port number of the logical STP port e CIST Role The current STP port role of the ICST port The port role can be one of the following values E AlternatePort E BackupPort E RootPort E DesignatedPort e CIST State The current STP port state of the CIST port The port state can be one of the following values Disabled Blocking Learning Forwarding 167 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E Non STP e Uptime The time since the bridge port was last initialized Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refiesh Click to refresh the page immediately 4 7 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics sc
447. m Display the wavelength of current SFP module The wavelength value is gotten from the SFP module Use this column to check if the wavelength values of two nodes are matched while the fiber connection is failed e Distance m Display the support distance of current SFP module The distance value is gotten from the SFP module e Temperature C Display the temperature of current SFP module The temperature value is gotten from the SFP module e Voltage V Display the voltage of current SFP module The voltage value is gotten from the SFP module e Current mA Display the ampere of current SFP module The ampere value is gotten from the SFP module e TX Power dBm Display the TX power of current SFP module The TX power value is gotten from the SFP module e RX Power dBm Display the RX power of the current SFP module The RX power value is gotten from the SFP module 112 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Auto refresh t Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately 4 4 5 Port Mirror Configure port Mirroring on this page This function provide to monitoring network traffic that forwards a copy of each incoming or outgoing packet from one port of a network Switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alt
448. mark Description Set or show the port DSCP remarking mode Syntax QoS Port DSCP EgressRemark lt port_list gt disable enable remap_dp_ unaware remap_dp_aware Parameters lt port_list gt Port list or all default All ports disable Disable DSCP egress rewrite enable Enable DSCP egress rewrite with the value received from analyzer remap_dp_unaware Rewrite DSCP in egress frame with remapped DSCP where remap is DP unaware or DP 0 remap_dp_aware Rewrite DSCP in egress frame with remapped DSCP where remap is DP aware and DP 1 default Show port DSCP egress remarking mode Default Setting disable Example Enable DSCP egress rewrite NS3552 8P 2S gt QoS Port DSCP EgressRemark 1 10 enable QoS DSCP Map Description Set or show DSCP mapping table This table is used to map QoS class and DP level based on DSCP value DSCP value used to map QoS class and DPL is either translated DSCP value or incoming frame DSCP value Syntax QoS DSCP Map lt dscp_list gt lt class gt lt dpl gt Parameters lt dscp_list gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all default Show DSCP ingress map table i e DSCP gt class DPL lt class gt QoS class 0 7 lt dpl gt Drop Precedence Level 0 1 535 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS DSCP Translation Description Set or show global ingress DSCP translation table If port DSCP translation is enabled
449. mask gt IP subnet mask a b c d default Show IP mask Example Add SNMPv3 community entry 415 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SNMP Community Delete Description Delete SNMPv3 community entry Syntax Security Switch SNMP Community Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 community entry NS3552 8P 2S gt security switch snmp community delete 3 Security Switch SNMP Community Lookup Description Lookup SNMPv3 community entry Syntax Security Switch SNMP Community Lookup lt index gt Parameters lt index gt entry index 1 64 Example Lookup SNMPv3 community entry NS3552 8P 2S gt security switch snmp community lookup Idx Community Source IP Source Mask 192 168 0 20 255 255 255 0 0 0 0 0 0 0 0 0 Number of entries 2 Security Switch SNMP User Add Description 416 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add SNMPv3 user entry The entry index key are lt engineid gt and lt user_name gt and it doesn t allow modify Syntax Security Switch SNMP User Add lt engineid gt lt user_name gt MD5 SHA lt auth_password gt DES lt priv_password gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string lt user_name gt A string identifying the user name that this entry should belong to The name of Non
450. me RFC4670 Name Description Rx Responses Rx Malformed Responses Rx Bad Authenticators Rx Unknown Types The number of RADIUS packets valid or invalid received from the server radiusAccClientExt Responses radiusAccClientExt The number of malformed MalformedRespons RADIUS packets received es from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators received from the server radiusAcctClientExt BadAuthenticators The number of RADIUS packets of unknown types that were received from the server on the accounting port radiusAccClientExt UnknownTypes 258 Rx Tx Tx Tx Tx IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Packets Dropped Requests Retransmissions Pending Requests Timeouts radiusAccClientExt PacketsDropped radiusAccClientExt Requests radiusAccClientExt Retransmissions radiusAccClientExt PendingRequests radiusAccClientExt Timeouts The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server
451. ment configuration prio is the priority PCP of transmitted LM frame uni multi is selecting uni cast or multi cast transmission of LM frame single dual is selecting single ended LMM or dual ended CCM LM 10s 1s 6m 1m 6h is the number of LM frame pr second 513 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual flr is the Frame Loss Ratio time interval Syntax MEP Im config lt inst gt lt prio gt uni multi single dual 10s 1s 6m 1m 6h lt flr gt enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority uni multi Destination address is unicast or multicast single dual LM is single or dual ended 10s 1s 6m 1m 6h LM period 10s gt 10 PDU pr second lt flr gt Frame loss ratio in sec enable disable enable disable MEP APS Configuration Description MEP APS configuration prio is the priority PCP of transmitted APS frame uni multi is selecting uni cast or multi cast transmission of APS frame laps raps is selecting ELPS or ERPS protocol octet is the last octet in RAPS multicast MAC Syntax MEP aps config lt inst gt lt prio gt uni multi laps raps lt octet gt enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority uni multi Destination address is unicast or multicast laps raps Selection of Linear or Ring APS type lt octet gt The last octet in RAPS multicast MAC enable di
452. mware Update Browse Figure 4 2 22 Web Firmware Upgrade Page Screenshot To open Firmware Upgrade screen perform the following 1 Click System gt Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 22 Browse 3 Click the button of the main page the system would pop up the file selection menu to choose firmware 4 Select on the firmware and then click the Software Upload Progress would show the file upload status 5 Once the software is loaded to the system successfully the following screen appears The system will load the new software after reboot 90 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Firmware update in progress The uploaded firmware image is being transferred to flash The system will restart after the update Until then do not reset or power off the device v Completed Figure 4 2 23 Software Successfully Loaded Notice Screen g DO NOT Power OFF the Industrial Managed Switch until the update progress is complete Note Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply for the new firmware User has to repeat the firmware Note upgrade processes again 4 2 20 TFTP Firmware Upgrade The Firmware Upgrade page provides the functions to allow a user to update the Industrial Managed Switch firmware from the TFTP server in the network Before updating make
453. n group id 1 64 ERPS Guard timeout Description configuring guard timeout for a protection group guard timeout should be configured in the increments of 10 milliseconds minimum guard timeout 10ms and maximum 2 seconds lt guard_timeout gt guard timeout lt group id gt protection group id for configuring guard time Syntax Erps guard timeout lt guard_timeout gt lt group id gt Parameters lt guard_timeout gt timer timeout values lt group id gt protection group id 1 64 ERPS WRT timeout Description configuring wait to restore timeout for a protection group in minutes in the range of 1 to 12 minutes lt wtr_timeout gt configuring wtr timeout lt group id gt protection group id for configuring wtr time Syntax Erps wtr timeout lt wtr_timeout gt lt group id gt Parameters lt wtr_timeout gt timer timeout values lt group id gt protection group id 1 64 568 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS Delete Description deletion of a protection group lt group id gt protection group id for deletion Syntax Erps delete lt group id gt Parameters lt group id gt protection group id 1 64 ERPS Topologychange Description specifying topology change propagation parameters for a given protection group propagate nopropagate enabling or disabling topology change propagation for a given group lt group_id gt protection group id Syntax E
454. n of the individual states The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned e Port VLAN ID Port Counters Object The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Description e EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Direction Name IEEE Name Description Rx Total dot1xAuthEapolFrames The number of valid EAPOL Rx frames of any type that has been received by the switch Rx Response ID dotixAuthEapolRespld The number of valid EAPOL FramesRx Response Identity frames that have been received by the switch Rx Responses dot1xAuthEapolRespFr The number of valid EAPOL amesRx response frames other than Response Identity frames that have been received by the switch Rx Start dotixAuthEapolStartFra The number of EAPOL Start mesRx frames that have been received by the switch Rx Logoff dot1xAuthEapolLogoffFr The number of valid EAPOL amesRx Logoff frames that have been received by the switch Rx Invalid Type dotixAuthInval
455. n user or computer information is unavailable Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue j Local Area Connection 3 x Click here to enter your user name and password for the network Figure 4 11 20 Windows Client Popup Login Request Message 266 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Local Area Connection 3 User name test Password co Logon domain Figure 4 11 21 267 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 Security This section is to control the access of the Industrial Managed Switch including the user access and management control The Security page contains links to the following main topics le Port Limit Control m Access Management a Access Management Siatistics a HTTPs m SSH E Port Security Status E Port Security Detail E DHCP Snooping E DHCP Snooping Statistics E IP Source Guard Configuration E IP Source Guard Static Table E ARP Inspection El ARP Inspection Static Table 4 12 1 Port Limit Control This page allows you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given
456. ne row for each port on the selected switch in the stack and a number of columns which are Object Description e Port The port number for which the configuration below applies e Mode The Configuration All with available options will assign to whole ports Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port e Limit The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The stack switch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses e Action The Configuration All with available options will assign to whole ports If Limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If Limit 1 MAC address is seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent every t
457. ned E Deny Frames matching the ACE are dropped 218 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled e Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled e Mirror Specify the mirror operation of this port The allowed values are E Enabled Frames received on the port are mirrored E Disabled Frames received on the port are not mirrored The default value is Disabled e CPU Forward packet that matched the specific ACE to CPU e CPU Once Forward first packet that matched the specific ACE to CPU e Counter The counter indicates the number of times the ACE was hit by a frame e Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations Buttons Select the ACL status from this drop down list Auto refresh l Refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 219 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 10 2 Access Control List Configuration This pa
458. ng standadized or proprietary DM the latest is using off standard follow up message carrying the exact HW transmit timestamp rdtrp flow is selecting round trip or flow delay calculation Round trip is not using the far end timestamps to calculate the far end residence time gap Gap between transmitting 1DM DMM PDU in 10 ms count number of frames used for average calculation on the latest count frames received 517 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual us ns calculation results are shown in micro or nano seconds keep reset the action in case of total delay counter overflow either keep all results or reset all results d2ford1 this is selecting to used two way DMM for calculate one way delay Syntax MEP dm config lt inst gt lt prio gt uni multi lt mep gt oneway twoway std prop rdtrp flow lt gap gt lt count gt us ns keep reset d2ford1 enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority uni multi Destination address is unicast or multicast lt mep gt This MEP id 0 0x1FFF oneway twoway DM is one way or two way std prop Standard or Vitesse proprietary way w follow up packets to send DM rdtrp flow 2 4 timestamps selection lt gap gt Gap between 1DM DMM to send in 10ms 10 65535 lt count gt The number of last records to calculate 10 2000 us ns Time resolution keep reset The action to counter when ov
459. ng tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and the Designated Ports Es Note 153 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The following are the user configurable STP parameters for the switch level Parameter Bridge Identifier Not user configurable except by setting priority below Priority Hello Time Maximum Age Timer Forward Delay Timer Description A combination of the User set priority and the switch s MAC address The Bridge Identifier consists of two parts a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch being elected as the root bridge The length of time between broadcasts of the hello message by the switch Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer The amount time spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state The following are the user configurable STP parameters for the port or port group level Variable Port Priority Description A relative p
460. nnection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through the Telnet program just as if they were entering commands directly on the server console TFTP is an acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Protocol UDP and provides file writing and reading but it does not provide directory service and security features ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the 6 bit ToS field in the IP header The most significant 6 bits of the ToS field are fully decoded into 64 possibilities and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 628 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual TLV is an acronym for Type Length Value A LLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV TKIP is an acronym for Temporal Key Integrity Protocol It used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and c
461. nsive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4095 Q in Q VLAN Tunnel Core Switch o VLAN Tag Tag Q in Q VLAN Tunnel 129 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The Industrial Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into the MAN Metro Access Network space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs This is accomplished by adding a VLAN tag with a MAN related VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use Ether Type 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports This way the MAC table requirements is reduced 130 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN Port Configuration The VLAN Port Configurat
462. ntax STP Port Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear the selected port statistics Example Show STP port statistics NS3552 8P 2S gt stp port statistics Rx MSTP TxMSTP RxRSTP TxRSTP RxSTP TxSTP RxTCN TxTCN Rxill STP Port Mcheck Description Set the STP mCheck Migration Check variable for ports Syntax STP Port Mcheck lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 NS3552 8P 2S gt stp port mcheck 1 STP MSTI Port Configuration Description Show the STP port instance configuration Syntax STP Msti Port Configuration lt msti gt lt port_list gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports Default 474 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual auto STP MSTI Port Cost Description Set or show the STP port instance path cost Syntax STP Msti Port Cost lt msti gt lt port_list gt lt path_cost gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt path_cost gt STP port path cost 1 200000000 or auto Default auto Example Set MSTI7 in port1 NS3552 8P 2S gt st
463. nterface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI MODE The section explains how to manage the Industrial Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to do the switch operation of the Industrial Managed Switch Section 8 TROUBLESHOOTING The chapter explains how to do troubleshooting of the Industrial Managed Switch Appendix A The section contains cable information of the Industrial Managed Switch Appendix B The section contains Glossary information of the Industrial Managed Switch 29 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 1 4 Product Features gt Physical Port NS3552 8P 2S 8 Port 10 100 1000Base T Gigabit Ethernet RJ 45 with IEEE 802 3af 802 3at PoE Injector 2 100 1000Base X mini GBIC SFP slots SFP type auto detection One RJ 45 console interface for basic management and setup NS3550 2T 8S 2 Port 10 100 1000Base T Gigabit Ethernet RJ 45 8 100 1000Base X mini GBIC SFP slots SFP type auto detection One RJ 45 console interface for basic management and setup NS3552 8P 2S 8 Port 10 100 1000Base T Gigabit Ethernet RJ 45 with IEEE 802 3af 802 3at PoE Injector 2 100 1000Base X mini GBIC SFP slots SFP type auto detection One RJ 45 console interface for basic management and setup gt Power over Ethernet NS3552 8P 2S ONLY Complies with IEEE 802 3af IEEE 802 3at Power over Ethernet En
464. ntity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during boot up the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication the client transmits frames as if the port was in the authorized state A port in the authorized state effectively means that the client has been successfully authenticated When the client supplies its identity the switch begins its role as the intermediary passing EAP frames between the client and the authentication server until authentication succeeds or fails If the authentication succeeds the switch port becomes authorized The specific exchange of EAP frames depends on the authentication method being used Figure 4 11 2 shows a message exchange initiated by the client using the One Time Password OTP authentication method with a RADIUS server 235 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Authentication Server Client a 802 1X Switch RADIUS s Fl EAPOL Start EAP Request Identity E
465. ntry after the last entry currently displayed 4 13 4 Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this page The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by MAC address The Dynamic IP Source Guard Table screen in Figure 4 13 4 appears Dynamic IP Source Guard Table Start from Pot VLAN 1 and IP address 0 0 0 0 with 20 entries per page Port LAN ID IP Address MAC Address Auto refresh CI Refresh Figure 4 13 4 Dynamic IP Source Guard Table Screenshot Navigating the ARP Inspection Table Each page shows up to 99 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic IP Source Guard Table The Start from port address VLAN IP address and IP mask input fields allow the user to select the 290 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual starting point in the Dynamic IP Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt wil
466. number of columns which are Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port e Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security e State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page e MAC Count Current Limit Buttons The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no us
467. o the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit as reflected by the page header Object Description e Port The switch port number of the logical LLDP port e Mode Select LLDP mode All means all ports will have one specific setting E Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed E Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information E Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors E Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors e CDP Aware Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP on the port is enabled Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbor s table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbor s table as shown below CDP TLV
468. ocol based VLAN Ethernet II protocol to group mapping Syntax VCL ProtoVlan Protocol Add Eth2 lt ether_type gt arplip ipx at lt group_id gt Parameters lt ether_type gt arp ip ipx at Ether Type 0x0600 OxFFFF lt group_id gt Protocol group ID VCL Protocol based VLAN Add SNAP Description Add VCL protocol based VLAN SNAP protocol to group mapping 586 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax VCL ProtoVlan Protocol Add Snap lt oui gt rfc_1042 snap_8021h lt pid gt lt group_id gt Parameters lt oui gt rfc_1042 snap_8021h OUI value Hexadecimal 00 00 00 to FF FF FF lt pid gt PID value Ox0 OxFFFF If OUI is 00 00 00 valid range of PID is from 0x0600 0xF FFF lt group_id gt Protocol group ID VCL Protocol based VLAN Add LLC Description Add VCL protocol based VLAN LLC protocol to group mapping Syntax VCL ProtoVlan Protocol Add Llc lt dsap gt lt ssap gt lt group_id gt Parameters lt dsap gt DSAP value 0x00 0xFF lt ssap gt SSAP value 0x00 0xFF lt group_id gt Protocol group ID VCL Protocol based VLAN Delete Ethernet II Description Delete VCL protocol based VLAN Ethernet 1 protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Eth2 lt ether_type gt arplip ipx at Parameters lt ether_type gt arp ip ipx at Ether Type 0x0600 OxFFFF VCL Protocol based VLAN Delete SNAP Description Delete VCL protocol based VLAN SNAP pr
469. odes e Multi 802 1X MAC based Auth X Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared 249 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual however Clear This This button is available in the following modes e Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters 250 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 11 6 Authentication Server Configuration This page allows you to configure the Authentication Servers The Authentication Server Configuration screen in Figure 4 11 7 appears Authentication Server Configuration Common Server Configuration 49 Figure 4 11 7 Authentication Server Configuration Page Screenshot 251 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Port State These settings are common for all of the Authentication Servers Object e Timeout Description The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 s
470. of Service Command QoS Configuration Description Show QoS Configuration Syntax QoS Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports QoS Port Classification Class Description Set or show the default QoS class Syntax QoS Port Classification Class lt port_list gt lt class gt Parameters lt port_list gt Port list or all default All ports lt class gt QoS class 0 7 Default Setting 0 Example Set default QoS class in 1 for port 1 NS3552 8P 2S gt qos Port Classification Class 1 1 522 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Port Classification DPL Description Set or show the default Drop Precedence Level Syntax QoS Port Classification DPL lt port_list gt lt dpl gt Parameters lt port_list gt Port list or all default All ports lt dpl gt Drop Precedence Level 0 1 Default Setting 0 Example Set the default Drop Precedence Level in 1 for porti NS3552 8P 2S gt q0s Port Classification dpl 1 1 QoS Port Classification PCP Description Set or show the default PCP for an untagged frame Syntax QoS Port Classification PCP lt port_list gt lt pcp gt Parameters lt port_list gt Port list or all default All ports lt pcp gt _ Priority Code Point 0 7 Default Setting 0 Example Set the default PCP for an untagged frame in 1 for porti NS3552 8P 2S
471. ol Default disable Example Enable STP function on port1 NS3552 8P 2S gt stp port mode 1 enable STP Port Edge Description Set or show the STP adminEdge port parameter Syntax STP Port Edge lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default disable Example 470 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Enable STP edge function on port1 NS3552 8P 2S gt stp port edge 1 enable STP Port AutoEdge Description Set or show the STP autoEdge port parameter Syntax STP Port AutoEdge lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Enable MSTP autoEdge Disable Disable MSTP autoEdge Default enable Example Disable STP edge function on port1 NS3552 8P 2S gt stp port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P lt port_list gt enable disable auto Parameters lt port_list gt Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point detection 471 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default auto Example Disable STP P2P function on port1 NS3552 8P 2S gt stp port p
472. ol The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port E Disabled All power savings mechanisms disabled E ActiPHY Link down power savings enabled E PerfectReach Link up power savings enabled E Enabled Both link up and link down power savings enabled Bh When setting each port to run at 100M Full 100M Half 10M Full and 10M Half speed modes the Auto MDIX function will disable Note 108 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Any changes made locally will be undone 4 4 2 Port Statistics Overview This page provides an overview of general traffic statistics for all switch ports The Port Statistics Overview screen in Figure 4 4 2 appears Port Statistics Overview ort 44507 i co om ll O 1 O 1 O 1 O El Sy O El O El O EN O El 50000000000 w oOo a oO a oO e o o w o a oO a oO o oO o E oo n o a o a o o El O El O ME O EN O EN O 1 2 3 4 5 6 Z 8 9 10 00000o0O0Oo0OoO EN O E O 1 O E O E Auto refresh C Figure 4 4 2 Port Statistics Overview Page Screenshot The displayed counters are Object Description e Port The logical port for the settings contained in the same r
473. ollowing fields Object Description User Indicates the QCL user QCE Indicates the index of QCE Frame Type Indicates the type of frame to look for incoming frames Possible frame types are E Any The QCE will match all frame type E Ethernet Only Ethernet frames with Ether Type 0x600 OxFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames IPv6 The QCE will match only IPV6 frames Port Action Indicates the list of ports configured with the QCE Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP EH Class Classified QoS Class if a frame matches the QCE it will be put in the queue E DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column E DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column Conflict Buttons Combined Auto refresh Click to release the resources required to add QCL entry incase conflict status for any QCL entry is yes Refresh Displays QCE status It may happen that resources required to add a QCE may not available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved
474. on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to block a particular connection is based on the STP calculation of the most current Bridge and Port settings Now if switch A broadcasts a packet to switch C then switch C will drop the packet at port 2 and the broadcast will end there Setting up STP using values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward 155 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual A LAN 1 gt Port cost 200 000 A e Bridge ID 15 Port cost 20 000 Port cost 20 000 Port cost 20 000 Port cost 20 000 B c Bridge ID 30 Bridge ID 20 Port cost 200 000 Port cost 200 000 Port cost 200 000 A Ah A AN3 _ gt Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used 156 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual A gt Root Bridge Designated Port Designated Port Ro
475. on Controls the classification mode for tagged frames on this port E Disabled Use default QoS class and DP level for tagged frames E Enabled Use mapped versions of PCP and DEI for tagged frames e PCP DEI to QoS The Configuration All with available values will assign to whole items class DP level Controls the mapping of the classified PCP DEI to QoS class DP level values Mapping when Tag Classification is set to Enabled Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Cancel Cancel Return to the previous page 4 9 5 Port Scheduler This page provides an overview of QoS Egress Port Schedulers for all switch ports The Port Scheduler screen in Figure 4 9 6 appears QoS Egress Port Schedulers por mots Tejas Q4 Strict Priority aS a Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority Strict Priority 1 a 3 4 5 6 r 8 9 10 Figure 4 9 6 QoS Egress Port Schedule Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1 e Mode Shows the scheduling mode for this port e QO Q5 Shows the weight for this queue and port 2
476. on is enabled on this switch port e Action Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only e Tx Mode Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 17 2 Status This page displays the loop protection port status the ports from the Industrial Managed Switch Loop Protection Status Auto refresh Refresh No ports enabled No ports enabled Figure 4 17 2 Loop Protection Status Page Screenshot The page includes the following fields Object Description e Port The switch port number of the logical port e Action The currently configured port action e Transmit The currently configured port transmit mode e Loops The number of loops detected on this port e Status The current loop protection status of the port e Loop Whether a loop is currently detected on the port e Time of Last Loop The time of the last loop event detected 327 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 328 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 1
477. onferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features E Up to 255 VLANs based on the IEEE 802 1Q standard E Port overlapping allowing a port to participate in multiple VLANs E End stations can belong to multiple VLANs E Passing traffic between VLAN aware and VLAN unaware devices E Priority tagging M IEEE 802 1Q Standard IEEE 802 1Q tagged VLAN are implemented on the Switch 802 1Q VLAN require tagging which enables them to span the entire network assuming all switches on the network are IEEE 802 1Q compliant VLAN allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging E The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recogni
478. onfiguration The table has one row for each RADIUS Accounting Server and a number of columns which are Object Description o The RADIUS Accounting Server number for which the configuration below applies e Enabled Enable the RADIUS Accounting Server by checking this box e IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is expressed in dotted decimal notation e Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 252 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual zero the default port 1813 is used on the RADIUS Accounting Server The secret up to 29 characters long shared between the RADIUS Accounting Server and the switch e Secret TACACS Authentication Server Configuration The table has one row for each TACACS Authentication Server and a number of columns which are Object Description o The TACACS Authentication Server number for which the configuration below applies e Enabled Enable the TACACS Authentication Server by checking this box e IP Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation e Port The TCP port to use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server e Secret The secret up to 29 characters long sha
479. oooccnonccoonccnoncnnnnnonnn nc non nano r cnn nano 421 Security Switch SNMP Access Ad d i a aa a a a e eE a ana aiaa 422 Security Switch SNMP Access Delete cccccccceesenceeeseeeeeeeeeeeeeseaeeeeseaneeeseaeeeescaeeeesseaeeesccaeeesssceeessneaeeessnaeees 422 Security Switch SNMP Access LOOKUP ccesceeseeeeeseeeeseeteneeeeaeeseaeeseaeesaeeeeaeeceaeeeeaeeseaeeseaeeseaeeseaeeseeeeseeeeae 423 Security Switch RMON Statistics Add in oa ae E a ie iae 423 Security Switch RMON Statistics Del te cesme a a A EAE a RR aia 424 Security Switch RMON Statistics LOOKUP cococionccnnccononcconcccnoncnonncoroncnnnncnnnnc cnn cnn nc cnn cnn nc e a aata diaaa EN ata 424 Security SWiteh RMON History Add asn ocioteca ina RE EA Ea a aE 424 Security Switch RMON History Delete oooooocoincccinncccocccconccnonccnnnncnoncnnnn canon cc non narran rar rra 425 Security Switch RMON History Lookup ccooooococccnoncccocccnonccnonccnnnconnncc ronca nnn cnn rra narrar nr 425 Security Switch RMON Alarm Add cccccccssccceeeeeeeeeseaeeeeesaeeeesceaeeeescaaeeesaaaeeseceaeeeeneaeeesesaeessccaeeesssseessseneeesseaeees 425 Security Switch RMON Alarm Delete ccccceccceeeencceeeeseeeeeeaeeeeceaeeecenaaeeesesaeeeescaeeessaeaeeescaeeessseeeesseaeeesseaeess 426 Security Switch RMON Alarm Lookup cecceeeceeeeeeeeneeeeaeeeeaeeeeaeeeeaeeeeaeeseaeeeeaeeseseeeeaeeeeaeeseaeeseeeenieeeeeeeeieeeeaees 427 Security Switch RMON Even Add 21 22
480. oop protection to provide sub 50ms protection and recovery switching for Ethernet traffic in a ring topology ERPS provides a faster redundant recovery than Spanning Tree topology The action is similar to STP or RSTP but the algorithms between them are not the same In the Ring topology every switch should be enabled with Ring function and two ports should be assigned as the member ports in the ERPS Only one switch in the Ring group would be set as the RPL owner switch that one port would be blocked called owner port and PRL neighbor switch has one port that one port would be blocked called neighbor port that connect to owner port directly and this link is called the Ring Protection Link or RPL Each switch will sends ETH CCM message to check the link status in the ring group When the failure of network connection occurs the nodes block the failed link and report the signal failure message the RPL owner switch will automatically unblocks the PRL to recover from the failure 338 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Normal Link Status RPL Owner ETH CCM Ethernet Ethernet Node1 Node4 ES A A a zi sz O No O nO z y y aa _ Ethernet Ethernet NT q ETH CCM RPL Neighbour 6 Ring Protection Link ES a Fault Link Status RPL Owner Ethernet Ethernet Node1 e x Node4 Ethernet Ethernet Node2 Node3 RPL Neighbour 60 Port will block off when link failure occu
481. op Agent Option The number of packets that were dropped was received with relay agent information Buttons Auto refresh i Clear te Clear all statistics Refiesh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 4 2 11 CPU Load This page displays the CPU load using a SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears 80 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Auloratesh El CPU Load all numbers running average 100ms 3 f 1sec 1 10sec 1 75 g Al mn Bi 25 al AMAN Ms YA CNN AN ay ae Figure 4 2 14 CPU Load Page Screenshot Buttons Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Auto refresh ga Note If your browser cannot display anything on this page please download Adobe SVG tool and install it in your computer 4 2 12 System Log The switch system log information is provided here
482. or ring id gt Parameters lt group id gt protection group id 1 64 lt east_port gt Port 0 of a protection group lt west_port gt Port 1 of a protection group major sub ring type interconnected Set for interconnected node virtual_channel Set for virtual channel lt major ring id gt major ring of a sub ring when configuring as an interconnected node 563 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual ERPS Reversion Description Configuring reversion characteristics for a given node revertive nonrevertive enabling or disabling reversion for a given group lt group_id gt protection group id Syntax Erps reversion revertive nonrevertive lt group id gt Parameters revertive nonrevertive specifying reversion parameters lt group id gt protection group id 1 64 ERPS VLAN Add Description Associating a given vlan to a protection group lt vid gt vlan to be protected lt group id gt protection group id for which vid belongs to Syntax Erps vlan add lt vid gt lt group id gt Parameters lt vid gt VLAN ID 1 4095 lt group id gt protection group id 1 64 ERPS VLAN Delete Description Disassociating a given vlan to a protection group lt vid gt protected vlan to be deleted lt group id gt protection group id for which vid belongs to Syntax Erps vlan delete lt vid gt lt group id gt 564 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Par
483. ormation is used a The unique switch identifier a The path cost to the root associated with each switch port a The port identifier STP communicates between switches on the network using Bridge Protocol Data Units BPDUs Each BPDU contains the following information a The unique identifier of the switch that the transmitting switch currently believes is the root switch a The path cost to the root from the transmitting port 151 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual E The port identifier of the transmitting port The switch sends BPDUs to communicate and construct the spanning tree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The communication between switches via BPDUs results in the following a One switch is elected as the root switch a The shortest distance to the root switch is calculated for each switch a A designated switch is selected This is the switch closest to the root switch through which packets will be forwarded to the root a A port for each switch is selected This is the port providing the best path from the switch to the root switch a Ports included in the STP are selected Creating a Stable STP Topology It is to make the root port a fastest link If all switches ha
484. ormation mode operation e Relay Information Indicates the DHCP relay information option policy When enable DHCP relay Policy information mode operation if agent receive a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay information operation mode enabled Possible policies are HE Replace Replace the original relay information when receive a DHCP message that already contains it E Keep Keep the original relay information when receive a DHCP message that already contains it E Drop Drop the package when receive a DHCP message that already contains relay information Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 10 DHCP Relay Statistics This page provides statistics for DHCP relay The DHCP Relay Statistics screen in Figure 4 2 13 appears DHCP Relay Statistics Server Statistics Transmit to Transmit Receive from Receive Missing Agent Receive Missing Receive Missing Receive Bad Receive Bad Server Error Server Option Circuit ID Remote ID Circuit ID Remote ID D D 0 0 Client Statistics Transmit to Client Transmit Error Receive from Client Receive Agent Option Replace Agent Option Keep Agent Option Drop Agent Option 0 0 0 0 D 0 D Auto Refresh Refresh Clear Figure 4 2 13 DHCP Relay Statistics Page Screenshot The page includes the
485. ort 10 in man Ethernet type NS3552 8P 2S gt vlan ethtype 10 man VLAN untagVID Description Set or show the port untagVLAN ID 387 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax VLAN untagVID lt port_list gt lt untagvid gt Parameters lt port_list gt Port list or all default All ports lt untagvid gt Port VLAN ID 0 4095 or none default Show port VLAN ID If Untag VID 0 then disable untag VID function Default Setting N A VLAN Add Description Add or modify VLAN entry Syntax VLAN Add lt vid gt lt name gt lt port_list gt Parameters lt vid gt lt name gt VLAN ID 1 4095 or VLAN Name lt port_list gt Port list or all default All ports Default Setting 1 Example Add port1 to port4 in VLAN10 NS3552 8P 2S gt vlan add 10 1 4 VLAN Forbidden Add Description Add or modify VLAN entry in forbidden table Syntax VLAN Forbidden Add lt vid gt lt name gt lt port_list gt 388 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt vid gt lt name gt VLAN ID 1 4095 or VLAN Name lt port_list gt Port list or all default All ports Example Frobidden add port1 to port4 in VLAN10 NS3552 8P 2S gt vlan forbidden add 10 1 4 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete lt vid gt lt name gt Parameters lt vid gt lt name gt VLAN ID 1 4095 or VLAN Name Example Delete
486. ort gt 591 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt server gt SMTP server address lt port gt SMTP server port Default Setting disable SMTP Auth Description Enable or disable SMTP authentication configure Syntax SMTP Auth enable disable Parameters enable Enable SMTP Authentication disable Disable SMTP Authentication default Show SMTP Authentication Default Setting disable SMTP Auth_user Description Set or show SMTP authentication user name configure Syntax SMTP Auth_user lt auth_user_text gt Parameters lt auth_user_text gt SMTP Authentication User Name Default Setting disable 592 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual SMTP Auth_pass Description Set or to show SMTP authentication password configure Syntax SMTP Auth_pass lt auth_pass_text gt Parameters lt auth_pass_text gt SMTP Authentication Password Default Setting disable SMTP Mail from Description Set or show SMTP e mail from configure Syntax SMTP Mailfrom lt mailfrom_text gt Parameters lt mailfrom_text gt SMTP E mail From address Default Setting Disable SMTP Mail Subject Description Set or to show SMTP e mail subject configure Syntax SMTP Mailsubject lt mailsubject_text gt Parameters lt mailsubject_text gt SMTP E mail Subject 593 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual De
487. ory ID 1 65535 Security Switch RMON Alarm Add Description Add or modify RMON Alarm entry The entry index key is lt alarm_id gt Syntax Security Switch RMON Alarm Add lt alarm_id gt lt interval gt lt alarm_vairable gt absolute delta lt rising_threshold gt lt rising_event_index gt lt falling_threshold gt lt falling_event_index gt rising falling both Parameters lt alarm_id gt Alarm ID 1 65535 lt interval gt Sampling interval 1 2147483647 default 30 425 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt alarm_vairable gt The MIB OID that need to be referenced 1 3 6 1 2 1 2 2 1 10 xxx iflnOctets 1 3 6 1 2 1 2 2 1 11 xxx iflnUcastPkts 1 3 6 1 2 1 2 2 1 12 xxx iflnNUcastPkts 1 3 6 1 2 1 2 2 1 13 xxx iflnDiscards 1 3 6 1 2 1 2 2 1 14 xxx iflnErrors 1 3 6 1 2 1 2 2 1 15 xxx iflnUnkownProtos 1 3 6 1 2 1 2 2 1 16 xxx ifOutOctets 1 3 6 1 2 1 2 2 1 17 xxx ifOutUcastPkts 1 3 6 1 2 1 2 2 1 18 xxx ifOutNUcastPkts 1 3 6 1 2 1 2 2 1 19 xxx ifOutDiscards 1 3 6 1 2 1 2 2 1 20 xxx ifOutErrors 1 3 6 1 2 1 2 2 1 21 xxx ifOutQLen xxx means the interface identified by a particular value of this index is the same interface as identified by the same value of OID iflndex absolute Get the sample directly delta Calculate the difference between samples default lt rising_threshold gt Rising threshold value 2147483648 21 47483647 lt
488. ot Port Root Port C rors Designated Bridge A AN2 __ gt a AN3 __ gt Figure 4 7 3 After Applying the STA Rules The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 20 000 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP System Configuration This page allows you to configure STP system settings The settings are used by all STP Bridge instances in the Switch or switch Stack The Managed Switch support the following Spanning Tree protocols Compatible Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops Extension Multiple Spanning Tree Protocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures
489. otocol to group mapping Syntax VCL ProtoVlan Protocol Delete Snap lt oui gt rfc_1042 snap_8021h lt pid gt 587 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt oui gt rfc_1042 snap_8021h OUI value Hexadecimal 00 00 00 to FF FF FF lt pid gt PID value Ox0 OxFFFF If OUI is 00 00 00 valid range of PID is from 0x0600 0xF FFF VCL Protocol based VLAN Delete LLC Description Delete VCL protocol based VLAN LLC protocol to group mapping Syntax VCL ProtoVlan Protocol Delete Llc lt dsap gt lt ssap gt Parameters lt dsap gt DSAP value 0x00 0xFF lt ssap gt SSAP value 0x00 0xFF VCL Protocol based VLAN Add Description Add VCL protocol based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Add lt port_list gt lt group_id gt lt vid gt Parameters lt port_list gt Port list or all default All ports lt group_id gt Protocol group ID lt vid gt VLAN ID 1 4095 VCL Protocol based VLAN Delete Description Delete VCL protocol based VLAN group to VLAN mapping Syntax VCL ProtoVlan Vlan Delete lt port_list gt lt group_id gt 588 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt port_list gt Port list or all default All ports lt group_id gt Protocol group ID VCL Protocol based VLAN Configuration Description Show VCL protocol based VLAN entries Syntax VCL ProtoVlan Conf VCL IP Subnet based Vlan Configur
490. ource guard status Security Network IP Source Guard Translation Description Translate IP source guard dynamic entries into static entries Syntax Security Network IP Source Guard Translation 454 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network ARP Inspection Configuration Description Show ARP inspection configuration Syntax Security Network ARP Inspection Configuration Example Show ARP inspection configuration Security Network ARP Inspection Mode Description Set or show ARP inspection mode Syntax Security Network ARP Inspection Mode enable disable Parameters enable Enable ARP Inspection disable Disable ARP Inspection Default Setting disable Example Enable ARP inspection mode NS3552 8P 2S gt security network arp inspection mode enable Security Network ARP Inspection Port Mode Description Set or show the ARP Inspection port mode Syntax 455 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network ARP Inspection Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable ARP Inspection port disable Disable ARP Inspection port default Show ARP Inspection port mode Default Setting Disable Example Enable the ARP inspection mode of port 1 NS3552 8P 2S gt security network arp inspection port mode 1 Security Network ARP Inspection Entry D
491. ove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked Buttons Add New Entry Click to add a new entry in mapping table 149 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Save Click to save changes Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 150 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 7 Spanning Tree Protocol 4 7 1 Theory The Spanning Tree protocol can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions a STP Spanning Tree Protocol IEEE 802 1D a RSTP Rapid Spanning Tree Protocol IEEE 802 1w a MSTP Multiple Spanning Tree Protocol IEEE 802 1s The IEEE 802 1D Spanning Tree Protocol and IEEE 802 1w Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network When multiple links between switches a
492. ow e Packets The number of received and transmitted packets per port e Bytes The number of received and transmitted bytes per port e Errors The number of frames received in error and the number of incomplete transmissions per port e Drops The number of frames discarded due to ingress or egress congestion e Filtered The number of received frames filtered by the forwarding process Buttons Refresh Click to refresh the page immediately Clear cea Clears the counters for all ports Auto refresh fed Check this box to enable an automatic refresh of the page at regular intervals 109 4 4 3 Port Statistics Detail IFS NS3552 8P 2S AND NS3550 2T 8S User Manual This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The selected port is belonging to the currently selected stack unit as reflected by the page header The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Port Statistics Detail screen in Figure 4 4 3 appears Receive Total Detailed Port Statistics Port 1 Port Auto refresh C Transmit Total Rx Packets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause Tx Packets Tx Octets Tx Unicast Tx Multicast Tx Broadcast Tx Pause Receive Size Counters Transmit Size Counters Rx 64 Bytes
493. ow Auth method Syntax Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web default Set or show the specific client authentication method none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authentication default Show client authentication method enable Enable local authentication if remote authentication fails disable Disable local authentication if remote authentication fails The parameter is effective when it is typed Default Setting disable Example Use RADIUS authentication method for telnet NS3552 8P 2S gt security switch auth method telnet radius enable 399 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch SSH Configuration Description Show SSH configuration Syntax Security Switch SSH Configuration Example Show SSH configuration NS3552 8P 2S gt security switch ssh configuration SSH Configuration SSH Mode Enable Security Switch SSH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting enable Example Enable SSH function NS3552 8P 2S gt security swi
494. ow LLDP MED Coordinates map datum Syntax LLDPMED Datum wgs84 nad83_navd88 nad83_mllw Parameters wgs84 nad83_navd88 nad83_mllw wgs84 WGS84 nad83_navd88 NAD83_NAVD88 nad83_mllw NAD83_MLLW Ildpmed Coordinate datum LLDP MED Fast Description Set or show LLDP MED Fast Start Repeat Count Syntax LLDPMED Fast lt count gt Parameters lt count gt The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism defined by LLDP MED 1 10 494 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP MED Info Description Show LLDP MED neighbor device information Syntax LLDPMED Info lt port_list gt Parameters lt port_list gt Port list or all default All ports 495 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 13 EEE Command EEE Configuration Description Show eee configuration Syntax EEE Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show EEE configuration of port1 4 NS3552 8P 2S gt eee configuration 1 4 EEE Configuration Disabled none Disabled none Disabled none Disabled none EEE Mode Description Set or show the eee mode Syntax EEE Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable EEE disable Disable EEE default Show eee mode Default S
495. owed string length is 0 to 32 Add New Entry Click to add a new access management entry eI o Click to save changes Click to undo any changes made locally and revert to previously saved values 4 10 Access Control Lists ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual 217 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This page shows the
496. p msti port cost 7 1 MSTI Port Path Cost MST7 1 Auto STP MSTI Port Priority Description Set or show the STP port instance priority Syntax STP Msti Port Priority lt msti gt lt port_list gt lt priority gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt priority gt STP port priority 0 16 32 48 224 240 Default 475 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 128 476 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 9 Link Aggregation Command Aggregation Configuration Description Show link aggregation configuration Syntax Aggr Configuration Aggregation Add Description Add or modify link aggregation Syntax Aggr Add lt port_list gt lt aggr_id gt Parameters lt port_list gt Port list or all default All ports lt aggr_id gt Aggregation ID Example Add port 1 4 in Group1 NS3552 8P 2S gt aggr add 1 4 1 Aggregation Delete Description Delete link aggregation Syntax Aggr Delete lt aggr_id gt Parameters lt aggr_id gt Aggregation ID 477 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Delete Group2 NS3552 8P 2S gt aggr delete 2 Aggregation Lookup Description Lookup link aggregation Syntax Aggr Lookup lt aggr_id gt Parameters lt aggr_id gt Aggregation ID Aggregation Mode
497. pan Example Copenhagen e City district City division borough city district ward chou Japan e Block Neighborhood Neighborhood block e Street Street Example Poppelvej Leading street direction Leading street direction Example N Trailing street suffix Trailing street suffix Example SW Street suffix Street suffix Example Ave Platz House no House number Example 21 House no suffix House number suffix Example A 1 2 Landmark Landmark or vanity address Example Columbia University Additional location info Additional location info Example South Wing e Name Name residence and office occupant Example Flemming John e Zip code Postal zip code Example 2791 e Building Building structure Example Low Library e Apartment Unit Apartment suite Example Apt 42 e Floor Floor Example 4 e Room no Room number Example 450F e Place type Place type Example Office Postal community name Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 297 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description e Emergency Call Emergency Call Service ELIN identifier data format is defined to carry the
498. please use this function and don t use Reboot Only function This function offers administrator to reboot PoE device at an indicated time if administrator has this kind of requirement 321 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Reboot Only Allows user to reboot PoE function by PoE reboot schedule Please be noted that if administrator enables this function PoE schedule will not set time to profile This function is just only for PoE port reset at the indicated time e Reboot Hour Allows user to set at what hour that best reboots PoE This function is only for PoE reboot schedule e Reboot Min Allows user to set at what minute that best reboot PoE This function is only for PoE reboot schedule Buttons Add New Rule A click to add new rule Save Click to save changes Delete Check to delete the entry 322 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 6 LLDP PoE Neighbors This page provides a status overview for all LLDP PoE neighbors The displayed table contains a row for each port on which an LLDP PoE neighbor is detected The columns hold the following information The screen in Figure 4 16 6 appears LLDP Neighbour Power Over Ethernet Information Local Port Power Type Power Priority 2 PD Device Unknown Unknown 6 3 VV Auto refresh C Figure 4 16 6 LLDP PoE Neighbor Screenshot Please be noted that administrator has to enable LLDP port from LLDP configurat
499. pmc_param_qi Parameters mlid igmp mld IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs ipmc_param_qi 1 Default Value 125 1 31744 Query Interval in seconds default Show IPMC Interface Query Interval IPMC Parameter QRI Description Set or show the IPMC Query Response Interval Syntax IPMC Parameter QRI mldligmp lt vid gt ipme_param_ari 583 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs ipmc_param_qri 1 Default Value 100 0 31744 Query Response Interval in tenths of seconds default Show IPMC Interface Query Response Interval IPMC Parameter LLQI Description Set or show the IPMC Last Listener Query Interval Syntax IPMC Parameter LLQI mldligmp lt vid gt ipmc_param_llqi Parameters mld igmp mid IPMC for IPv6 MLD igmp IPMC for IPv4 IGMP lt vid gt VLAN ID 1 4095 or any default Show all VLANs ipmc_param_llgi 1 Default Value 10 0 31744 Last Listener Query Interval in tenths of seconds default Show IPMC Interface Last Listener Query Interval IPMC Parameter URI Description Set or show the IPMC Unsolicited Report Interval Syntax IPMC Parameter URI mld igmp lt vid gt ipmc_param_uri Parameters mld igmp 584 IFS NS3552 8P
500. policy Guest Voice support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance Video Conferencing Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type shou
501. port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module and Port Security module which manages MAC addresses learnt on the port The Limit Control configuration consists of two sections a system and a port The Port Limit Control Configuration screen in Figure 4 12 1 appears 268 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Port Security Limit Control Configuration System Configuration Disabled Aging Enabled Aging Period seconds Port Configuration mode Umt action state re open lt All gt Disabled Disabled Disabled Disabled Disabled Disabled a Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled a a A A A A ea A fal fa e O OO ON OOA WN Figure 4 12 1 Port Limit Control Configuration Overview Page Screenshot The page includes the following fields System Configuration Object Description e Mode Indicates if Limit Control is globally enabled or disabled on the switch stack If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions
502. port is not a member of the classified VLAN of the frame the frame is discarded By default ingress filtering is disabled no checkmark e Accept Frame Type Determines whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All e Link Type Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or remove the tag from a frame on egress E Untag outgoing frames without VLAN Tagged E Tagged outgoing frames with VLAN Tagged 131 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Q in Q Mode Set Out layer VLAN tag ether type Sets the Managed Switch to QinQ mode and allows the QinQ tunnel port to be configured The default is for the Managed Switch to function in Disable mode E Disable The port operates in its normal VLAN mode This is the default E MAN Port Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network E Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network The Tag Protocol Identifier TPID specifies the ether type of incoming packets on a tunnel access port E 802 1Q Tag 8100
503. private default_rw_group usm default_user default_rw_group Number of entries 5 Security Switch SNMP View Add Description Add or modify SNMPv3 view entry The entry index key are lt view_name gt and lt oid_subtree gt Syntax Security Switch SNMP View Add lt view_name gt included excluded lt oid_subtree gt Parameters lt view_name gt A string identifying the view name that this entry should belong to The allowed string length is 1 32 and the allowed content is ASCII characters from 33 to 126 included An optional flag to indicate that this view subtree should included excluded An optional flag to indicate that this view subtree should excluded lt oid_subtree gt The OID defining the root of the subtree to add to the named view Example 420 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Add SNMPv3 view entry NS3552 8P 2S gt security switch snmp view add snmpv3_view include 1 Security Switch SNMP View Delete Description Delete SNMPv3 view entry Syntax Security Switch SNMP View Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 view entry NS3552 8P 2S gt security switch snmp view delete 3 Security Switch SNMP View Lookup Description Lookup SNMPv3 view entry Syntax Security Switch SNMP View Lookup lt index gt Parameters lt index gt entry index 1 64 Example Lookup SNMPv3 view entry NS3552 8P 2S
504. r configuration enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server UDP port Use 0 to use the default RADIUS port 1812 459 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Set RADIUS authentication server configuration NS3552 8P 2S gt security aaa radius 1 enable 192 168 0 20 12345678 1812 Security AAA ACCT_RADIUS Description Set or show RADIUS accounting server setup Syntax Security AAA ACCT_RADIUS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt Parameters The server index 1 5 default Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external accounting server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server UDP port Use 0 to use the default RADI
505. r matching IPv4 frames lt proto gt IP protocol value 0 255 or any lt sip gt IPv4 source address a b c d n or any lt dscp gt DSCP value range 0 63 or any 507 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt fragment gt IPv4 fragment any fragment non fragment lt sport gt UDP TCP source port value range 0 65535 or any lt dport gt UDP TCP destination port value range 0 65535 or any ipv6 Keyword for matching IPv6 frames lt sip_v6 gt IPv6 source address a b c d n or any direction Direction keyword lt direction gt ECE direction both uni to nni nni to uni evc EVC keyword lt evc_id gt EVC ID 1 128 or none pop Pop keyword lt pop gt Tag pop count 0 1 2 policy Policy keyword lt policy gt ACL policy number 0 255 class Class keyword lt class gt QoS class disable or 0 7 outer Outer tag action keyword lt ot_mode gt Outer tag for nni to uni direction enable disable lt ot_preserve gt Outer tag preserved or fixed PCP DEI preserved fixed lt ot_pcp gt Outer tag PCP value 0 7 lt ot_dei gt Outer tag DEI value 0 1 EVC ECE Delete Description Delete ECE Syntax EVC ECE Delete lt ece_id gt Parameters lt ece_id gt ECE ID 1 128 EVC ECE Lookup Description Lookup ECE 508 Syntax EVC ECE Lookup lt ece_id gt Parameters lt ece_id gt ECE ID 1 128 EVC ECE Status Description
506. rameters lt port_list gt Port list or all default All ports lt vid gt none Port VLAN ID 1 4095 or none default Show port VLAN ID Default Setting 1 Example Set PVID2 for port10 NS3552 8P 2S gt vlan pvid 10 2 VLAN Frame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType lt port_list gt all tagged Parameters lt port_list gt Port list or all default All ports all Allow tagged and untagged frames tagged _ Allow tagged frames only default Show accepted frame types Default Setting All Example Set port10 that allow tagged frames only 384 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt vlan frametype 10 tagged VLAN Ingress Filter Description Set or show the port VLAN ingress filter Syntax VLAN IngressFilter lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable VLAN ingress filtering disable Disable VLAN ingress filtering default Show VLAN ingress filtering Default Setting Disable Example Enable VLAN ingress filtering for port10 NS3552 8P 2S gt vlan ingressfilter 10 enable VLAN Mode Description Set or show the VLAN Mode Syntax VLAN Mode portbased dot1q Parameters portbased_ Port Based VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting 385 IFS NS3552 8P 2S AND NS3550
507. rameters will be changed This means that the age time will be set to 200 and the learn mode will be set to automatic 92 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual m Save Configuration 1 Press the Save Configuration button to save the current configuration in manager workstation The following screens in Figure 4 2 26 amp 4 2 27 appear File Download 3 Do you want to open or save this file Name ntent length_18058Serve _Web_Server Type XML Document 17 6KB From 192 168 0 100 gt While files from the Internet can be useful some files can potentially Q harm your computer If you do not trust the source do not open or save this file What s the risk Figure 4 2 26 File Download Screen 2 Choose the file save path in management workstation Save As O Contig Backup My Recent Documents Ls File name Feontig xml My Network Saveastype All Files Figure 4 2 27 File Save Screen 4 2 22 Configuration Upload This function allows backup and reload the current configuration of the Industrial Managed Switch to the local management station The Configuration Upload screen in Figure 4 2 28 appears 93 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Configuration Upload Browse Uca Figure 4 2 28 Configuration Upload Page Screenshot Configuration Upload configuration button of the main page the system would pop up th
508. re detected a primary link is established Duplicated links are blocked from use and become standby links The protocol allows for the duplicated links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning Tree is incorrectly configured Please read the following before making any changes from the default values The Switch STP performs the following functions a Creates a single spanning tree from any combination of switching or bridging elements a Creates multiple spanning trees from any combination of ports contained within a single switch in user specified groups a Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree a Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following inf
509. red between the TACACS Authentication Server and the switch Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 11 7 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration page The RADIUS Authentication Accounting Server Overview screen in Figure 4 11 8 appears 253 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RADIUS Authentication Server Status Overview ie nares 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable 0 0 0 0 1813 Disable 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable Auto Refresh O Figure 4 11 8 RADIUS Authentication Accounting Server Overview Page Screenshot The page includes the following fields RADIUS Authentication Server Object Description o The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e Status The current state of the server This field takes one of the following values E Disabled The server is disabled E Not Ready The server is enabled but IP communication is not yet up and running E Ready The server is enabled IP communication is up and running and the RADIUS module is re
510. reen in Figure 4 7 12 appears STP Statistics Transmitted Discarded No ports enabled Juste este ste ren mst este ste ren unknown megar No ports enabled ICC Auto refresh C Figure 4 7 12 STP Statistics Page Screenshot 168 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Port The switch port number of the logical RSTP port e MSTP The number of MSTP Configuration BPDU s received transmitted on the port e RSTP The number of RSTP Configuration BPDU s received transmitted on the port e STP The number of legacy STP Configuration BPDU s received transmitted on the ort e TCN nk number of legacy Topology Change Notification BPDU s received transmitted on the port e Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal Buttons Auto refresh l Refresh The number of illegal Spanning Tree BPDU s received and discarded on the port Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately _ clear J Click to clear the information immediately 169 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 Multicast 4 8 1 IGMP Snooping The Internet Group Management Protocol IGMP lets host and routers share information about multicast groups memberships IGMP snooping
511. referential treatment of higher priority frames when traffic builds up within a queue A frame s DP level is used as input to WRED A higher DP level assigned to a frame results in a higher probability that the frame is dropped during times of congestion WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously failing resource is 631
512. refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 255 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 11 8 RADIUS Details This page provides detailed statistics for a particular RADIUS server The RADIUS Authentication Accounting for Server Overview screen in Figure 4 11 9 appears RADIUS Authentication Statistics for Server 1 Server 1 Receive Packets Transmit Packets Access Accepts Access Requests Access Rejects Access Retransmissions Access Challenges Pending Requests Malformed Access Responses Timeouts Bad Authenticators Unknown Types Packets Dropped Other Info IP Address 0 0 0 0 1812 State Disabled Round Trip Time 0 ms RADIUS Accounting Statistics for Server 1 Receive Packets Transmit Packets Responses Requests Malformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Dropped IP Address 0 0 0 0 1813 State Disabled Round Trip Time 0 ms Auto refresh Refresh Clear Figure 4 11 9 RADIUS Authentication Accounting for Server Overview Page Screenshot The page includes the following fields RADIUS Authentication Servers The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS authentic
513. ress and VLAN ID that is seen on this port If no MAC addresses are ID learned a single row stating No MAC addresses attached is displayed e State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic e Time of Addition Shows the date and time when this MAC address was first seen on the port e Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 12 8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this page
514. riority for each Default Value 128 port lower numbers give a higher priority and a greater chance of a given port being elected as the root port Port Cost path Default Spanning Tree Configuration A value used by STP to evaluate paths STP calculates path costs and selects the path with the minimum cost as the active ports 0 Auto Feature Default Value Enable state STP disabled for all ports Port priority 128 Port cost 0 Bridge Priority 32 768 User Changeable STA Parameters Default Value 32768 MAC 32768 2 seconds 20 seconds 15 seconds 200 000 100Mbps Fast Ethernet ports 20 000 1000Mbps Gigabit Ethernet The switch s factory default setting should cover the majority of installations However it is advisable to keep the default settings as set at the factory unless itis absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge If you set a Hello Time for your Switch and it is not the Root Bridge the set Hello Time will be used if and when your Switch becomes the Root Bridge 154 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The Hello Time cannot
515. ription Set or show per MVR VLAN priority and VLAN tag Syntax MVR VLAN Priority lt vid gt lt mvr_names priority tagged untagged Parameters lt vid gt lt mvr_name gt MVR VLAN ID 1 4095 or Name Maximum of 32 characters priority CoS priority value ranges from 0 7 tagged Tagged IGMP MLD frames will be sent untagged Untagged IGMP MLD frames will be sent MVR Immediate Leave Description Set or show MVR immediate leave per port 553 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax MVR Immediate Leave lt port_list gt enable disable Parameters lt lt port_list gt Port list or all default All ports enable Enable Immediate Leave disable Disable Immediate Leave default Show MVR Immediate Leave MVR Status Description Show Clear MVR operational status Syntax MVR Status lt vid gt clear Parameters lt vid gt VLAN ID 1 4095 clear Clear log MVR Groups Description Show MVR group addresses Syntax MVR Groups lt vid gt Parameters lt vid gt VLAN ID 1 4095 MVR SFM Description Show SFM including SSM related information for MVR 554 Syntax MVR SFM lt vid gt lt port_list gt Parameters lt vid gt VLAN ID 1 4095 lt port_list gt Port list or all default All ports IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 555 6 25 Voice VLAN Command Voice VLAN Configuration Description Show
516. rising_event_index gt Rising event index 1 65535 lt falling_threshold gt Falling threshold value 2147483648 21 47483647 lt falling_event_index gt Falling event index 1 65535 rising Trigger alarm when the first value is larger than the rising threshold falling Trigger alarm when the first value is less than the falling threshold both Trigger alarm when the first value is larger than the rising threshold or less than the falling threshold default Security Switch RMON Alarm Delete Description Delete RMON Alarm entry The entry index key is lt alarm_id gt Syntax Security Switch RMON Alarm Delete lt alarm_id gt Parameters lt alarm_id gt Alarm ID 1 65535 426 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch RMON Alarm Lookup Description Show RMON Alarm entries Syntax Security Switch RMON Alarm Lookup lt alarm_id gt Parameters lt alarm_id gt Alarm ID 1 65535 Security Switch RMON Event Add Description Add or modify RMON Event entry The entry index key is lt event_id gt Syntax Security Switch RMON Event Add lt event_id gt none log trap log_trap lt community gt lt description gt Parameters lt event_id gt Event ID 1 65535 none Get the sample directly log Get the sample directly trap Get the sample directly log_trap Calculate the difference between samples default lt community gt Specify the
517. rity models are E any Accepted any security model v1 v2c usm E v1 Reserved for SNMPv1 E v2c Reserved for SNMPv2c E usm User based Security Model USM e Security Level Indicates the security model that this entry should belong to Possible security models are E NodAuth NoPriv None authentication and none privacy E Auth NoPriv Authentication and none privacy E Auth Priv Authentication and privacy e Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Write View Name The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add New User Click to add a new access entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 106 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 4 Port Management Use the Port Menu to display or configure the Managed Switch s ports This section has the following items a Port Configuration SFP Information Port Mirror Configures port connection settings Port Statistics Overview Lists Ethernet and RMON port statistics Port Statistics Detail Lists Ethernet and RMON port sta
518. rm multicast enable 2 542 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 20 Mirror Command Mirror Configuration Description Show mirror configuration Syntax Mirror Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show mirror configuration NS3552 8P 2S gt mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port lt port gt disable Parameters lt port gt disable Mirror port or disable default Show port Default Setting disable Example Set port 2 for the mirror port NS3552 8P 2S gt mirror port 2 543 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Mirror Mode Description Set or show the mirror mode Syntax Mirror Mode lt port_list gt enable disable rx tx Parameters lt port_list gt Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting disable Example Enable the mirror mode for port 1 4 NS3552 8P 2S gt mirror mode 1 4 enable 544 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 21 Configuration Command Configuration Save Description Save configuration to TFTP server Syntax Config Save lt ip_server gt lt file_name gt Parameters lt ip_server gt TFTP s
519. rmation NS3552 8P 2S gt System log configuration System Log Configuration System Log Server Mode Disabled System Log Server Address System Log Level Info NS3552 8P 2S gt System Timezone Configuration Description Show System Timezone configuration Syntax System Timezone Configuration System Version Description Show system version information Syntax System Version Example To display system version NS3552 8P 2S gt System version Version 1 0b121221 Build Date 2012 12 21T14 58 31 0800 NS3552 8P 2S gt System Log Server Mode Description Show or set the system log server mode Syntax System Log Server Mode enable disable 355 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters enable Enable system log server mode disable Disable system log server mode default Show system Log server mode Default Setting disable Example To show the log server mode NS3552 8P 2S gt System log server mode System Log Server Mode Disabled System Name Description Set or show the system name Syntax System Name lt name gt Parameters lt name gt System name string 1 255 Use to clear the string System name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No blank or space characters are permitted as part of a name The first character must be an alpha character and the first or last chara
520. rom the Unicast Peer MAC configuration Unicast is only valid for L APS see Type The R APS PDU is always transmitted with multi cast MAC described in G 8032 e Type R APS APS PDU is transmitted as R APS this is for ERPS L APS APS PDU is transmitted as L APS this is for ELPS e Last Octet This is the last octet of the transmitted and expected RAPS multi cast MAC In G 8031 03 2010 a RAPS multi cast MAC is defined as 01 19 A7 00 00 XX In current standard the value for this last octet is 01 and the usage of other values is for further study Buttons Fault Management Click to go to Fault Management page 343 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Performance Monitoring Click to go to Performance Monitor page Refresh Click to refresh the page immediately Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 19 3 Ethernet Ring Protocol Switch The Ethernet Ring Protection Switch instances are configured here screen in Figure 4 19 3 appears Ethernet Ring Protection Switching Note 1 Please make sure the DHCP client function has been disabled 2 Please be noticed that the ring port can not be applied to spanning tree function at the same time ERPS ID Port 0 APS MEP Port 1 APS MEP Port O SF MEP Port 1 SF MEP Ring Type Major Ring ID Alarm Figure 4 19 3 Ethernet Ring Protocol Switch page screenshot
521. rossover cable connection Straight Cable SIDE 1 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 2 3 4 5 6 7 8 SIDE 2 Crossover Cable SIDE 1 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown 1 2 3 4 5 6 7 8 SIDE 2 SIDE2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE2 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Figure A 1 Straight Through and Crossover Cable Please make sure your connected cables are with same pin assignment and color as above picture before deploying the cables into your network 613 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual APPENDEX B GLOSSARY A ACE ACL ACE is an acronym for Access Control Entry lt describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied
522. rps topologychange propagate nopropagate lt group id gt Parameters propagate nopropagate topology change propagation configuration lt group id gt protection group id 1 64 ERPS Configurationt Description deletion of a protection group lt group id gt protection group id statistics for displaying R APS statistics clear for clearing R APS statistics Syntax Erps configuration lt group id gt statistics clear 569 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters lt group id gt protection group id 1 64 statistics clear ERPS statistics 6 27 Loop Protect Command Loop Protect Configuration Description Show Loop Protection configuration Syntax Loop Protect Configuration Loop Protect Mode Description Set or show the Loop Protection mode Syntax Loop Protect Mode enable disable Parameters enable Enable Loop Protection disable Disable Loop Protection Default Setting enable Loop Protect Transmit Description Set or show the Loop Protection transmit interval Syntax Loop Protect Transmit lt transmit time gt Parameters Transmit time interval 1 10 seconds 570 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting 5 Loop Protect Shutdown Description Set or show the Loop Protection shutdown time Syntax Loop Protect Shutdown lt shutdown time gt Parameters Shutdown time interval 0 604800 s
523. rs Signal failure SF lt gt Data Path 339 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 19 1 MEP Configuration The Maintenance Entity Point instances are configured here screen in Figure 4 19 1 appears Maintenance Entity Point Note 1 Please make sure the DHCP client function has been disabled 2 Please be noticed that the ring port can not be applied to spanning tree function at the same time ET Figure 4 19 1 MEP configuration page screenshot The page includes the following fields Object Description e Delete This box is used to mark a MEP for deletion in next Save operation e Instance The ID of the MEP Click on the ID of a MEP to enter the configuration page e Domain Port This is a MEP in the Port Domain Flow Instance is a Port Esp Future use Eve This is a MEP in the EVC Domain Flow Instance is a EVC Mpls Future use e Mode MEP This is a Maintenance Entity End Point MIP This is a Maintenance Entity Intermediate Point e Direction Ingress This is Ingress down MEP monitoring ingress traffic on Residence Egress This is an Egress up MEP monitoring egress traffic on Residence e Residence Port Te port where MEP is monitoring see Direction e Level The MEG level of this MEP e Flow Instance The MEP is related to this flow See Domain e Tagged VID Port MEP An outer C S tag depending on VLAN Port Type is added with
524. rt number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 e Type Indicates the Type It can be either Allow or Deny e Hardware Filter Indicates whether data plane destined to the specific group address from the Switch source IPv6 address could be handled by chip or not Buttons Auto refresh Refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Lk Updates the table starting from the first entry in the MLD SFM Information gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 188 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 14 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLANs In a multicast television application a PC or a network television or a set top box can receive the multicast stream Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address Uplink ports that send and receive multicast data to and from t
525. rt queue policer mode Syntax QoS Port QueuePolicer Mode lt port_list gt lt queue_list gt enable disable Parameters lt port_list gt Port list or all default All ports lt queue_list gt Queue list or all default All queues 0 7 enable Enable port queue policer disable Disable port queue policer default Show port queue policer mode Default Setting Disable QoS Port QueuePolicer Rate Description Set or show the port queue policer rate Syntax QoS Port QueuePolicer Rate lt port_list gt lt queue_list gt lt bit_rate gt Parameters lt port_list gt Port list or all default All ports lt queue_list gt Queue list or all default All queues 0 7 lt bit_rate gt Rate in kilo bits per second 100 3300000 528 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Default Setting 500 QoS Port Scheduler Mode Description Set or show the port scheduler mode Syntax QoS Port Scheduler Mode lt port_list gt strict weighted Parameters lt port_list gt Port list or all default All ports strict Strict mode weighted Weighted mode default Show port scheduler mode Default Setting strict Example Set the port schedule mode in weighted mode NS3552 8P 2S gt qos Port Scheduler Mode 1 10 weighted QoS Port Scheduler Weight Description Set or show the port scheduler weight Syntax QoS Port Scheduler Weight lt port_lis
526. rt settings screen in Figure 4 16 3 appears 1 Pe 3 4 5 6 7 8 Power Over Ethernet Configuration PoE Mode Schedule AF AT Mode Power Allocation W lt All gt lt Ab v lt All gt lt All gt v 802 3at 802 3at 802 3at 802 3at 802 3at 802 3at 802 3at SS SNS SNS SNS IS SNS SNS SNS NSLS SSNS NSS SSNS 802 3at Figure 4 16 3 Power over Ethernet Configuration Screenshot The page includes the following fields Object Description e PoE Mode There are three modes for PoE mode E Enable enable PoE function E Disable disable PoE function E Schedule enable PoE function in schedule mode e Schedule Indicates the schedule profile mode Possible porifles are E Profile1 E Profile2 E Profile3 E Profile4 e AF AT Mode e Priority Allows user to select 802 3at or 802 3af compatibility mode The default value is 802 3at mode This function will affect PoE power reservation on Classification power limit mode only as 802 3af mode and system are going to reserve a maximum of 15 4W for PD that supports Class3 level IEEE 802 3at mode and system are going to reserve 30 8 watts for PD that supports Class4 level Class1 to class3 level in the 802 3at mode will reserve the same PoE power in the 802 3af mode The Priority represents PoE ports priority There ar
527. rvice Mirror Port mirroring Config Load Save of configuration via TFTP Firmware Download of firmware via TFTP UPnP Universal Plug and Play MVR Multicast VLAN Registration Voice VLAN Specific VLAN for voice traffic ERPS Ethernet Ring Protection Switching Loop Protect IPMC Loop Protection MLD IGMP Snooping VCL VLAN Control List SMTP SMTP Control Configure DIDO DIDO control configure Show Show control configuration 353 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 1 System Command System Configuration Description Show system configuration Syntax System Configuration all lt port_list gt Parameters all Show all switch configuration default Show system configuration port Show switch port configuration lt port_list gt Port list or all default All ports Example To display system information NS3552 8P 2S gt System configuration System Contact System Name NS3552 8P 2S System Location MAC Address 9c f6 1a 02 7d 70 Temperature 27 0 C 80 6 F System Time 1970 01 01 Thu 03 28 50 00 00 System Uptime 03 28 50 Software Version 1 0b121221 Software Date 2012 12 21T14 58 31 0800 Previous Restart Cold Power Status PWR1 ON PWR2 OFF NS3552 8P 2S gt System Log Configuration Description Show system log configuration Syntax System Log Configuration 354 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example To display system log info
528. ry currently displayed KA g Updates the system log entries starting from the last entry currently displayed La Updates the system log entries ending at the last available entry ID 82 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 13 Detailed Log The switch system detailed log information is provided here The Detailed Log screen in Figure 4 2 16 appears Detailed System Log Information Ci 1 Message No system log ent Figure 4 2 16 Detailed Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system log entry e Message The message of the system log entry Buttons Download Click this button to download system log with CSV format file Refresh Updates the system log entry to the current entry ID e Updates the system log entry to the first available entry ID Le Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry ID La Updates the system log entry to the last available entry ID Print Click this button to print out system log 4 2 14 Remote Syslog Configure remote syslog on this page The Remote Syslog screen in Figure 4 2 17 appears 83 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual System Log Configuration Server Mode Mode e Address Figure 4 2 17 Remote Syslog Page Screenshot The page includes the following fields Object
529. s a OutQLen The length of the output packet queue in packets Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are a Absolute Get the sample directly a Delta Calculate the difference between samples default Value The value of the statistic during the last sampling period Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are a RisingTrigger alarm when the first value is larger than the rising threshold a FallingTrigger alarm when the first value is less than the falling threshold a RisingOrFallingTrigger alarm when the first value is larger than the rising threshold or less than the falling threshold default Rising Threshold Rising threshold value 2147483648 2147483647 Rising Index Rising event index 1 65535 Falling Threshold Falling threshold value 2147483648 2147483647 Falling Index Falling event index 1 65535 330 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Add New Entry Click to add a new community entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 18 2 RMON Alarm Status This page provides an overview of RMON Alarm entries Each page shows up to 99 entries from the Alarm table default be
530. s For more detail please refer to chapter 4 9 3 1 e Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps e Port Shows disabled or actual port shaper rate e g 800 Mbps 4 9 3 1 QoS Egress Port Schedule and Shapers The Port Scheduler and Shapers for a specific port are configured on this page The QoS Egress Port Schedule and Shaper screen in Figure 4 9 3 appears 196 Queue Shaper IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Enable Rate Unit Excess Poti QoS Egress Port Scheduler and Shapers Port 1 Scheduler Mode Port Shaper ot O 6 6 6 6 6 The page includes the following fields Object Schedule Mode Description Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Figure 4 9 3 QoS Egress Port Schedule and Shapers Page Screenshot Enable Queue Shaper Enable Controls whether the queue shaper is enabled for this queue on this switch port Queue Shaper Rate Controls the rate for the queue shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Queue Shaper Unit Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Queue Shaper Excess Controls whether the queue is allowed to use e
531. s LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 14 2 LLDP Configuration This page allows the user to inspect and configure the current LLDP port settings The LLDP Configuration screen in Figure 4 14 1 appears LLDP Configuration LLDP Parameters LLDP Port Configuration Optional TLVs Mode CDP aware Port Description System Name System Description System Capabilities Management Address lt All gt x T T T T E El 1 Disabled Y Y Y F Y 2 Disabled E Y F F Y El 3 Disabled y la v Ed E Ed Y 4 Disabled al a Y v Y v 5 Disabled y 7 7 Y Y 7 6 Disabled w al E E a Y Y 7 Disabled 7 7 7 7 7 3 Disabled T Y Y Y F Y 9 Disabled y Y Y Y Y Y 10 Disabled y al E Y E Y F Reset Figure 4 14 1 LLDP Configuration Page Screenshot 292 IFS NS3552 8P 2S AND NS3550 2T 8S User Manua
532. s by mapping the frames to a specific queue done with QOS and then mark the queue as an urgent queue When an urgent queue gets data to be transmitted the circuits will be powered up at once and the latency will be reduced to the wakeup time EEE works for ports in auto negotiation mode where the port is negotiated to either 1G or 100Mbps full duplex mode The EEE Power Reduction screen in Figure 4 2 21 appears EEE Configuration EEE Urgent Queues Ca Port Enablea 1 2 3 4 5 6 7 8 1 2 3 4 5 6 7 8 9 0 Reset Figure 4 2 21 EEE Configuration Page Screenshot 89 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The page includes the following fields Object Description e Port The switch port number of the logical EEE port means to select all ports of Industrial Managed Switch e EEE Enable Controls whether or not EEE is enabled for this switch port e EEE Urgent Queues Queues set will activate transmission of frames as soon as any data is available Otherwise the queue will postpone the transmission until 3000 bytes which are ready to be transmitted Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 19 Web Firmware Upgrade This page facilitates an update on the firmware controlling the Industrial Managed Switch The Web Firmware Upgrade screen in Figure 4 2 22 appears Fir
533. s configuration Example Show VLAN status NS3552 8P 2S gt vlan lookup 390 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual default VLAN Name Add Description Add VLAN Name to a VLAN ID Mapping Syntax VLAN Name Add lt name gt lt vid gt Parameters lt name gt VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet lt vid gt VLAN ID 1 4095 Example Add VLAN name for VLAN 1 NS3552 8P 2S gt vlan name add test 1 VLAN Name Delete Description Delete VLAN Name to VLAN ID Mapping Syntax VLAN Name Delete lt name gt Parameters lt name gt VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet Example Delete VLAN name NS3552 8P 2S gt vlan name delete test 391 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual VLAN Name Lookup Description Show VLAN Name table Syntax VLAN Name Lookup lt name gt Parameters lt name gt VLAN name Maximum of 32 characters VLAN Name can only contain alphabets or numbers VLAN name should contain atleast one alphabet Example To show VLAN Name table NS3552 8P 2S gt vlan name lookup VLAN Status Description VLAN Port Configuration Status Syntax VLAN Status lt port_list gt combined static nas mvr voice_vlan mstp all conflicts Parameters
534. s equal to the SMAC address E Any Any value is allowed don t care e IP Ethernet Length Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings E 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 E 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 E Any Any value is allowed don t care e Ethernet IP Parameters Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings E 0 ARP RARP frames where the HLD is equal to Ethernet 1 E 1 ARP RARP frames where the HLD is equal to Ethernet 1 E Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings E 0 ARP RARP frames where the PRO is equal to IP 0x800 E 1 ARP RARP frames where the PRO is equal to IP 0x800 E Any Any value is allowed don t care The IP parameters can be configured when Frame Type IPv4 is selected Object e IP Protocol Filter Description ii the IP protocol filter for this ACE Any No IP protocol filter is specified don t care Specific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears E ICMP Select ICM
535. s made locally and revert to previously saved values 87 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 17 Fault Alarm The Fault Relay Alarm function provides the Power Failure and Port Link Down Broken detection With both power input 1 and power input 2 installed and the check boxes of power 1 power 2 ticked the FAULT LED indicator will then be possible to light up when any one of the power failures occurs As for the Port Link Down Broken detection the FAULT LED indicator will light up when the port failure occurs certainly the check box beside the port must be ticked first Please refer to the segment of Wiring the Fault Alarm Contact for the failure detection The Configuration screen in Figure 4 2 20 appears Fault Alarm Control Configuration o Fault Alarm Output Alarm Output Enable Enable Record System Log SNMP Trap Action Port Fail Power Fail pe 1 oc 2 DN O sl pe e 16 Port Alarm 9 10 Figure 4 2 20 Windows File Selection Menu Popup The page includes the following fields Object Description e Enable Allows user to enable Fault Alarm function e Record Allows user to record alarm message to System log syslog or issues out via SNMP Trap or SMTP As default SNMP Trap and SMTP are disabled please enable them first if you want to issue alarm message via them e Action Allows user to monitor and alarm from port failure or power failure e Power Alarm Allows user to choo
536. s to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then 262 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Shortcut to Network Security Configurati Y Manage Your Server jes Command Prompt gt Windows Explorer Y Paint 204 HyperTerminal 25 Windows Catalog Ethereal Windows Update fam Accessories Internet Explor 7 Startup amp Internet Explorer S Outlook Express Remote Assistance O amp Administrative Tools 7 IxChariot 7 Ethereal All Programs Log fea Certification Authority Administrator Cluster Administrator er My Cor gt Component Services Control 48 Adminis as Distributed File System a 3 Ka Printers DNS g Active Directory Domains and Trusts xe Active Directory Sites and Services Users and Computers m Computer Management J Configure Your Server Wizard EP Data Sources ODBC e Domain Controller Security Policy Y Help an fi Domain Security Policy 9 Search 33 Event Viewer gt Internet Authentication Service Internet Information Services IIS Manager er Licensing gt E g Manage Your Server gt bes Microsoft NET Framework 1 1 Configuration Tr Microsoft NET Framework 1 1 Wizards A Network Load Balancing Manager ES Performance gt te Remote Desktops gt a Routing and Remote Access gt Ry Services B Terminal Server Licensing Lal
537. sable enable disable MEP Client Configuration Description MEP Client configuration 514 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual domport domeve is the client domain must be EVC level is the client MEG level the contained level in the AIS and LCK frames cflow is the client flow instance up to 10 possible client flows EVC Syntax MEP client config lt inst gt domportidomevc lt level gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt lt cflow gt Parameters lt inst gt Instance number domport domeve Flow domain lt level gt MEP level 0 7 lt cflow gt Client flow instance number EVC MEP AIS Configuration Description MEP AIS configuration prio is the priority PCP of transmitted AIS frame 1s 1m is the number of AIS frame pr second set clear is set or clear of protection usability If set the first 3 AIS frames are transmitted as fast as possible this gives protection reliability in the path end point Syntax MEP ais config lt inst gt lt prio gt 1s 1m set clear enable disable Parameters lt inst gt Instance number lt prio gt OAM PDU priority 1s 1m Transmit period for AIS 1s to send OAM Frames in the rate of 1 per second 1m to send OAM frames in the rate of 1 per minute set clear Protection usability set clear enable disable
538. sco com SWPORT Bridge Telephone Auto refresh E Refresh Figure 4 14 4 LLDP Neighbor Information Page Screenshot The page includes the following fields Object Description e Local Port The port on which the LLDP frame was received e Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames e Remote Port ID The Remote Port ID is the identification of the neighbor port e System Name System Name is the name advertised by the neighbor unit e Port Description Port Description is the port description advertised by the neighbor unit e System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other 2 Repeater 3 Bridge 4 WLAN Access Point 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by e Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the neighbor s IP address Buttons Auto refresh i i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 14 6 Port Statistics This page provides an overview of all LLDP traffic Two types of counters are
539. se IP30 Aluminum Metal Case Installation DIN Rail Kit and Wall Mount Kit DIN Rail Kit and Wall Mount Kit Removable 6 pin terminal block for power input Pin 1 2 for Power 1 Pin 3 4 for fault alarm Pin 5 6 for Power 2 Removable 6 pin terminal block for DI DO interface Pin 1 2 for DI 1 amp 2 Pin 3 4 for DO 1 amp 2 Pin 5 6 for GND One relay output for power failure Alarm Relay One relay output for power fail Alarm Relay current current carry ability 1A DC 24V carry ability 1A O DC 24V 2 Digital Input DI Level 0 24V 2 1V 0 1V Flow Control Connector Level 1 2 1V 24V 0 1V Input Load to 24V DC 10mA max 2 Digital Output DO Open collector to 24VDC 100mA max System System Power 1 Green Power 1 Green Power 2 Green Power 2 Green Fault Alarm Green Fault Alarm Green Ring Green Ring Green Ring Owner Green R O Green Per 10 100 1000T RJ 45 Ports Per 10 100 1000T RJ 45 Ports PoE In Use Orange NS3552 8P 2S only 1000 Green LNK ACT Green 10 100 LNK ACT Orange Per SFP Interface Per SFP Interface 1000 Orange 1000 LNK ACT Green LNK ACT Green 100 LNK ACT Orange Dimensions W 152 x 107x 72mm 152 x 107x 72mm 1684g 1036g Power DC 48V DC 12 to 48V AC 24V Power Adapter At 31 9 watts 108 78BTU Full loading without PoE 13 92 Watts 47 76BTU Full loading LED Indicator 34 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Consumption function 306 wa
540. se which power module that needs to be monitored e Port Alarm Allows user to choose which port that needs to be monitored Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 88 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 18 EEE Power Reduction This page allows the user to configure the current EEE port settings EEE is a power saving option that reduces the power usage when there is low or no traffic utilization EEE works by powering down circuits when there is no traffic When a port gets data to be transmitted all circuits are powered up The time it takes to power up the circuits is named wakeup time The default wakeup time is 17 us for 1Gbit links and 30 us for other link speeds EEE devices must agree upon the value of the wakeup time in order to make sure that both the receiving and transmitting device has all circuits powered up when traffic is transmitted The devices can exchange wakeup time information using the LLDP protocol For maximizing power savings the circuit isn t started at once transmit data is ready for a port but is instead queued until 3000 bytes of data is ready to be transmitted For not introducing a large delay in case that data less than 3000 bytes shall be transmitted data are always transmitted after 48 us giving a maximum latency of 48 us the wakeup time If desired it is possible to minimize the latency for specific frame
541. sed to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Traffic Policy is created under the Access Control List page You can you also set up specific traffic properties Action Rate Limiter Port copy etc for each ingress port They will though only apply if the frame gets past the ACE matching without getting matched In that case a counter associated with that port is incremented See the Web page help text for each specific port property ACL Rate Limiters Under this page you can configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per seconds Under Ports and Access Control List web pages you can assign a Rate 614 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Limiter ID to the ACE s or ingress port s AES is an acronym for Advanced Encryption Standard The encryption key protocol is applied in 802 1i standard to improve WLAN security It is an encryption standard by the U S government which will replace DES and 3DES AES has a fixed block size of 128 bits and a key size of 128 192 or 256 bits AMS is an acronym for Auto Media Select AMS is used for dual media ports ports supporting both copper cu and fiber SFP cables AMS automatically determines if a SFP or a CU cable is inserted and switches to the corresponding media If both SFP and cu cables are inserted the port will select the prefered media APS is an a
542. shown Global counters are counters that refer to the whole stack switch while local counters refer to counters for the currently selected switch The LLDP Statistics screen in Figure 4 14 5 appears 304 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP Global Counters Global Counters Neighbour entries were last changed 29158 sec ago Total Neighbours Entries Added Total Neighbours Entries Deleted 0 Total Neighbours Entries Dropped 0 Total Neighbours Entries Aged Out 0 LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs o o o o o o o 1 2 3 4 5 6 7 8 9 ooooccec c o 000000009 0000000050 eoacea oe ong 000000000 000000003 0000000000 000000000 o o Auto refresh C Refresh Clear Figure 4 14 5 LLDP Statistics Page Screenshot The page includes the following fields Global Counters Object Description e Neighbor entries were It also shows the time when the last entry was last deleted or added It also shows last changed at the time elapsed since the last change was detected e Total Neighbors Shows the number of new entries added since switch reboot Entries Added e Total Neighbors Shows the number of new entries deleted since switch reboot Entries Deleted e Total Neighbors Shows the number of LLDP frames dropped due to that the entry table w
543. sponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware 3 The Switch s default is to assign all ports to a single 802 1Q VLAN named DEFAULT_VLAN As new VLAN is created the member ports assigned to the new VLAN will be removed from the Note DEFAULT_ VLAN port member list The DEFAULT_VLAN has a VID 1 This section has the following items m VLAN Basic Information Displays VLAN information a VLAN Port Configuration Enables VLAN group a VLAN Memberships Configures the VLAN membership a VLAN Membership Status Displays VLAN membership status m VLAN
544. ssage It is a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP is an acronym for Cisco Discovery Protocol DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to a second client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather th
545. sses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and the other with the actual port status The Port Security Status screen in Figure 4 12 6 appears Port Security Switch Status User Module Legend User Module Name Limit Control 802 1X DHCP Snooping Voice VLAN Port Status MAC Count Port Users State Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Auto refresh O Figure 4 12 6 Port Security Status Screen Page Screenshot 1 2 3 4 5 6 B 3 10 The page includes the following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description e User Module Name The full name of a module that may request Port Security services e Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status 276 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual The table has one row for each port on the selected switch in the switch and a
546. st Identity EAPOL frame is sent without reasponse before considering entering the Guest VLAN default Show current Maximum Reauth Count value lt allow_if_eapol_seen gt The value can only be set if you use the global keyword in the beginning of the command disable The Guest VLAN can only be entered if no EAPOL frames have been received on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show current setting Default Setting Disable Example Enable NAS guest VLAN NS3552 8P 2S gt security network nas guest_vlan enable Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Syntax Security Network NAS Authenticate lt port_list gt now Parameters lt port_list gt Port list or all default All ports now Force reauthentication immediately Example Start NAS authentication now for port 1 NS3552 8P 2S gt security network nas authenticate 1 now 440 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Network NAS Statistics Description Show or clear 802 1X statistics Syntax Security Network NAS Statistics lt port_list gt clear eapol radius Parameters lt port_list gt Port list or all default All ports clear Clear statistics eapol Show EAPOL statistics radius Show Backend Server statistics default Show all stat
547. stination range value A field for entering a TCP UDP destination value appears e TCP UDP Destination When Specific is selected for the TCP UDP destination filter you can enter a Number specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value e TCP UDP Destination When Range is selected for the TCP UDP destination filter you can enter a Range specific TCP UDP destination range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value e TCP FIN Specify the TCP No more data from sender FIN value for this ACE E 0 TCP frames where the FIN field is set must not be able to match this entry E 1 TCP frames where the FIN field is set must be able to match this entry E Any Any value is allowed don t care e TCP SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE E 0 TCP frames where the SYN field is set must not be able to match this entry E 1 TCP frames where the SYN field is set must be able to match this entry E Any Any value is allowed don t care e TCP RST Specify the TCP Reset the connection RST value for this ACE E 0 TCP frames where the RST field is set must not be able to match this entry E 1 TCP frames where the RST field is set must be able to match this entry E Any Any value is allowed don t care e TCP PSH Specify the
548. t auto 10hdx 10fdx 100hdx 100fdx 1000fdx Parameters lt port_list gt Port list or all default All ports auto Auto negotiation of speed and duplex 10hdx 10 Mbps half duplex 10fdx 10 Mbps full duplex 372 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 100hdx 100 Mbps half duplex 100fdx 100 Mbps full duplex 1000fdx 1 Gbps full duplex default Show configured and current mode Default Setting Auto Example Set 10Mbps half duplex speed for port1 NS3552 8P 2S gt port mode 1 10hdx Port Flow Control Description Set or show the port flow control mode Syntax Port Flow Control lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable flow control disable Disable flow control default Show flow control mode Default Setting Disable Example Enable flow control function for port1 NS3552 8P 2S gt port flow control 1 enable Port State Description Set or show the port administrative state 373 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Port State lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port NS3552 8P 2S gt port state 1 disable Port Maximum Frame Description Set or show t
549. t enable disable Parameters lt dscp_list gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all enable Enable DSCP ingress classification disable Disable DSCP ingress classification default Show DSCP classification mode Default Setting disable QoS DSCP EgressRemap Description Set or show DSCP egress remap table This table is used if the port egress remarking mode is remap and the purpose is to map the DSCP and DP level to a new DSCP value Syntax QoS DSCP EgressRemap lt dscp_list gt lt dpl_list gt lt dscp gt Parameters lt dscp_list gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all lt dpl_list gt DP level list or all default All DP levels 0 1 lt dscp gt Egress remapped DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 QoS Storm Unicast Description Set or show the unicast storm rate limiter Syntax QoS Storm Unicast enable disable lt packet_rate gt 537 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Parameters enable Enable unicast storm control disable Disable unicast storm control lt packet_rate gt Rate in fps 1 2 4 512 1k 2k 4k 32768k Default Setting disable Example Enable unicast storm control in 2fps NS3552 8P 2S gt QoS Storm Unicast enable 2 QoS Storm Multicast Description Set or show the multicast storm rate limiter Syntax QoS Storm Multicast enable disable lt packet_r
550. t 15 seconds Server Dead Time 300 seconds 457 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual RADIUS Authentication Server Configuration Disabled Disabled Disabled Disabled Disabled RADIUS Accounting Server Configuration Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Security AAA Timeout Description Set or show server timeout Syntax Security AAA Timeout lt timeout gt Parameters lt timeout gt Server response timeout 3 3600 seconds default Show server timeout configuration Default Setting 15 Example Set 30sec for server timeout NS3552 8P 2S gt security aaa timeout 30 458 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security AAA Deadtime Description Set or show server dead time Syntax Security AAA Deadtime lt dead_time gt Parameters lt dead_time gt Time that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time configuration Default Setting 300 Example Set 1000sec for server dead time NS3552 8P 2S gt security aaa deadtime 1000 Security AAA RADIUS Description Set or show RADIUS authentication server setup Syntax Security AAA RADIUS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt Parameters The server index 1 5 default Show RADIUS authentication serve
551. t and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1 X authentications The NAS configuration consists of two sections a system and a port wide The Network Access Server Configuration screen in Figure 4 11 4 appears Network Access Server Configuration System Configuration Mode Reauthentication Enabled Reauthentication Period seconds EAPOL Timeout seconds Aging Period seconds seconds RADIUS Assigned QoS Enabled RADIUS Assigned VLAN Enabled Guest VLAN Enabled Guest VLAN ID Max Reauth Count Allow Guest VLAN if EAPOL Seen Port Configuration RADIUS Assigned RADIUS Assigned Guest Admin State QoS Enabled VLAN Enabled VLAN Enabled Port State n T o lt All gt 1 2 3 4 5 6 7 8 9 a o Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized HAMMAM eeewe Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Refresh Figure 4 11 4 Network Access Server Configuration Page Screenshot 238
552. t Mode Consumption Power Supply Budget W 240 Temperature Threshold 100 Degrees C PoE Usage Threshold 85 Figure 4 16 2 PoE Configuration Screenshot The page includes the following fields Object Description e System PoE Admin Allows user to enable or disable PoE function It will cause all of PoE ports to Mode supply or not supply power e PoE Temperature Allows user to enable or disable PoE Temperature Protection Protection e PoE Management There are five modes for configuring how the ports PDs may reserve power and Mode when to shut down ports E Classification mode System reserves PoE power to PD according to PoE class level E Allocation mode allows user to assign PoE power to per port E Consumption mode System offers PoE power according to PD real power consumption E Priority mode System offers PoE power according to per port priority setting when power consumption has been over total power budget The default POE management mode is Consumption mode e Power Supply Budget Set limit value of the total PoE port provided power to the PDs W For NS3552 8P 2S the available max Value is 240 depends on power input 315 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Temperature Threshold Allows setting over temperature protection threshold value If system temperature is over than the threshold the system will lower total POE power budget automatically e PoE Usage Thr
553. t devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group A SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the Managed Switch s SNMP function This section has the following items a System Configuration Configure SNMP on this page a System Information The system information is provides here a SNMPv3 Communities Configure SNMPv3 communities table on this page Eg SNMPv3 Users Configure SNMPv3 users table on this page a SNMPv3 Groups Configure SNMPv3 groups table on this page 98 B SNMPv3 Views SNMPv3 Accesses IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Configure SNMPv3 views table on this page Configure SNMPv3 accesses table on this page 4 3 2 SNMP System Configuration Configure SNMP on this page The SNMP System Configuration screen in Figure 4 3 1 appears Trap Destination Address Trap Destination IPv6 Address Trap Authentication Failure Trap Link up and Link down Trap Inform Mode Trap Inform Timeout seconds Trap Inform Retry Times SNMP System Configuration Version Read Community Write Community SNMP Trap Configuration Trap Mode Trap Version Trap Community Figure 4 3
554. t entry in the MLD Group Table gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 187 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 13 MLDv2 Information Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port No Different source addresses belong to the same group are treated as single entry Each page shows up to 64 entries from the MLD SFM Information table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD SSM Information Table The MLDv2 Information screen in Figure 4 8 16 appears MLD SFM Information Auto refresh C Refresh lt gt gt Start from VLAN 1 and Group ff00 with 20 entries per page VLAN ID Group Port Mode Source Address Hardware Filter Switch No more entries Figure 4 8 16 MLD SSM Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group address of the group displayed e Port Switch po
555. t function Uncheck the Enable checkbox to disable Digital input output function 86 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Condition As Digital Input Allows user to select High to Low or Low to High This means a signal received by system is from High to Low or From Low to High It will trigger an action that logs a customize message or issue the message from the switch As Digital Output Allows user to select High to Low or Low to High This means that when the switch is power failed or port failed then system will issue a High or Low signal to an external device such as an alarm e Event Description Allows user to set a customized message for Digital Input function alarming e Event As Digital Input Allows user to record alarm message to System log syslog or issues out via SNMP Trap or SMTP As default SNMP Trap and SMTP are disabled please enable them first if you want to issue alarm message via them As Digital Output Allows user to monitor an alarm from port failure power failure Digital Input 0 DI 0 and Digital Input 1 DI 1 which means if Digital Output has detected these events then Digital Output would be triggered according to the setting of Condition e Power Alarm Allows user to choose which power module that needs to be monitored e Port Alarm Allows user to choose which port that needs to be monitored Buttons Save Click to save changes Reset J Click to undo any change
556. t gt lt queue_list gt lt weight gt Parameters lt port_list gt Port list or all default All ports lt queue_list gt Weighted queue list or all default All weighted queues 0 5 lt weight gt Scheduler weight 1 100 529 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual QoS Port QueueShaper Mode Description Set or show the port queue shaper mode Syntax QoS Port QueueShaper Mode lt port_list gt lt queue_list gt enable disable Parameters lt port_list gt Port list or all default All ports lt queue_list gt Queue list or all default All queues 0 7 enable Enable port queue shaper disable Disable port queue shaper default Show port queue shaper mode Default Setting disable Example Enable port queue shaper for all port amp queue NS3552 8P 2S gt qos Port QueueShaper Mode 1 10 0 7 enable QoS Port QueueShaper Rate Description Set or show the port queue shaper rate Syntax QoS Port QueueShaper Rate lt port_list gt lt queue_list gt lt bit_rate gt Parameters lt port_list gt Port list or all default All ports lt queue_list gt Queue list or all default All queues 0 7 lt bit_rate gt Rate in kilo bits per second 100 3300000 Default Setting 500kbps 530 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Example Set the port queue shaper rate in 1000 NS3552 8P 2S gt qos Port QueueShaper rate 1 10
557. t leading_street_direction trailing_street_suffix str_suf house_no house_no_s uffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o box additional_code lt civic_value gt Parameters 490 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual country Country state National subdivisions state caton region province prefecture county County parish gun JP district IN city City townchip shi JP district City division borough city district ward chou JP block Neighborhood block street Street leading_street_direction Leading street direction trailing_street_suffix Trailing street suffix str_suf Street Suffix house_no House Number house_no_ suffix House number suffix landmark Landmark or vanity address additional_info Additional location information name Bame residence and office occupant zip_code Postal zip code building Building structure apartment Unit apartment suite floor Floor room_number Room number place_type Placetype postal_com_name Postal community name p_o_box Post office box P O Box additional_code Addtional code default Show Civic Address Location configuration lt civic_value gt lldpmed The value for the Civic Address Location entry LLDP MED ECS Description Set or show LLDP MED Emergency Call Service Syntax LLDPMED ecs lt ecs_value gt Parameters
558. t least one alphabet VLAN name can be edited for the existing VLAN entries or it can be added to the new entries A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked Add New VLAN Buttons Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack switch unit when you click on Save The VLAN is thereafter present on the other stack switch units but with no port members AVLAN without any port members on any stack unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Click to add new VLAN 133 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Save Click to save changes Click to undo any changes made locally and revert to previously saved values Refresh Refreshes the displayed table starting from the VLAN ID input fields Lk lt Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt gt gt J Updates the table starting with the entry after the last entry currently displayed 4 6 6 VLAN Membership Status This page provides an overview of membership status
559. t packets received e Broadcast The total number of good packets received that were directed to the broadcast address e Multicast The total number of good packets received that were directed to a multicast address e CRCErrors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets e Undersize The total number of packets received that were less than 64 octets e Oversize The total number of packets received that were longer than 1518 octets e Frag The number of frames which size is less than 64 octets received with invalid CRC e Jabb The number of frames which size is larger than 64 octets received with invalid CRC e Coll The best estimate of the total number of collisions on this Ethernet segment e Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent Buttons Auto refresh i Refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Lk Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID gt gt gt gt J Updates the table starting with the entry after the last entry currently displayed 4 18 7 RMON Statistics Configuration Configure RMON Statistics table on this page The entry index key is ID
560. t pcp_list gt lt dei_list gt lt class gt lt dpl gt Parameters lt port_list gt Port list or all default All ports lt pcp_list gt PCP list or all default All PCPs 0 7 lt dei_list gt DEI list or all default All DEIs 0 1 lt class gt QoS class 0 7 lt dpl gt Drop Precedence Level 0 1 QoS Port Classification DSCP Description Set or show if the classification is based on DSCP value in IP frames Syntax QoS Port Classification DSCP lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable DSCP based classification disable Disable DSCP based classification default Show DSCP based classification mode Default Setting disable Example Enable QoS port classification DSCP 525 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual NS3552 8P 2S gt qos Port Classification dscp 1 10 enable QoS Port Policer Mode Description Set or show the port policer mode Syntax QoS Port Policer Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port policer disable Disable port policer default Show port policer mode Default Setting disable Example Enable QoS port policer NS3552 8P 2S gt qos Port Policer Mode 1 10 enable QoS Port Policer Rate Description Set or show the port policer rate Syntax QoS
561. t role Syntax MVR VLAN Port lt vid gt lt mvr_name gt lt port_list gt source receiver inactive Parameters lt vid gt lt mvr_name gt MVR VLAN ID 1 4095 or Name Maximum of 32 characters lt port_list gt Port list or all default All ports source MVR source port receiver MVR receiver port inactive Disable MVR default Show MVR port role MVR VLAN LLQI Description Set or show per MVR VLAN LLQI Last Listener Query Interval Syntax MVR VLAN LLQI lt vid gt lt mvr_name gt mvr_param_llqi Parameters lt vid gt lt mvr_name gt MVR VLAN ID 1 4095 or Name Maximum of 32 characters mvr_param_Ilqi 1 Default Value 5 0 31744 Last Listener Query Interval in tenths of seconds default Show MVR Interface Last Listener Query Interval 552 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual MVR VLAN Channel Description Set or show per MVR VLAN channel Syntax MVR VLAN Channel lt vid gt lt mvr_names add del upd channel channel_bound Name lt grp_name gt Parameters lt vid gt lt mvr_name gt MVR VLAN ID 1 4095 or Name Maximum of 32 characters add Add operation del Delete operation upd Update operation channel IPv4 IPv6 multicast group address channel_bound The boundary IPv4 IPv6 multicast group address for the channel name MVR Name keyword lt grp_name gt MVR Channel name Maximum of 32 characters MVR VLAN Priority Desc
562. t_list gt Port list or all default All ports Example Show MAC address learned on port 1 NS3552 8P 2S gt security network psec port 1 MAC Address VID State Added Age Hold Time Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show Limit Control configuration NS3552 8P 2S gt security network limit configuration Port Security Limit Control Configuration Mode Disabled Aging Disabled Age Period 3600 Port Mode Limit Action Disabled 4 None 429 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled O Disabled 4 4 4 4 4 4 4 4 4 Security Network Limit Mode Description Set or show global enabledness Syntax Security Network Limit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Default Setting disable Example Enable the limit mode NS3552 8P 2S gt security network limit mode enable Security Network Limit Aging Description Set or show aging enabledness Syntax Security Network Limit Aging enable disable Parameters enable Enable aging disa
563. t_list gt Port list or all default All ports clear Clear LLDP statistics Example Show LLDP Statistics of port 1 NS3552 8P 2S slldp statistics 1 LLDP global counters Neighbor entries was last changed at 18819 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV Rx TLV Rx TLV Port Frames Frames Errors Discards Errors Unknown Organz Aged 1 0 0 LLDP Info Description Show LLDP neighbor device information Syntax LLDP Info lt port_list gt Parameters lt port_list gt Port list or all default All ports 489 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 12 LLDP MED Command LLDP MED Configuration Description Show LLDP MED configuration Syntax LLDPMED Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LLDP MED configuration of port1 4 NS3552 8P 2S gt Ildpmed configuration 1 4 LLDP MED Configuration Fast Start Repeast Count 4 Location Coordinates Latitude 0 0000 North Longitude 0 0000 East Altitude 0 0000 meter s Map datum WGS84 Civic Address Location Policies none none none none LLDP MED Civic Description Set or show LLDP MED Civic Address Location Syntax LLDPMED Civic country state county city district block stree
564. tch 58 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 3 5 SNMP Based Network Management You can use an external SNMP based application to configure and manage the Industrial Managed Switch such as SNMP Network Manager HP Open view Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the Industrial Managed Switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting community strings for the Industrial Managed Switch are public Managed Switch rr PC Workstation SNMP Agent Status Enabled Elda ililig with mages saan SNMP application 234 IP Address ES 192 168 0 x internet IP Address 192 168 0 100 Figure 3 5 SNMP Management 59 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 WEB CONFIGURATION This section introduces the configuration and functions of the Web Based management About Web based Management The Industrial Managed Switch offers management features that allow users to manage the Industrial Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Exp
565. tch ssh mode enable 400 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Security Switch HTTPs Configuration Description Show HTTPS configuration Syntax Security Switch HTTPS Configuration Example Show HTTPs configuration NS3552 8P 2S gt security switch https configuration HTTPS Configuration HTTPS Mode Enable HTTPS Redirect Mode Disabled Security Switch HTTPs Mode Description Set or show the HTTPS mode Syntax Security Switch HTTPS Mode enable disable Parameters enable Enable HTTPs disable Disable HTTPs default Show HTTPs mode Default Setting Enable Example Enable HTTPs function NS3552 8P 2S gt security switch https mode enable Security Switch HTTPs Redirect Description 401 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Set or show the HTTPS redirect mode Automatic redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function NS3552 8P 2S gt security switch https redirect enable Security Switch Access Configuration Description Show access management configuration Syntax Security Switch Access Configuration Example Show access management configuration NS3552 8P 2S gt security switch access
566. ted LBM frame prio is the priority PCP of transmitted LBM frame uni multi is selecting uni cast or multi cast transmission of LBM frame mac_addr is the unicast MAC of target MEP MIP mep is the peer MEP ID of target MEP only used if mac_addr is all zero tosend is the number of LBM to send size is the size of the LBM data field gap is the gap between LBM Syntax MEP lb config lt inst gt set clear lt prio gt uni multi lt mac_addr gt lt mep gt lt tosend gt lt size gt lt gap gt enable disable Parameters lt inst gt Instance number set clear OAM DEI set clear lt prio gt OAM PDU priority uni multi Destination address is unicast or multicast lt mac_addr gt MAC address XX XX XX XX XX XX OF XX XX XX XX XX XX Or XXXXXXXXXXXX X is a hexadecimal digit lt mep gt This MEP id 0 0x1FFF lt tosend gt Number of LBM to send lt size gt Size of LBM data field in bytes max 1400 lt gap gt Gap between LBM to send in 10ms max 100 0 is as fast as possible enable disable enable disable MEP Delay Measurement Configuration Description MEP Delay Measurement configuration prio is the priority PCP of transmitted DM frame uni multi is selecting uni cast or multi cast transmission of DM frame mep is the peer MEP ID of target MEP only used if uni onewayltwoway is selecting one way 1DM or two way DMM DM std prop is selecti
567. ter you can enter a specific sender IP address in dotted decimal notation e Sender IP Mask When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation e Target IP Filter Specify the target IP filter for this specific ACE E Any No target IP filter is specified Target IP filter is don t care E Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears E Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear e Target IP Address e Target IP Mask When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a specific target IP mask in dotted decimal notation e ARP SMAC Match Specify whether frames can hit the action according to their sender hardware address field SHA settings E 0 ARP frames where SHA is not equal to the SMAC address E 1 ARP frames where SHA is equal to the SMAC address E Any Any value is allowed don t care e RARP SMAC Match Specify whether frames can hit the action according to their target hardware address field THA settings E 0 RARP frames where THA is not equal to the SMAC address E 1 RARP frames where THA i
568. ter switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service pr ga Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet Note 173 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 8 2 IGMP Snooping Configuration This page provides IGMP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 5 appears IGMP Snooping Configuration Global Configuration Unregistered IPMCv4 Flooding Enabled Snooping Enabled IGMP SSM Range Leave Proxy Enabled Proxy Enabled g E lt All gt unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited unlimited 1 2 3 4 5 6 7 8 9 0 o unlimited Figure 4 8 5 IGMP Snooping Configuration Page Screenshot The page includes the following fields Object Description Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMCv4 Flooding enabled Enable unregistered IPMCv4 traffic flooding IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address
569. terface CLI is very similar to entering commands on a UNIX system This chapter describes how to use the Command Line Interface CLI 5 2 Telnet Login The Industrial Managed Switch supports telnet for remote management The Industrial Managed Switch asks for user name and password for remote login when using telnet please use admin for username amp password A Efx Welcome to Command Line Interface Port Numbers o NS3552 EP 28 a 1 2 416 8i i i tii 3i Si Pio Fi Username 352 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 COMMAND LINE MODE The CLI groups all the commands in appropriate modes according to the nature of the command A sample of the CLI command modes are described below Each of the command modes supports specific software commands Command Groups System System settings and reset options IP IP configuration and Ping Port Port management MAC MAC address table VLAN Virtual LAN PVLAN Private VLAN Security Security management STP Spanning Tree Protocol Aggr Link Aggregation LACP Link Aggregation Control Protocol LLDP Link Layer Discovery Protocol LLDPMED Link Layer Discovery Protocol Media EEE Energy Efficient Ethernet Thermal Thermal Protection PoE Power Over Ethernet EVC Ethernet Virtual Connections EPS Ethernet Protection Switching MEP Maintainence entity End Point QoS Quality of Se
570. that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description IP Address IP address and UDP port for the accounting server in question State Round Trip Time radiusAccClientExtRo undTripTime Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one s
571. the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 applicable to Generic Endpoints Class l and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class II and Generic Endpoints Class 1 301 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual LLDP MED Generic Endpoint Class l The LLDP MED Generic Endpoint Class 1 definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class II The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated w
572. the Layer 3 multicast device In 1998 the IEEE with document 802 1w introduced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP S A Samba is a program running under UNIX like operating systems that provides seamless integration between UNIX and Microsoft Windows machines Samba acts as file and print servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts in Microsoft Windows Neighborhood Network SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length Ashaper can limit the bandwidth of transmitted frames It is located after the ingress queues
573. the Port Path Costs on the least cost path to the Root Bridge e Topology Flag The current state of the Topology Change Flag for this Bridge instance Topology Change Last Buttons Auto refresh Refresh Click to refresh the page immediately 4 7 4 CIST Port Configuration The time since last Topology Change occurred i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds This page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 6 appears STP CIST Port Configuration CIST Aggregated Port Configuration Restricted Priority Admin Edge Auto Edge Role ren BPDU Guard TCN Point to point Path Cost CIST Normal Port Configuration Forced True e El lt All gt 1 E Auto 2 T Auto 3 E Auto 4 E Auto 5 E Auto 6 E Auto T7 E Auto 8 E Auto 9 E Auto 10 E Auto 4040040011 128 128 128 128 128 128 128 128 128 128 660 660 61 6 6 Ld E lt All gt Non Edge 7 Non Edge y 7 Non Edge y Y Non Edge y 7 Non Edge y 7 Non Edge y Y o a A Non Edge y 7 Non Edge 7 Non Edge 7 Non Edge Y Restricted a Priority Admin Edge Auto Edge BPDU Guard Point to ES raat lt All gt y
574. the page immediately Lk Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID gt gt gt gt Updates the table starting with the entry after the last entry currently displayed 4 18 3 RMON Event Configuration Configure RMON Event table on this page The entry index key is ID screen in Figure 4 18 3 appears RMON Event Configuraton Delete 10 ese Tyne Community Event Last Time Figure 4 18 3 RMON event configuration page screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Desc Indicates this event the string length is from 0 to 127 default is a null string e Type Indicates the notification of the event the possible types are a none The total number of octets received on the interface including framing characters a log The number of uni cast packets delivered to a higher layer protocol a snmptrap The number of broad cast and multi cast packets delivered to a higher layer protocol a logandtrap The number of inbound packets that are discarded even the packets are normal e Community Specify the community when trap is sent the string length is from 0 to 127 default is public e Event Last Time Indicates the value of sysUpTime at the time this event entry last generat
575. this Pasig 0 means no TAG added e This MAC B of this MEP can be used by other MEP when unicast is selected Info e Alarm There is an active alarm on the MEP Buttons _ Add New MEP Click to add a new MEP entry Refresh Click to refresh the page immediately 340 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 19 2 Detailed MEP Configuration This page allows the user to inspect and configure the current MEP Instance screen in Figure 4 19 2 appears MEP Configuration Instance Data MEP Instance Residence Tagged EPS This Port VID Instance MAC Port Mep Ingress 10 3001 1 00 30 4F AC 6C 7C Domain Mode Direction Instance Configuration ICC Domain MEP Tagged Name ID VID ofm iruicc fm lerpsoo mego00 1 3001 0 o O 0O 0 MEG ID cLevel cMEG cMEP cars ack CSSF aBLK aTSF Peer MEP Configuration Delete Peer MEP ID Unicast Peer MAC cLoc CRDI cPeriod cPriority o 8 00 00 00 00 00 00 9 Add New Peer MEP Functional Configuration Continuity Check APS Protocol Enable Priority Frame rate Enable Priority 0 0 Figure 4 19 2 Detail MEP configuration page screenshot The page includes the following fields Instance Data Object Description e MEP Instance The ID of the MEP e Domain See help
576. tication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but authentication can be retried If the authentication server cannot be reached the switch can retransmit the request If no response is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the unauthorized state 236 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 11 2 Authentication Configuration This page allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces The Authentication Method Configuration screen in Figure 4 11 3 appears Authentication Method Configuration Authentication Method Fallback console v telnet ssh Figure 4 11 3 Authentication Method Configuration Page Screenshot The page includes the following fields Object Description e Client The management client for which the configuration below applies e Authentication Method Authentication Method can be set to one of the following values E None authentication is disab
577. tics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnostic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the currently selected stack unit as reflected by the page header The VeriPHY Cable Diagnostics screen in Figure 4 15 4 appears VeriPHY Cable Diagnostics Port All v Cable Status Pair A 1 2 Length A Pair B 3 6 Length B Pair C 4 5 Length C Pair D 7 8 Length D Figure 4 15 4 VeriPHY Cable Diagnostics Page Screenshot The page includes the following fields Object Description e Port The port where you are requesting Cable Diagnostics Please be noticed that it is only affect to copper port not fiber port e Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Buttons Start Click to run the diagnostics 311 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 16 Power over Ethernet Providing up to 8 PoE in line power interfaces the NS3552 8P 2S PoE Switch can easily build a pow
578. time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the life time of the port The value can only be changed if the Guest VLAN option is globally enabled The table has one row for each port on the selected switch in the stack and a number of columns which are Object Description e Port e Admin State The port number for which the configuration below applies The Configuration All with available options will assign to whole ports If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the 240 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual aut
579. tinal ent 69 4 2 9 PriMl6ge vel citrato ts titi 71 4 26 NTP Configuration aaia 73 4 2 7 Daylight SIN setn A A ee 74 A278 WP reteset o e es E do E e i e le ad de 2 76 4 2 9 DHCP Relay iio is ee ad ee eee AL i tres ls 78 4 2 10DHCP Relay Statistics Aena 79 42 11 GPU Load snn a a E nee de tt 80 4 2 12 5YstemiLOQ ita ada 81 4 219 Detailed HOG irc dd ii 83 4 2 14 Remote Syd dla Ra 83 4 2 15 SMTPGonfiguratiON conan id A eee ed A e eed 85 4 2 16 Digital INPUV OUTPUT ici hohe ee ee ei a 86 ALA FaU ANAN isis a ll E alin id 88 42 18 EEE Power ReOductON s s i sciecsescisedsadcadesvaschsbaingdcaaicesacaaacagasacbsdaedsaecagdaaeseaausagpsahaceadscgubagstagdsaassigianastageaasicdnconastad 89 42 19 Web Firmware Uparade io A eee 90 4 2 20 1FTP Firmware Upgrades ici apar ee eee 91 4 2 21 Configuration Back piiiiccaiaas data eed ci el ated niger eee 92 4 2 22 Contiguration Upload cui oia 93 4 2 23 Image Select sy s c cdatastdiits do teicher ae ee ee Ee 95 4 2 24 Ractory Detalle cio ads 96 42 20 System REDON ie mnn a EOI ia 97 4 3 Simple Network Management Protocol s cccsscssseeeeeeeeeeeeeeseaeseneeeeneeeeeeaeeesaaeseseeeeneeeeseneseseaesaseeeeneeeeneas 98 4 3 V S5NMPOVe Vie Wirstiannda tada de dida rd 98 43 2 SNMP System Configuration nailon 99 4 3 3 SNMP System Informations sniene unnn ed les ets e At 101 4 3 4 SNMPY3 GonfigUratON ciclo ta caleta 102 4 3 4 1 SNMPV3 COMMUINeS vu sretsia nicas 102 434 2 3NMPr US edo 103 4 3 4 3 INMP YOU A
580. tination address is located at different port from this packet comes in the Industrial Managed Switch will forward this packet to the port where this destination address is located according to the information from address table But if the destination address is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Indusirial Managed Switch stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficiency and stability The Industrial Managed Switch scans the destination address from the packet header searches the routing table pro vided for the incoming port and forwards the packet only if required The fast forwarding makes the switch attractive for connecting servers directly to the network thereby increasing throughput and availability How ever the switch is most commonly used to segment existence hubs which nearly always improves overall performance An Ethernet Switching can be easily configured in any Ethernet network environment to signifi cantly boost bandwidth using conventional cabling and adapters Due to the learning function of the Industrial Managed Switch the source address and corresponding port number of eac
581. tion configuration Syntax Show Loop Protect Show MAC Description Show MAC address table configuration Syntax Show MAC Show Mirror Description Show mirror configuration Syntax Show mirror Show MVR Description Show MVR configuration Syntax Show MVR Show PoE Description Show PoE configuration 603 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Show PoE Show Port Description Show port configuration Syntax Show port Show Privilege Description Show privilege configuration Syntax Show privilege Show Private VLAN Description Show Private VLAN configuration Syntax Show pvlan Show QoS Description Show QoS Configuration Syntax Show QoS 604 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Show SNMP Description Show SNMP configuration Syntax Show SNMP Show SSH Description Show SSH configuration Syntax Show ssh Show System Description Show system configuration Syntax Show system Show Timezone Description Show System Timezone configuration Syntax Show timezone Show UPnP Description Show UPnP configuration 605 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Syntax Show upnp Show Users Description Show users configuration Syntax Show users Show VLAN Description Show VLAN configuration Syntax Show vlan Show Voice VLAN Description
582. tion is IGMP Auto Forced IGMPv1 Forced IGMPv2 Forced IGMPv3 default compatibility value is IGMP Auto e RV Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 Ql Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 255 seconds default query interval is 125 seconds e QRI Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is O to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds e LLQI LMQI for IGMP Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second e URI Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Buttons Refresh Refreshes the displayed table starting from the VLAN input fields e Updates the table starting from the first entry in the VLAN Table i
583. tions Perfect Integrafion Solution for Outdoor IP PoE Camera and NVR System The NS3552 8P 2S provides 8 10 100 1000Mbps 802 3af at PoE ports and can offer sufficient PoE power for 8 PoE IP cameras at the same time In addition with the 2 Port 100 1000Base X SFP interfaces the NS3552 8P 2S can connect to core fiber switch and send video stream to NVR and monitor center Through the high performance switch architecture the NS3552 8P 2S facilitates the recorded video files from the 8 PoE IP cameras to be saved in the NVR systems Furthermore the NVR systems can be controlled and monitored both in the local LAN and the remote site via Internet The NS3552 8P 2S undoubtedly brings an ideal secure surveillance system at a lower total cost o 550m 10km 120km o gt PoE PTZ Speed Dome _ Fiber Switch B 1000Base SX LX Fiber optic DC 48V 0 1000Base T UTP with PoE NS3552 8P 2S Y _ Power Line DC 28 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 1 3 How to Use This Manual This User Manual is structured as follows Section 2 INSTALLATION The section explains the functions of the Industrial Managed Switch and how to physically install the Industrial Managed Switch Section 3 SWITCH MANAGEMENT The section contains the information about the software function of the Industrial Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Industrial Managed Switch by Web i
584. tistics Display SFP information Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Port Port Description Link Speed Flow Control Maximum Excessive Power Current Configured Current Rx Current Tx Configured Frame Size Collision Mode Control O lt a gt lt Al gt 1 2 3 4 5 6 7 8 9 gt Port Configuration lt Alb Anto Copper Y Auto Copper Y IT Anto Copper Auto Copper Auto Copper Auto Copper Auto Copper Auto Fiber Auto Fiber FIKR daa a aaa e SNS NEN INS aca ca XXXXXXXX X x XXXXXXXxXxxox Elfo fee fa fol e ALE ec Figure 4 4 1 Port Configuration Page Screenshot The page includes the following fields Object Description e Port This is the logical port number for this row means selection all ports of Industrial Managed Switch e Port Description This function provides input per port description and the available letters is 12 e Link The current link state is displayed graphically Green indicates the link is up and red that it is down e Current Link Speed Provides the current link speed of the port 107 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Configured Link Spe
585. to send SSDP advertisement messages Valid values are in the range from 1 to 255 e Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points about how often it or they should receive an SSDP advertisement message from this switch If a control point does not receive any message within the duration it may suggest that the switch no longer exists Due to the unreliable nature of UDP as standard it is recommended that such refreshment of advertisements to be done at less than one half of the advertising duration In the implementation the switch sends SSDP messages periodically at the interval one half of the advertising duration minus 30 seconds Valid values are in the range from 100 to 86400 Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values Y My Network Places File Edit View Favorites Tools Help y A ei ya Search Ky Folders EF Address 4 my Network Places Network Tasks Ms 2 Add a network place gt A a View network a i i i connections Y Setup a wireless network for a home or small office lt Q Search Active Directory 3 Hide icons For networked UPnP devices Print Server Print Server NS3552 8P 2S Other Places Desktop Entire Network y My Computer My Documents pay Printers and Faxes Details My Network P Figure 4 2 11 UPnP Devices sho
586. translation table is used to translate incoming frames DSCP value and translated value is used to map QoS class and DP level Syntax QoS DSCP Translation lt dscp_list gt lt trans_dscp gt Parameters lt dscp_list gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all default Show DSCP translation table lt trans_dscp gt Translated DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 QoS DSCP Trust Description Set or show trusted DSCP value which is used for QoS classification The DSCP value to be checked for trust is either translated value ifDSCP translation is enabled for the ingress port or incoming frame DSCP value if translation is disabled for the port Trusted DSCP value is onlyused for QoS classification Syntax QoS DSCP Trust lt dscp_list gt enable disable Parameters lt dscp_list gt DSCP 0 63 BE CS1 CS7 EF or AF11 AF43 list or all enable Set DSCP as trusted DSCP disable Set DSCP as un trusted DSCP default Show DSCP Trust status Default Setting disable QoS DSCP Classification Mode Description Set or show DSCP ingress classification mode 536 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual If port DSCP classification is selected DSCP will be classified based on QoS class and DP level only for DSCP value with classification mode enabled DSCP may be translated DSCP if translation is enabled for the port Syntax QoS DSCP Classification Mode lt dscp_list g
587. transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet 120 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Partner Priority The Prior controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in a backup role Lower number means greater priority Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 5 3 LACP System Status This page provides a status overview for all LACP instances The LACP Status page displays the current LACP aggregation Groups and LACP Port status The LACP System Status screen in Figure 4 5 5 appears LACP System Status Aggr ID Partner System ID Partner Key Last Changed Local Ports No ports enabled or no existing partners Auto Refresh CJ Figure 4 5 5 LACP System Status Page Screenshot The page includes the following fields Object Description e Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id e Partner System ID The system ID MAC address of the aggregation partner e Partner Key The Key that the partner has assigned to this aggregation ID e Last changed The time since this aggregation changed e Lo
588. trial Switches E Dimensions W x D x H 72 x 107 x 152 mm Top View Mounting Kit 50 Side View Front View Rear View V0009 18 AAA C it o O l o o o O o E 66 DIN Rail Kit 10 100 10007 a O O NS3552 8P 2S o H L 78 Ze 07 1 y 66 6 Bottom View Mounting Kit AOS OSA nanninannan 00000000 o00000000 00000000 000000000 eo000000 eo0000000 00000000 000000000 oooooegea e00000000 eco000000pP000000000 ooo000000p000000000 oooooooopooooooooo co000eeeGee0000000 oo0 00000p000000000 5 dh Dimensions unit mm 38 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 2 1 2 Front Panel Figure 2 1 8 2 2 shows the front panels of Industrial Managed Switch Console RESET A LNK acy POE In Use E E SS E ee E E E E E E E ee M NS3552 8p 25 Figure 2 2 NS3552 8P 2S Switch Front Panel 39 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual M Reset Button At the left of the front panel the reset button is designed for rebooting the Industrial Managed Switch without turning off and on the power It also can reset the Industrial Managed Switch to
589. tts 1043 46BTU Full loading with PoE function NS3552 8P 2S only Power Over Ethernet NS3552 8P 2S only POE Standard IEEE 802 3af IEEE 802 3at Power over Ethernet o PoE Power End Span Supply Type Per Port 56V DC 350mA Max 15 4 watts IEEE PoE Power 802 3af Output Per Port 56V DC 590mA Max 30 watts IEEE 802 3at EC 1 2 3 6 Assignment EE an en OO Budget Max number of IO Max number of Class 3 PD Max number of O Layer 2 Function Basic Management Console Telnet Web Browser SNMPv1 v2c Web Browser Remote Telnet SNMPv1 v2c Interfaces Secure Management SSH SSL SNMP v3 SSH SSL SNMP v3 Interfaces Port disable enable Port disable enable Auto negotiation 10 100 1000Mbps full and half Port Auto Negotiation 10 100 1000Mbps full and half duplex mode selection duplex mode selection Auto detection Forced 100 1000Mbps SFP Fiber Flow Control disable enable transceiver speed Power saving mode control Flow Control disable enable Power saving mode control Display each port s speed duplex mode link status Display each port s speed duplex mode link status Flow control status Auto negotiation status trunk Flow control status Auto negotiation status trunk status status Port Mirroring 1X RX Both TX RX Both 1 to 1 monitor Many to 1 monitor 802 1Q Tagged Based VLAN up to 255 VLAN 802 1 Q Tagged Based VLAN up to 255 VLAN groups groups Sale tl PVE Q in Q tunneling riv
590. ty switch snmp trap community private Security Switch SNMP Trap Destination Description Set or Show the SNMP trap destination address Syntax Security Switch SNMP Trap Destination lt ip_addr_string gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string Example Set SNMP trap destination address for 192 168 0 20 Security Switch SNMP Trap IPv6 Destination Description Set or Show the SNMP trap destination IPv6 address Syntax Security Switch SNMP Trap IPv6 Destination lt ipv6_addr gt Parameters lt ipv6_addr gt IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example 410 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Set SNMP trap IPv6 destination address for 2001 0001 Security Switch SNMP Trap Authentication Failure Description Set or show the SNMP authentication failure trap mode Syntax Security Switch SNMP Trap Authentication Failure enable disable Parameters enable Enable SNMP trap authentication failure dis
591. ubintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead e Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS Authentication Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns which are Object Description o The RADIUS Authentication Server number for which the configuration below applies e Enabled Enable the RADIUS Authentication Server by checking this box e IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is expressed in dotted decimal notation e Port The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server e Secret The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch RADIUS Accounting Server C
592. under access management mode is enabled Buttons Auto refresh i i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear all statistics 273 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 4 HTTPs Configure HTTPS on this page The HTTPS Configuration screen in Figure 4 12 4 appears HTTPS Configuration gt Mode Disabled v Automatic Redirect Disabled Figure 4 12 4 HTTPS Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the HTTPS mode operation Possible modes are E Enabled Enable HTTPS mode operation E Disabled Disable HTTPS mode operation e Automatic Redirect Indicates the HTTPS redirect mode operation Automatic redirect web browser to HTTPS during HTTPS mode enabled Possible modes are E Enabled Enable HTTPS redirect mode operation E Disabled Disable HTTPS redirect mode operation Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 274 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port t
593. upnp configuration UPnP Configuration Disabled 4 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting disable Example Enable the UPnP mode NS3552 8P 2S gt upnp mode enable 548 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual UPnP TTL Description Set or show the TTL value of the IP header in SSDP messages Syntax UPnP TTL lt ttl gt Parameters lt ttl gt ttl range 1 255 default Show UPnP TTL Default Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages NS3552 8P 2S gt upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration lt duration gt Parameters lt duration gt duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration NS3552 8P 2S gt upnp advertising duration 1000 549 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 6 24 MVR Command MVR Configuration Description Show the MVR configuration Syntax MVR Configuration Example Show the MVR configuration NS3552 8P 2S gt mvr configuration MVR Configuration Muticast V
594. used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code oint values 0 through 63 Auto negotiation identifies if MAC PHY auto negotiation is supported by the link partner e Auto negotiation status Auto negotiation status identifies if auto negotiation is currently enabled at the link partner If Auto negotiation is supported and Auto negotiation status is disabled the 802 3 PMD operating mode will be determined the operational MAU type field value rather than by auto negotiation e Auto negotiation Capabilities Buttons Auto refresh Refresh Auto negotiation Capabilities shows the link partners MAC PHY capabilities i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately 303 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 14 5 Neighbor This page provides a status overview for all LLDP neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP Neighbor Information screen in Figure 4 14 4 appears LLDP Neighbour Information Local Port Chassis ID Remote Port ID System Name Port Description System Capabilities Management Address Pott 33 334F A4 E4 48 1 Realtek Intelligent Switct Bridge 192 168 0 100 IP74 Port2 SEPOO17ED1COFF9 Port 1 Other Port 2 0 0 0 0 0017E01C9FF9 P1 SEPODI7ED1C9FF9 ci
595. uteasaecestenstecteneccersicereaceenunderden 550 MVA GonfiguratioNicsuriiiia en A AA E 550 MVRiModes iio rd o to rel tl e e dt o o el ates 550 MVR VLAN Setup ei e e a ll lle 551 MVR VEAN Mode e E 551 MVR VEAN Poli ei 551 MVR VANE o evo nd a to e 552 MVR VLAN Chaniiele c2 csc08 sc erceen ita delete en dette la ia 553 MVR VEAN Priority a toc22tt ansia o cottes tordo dL dhs Se ace tee Rags wohl thd e e rhea acs ates 553 MVR Immediate Leave iic cn alain o ee aie cae ee 553 MVRiStalUs oct eh eis eed eed eS E ded 554 MVR GOUS iniia da o o ll ld a 554 MV RES EM eh E A o a A o 554 6 25 Voice VLAN Command ii suds edaccvended scadez sade ceuuedseQdacseccestecdsequedsaczestecdeesaiedsadsececdens 556 Voice VLAN Configuration ss te isi ath a el se a a eee ee 556 Voice VEAN Modesss setntantitieas enlist ee ee edi Re ee 556 Voice VEAN Da tc het toa EE DE cote e e o o eo A 557 Voice VLAN AgStMO condi eee ay SU Ai ete da 558 Voice VLAN CIO las cota a aa e a a E a a aa a aA aa araa Aa EAE Naa Siia ea 558 Voice VLAN OUI Addii ati 559 Voice VLAN OUI Delete eaa eaae Wad dad ivi dns Eaa cea ete eds eae ae 559 Voice VLAN OUI CIC ricardo ia 559 Voice VEAN OUT CoO KUDa a e a correccion irc ici aii 560 Voice VLAN Port Mode ocio a a oe a aa A ea 560 Voice VELAN SEGUN Sa Sd ee ee 561 Voice VLAN Discovery Protocol rriaren a e de ate ie ori a die th sheet ee ete eee 561 6 26 Ethernet Ring Protection Switching Command cccceccesseeeseeeeeseeee
596. values 4 9 15 QoS Statistics This page provides statistics for the different queues for all switch ports The QoS Statistics screen in Figure 4 9 18 appears 213 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Queuing Counters Auto refresh L Refresh Clear 8 QW 8 u e N 2200000000 8 0000000000 0000000009 0000000000 0000000000 00000000023 0000000005 0 0 0 0 0 0 0 0 0 0 ae ees Rx rx Rx Tx 0 0 0 0 0 0 0 0 o 0 0 0 o 0 0 0 o 0 0 0 ls LO 00 INID Un Be Lu 000000000 Figure 4 9 18 Queuing Counters Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e Q0 Q7 There are 8 QoS queues per port QO is the lowest priority queue e Rx Tx The number of received and transmitted packets per queue Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately Clear clear Clears the counters for all ports 214 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 9 16 Voice VLAN Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the
597. values are between 30 and 86400 seconds 24 hours The Industrial Managed Switch implements the Rapid Spanning Protocol as the default spanning tree protocol While selecting Compatible mode the system uses the RSTP 802 1w to be compatible and co work with another STP 802 1D s BPDU control packet Note Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information The Bridge Status screen in Figure 4 7 5 appears STP Bridges Root Topolo Topolo arideem Root Topology Topology MN AA GO Chanup Gast IST 60 00 00 30 4F 10 02 00 80 00 00 30 4F 10 02 00 O Steady Auto refresh O Refresh Refresh Figure 4 7 5 STP Bridge Status Page Screenshot The page includes the following fields Object Description e MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status e Bridge ID The Bridge ID of this Bridge instance e Root ID The Bridge ID of the currently elected root bridge 159 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e Root Port e Root Cost The switch port currently assigned the root port role Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of
598. vant in buildings which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance e Map Datum The Map Datum used for the coordinates given in this Option E WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 and Prime Meridian Name Greenwich HM NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich the associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW E NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime 296 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Civic Address Location Meridian Name Greenwich the associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on water sea ocean IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Object Description e Country code as ISO 3166 country code in capital ASCII letters Example DK DE or US e State National subdivisions state canton region province prefecture e County County parish gun Japan district e City City township shi Ja
599. ve STP enabled with default settings the switch with the lowest MAC address in the network will become the root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch When STP is enabled using the default parameters the path between source and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propagate throughout the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states a Blocking the port is blocked from forwarding or receiving packets a Listening the port is waiting
600. w ECE will be added If lt ece_id_next gt is specified the ECE will be placed before this entry If lt ece_id_next gt is last the ECE will be placed at the end of the list If lt ece_id_next gt is omitted and it is a new ECE the ECE will be placed last If lt ece_id_next gt is omitted and the ECE exists the ECE will not be moved Syntax EVC ECE Add lt ece_id gt lt ece_id_next gt uni lt uni_list gt lt dmac_type gt lt smac gt tag lt tag_type gt lt vid gt lt pcp gt lt dei gt all ipv4 lt proto gt lt sip gt lt dscp gt lt fragment gt lt sport gt lt dport gt ipv6 lt proto gt lt sip_v6 gt lt dscp gt lt sport gt lt dport gt direction lt direction gt evc lt evc_id gt pop lt pop gt policy lt policy gt class lt class gt outer lt ot_mode gt lt ot_preserve gt lt ot_pcp gt lt ot_dei gt Parameters lt ece_id gt ECE ID 1 128 lt ece_id_next gt Next ECE ID 1 128 or last uni UNI keyword lt uni_list gt UNI port list 1 10 lt dmac_type gt DMAC type any unicast multicast broadcast lt smac gt SMAC or any tag Tag matching keyword lt tag_type gt Tag type tagged untagged any lt vid gt VLAN ID value range 0 4095 or any lt pcp gt PCP value range 0 7 or any lt dei gt DEI value 0 1 or any all Keyword for matching any frame type ipv4 Keyword fo
601. which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port All means all ports will have one specific setting e Fast Leave Enable the fast leave on the port e Throttling The Configuration All with available values will assign to whole items Enable to limit the number of multicast groups to which a switch port can belong All means all ports will have one specific setting 182 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 8 9 MLD Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The MLD Snooping VLAN Configuration screen in Figure 4 8 12 appears MLD Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page Figure 4 8 12 IGMP Snooping VLAN Configuration Page Screenshot 183 IFS NS3552 8P 2S AND NS3550 2T 8S User M
602. wing administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC dotixAuthLastEapolF The MAC address of the last supplicant client Address rameSource VLAN ID The VLAN ID on which the last frame from the last supplicant client was received Version dot1xAuthLastEapolF 802 1X based rameVersion The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable Identity 802 1X based 248 The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Selected Counters Object Description e Selected Counters The Selected Counters table is visible when the port is one of the following administrative states E Multi 802 1X E MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Attached MAC Address Object Description e Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not
603. witch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that e The ports used in a link aggregation must all be of the same media type RJ 45 100 Mbps fiber e The ports that can be assigned to the same link aggregation have certain other restrictions see below e Ports can only be assigned to one link aggregation e The ports at both ends of a connection must be configured as link aggregation ports e None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port e All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN e The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole e Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop e Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to 116 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual avoid creating a data loop It allows a maximum of 10 ports to be aggregated at the same time The Managed Switch support Gigabit Ethernet ports up to 5 groups If the group is defined as a LACP static link aggregationing group then any extra ports selected
604. with a hierarchy of tags Header tags lt xml version 1 0 gt and lt configuration gt These tags are mandatory and must be present at the beginning of the file Section tags lt platform gt lt global gt and lt switch gt The platform section must be the first section tag and this section must include the correct platform ID and version The global section is optional and includes configuration which is not related to specific switch ports The switch section is optional and includes configuration which is related to specific switch ports Module tags lt ip gt lt mac gt lt port gt etc These tags identify a module controlling specific parts of the configuration Group tags lt port_table gt lt vlan_table gt etc These tags identify a group of parameters typically a table Parameter tags lt mode gt lt entry gt etc These tags identify parameters for the specific section module and group The lt entry gt tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is included in the file The file may then be modified using an editor and loaded to an Industrial Managed Switch The examples below show a small configuration file only including configuration of the MAC address age time and the learning mode per port When loading this file only the included pa
605. ws on Windows My Network Places 77 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual 4 2 9 DHCP Relay Configuring DHCP Relay on this page DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options E Circuit ID option 1 m Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equals 0 in stackable switch it means switch 1D The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal to the DHCP rela
606. xcess bandwidth Queue Scheduler Weight Queue Scheduler Percent Controls the weight for this queue The default value is 17 This value is restricted to 1 100 This parameter is only shown if Scheduler Mode is set to Weighted Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Port Shaper Enable Controls whether the port shaper is enabled for this switch port Port Shaper Rate Controls the rate for the port shaper The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 3300 when the Unit is Mbps Port Shaper Unit Buttons Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps 197 Rate Unit IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Save Click to save changes Click to undo any changes made locally and revert to previously saved values Cancel f Cancel Click to undo any changes made locally and return to the previous page 4 9 4 Port Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports The Port Classification screen in Figure 4 9 4 appears QoS Ingress Port Classification Port Q05 class DP Level PCP Det Tag Class DScP Based lt All gt x lt All gt lt All gt y lt All gt 0 0 0 X Disabled
607. xt ACE ID is not specified the ACE will be placed last in the list If the Switch keyword is used the rule applies to all ports If the Port keyword is used the rule applies to the specified port only If the Policy keyword is used the rule applies to all ports configured with the specified policy The default is that the rule applies to all ports Syntax Security Network ACL Add lt ace_id gt lt ace_id_next gt switch port lt port_list gt policy lt policy gt lt tagged gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt 443 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual lt arp_flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permit deny lt rate_limiter gt lt port_copy gt lt mirror gt lt logging gt lt shutdown gt Parameters lt ace_id gt ACE ID 1 256 default Next available ID lt ace_id_next gt Next ACE ID 1 256 default Add ACE last switch Switch ACE keyword port Port ACE keyword lt port_list gt Port list or all def
608. y Switch SNMP Trap COMMUNITY coccoccccncccnoncccnoccnoncnnnnccnoncnnnn corn nn cnn 409 Security Switch SNMP Trap DestinatiON ooonncccinnnnnnncnnnnnonncccnonncnnrnnnnrnnnnn cc nora nn nc n rca rr 410 Security Switch SNMP Trap IPv6 Destination eeeeceeeeeecneeeeeeeeeneeeeaeeeeaeeeeaeeeeaeeeeaeeecaeeseaeeeeeeseieeeeieeseneeeeaees 410 Security Switch SNMP Trap Authentication Failure c ceeccecsceceseeeeseeeeeeeeeeeeeeeeeeaeeeeaeeseaeeeeaeeseaeeeseeeeeneeeeeneeeaees 411 Security Switch SNMP Trap LiMk Up cooccconncnnnccnononcnnncccnonnnoncconononnnnnn ronca nan n nr nn naar anna carne rra rra 411 Security Switch SNMP Trap Inform Mode cooococccinccccocccooonononccnoncnnnn corona non corran nc cnn 412 Security Switch SNMP Trap Inform TiMBOUt ooococncccnnnccinocnnonnconnncnonncnnnnnnnn cnn n rca 412 Security Switch SNMP Trap Inform Retry Times oooococincccnocccionccnnoncnonnnnnnccnnn canon cc nn ca rnn corran rca 413 Security Switch SNMP Trap Probe Security Engine ID oooncocinnccnnnccnoncccocccnonncnonccnnnncnnnccnoncnancn narran rca nn 413 Security Switch SNMP Trap Security Engine ID ecceeeceeceeeeeeeeeeneeeeeeeeeeeeaeeseaeeeeaeeeeaeeseaeeseaeeseeeeeeneeeteeeeeaees 414 Security Switch SNMP Trap Security NAME ooococincccnocccnooncnonccnonncnoncnnnnnnnnn cnn rca rn rra 414 Security Switch SNMPEngide Daer a aid santcesedhgstaneciaadesishdsinjdssetsnacdbiacejasdathsatenintagdesateagaduartauatessianandas 415 Security Switch SNMP Community
609. y agents MAC address The DHCP Relay Configuration screen in Figure 4 2 12 appears DHCP Relay Configuration Relay Mode Relay Server Relay Information Mode Relay Information Policy Figure 4 2 12 DHCP Relay Configuration Page Screenshot The page includes the following fields Object Description e Relay Mode Indicates the DHCP relay mode operation Possible modes are E Enabled Enable DHCP relay mode operation When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered E Disabled Disable DHCP relay mode operation e Relay Server Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and to transfer DHCP messages between the clients and the server when 78 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual they are not on the same subnet domain e Relay Information Indicates the DHCP relay information mode option operation Possible modes Mode are E Enabled Enable DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled E Disabled Disable DHCP relay inf
610. y protocol E DES An optional flag to indicate that this user using DES authentication protocol e Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 103 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual Buttons _ Add New User_ Click to add a new user entry Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 3 4 3 SNMPv3 Groups Configure SNMPv3 groups table on this page The entry index keys are Security Model and Security Name The SNMPv3 Groups screen in Figure 4 3 5 appears SNMPv3 Group Configuration public default_ro_group private default_rw_group public default_ro_group private default_rw_group default_user default_rw_group Add New Entry Reset Figure 4 3 5 SNMPv3 Groups Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Security Model Indicates the security model that this entry should belong to Possible security models are E v1 Reserved for SNMPv1 E v2c Reserved for SNMPv2c E usm User based Security Model USM e Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII ch
611. y the TCP UDP source filter for this ACE E Any No TCP UDP source filter is specified TCP UDP source filter status is don t care E Specific If you want to filter a specific TCP UDP source filter with this ACE you can enter a specific TCP UDP source value A field for entering a TCP UDP source value appears E Range If you want to filter a specific TCP UDP source range filter with this ACE you can enter a specific TCP UDP source range value A field for entering a TCP UDP source value appears e TCP UDP Source No When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value e TCP UDP Source When Range is selected for the TCP UDP source filter you can enter a specific Range TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value e TCP UDP Destination Specify the TCP UDP destination filter for this ACE Filter E Any No TCP UDP destination filter is specified TCP UDP destination filter status is don t care E Specific If you want to filter a specific TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears E Range If you want to filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP de
612. y the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet IPMC is an acronym for IP MultiCast IPMC supports IPv4 and IPv6 multicasting IPMCv4 denotes multicast for IPv4 IPMCv6 denotes multicast for IPv6 IP Source Guard LACP LLC IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port The IEEE 802 2 Logical Link Control LLC protocol provides a link mechanism for upper layer protocols It is the upper sub layer of the Data Link L
613. you to input who send this mail e E mail Subject It is for you to input mail subject 85 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual e E mail 1 To It is for you to input recipient mail address e E mail 2 To It is for you to input secondary recipient mail address Buttons test Click to test SMTP server address Save Click to save changes Click to undo any changes made locally and revert to previously saved values 4 2 16 Digital Input output Digital Input allows user to log external device such as industrial cooler dead or alive or something else System will log a user customized message into system log and syslog and issue SNMP trap or issue an alarm E mail Digital Output allows user to monitor the switch port and power and let system issue a high or low signal to an external device such as alarm when the monitor port or power has been failed The Configuration screen in Figure 4 2 19 appears Digital Input Output Control Configuration Enable Enable C Enable High to Low v High to Low v Enable Power Fail Port Fail Power Fail Port Fail DIO DI High to Low v i High to Low v DC1_ DC2 DC1DC2 pr des ae eal Fee eZee oe ae 9 10 Figure 4 2 19 Windows File Selection Menu Popup The page includes the following fields Object Description e Enable Check the Enable checkbox to enable Digital Input outpu
614. ze VLAN tags in packet headers E The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header HM 802 10 VLAN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet 125 IFS NS3552 8P 2S AND NS3550 2T 8S User Manual backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 10 Tag User Priority CFI VLANID VID 3 bits 1 bits 12 bits
Download Pdf Manuals
Related Search