EtherWAN Managed Switch User Manual
Contents
1. PCP Priority Acronym Traffic Types 1 0 lowest BK Background 1 1 BE Best Effort 2 2 EE Excellent Effort 3 3 CA Critical Applications 4 4 VI Video lt 100 ms latency and jitter 5 5 VO Voice lt 10 ms latency and jitter 6 6 IC Internetwork Control 7 7 highest NC Network Control The above recommendations are implemented in the V1 94 2 EtherWAN Managed Switch s 802 1p submenu DSPC or Diffserv Code Point uses the first 6 bits in the ToS field of the IP v4 packet header This type of QoS is primarily useful if the QoS needs to pass through a router or routers We will touch on DSPC briefly later in this section 190 EtherWAN Managed Switch Users Guide Global Configuration Page Web GUI Interface To navigate to the QoS Global Configuration page see below 1 Click on the next to QoS 2 Click on Global Configuration TT LL ae EtherWAN ve Management Switch Disable CoS gt DSCP Strict Priority Queue0 3 Strict Priority Queue3 WRR Queue0 2 WRR Queue0 3 Weighted Round Robin Weight 1 20 Global Configuration 802 1p Priority 1 2 4 8 Submit Figure 85 Global Configuration To Enable the QoS settings 1 Enable QoS by selecting the drop down box to the right of the QoS option 2 Choose CoS and or DSCP next to the Trust option 3 Select the desired option next to Policy a Strict Priority2. CO SNMP Fast Leave Disable 8021x ery Interval 10 18000 fej Ss a ojo DE Others Protocols Max Response Time 1 240 GVRP Report Suppression Enable z IGMP Snooping Update Setting NTP GMRP d aa MP Ves 125 10 Figure 129 IGMP General Properties 269 EtherWAN Managed Switch Users Guide Configuring IGMP Passive Mode Specific properties To navigate to the IGMP Snooping page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping To configure specific properties for IGMP Passive Mode please follow the steps below Gi Management Switch Multicast Current Table O System a ore i O Port Switching Update Setting Trunking STP Ring ae GEI Sts Ss el ACL IGMP Version 3 r Fast Leave i y Interv 125 10 E Fl Fp pp a an ARA Ej Ss EECHER LLDP GVRP Report Suppression Enable el IGMP Snooping Update Setting NIP GMRP De he EE Figure 130 IGMP Passive Mode 1 From the dropdown list next to VLAN ID choose the VLAN for which you wish to configure the Report Suppression feature 2 Choose Enable or Disable in the dropdown list next to Report Suppression Note if the switch is not in Passive mode then this feature will have no effect Vd Note If you are using IGMP version 1 or 2 the Query Interval and the Max Response Time setting mus
3. Figure 107 SNMP General Settings EtherWAN Managed Switch Users Guide 231 Configuring SNMP v1 amp v2 Community Groups To navigate to the SNMP v1 v2 page 1 Click on the next to SNMP 2 Click on SNMP v1 v2 To configure the SNMP v1 amp v2 community groups see Figure 108 1 Enter the SNMP community name into the text entry box next to Get Community Name This will allow the NMS to poll status information from the switch read only 2 Enter the SNMP community name into the text entry box next to Set Community Name This will allow a NMS to change the status of a data item in the switch 3 Click on the Update Setting button after you have finished the configuration 4 Save the configuration see the Save Configuration Page N z Eeer Switch R SE ystem EE as EE H Switching CH Trunking STP Ring VLAN Qos ACL Eg SNMP SNMP General Setting SNMP vie SNMP v3 Update Setting Figure 108 Community Name V1 V2c 232 EtherWAN Managed Switch Users Guide Configuring SNMP v3 Users To navigate to the SNMP v3 page 1 Click on the next to SNMP 2 Click on SNMP v3 Adding SNMP v3 Users to the switch 1 Click on the Add User button See below Management Switch SO system SNMPy3 Seting Taas Delete user User Nene Access Mode Secu Level Aahencaton Type Privacy Tape DCH Switching DCH Tru
4. SCH 802 1X OCH LLDP H Others Protocols GVRP IGMP Snooping GMRP DHCP Server UDLD W Management Switch CH System CH Diagnostics Port CH Switching CH Trunking STPRing VLAN Qos ACL SNMP 802 1x LLDP 3 Others Protocols GVRP IGMP Snooping NIP GMRP DHCP Server UDLD DHCP Binding Table Pim DNS Sc DG 86400 to 864000 86400 default Lease Time Figure 142 DHCP Bindings DHCP General Setting Mac Address a4 ba db de d6 2f 192 168 7 100 23 hours 58 minutes 0 seconds Figure 143 DHCP Binding Table EtherWAN Managed Switch Users Guide 301 DHCP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage To set the DHCP server parameters CLI Command Mode General Configuration Mode CLI Command Syntax dhcp server range lt start IP gt lt end IP gt dhcp server subnet mask lt subnet mask in doted decimal notation gt dhcp server gateway lt P address gt dhcp server dns 1 lt P address gt dhcp server dns 2 lt P address gt dhcp server lease time lt 0 864000 gt Usage Example switch az enable switch _a configure terminal switch _a config dhep server range 192 168 7 100 192 168 7 107 switch_a config dhcp server subnet mask 255 255 255 0 switch
5. Update Setting Figure 128 IGMP Mode 268 EtherWAN Managed Switch Users Guide Configuring IGMP Snooping General properties To navigate to the IGMP Snooping page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping To configure the general features for IGMP Snooping in either the Passive or Querier mode follow the steps below see Figure 129 1 From the dropdown list next to VLAN ID choose the VLAN that you want the IGMP Snooping process to run on 2 From the dropdown list next to IGMP Version choose the correct IGMP version to be run on this VLAN This setting must match the IGMP version being used by the IGMP querier and the IGMP client on the network 3 Choosing the appropriate choice Enable or Disable from the dropdown list next to Fast Leave If this feature is enabled on the switch and the switch receives a request to leave a multicast stream on a port then the switch will drop this multicast stream on that port without checking to see if there are any other multicast clients on that port that might still be interested in receiving this multicast stream This allows the multicast stream to disappear from a port much faster 2 Next click on the Update Setting button Gi Management Switch Multicast Current Table gt System Port Switching Update Setting KC Trunking STPRing CO Qos
6. 1 1 sranane aana nan nn nenen a nana anana rena 25 Saving a Configuration from the Cl 25 System Men eege a aaa da Tas aa a daga da wa aa da daa aaa aana da da alaga ga ia a a Naas Ga aa ag 26 System Information DEE 26 EE E e DEE 28 System Name Password using the CL 29 IP PROGINS E 30 ii EtherWAN Managed Switch Users Guide Preface e le P sa aaa a a aaa aa gk ira ree cece dlc abah ga Ba naa d Da Ba cel peice i Segoe aa 30 DEG EE 30 Default Gateway saka saa e Ae Na a KK Ega E Ngak KD ga Ee aaa Ka Be a Ke De EA a agagah Ka ana 30 RI EE 30 IP Address Configuration using the Cl 32 PPA ONS SS sa Berta teas aan aa dag Sarees Da a Dana kak aa teen taser enang ai aga Da 32 Default Gateway EE 33 Domain Name Server LR LE 34 Enable Disable DHCP Client on a VAN 35 Enable Disable Static IPonaVlAN cc cccceeceeeeeeeeeneeeeeeeeeeeeeeeeaeeeeeeeeeeeeeeneaaees 35 Management Interface sanane an etiydecdlopes hawsiyhes aana anana naa anana anana eaaa nane 37 PIT TIPS aana EOS E AAN A eas E EESE ASEE a a Ga Nk EEEE EES 37 RE 37 SSH S c re E 38 Management Interface Configuration using the Cl 39 Enabling Disabling Telnet EE 39 Enabling Disabling SSH E 40 Enabling Disabling HTTP and or HTTRR 41 Save Configuration Page sasana er adler SEN REENEN Gens dE ENER ENEE 43 e ee We VIe e E 43 Load Configuration eses antes Ole temits Out amides eten aaa went 43 Backup GOMEGUE AON EE 43 R
7. ccccsseseseeeeeeeeeeeeeeeeeeseeeeeeeeeeeeeeeeeesenenees 143 Global Configuration Pages iccce ccs ecccsccdacgeacedeteesuahieustcdeeseusssancnaseleteeteededu ENEE 143 Enabling the MSTP Protocol ccc ctasiciec caaet as Geen sn aana nana e aaa nagan anana nenen 143 The CIST Root Bridge amp Backup CIST Root Bridge anana anane nee 145 Setting Bridge PHONY sei asana Bie hoe ons Reais teeth noes gana Ta ga aaa a a eps een AE 145 Configuring the CST Network Diameter 147 MST P Properties Page sas gaga a Daane Ga NAN Aga Da A a Ngak A dee A EE deeler 148 Configuring an MSTP Region iste decrees ieee deena anana anana cheat ana 148 Configuring the IST Network Diameier aana nana nean a nana nnnanen 150 MSTP edel EE 151 vii EtherWAN Managed Switch Users Guide Preface Setting an MS PP Ia 151 Modifying MSTP parameters for load balancing ssssseeeesssessrrrrrnersssrrrrrrre 152 MSTP Port Setting Re CR 154 Adjusting the blocking port in a MSTP network ssssssssssesssseseserrnresssrrrrrrrnneessne 154 MSTI Instance Port Membersbp 156 MSTP Configuration Examples Using CLI Commande 157 Enabling Spanning Tree for MSTb ENNEN 157 Bridge Priority Max Age Forward Delay and Hello Tme 158 IST MAX FIODS narma ade eege ee e E ra EA 158 MSTP Regional Configuration Name and the Revision Level 159 Creating an MSTI Instance eet seess aane a anana anana aana nane Nee 159 Setting MST Gite ele asana aaa athens a
8. 2 You can enter a source or destination Transport Layer protocol port number to allow any IP packet with this port number to gain entry into the switch To do this choose the appropriate port number type Source port or Destination port from the drop down list next to Option 3 Next enter the correct port number into the text entry box next to TCP UDP Port No 1 65535 4 After you have finished configuring just one ACL Access List from the previous step you must now create a name for the new ACL Class Map that will be associated with this Access List To do this just enter a name for the new ACL Class Map into the text box under Class Name see Figure 94 d Note Since this particular Access List type does not contain any deny rules this Access List will have to be used in conjunction with another type of Access List if you wish to filter any packet from entry to the switch that did not match the classification rules from this Access Lists Otherwise all packets that did not match the classification rules of this Access List will also be allowed entry into the switch 210 EtherWAN Managed Switch Users Guide Po Map Attach Class Map to Policy Map EE EU Access List Create 1 99 1300 Na ma mee Note Enter Mask in reverse like 0 0 0 255 Figure 94 IP Access List Name Bandwidth Limiting 1 The amount of bandwidth that is being allocated for the traffic that is being allowed under this new ACL Clas
9. eecceeeeeeeeeeeeeeeeeenneeeeeeeeeeeeeeennaeeeeeeees 127 Adding an Interface to a LACP Trunk ENNEN 127 Setting the LACP Port Priority EE 128 Setting the LACP e EE 128 STP Ring Page e E EEN 129 Choosing the Spanning Tree Protocole AAA 129 Spanning Tree Protocol STP E 129 Rapid Spanning Tree protocol DST 129 Multiple Spanning Tree Protocol MIb 129 STP Ring Page Configuring RSTP ccccsssssseeeeeeeeeeeeeeeneeeeeeeeeeeeeeeeseeeeeeennees 130 Global ege ee ME E 130 Enabling the RSTP Protocol 27 0 0 eii ica aane anana ton aia eas ae ee 130 Additional Global Configuration page settings ceeeeeeeeeeeeeeeeeeeeeeeetnteeeeeeees 130 The Root Bridge amp Backup Root Bridge AEN 132 Setting the MAX Age Forward Delay and Hello Ter 134 FSP POT Setting Page raaa ga A BAN a bikes na KE E tad aca uae ated ied ve each aes 136 Spanning Tree Port ROIS eagsegesteereendegesg ee ng ges eerh ane EgEdee ASS 136 Path Gost amp Port Priority aaa aaa aaa a aan na a aaa ka D SEENEN 137 Point to Ront EE 139 Bdge le GE 139 RSTP Configuration Examples Using CLI Commande nana anana anana 140 Enabling the Spanning Tree Protocol kee 140 Bridge Priority Max Age Forward Delay and Hello Time 140 Modifying the Port Priority and Path Coste 141 Manually Setting a Port to be a Shared or Point to Point Link 00aseaeaeseaeaaa 141 Enabling Disabling a port to be an Edge Port 142 STP Ring Page Configuring MSTP
10. Example 2 To add or remove ports from a specific VLAN 1 Select or deselect the checkbox to the right of the Port and below the VLAN ID for the port you want to add or remove from a VLAN 2 Click on the Submit button 3 Save the configuration see the Save Configuration Page 178 EtherWAN Managed Switch Users Guide Port Based VLAN Configuration Examples using CLI Commands To configure port based VLANs use the following CLI commands for more information on CLI command usage see CLI Command Usage CLI Command Mode Interface Configuration Mode CLI Command Syntax switchport portbase add vlan lt 1 16 gt Usage Example to add a port to a single VLAN switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if switchport portbase add vlan 1 switch a config if q E switch a config q switch ai Usage Example to add a port to multiple VLANs switch _a gt enable switch a configure terminal switch a con switch _a con switch _a con switch _a con switch a a switch a a a switch switch ai fig interface fel fig if switchport portbase add vlan 1 fig if switchport portbase add vlan 2 ig i fig if e E g switchport portbase add vlan 3 switchport portbase add vlan 4 ig if q fig q EtherWAN Managed Switch Users Guide 179 VLAN Configuration in 8
11. Hour Minute From To From Month mar Day a Hour 2 Minute o To Month Nov Day 2 Hour 2 Minute o om Setting Figure 139 Daylight Savings Date Mode 288 EtherWAN Managed Switch Users Guide Network Time Protocol Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage To enable NTP on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax ntp enable Usage Example switch _a gt enable switch _a configure terminal switch _a config ntp enable switch _a config q switch a To set the NTP server on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax ntp server lt P Address or Host Name of NTP Server gt Usage Example switch _a gt enable switch _a configure terminal switch _a config ntp server 192 168 1 126 E switch _a config q switch a To set the NTP polling interval on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax ntp polling interval lt time in minutes 1 10080 gt Usage Example switch _a gt enable switch a tconfigure terminal switch _a config ntp polling interval 180 289 EtherWAN Managed Switch Users Guide switch_a config q switch a To have the NTP client sync the clock
12. 5 After you have enabled periodic re authentication you must also configure the time period interval for the re authentication of the end station To do this enter the number of seconds 1 4294967295 in to the text entry box next to Re authentication Period 6 Next Update Setting button in order to activate all the configured settings see the below screenshot Figure 119 Enabling 802 1X on a Port 245 EtherWAN Managed Switch Users Guide LLDP LLDP is a network discovery protocol that defines a method for network access devices using Ethernet connectivity to advertise information about devices to peer devices on the same physical LAN and store information about the network It allows a device to learn higher layer management reachability and connection endpoint information from adjacent devices Using LLDP a device is able to advertise its own identification information its capabilities and media specific configuration information as well as learn the same information from the devices connected to it LLDP advertises this information over Logical Link Layer Control frames and the information received from other agents in IEEE defined Management Information Bases MIB modules LLDP significantly aids in the deployment of any network device that supports the protocol As a media independent protocol intended to be run on all IEEE 802 devices LLDP may be used to discover routers bridges repeaters WLAN APs IP telephones n
13. EtherWAN EtherWAN Managed Switch V1 94 2 1 FastFind Links User s Guide Unpacking and Installation Computer Setup Setting the initial IP address EtherWAN All Rights Reserved Dissemination or reproduction of this document or its contents is not authorized except where expressly permitted Violators are liable for damages All rights reserved for the purposes of patent application or trademark registration Disclaimer of Liability The information contained in this document is subject to change without notice EtherWAN is not liable for any errors or omissions contained herein or for resulting damage in connection with the information provided in this manual Registered Trademarks The following words and phrases are registered Trademarks of EtherWAN Systems Inc EtherOS Ethernet to the World All other Trademarks are property of their respective owners Warranty For details on the EtherWAN warranty replacement policy please visit our web site at https kb etherwan com index php View entry amp EntryID 27 Products Supported by this Manual V1 94 2 EtherWAN Managed Switch Contact EtherWAN Systems Corporate Headquarters EtherWAN Systems Inc 4570 E Eisenhower Circle Anaheim CA 92807 Tel 714 779 3800 Fax 714 779 3806 Email support etherwan com EtherWAN Managed Switch Users Guide Preface TABLE OF CONTENTS Table Of Contents sasa ws wrin a ga ENEK NGNE NEGEN NE NEN AGE
14. EtherWAN ka kr gi Ngy Ngy Kee Di 12 20 4 K Management Switch System Information IP Address Management Interface Firmware Upgrade Logout User Account Setting Diagnostics Port Switching Figure 4 System Name Password 28 EtherWAN Managed Switch Users Guide System Name Password using the CLI For more information on CLI command usage see CLI Command Usage System Name To set the system name on a switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax hostname lt name gt no hostname Usage Example 1 Setting a Hostname switch _a gt enable switch a configure terminal switch _a config hostname switch_a E switch _a config q switch a Usage Example 2 Removing a Hostname switch _a gt enable switch a tconfigure terminal switch_a config no hostname Po switch_a config q switch a Password To enable a password on a switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax enable password lt password gt Usage Example switch _a gt enable switch _a configure terminal switch _a config enable password mypassword E switch _a config q switch a 29 EtherWAN Managed Switch Users Guide IP Address To navigate to the IP Address page 1 Click on the next to System 2 Click on IP Address see Figure 5 There are 4 se
15. Setting the Root Bridge and Backup Root Bridge To navigate to the STP Ring Global Configuration page 1 Click on the next to STP Ring 2 Click on Global Configuration To set the Bridge Priority 1 Enter the Bridge Priority ID in the text box to the right of Bridge Priority 0 61440 2 Click on the Update Setting button o Note The valid values for this parameter are from 0 to 61440 in increments of 4096 you will see this value reflected in the first hexadecimal digit of the Bridge ID field after you click the Update Setting button See Figure 50 Set this value to be less than any other switch on the network in order to make this switch the Root Switch To set a Backup Root Bridge set the Bridge ID to be between the Root Bridge and the rest of the network switches 132 EtherWAN Managed Switch Users Guide EtherWAN Management Switch HCH System Sieger El ae CD Switching RegRoot ID Gen DESEN O STPRing RootPahGot ER Gorete a Ring Setting Seege BE Ga SE SNMP Sur SS Figure 50 Bridge ID Display 133 EtherWAN Managed Switch Users Guide Setting the MAX Age Forward Delay and Hello Timer To navigate to the STP Ring Global Configuration page 1 Click on the next to STP Ring 2 Click on Global Configuration The Network Diameter The Diameter of a network depends on the type of topology your network uses In a ring topology
16. Usage Example Drop all unknown multicast packets switch _a gt enable switch _a configure terminal switch al switch al switch a config ip Lomp snooping force forward none Ped config q Usage Example Forward unknown multicast packets to the specified ports only switch _a gt enable switch a configure terminal switch al switch al switch a config ip Lomp snooping force forward fel fe2 fe3 E config q EtherWAN Managed Switch Users Guide 284 Network Time Protocol NTP or Network Time Protocol is a useful tool designed to update your switch with the most accurate time available from a user specified time source This is useful for the end user in that the switch logging is noted with the actual time rather than the default switch time begins on Jan 1st 2010 as it can aid debugging switching related problems by showing an accurate time an event occurred To navigate to the NTP page 1 Click on the next to Other Protocols 2 Click on NTP Enabling NTP To enable the NTP client follow the steps below see Figure 137 1 Choose Enable from the dropdown list next to NTP Status 2 Click on the Update Setting button Setting the NTP Server IP Address To provide a time source for the NTP client follow the steps below 1 Enter an IP address or host name in the NTP Server text box 2 Click on the Update Setting button Setting the Timezone To change the timezone of
17. 43 EtherWAN Managed Switch Users Guide Restore Default To restore the V1 94 2 EtherWAN Managed Switch to factory defaults 1 Click on the Restore Default button Auto Save The Auto Save function is used to set the switch to automatically save the configuration to flash If the saved configuration is the same as the running configuration then a save is not made The Auto Save interval is used to determine how often the running configuration is checked for changes To set the Auto Save function 1 Click the dropdown box next to Auto Save 2 Set the Auto Save interval 5 65535 sec Note If a Firewall is running on the PC that is running the TFTP server it may need to be temporarily disabled A a e D D D D D D D Lie Ze ae pp e TEE ez 8 E H Bd H I 1 panh AN n k E d H B ua Dana e De el wu 4 BA EtherWAN dereen 2 K Management Switch HCH System System Information System Name Password eles Save Configuration Management Interface Save Configuration aay ary Restore Default Reboot Logout User Account User Privilege Auto Save Configuration DCH Diagnosti ee Disable ort HO Switching Auto Save Interval 5 65535 sec DCH Trunking Submit Figure 7 Save Configuration Page 44 EtherWAN Managed Switch Users Guide Save Configuration Page using the CLI For more information on CLI command usage see CLI Command Usage Saving a Configurati
18. ARP Table 65 EtherWAN Managed Switch Users Guide ARP Table using CLI Commands For more information on CLI command usage see CLI Command Usage CLI Command Mode General Configuration Mode CLI Command Syntax show arp table Usage Example switch a gt enable switch_a show arp table IP address HW type Flags HW address Mask VLAN 10 58 7 130 1 2 00 50 B6 65 2A 22 KM AR switch a q switch ai 66 EtherWAN Managed Switch Users Guide Route Table To navigate to the Route Table page 1 Click on the next to Diagnostics 2 Click on Route Table The Route Table lists the routes to network destinations and metrics distances that are associated with those routes The Route Table contains information about the topology of the network around it EtherWAN Ca Management Switch System I Diagnostics Utilization System Log Remote Logging ARP Table Route Table Port Figure 18 Route Table Route Table Using CLI Commands For more information on CLI command usage see CLI Command Usage CLI Command Mode General Configuration Mode CLI Command Syntax show route table Usage Example switch _a gt enable switch _a show route table Destination Gateway Genmask Flags Metric Ref 10 58 7 0 0 0 0 0 255 255 255 0 U 0 0 switch a q switch ai EtherWAN Managed Switch Users Guide Use VLAN 0 1 67 Alarm Setting This setting applies only to Switch models that have a h
19. Alpha Chain protocol can be used independently or in conjunction with the Alpha Ring protocols to form almost limitless redundant topologies all with the recovering time from a link failure in less than a second With the Alpha Chain protocol a redundant network segment can be created anywhere that a single path of daisy chained switches exists General Overview To insure that the Alpha Chain protocol will function properly on your network please follow the minimum configuration guidelines listed below for the two types of Alpha Chain switches Chain Port switch Chain pass through switch There are two types of port configurations used in the Alpha Chain setup The flexibility of Alpha Chain allows for many different types of topologies to be created e Alpha Chain Port Alpha Chain Ports make up the Beginning and End of an Alpha Chain Each Alpha Chain segment contains a Master and a Slave port The Master and Slave ports can be on one switch or they can be on two different switches e Chain Pass Through Port Every port that is part of the chain that is not a Master or Slave Alpha Chain port must be configured as a Chain Pass Through port 165 EtherWAN Managed Switch Users Guide Alpha Chain Settings To navigate to the STP Ring a Chain Settings page 1 Click on the next to STP Ring 2 Click on a Chain Setting Global Settings To configure Alpha Chain use the instructions below 1 VLAN 91 4096 default 1 In
20. Figure 65 Port Instance Configuration 156 EtherWAN Managed Switch Users Guide Update Setting Figure 66 Port Instance Adding Ports MSTP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Enabling Spanning Tree for MSTP To enable the Spanning Tree function on a switch use the below CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax no bridge shutdown 1 bridge 1 protocol mstp Usage Example switch _a gt enable switch _a configure terminal switch _a config no bridge shutdown 1 switch _a config bridge 1 protocol mstp switch _a config q switch a 157 EtherWAN Managed Switch Users Guide Bridge Priority Max Age Forward Delay and Hello Time To configure the CIST Bridge Priority Max Age Forward Delay and Hello Time of a Spanning Tree Bridge use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 priority lt 0 61440 gt bridge 1 max age lt 6 40 gt bridge 1 forward time lt 4 30 gt bridge 1 hello time lt 1 10 gt Usage Example switch _a gt enable switch a configure terminal switch _a config bridge 1 priority 4096 bridge 1 max age 20 c switch _a config config config bridge 1 hello time 2 Zo switch bridge 1 forward time 15 a switch a a fi switch a config switch a IST MAX Hops T
21. disabled This value determines if the switch should re enable the port after the specified value or leave the port disabled Bridge Storm Detect Configuration Storm Detect configuration Enable e Storm Detect interval 2 65535 sec Default 10 an Storm Detect errdisable recovery time 0 65535 sec no 10 recovery Storm Detect state of action Errdisable Figure 30 Storm Detect Global Set the By Utilization for each port in the Storm Detect Per Port Configuration box see Figure 31 The default is 0 not limited Setting this to a value between 1 and 100 will cause the port to be disabled when the defined percentage of bandwidth is reached Set the type of packet to be monitored in the Dropdown box under By Broadcast Multicast Broadcast Packets Per Second Set the value to BC to monitor Broadcast packets and BC MC to monitor both Broadcast and Multicast packets 88 EtherWAN Managed Switch Users Guide 6 Set the number of packets per second to a value between 0 and 1000000 packets The default is 0 not limited Storm Detect Per Port Configuration By Broadcast Port Multicast Broadcast Packets Per Second 0 100000 0 not limited fel MC BC fe2 Normal NA mcsc mm fe3 No Detecting fed No Detecting By Utilization 0 100 0 not limited State Recovery time remains el KA EZ KH f5 No Detecting
22. even if an IGMP Join was never received for that Group ID on the Querier port EtherWAN i Management Switch Kg S Current Multicast Groups gnostics HA Port T Group Address Group Membership P HE Switching Trunking Ports 1 8 RSR STP Ring 01 00 5e 32 d9 05 A ERE BA WA WA A BA AA KA WLAN Pots 9 28 ee CD Qos Ports 1 8 EER EEE O ACL 01 00 5e 7c 01 01 TSESSERSSESS SNMP Ports 9 28 m m E E a EE MEA 8021X LLDP Ports 1 8 BEER EEG 01 00 5e 7ffffa EREERE ERB g CH Others Protocols GVRP Ports 9 28 T m EEE EEEE E en NIP GMRP DHCP Server UDLD g g ort e4 e4 e4 Figure 136 Current Multicast Groups 276 EtherWAN Managed Switch Users Guide IGMP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage To put the IGMP Snooping feature in Disabled Mode use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax no ip igmp snooping Usage Example switch _a gt enable switch _a configure terminal E switch_a config no ip igmp snooping E switch _a config q switch a To put the IGMP Snooping feature in Passive Mode use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp snooping enable no ip igmp snooping querier Usage Example switch _a gt enable switch _a co
23. s MAC address will live in the switch s memory before being removed The default value is 300s 5 minutes See Figure 27 To update the Aging Time value on the EtherWAN Managed Switch 1 Click in the Error Disable Recovery text box at the top of the Port Security Dynamic MAC page 2 Type in the desired value Values can be from 0 to 65535 seconds A value of 0 indicates that the port is not to return to normal operating condition until an administrator resets the port or the switch is restarted 3 Click on the Update Setting button Threshold Level The Threshold Level setting is a per port value A traffic storm occurs when packets flood the LAN creating excessive traffic and degrading network performance The traffic storm control feature prevents LAN ports from being disrupted by a broadcast or multicast traffic storm on physical interfaces A Threshold is set to determine when the switch will react to Broadcasts and or Multicasts To set the Threshold level per port 1 Type in the desired value Values can be from 0 1 to 100 This value is a percentage of allowable broadcast traffic for this port Once this percentage of traffic is exceeded all broadcast traffic beyond this percentage is dropped 2 Click on the Update Setting button Storm Control Type The Storm Control Enabled Type setting is a per port value The Storm Control Enabled Type allows users to determine the type of storm control to be used by the swit
24. the Network Diameter is the total number of switches in a network minus the Root Bridge In a star topology the Network Diameter is the maximum number of hops to get from Root Bridge to the switch that is the most hops away the In the RSTP protocol the Max Age parameter is used as a hop count limit on how far the Spanning Tree protocol packet can propagate throughout the network topology therefore it must be configured with a value that is greater than the network diameter Relationship between Max Age Forward Delay and Hello Time The following rules must be followed when setting the Max Age Forward Delay and Hello Timer e Max Age gt 2 x Hello Time 1 0 second e 2 x Forward Delay 1 0 second gt Max Age To change the Max Age Forward Delay and Hello Timer see Figure 51 1 Enter the Max Age in the text box to the right of Max Age 6 40 sec label 2 Enter the Hello Time in the text box to the right of the Hello Time 1 10 sec label 3 Enter the Forward Delay in the text box to the right of the Forward Delay 4 30 sec label 4 Click on the Update Setting button 5 Save the configuration see the Save Configuration Page 134 EtherWAN Managed Switch Users Guide EtherWAN vd Management Switch O System Diagnostics Port Designated Root E Switching Reg Root ID Trunking oot Port CO STPRing oot Path Cost Global Configuration Current Max Age sec RSTP Port Setting Current Hello Time s
25. Access List Type OC Note Enter Mask in reverse like 0 0 0 255 Figure 99 Adding a New ACL Class to an Existing Policy Map Adding an Existing ACL Class to an Existing Policy Map If you would like to add an existing ACL Class to this ACL Policy Map see Figure 100 1 Select the correct ACL Class from the drop down list under Class Name and then wait for the GUI to update itself 2 Click on the Submit button 215 EtherWAN Managed Switch Users Guide Class Name Police Rate 1 1000000kbps Burst 1 20000 Bytes IP Access List Figure 100 Policy Map Setting Class Name 3 You can confirm that the ACL Class has been added correctly to this Policy Map by checking the dropdown list under Class Name If you see the newly added ACL Class in the list above the dash line then it has been added properly see below Policy Map Setting 192 168 1 102 0000 Coon Figure 101 Policy Map Setting 216 EtherWAN Managed Switch Users Guide Removing an ACL Class If you would like to remove an ACL Class from this ACL Policy Map 1 Make sure to select the correct ACL Class that is above the dash line from the drop down list under Class Name see Figure 102 2 Next click on the Remove button under Attach Class Map to Policy Map Policy Map Setting IP_Policy_1 Policy Map Name IP_Policy_1 1 Class Name Police Rate 1 1000000kbps Burst 1 20000 Bytes Access List Type GS a AA NT maan
26. Cie Les E OO Ke Sen IZ JI Password NE Update Figure 11 Selecting an Existing User Account ER Ke puwan Figure 12 Deleting a User Account EtherWAN Managed Switch Users Guide To delete an existing user select the user as in step 1 and then click on the Delete button see Figure 12 53 User Privilege Configuration To navigate to the User Privilege page 1 Click on the next to System 2 Click on User Privilege There are 3 different Privilege levels on the EtherWAN Managed Switch e Admin Has access to all configuration and administration of the switch e Technician Configurable by Admin By default no configuration ability is given e Operator Configurable by Admin By default no configuration ability is given The User Privilege Configuration page allows specific configuration and or administration levels to be assigned or removed from the Technician and Operator user roles Va Note For each function an operator s privilege cannot be higher than a technician s To configure the privileges for each user access level follow the below steps 1 For each of the configuration options listed under Web function User Privilege see Figure 13 select the proper privilege from the drop down list under the appropriate user access level Technician or Operator The valid options are a Show Hidden Read Only Read Write 2 Click on the Update button at the bottom of the page 3
27. EtherWAN Ka Management Switch Erg System System Name Password IP Address N ement Interface Save Configuration Eirmware Upgrade Reboot Logout User Account User Privilege Diagnostics Port Switching CH Trunking STPRing Fri Oct 31 23 29 54 UCT 2014 00e0 b333 07bc None None TP Since Mas fa 192 168 2 50 2 Current User privilege Figure 3 System Information EtherWAN Managed Switch Users Guide 27 System Name Password The System name is typically used by network administrators to make it easier to document a networks infrastructure and locate equipment on large networks If SNMP is enabled on the switch the system name can be found using MIB II RFC1213 in the sysName property To change the system name 1 Click on the next to System 2 Click on System Name Password see Figure 4 3 Use your mouse to place the cursor in the System Name text box 4 Replace the existing name with the name you want to assign to the switch 5 Click on the Update Setting button By default there is no password assigned to the switch To add or change a password 1 Click on the next to System Click on System Name Password see Figure 4 Use your mouse to place the cursor in the Password text box Enter the new password Retype the password in the Retype Password text box oa FF Oo DN Click on the Update Setting button below the Retype Password text box BB ez ES ER EH
28. Guard feature is set for a bridge all portfast enabled ports of the bridge that have bpdu guard set to default shut down the port on receiving a BPDU In this case the BPDU is not processed Error disable timeout configuration Enabling this allows a Disabled port to re enable itself automatically after the specified Interval Interval Default is 300 seconds This is the length of time a port will remain disabled after shutting down due to the bpdu guard Bridge BPDU avad configuration osae r dvanced iguration BPDU guard Portfast configuration status configuration Figure 72 Advanced Bridge Configuration EtherWAN Managed Switch Users Guide 172 Advanced Per Port Configuration Portfast Configuration status Enabling this for Edge ports ports connecting to an end device as opposed to another switch protect the BPDU Guard Configuration When set to Default the port will default to the Advanced Bridge Configuration settings Enable or Disable to override the Bridge BPDU Guard Deae ee fe2 Us Disable O Enable Curr OFF fel0 Disable Enable Curr OFF Default v Disable Enable Curr OFF ge2 Is Disable Enable Curr OFF Note Per port BPDU guard configuration takes precedence over bridge configuration Figure 73 Advanced Per Port Configuration fe7 Disable O Enable Curr OFF fe9 Disable O Enable Curr OFF feg Disable Enable Curr OFF Eth
29. Guide Save Configuration Page To navigate to the Save Configuration page 1 Click on the next to System 2 Click on Save Configuration The Save Configuration page contains the following configuration functions see Figure 7 Save Configuration To save the currently running configuration to the flash memory on the EtherWAN Managed Switch 1 Click the Save Configuration button 2 If the save is successful you will see the message Building configuration OK Load Configuration This function is used to load a previously saved configuration Backing up and loading a configuration is achieved using a TFTP server To load a configuration 1 Enter the IP address of your TFTP server in the TFTP Server text box 2 Enter the name of the configuration file in the FILE text box 3 Click on the Backup button 4 If the file is successfully loaded the following message will be shown Success System reboot is required Backup Configuration This function is used to backup the current configuration of the EtherWAN Managed Switch Backing up the configuration is achieved using a TFTP server such as TFTPD22 To backup a configuration 1 Enter the IP address of your TFTP server in the TFTP Server text box 2 Enter the name of the configuration file in the FILE text box 3 Click on the Backup button 4 If the backup is successful the following message will be shown tftp lt filename gt to ip lt ip address gt success
30. Instance Configuration egene EE Eet 152 VLAN Istance EE 152 Setting the MSTI Regional Root Bridge AA 153 Port Cost amp Priority sasae keke ee cea i Ee 155 Port Instance Configuration ic cesses secceceedeteessecsteuctebetveise tates tebetves nodeiens ted ed 156 Port Instance Adding POMS sona a an e E E ang aan Nn 157 OPRING Settings e eege NG en eI ele eg 163 Ring OM WG erotica cepa capi Tag aaa e Bag ea Ae e a Maer a cero NG aga aaa 164 Alpha Chain Setting fas let ag aan a gang palana gan iga ang naka na do ank a aan e aa akah 167 Chain Ports Master and Slave on one Switch ssaaaeee eaaa aa anan anana nane 167 Chain Ports Master Chain Pons actin ebeeg eege d rege ade Eege declan 168 Advanced Bridge Configuration ENNEN 172 Advanced Per Port Configuration ENEE 173 xiii EtherWAN Managed Switch Users Guide Figure 74 Figure 75 Figure 76 Figure 77 Figure 78 Figure 79 Figure 80 Figure 81 Figure 82 Figure 83 Figure 84 Figure 85 Figure 86 Figure 87 Figure 88 Figure 89 Figure 90 Figure 91 Figure 92 Figure 93 Figure 94 Figure 95 Figure 96 Figure 97 Figure 98 Figure 99 Figure 100 Figure 101 Figure 102 Figure 103 Figure 104 Figure 105 Figure 106 Figure 107 Figure 108 Figure 109 Figure 110 Figure 111 Figure 112 Figure 113 Figure 114 Figure 115 Figure 116 Preface Port Based VLAN nereste anen not ie Bo eke nected rd acd vem ee aga an Rites
31. MSTP Region see below 1 Enter the Region Name of the Region that the switch will belong to in the Region Name text entry box 2 Enter the Revision Level value for the corresponding Region in the Revision Level text entry box 3 Click on the Update Setting button 4 Save the configuration see the Save Configuration Page Region Name Region_1 Revision Level 0 Max Hops Digest 0x0A93D2F3DF9DA7495DB99A256750491A CIST Root ID 100000e0b32103de CIST Reg Root ID 100000e0b32103de CIST Bridge ID 100000e0b32103de Update Setting Figure 59 MSTP Region and Revision Level 149 EtherWAN Managed Switch Users Guide Configuring the IST Network Diameter To navigate to the STP Ring MSTP Properties page 1 Click on the next to STP Ring 2 Click on MSTP Properties In the MSTP protocol the Max Hops parameter is used for the IST Internal Spanning Tree and the MSTI Multiple Spanning Tree Instance topology as a hop count limit on how far the Spanning Tree protocol packet can propagate inside of a MSTP Region therefore it must be configured with a value that is greater than the network diameter of the IST MSTI topology The Max Hops parameters should be configured correctly on the CIST Root and the Backup CIST Root switch and on all of the Boundary switches of a MSTP Region if there are multiple Regions within your MSTP network Follow the steps below to configure the Max Hops parameter 1 Enter the desired hop count in th
32. Mode gt Port Switching Trunking STPRing VLAN Qos aS a 10 Multicast Current Table CO SNMP Fast Leave Disable 8021X LLDP Otters Protocols mea ja GVRP Report Suppression Enable z IGMP Snooping Update Setting NTP GMRP Query Interval 10 18000 Figure 131 Querier Mode Properties 271 EtherWAN Managed Switch Users Guide Configuring IGMP Unknown Multicast Forwarding To navigate to the IGMP Snooping page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping With IGMP enabled the EtherWAN switch will transmit all multicast packets to their only multicast receiver ports However some multicast packets will not have any known multicast receiver ports either due to IGMP Snooping being disabled on the switch or because no multicast receiver has sent IGMP requests for these multicast packets The multicast packets in these scenarios are referred to as unknown multicast packets You can use the Passive Mode Forwarding Port section of the IGMP Snooping configuration page to control how the switch will forward these unknown multicast packets under different IGMP Snooping modes of the switch see Figure 132 Disabled Mode Forwarding Port Configuration When IGMP is in Disabled Mode all multicast packets are unknown multicast packets and by default all unknown multicast packets are forwarded
33. Next enter the IP address of the RADIUS server that the switch will use in order to authenticate in the text entry box next to Radius Server IP see Figure 117 3 Enter the password for RADIUS server in the text entry box next to Secret Key 4 Optionally the UDP port number for the RADIUS server if it is different from the standard default 1812 can be changed To do this enter the port number in the text entry box next to Radius Server Port 5 Next you can choose to configure the minimum time that the switch must wait before it is allowed to retransmit a message to the RADIUS server due to no response To do this enter the number of seconds that the switch must wait between 1 and 1000 seconds into the text entry box next to Timeout lt 1 1000 gt 242 EtherWAN Managed Switch Users Guide 6 Next you can choose to configure the maximum number of times that the switch can attempt to retransmit a message to the RADIUS server To do this please enter a number from 1 to 100 into the text entry box next to Retransmit 7 Click on the Submit button pore e Lid feiren foro TONGI e EoNot Zeiten e EtherWAN Zeien ie G Management Switch SC System S CH Diagnostics Radius Server IP 2 192 168 1 102 rom a c HC Trunking SCH STP Ring Cy VLAN SCH Qos BE ACL CH SNMP SO SON Figure 117 Radius Setup 243 EtherWAN Managed Switch Users Guide EtherWAN Manag t Swi
34. Port Based VLAN Example ANEN Port Based VLAN Example 2 Tag pDased VLAN EE POO POYA EN DEE Add VLAN Page EE Management VLAN IP Address VEAN Port Setting EE VEAN Die VR RE Tag Or Untag POMS Agang eege Ee Global Configuration EE Enabling QOS E Policy ET WEE IP e EE Access list EXtONded 5 aana Ga a aga Tag a ga ag a A a a a TG Ga ga Nga a a Ga Policy Map Name E Applying a Policy Map to a Porhic s i ccis stectceneccuiscd steed anana aana nana aa aana nenen Modifying a Policy Maggele Adding a New ACL Class to an Existing Policy Map Policy Map Setting Class Name sasa renea nenen a nana anana aana anana anana nee Policy Map Ke BEE Removing an ACL e E Verifying ACL ele EE Removing aPoli6y dE E Policy Map EE Policy Map E EE SNMP General Settings EE Community Name VUN eh ENEE EHNEN eeh demas Sabra RE SNMP v3 Settings E User name amp Access NEE eege eg eege ege Auth Password EE Privacy EE SR EE EE Satta ote ents eebe eegene NEE le E EtherWAN Managed Switch Users Guide xiv Figure 117 Figure 118 Figure 119 Figure 120 Figure 121 Figure 122 Figure 123 Figure 124 Figure 125 Figure 126 Figure 127 Figure 128 Figure 129 Figure 130 Figure 131 Figure 132 Figure 133 Figure 134 Figure 135 Figure 136 Figure 137 Figure 138 Figure 139 Figure 140 Figure 141 Figure 142 Figure 143 Preface erter SOLID octet Soles dane ane ga uct Bes ce ne lied a ced hist Aa Eege 243
35. Resulting Radius Server Getup e 244 Enabling 802 1X on a POM sac ccsscseteestetieceeassastenttidacvedsxeeeseet decent EEN aces 245 LEDP Global Setting S ernennen E E Ea 249 LLDP Ports Settings anaa ee aana de E ee 251 RR ING IQS ON EE 252 MEDEE EE ee aaa EEEE a dahana ee 253 EU EE 260 GVRP Configuration Distribution Switch 262 GVRP Configuration Access Switch 0 0 eeeeeneee teeter anane nana a nenen a ene 262 GVRP Per E ee E 263 IGMP e 268 IGMP General Properties ANNE 269 el Eengel eebe tege an tnt apa e an ga pa E a ea 270 Querier Mode Properties smeni asas ga anae en dree degen 271 Disabled Mode Forwarding Port kk 272 PassiveForwardMode es cnaes nee geet Ee Deeg 273 ForceForwardMode E 274 IGMP Querier Mode Fonwardmg AAA 275 Q rrent M lticast Ee etcatiei cr na naa ect oie abl veal hte hea eset ite 276 FEIER eelste 286 Daylight Savings Weekday Mode AAA 287 Daylight Savings Date Mode ANNE 288 GMRP Global Setting sasa akan a Ba ga e na a a agak La naa a aa aa Ka aaa a ak ke E 294 IR 300 Din Bindin s sickened nana eae ea ake Se eee A eee eee 301 DHCP Binding Table ode a agsara aga a a ga aa a E a a aa aaa aa 301 KV EtherWAN Managed Switch Users Guide Preface PREFACE Audience This guide is designed for the person who installs configures deploys and maintains the Ethernet network This document assumes the reader has moderate hardware computer and Internet skills Docume
36. Save the configuration see Save Configuration EtherWAN Managed Switch Users Guide 54 4 EtherWAN 4 Management Switch CH System System Information System Name Password IP Address Management Interface Save Configuration Firmware Upgrade Reboot Logout User Account User Privilege Diagnostics Port Switching Trunking STPRing VLAN Qos ACL m System Show Remote Logging Read Only lt ENE BENE Ed et EJ Figure 13 User Privilege Page EtherWAN Managed Switch Users Guide Hidden Hidden Hidden Hidden 55 User Account Settings using the CLI For more information on CLI command usage see CLI Command Usage Multi User Mode To enable the multi user feature use the following CLI commands CLI Command Mode Line Configuration Mode CLI Command Syntax login local Usage Example switch _a gt enable switch a configure terminal switch_a config line console 0 e switch _a config Switching Sing ine login local e Multi User mode need to reboot the switch to take effect switch _a config E switch a conf switch a Single User Mode ine q ig q To enable the single user feature use the following CLI commands CLI Command Mode Line Configuration Mode CLI Command Syntax Usage Example switch _a gt
37. Switch Users Guide SETTING THE INITIAL IP ADDRESS Once logged in the user can now configure the switch per the network requirements The two major addressing options are e Simple IP addressing e Multiple VLAN addressing See Add an IP to the Management VLAN on page 186 Simple IP Addressing A new IP address can now be assigned to the switch From the System Information screen go to the left hand navigation menu 1 Click on the next to System 2 Click on IP address 3 Enter the desired IP address and subnet mask in the IP Address Subnet Mask fields associated with VLAN 1 4 Click the Apply amp Save button See Figure 2 Bone D angan a EtherWAN VD Management Switch ee 4 System Information System NamePassword Management Interface Save Configuration Firmware Upgrade Reboot Logout Static IP VLAN ID IP Address IP Subnet Mask UI Default Gateway Disable v Click on the next to system Click on IP Address User Account User Privilege 4 Others Protocols DHCP Client DHCP Client VLAN ID Disable v IP Subnet Mask DHCP Disable Submit Disable e Submit 00e0 6323 0150 Figure 2 Assigning an IP address EtherWAN Managed Switch Users Guide Enter the IP Address and Subnet Mask Click on the Apply amp Save button 22 CLI COMMAND USAGE This chapter describes accessing the EtherWAN Managed Switch by usi
38. The SNMP server on the switch can be enabled or disabled by selecting the appropriate choice from the dropdown list next to SNMP Status 2 Enter a short description up to 256 characters into the text entry box next to Description for the purpose of switch identification 3 Enter a name into the text entry box next to Location for the purpose of identifying the location of the switch 4 Enter a name up to 256 characters into the text entry box next to Contact to identify the entity that is responsible for this switch 5 Enter a trap community name up to 256 characters into the text entry box next to any one of the 5 Trap community name entry boxes from Trap Community Name 1 to Trap Community Name 5 a Community names identify the SNMP Trap community group that the traps on this switch should be sending to The identical Trap community names should also be set on the NMS hosts that will be receiving the traps Each name defined corresponds with the Trap host IP address entry box with the same number For example Trap Community Name 1 corresponds with Trap Host 1 IP Address 6 Enter an IP address for the NMS host s that should be receiving traps from this switch into the text entry box next to any one of the 5 Trap host IP address entry boxes from Trap Host 1 IP Address to Trap Host 5 IP Address 229 EtherWAN Managed Switch Users Guide Enable or disable the link down trap by selecting the appropriate choice from the drop do
39. VLAN resa eaeeene nenen anana nne aa nana anana nen 176 viii EtherWAN Managed Switch Users Guide Preface Configuring VLANs in Port Based VLAN Mode sssssssessseerreeessserererrnrrrsserrrrrrre 176 Enabling Port Based VLAN unn 176 Port Based VLAN Configuration Examples ss seneeeee aana n anna anna a nana nnee 177 Port Based VLAN Configuration Examples using CLI Commands 179 VLAN Configuration in 802 1Q Tag Based VLAN Mode 180 General SI VG IVIOW EE 180 Enabling 802 1Q Tagged Based VLAN anane a nenen nana anana nee 181 Configuring 802 1Q VLAN Database enere eaaa nenen eaaa anane nenen n anna 182 802 1Q Tag Based VLAN Configuration Examples Using CLI Commands 183 Configuring a 802 1Q RTE CR 183 Configuring an IP Address for a Management VAN 183 Removing an IP Address from a Management VAN 184 Configuring an Access le saene ices A anana anana anana anaa anana anana aaa nenen 184 Configuring a Trunk e SE 185 Add an IP to the Management VLAN ua 186 Configuring the Port Type and the PVID setting aa aaaaaaaaeeaa anan anana nn anan aane 187 Configuring the VLAN Egress outgoing Member Ports eeeeeeeeeeeees 188 EE 190 GlobalContig ration Page E 191 Web GUI Interface EE 191 QoS Global Configuration using the CLI Interface saanane anaa anana nana n aane 193 Enable Disable QoS Nu 194 Configuring the Egress Exped
40. _a config dhep server gateway 192 168 7 1 switch _a config dhep server dns 1 1 2 3 4 switch _a config dhep server dns 2 5 6 7 8 switch _a config dhep server lease time 86400 switch _a config q switch ai To enable the DHCP server and set the DHCP VLAN CLI Command Mode Interface Configuration Mode CLI Command Syntax dhcp server enable no dhcp server enable Usage Example switch a gt enable switch _a configure terminal switch a config interface vlan1 100 switch _a config if dhep server enable switch _a config if no dhep server enable config if q E config q a switch a switch a switch a 302 EtherWAN Managed Switch Users Guide To check what IP addresses has been allocated CLI Command Mode enable CLI Command Syntax show dhcp server binding Usage Example switch a gt enable switch a tshow dhcp server binding Mac Address IP Address Expires in a4 ba db de d6 2f 192 168 7 100 23 hours 57 minutes 15 seconds switch ai 303 EtherWAN Managed Switch Users Guide EtherWAN Corporation 4570 E Eisenhower Circle Anaheim CA 92807 Phone 714 779 3800 www EtherWAN com EtherWAN has made a good faith effort to ensure the accuracy of the information in this document and disclaims the implied warranties of merchantability and fitness for a particular purpose and makes no express warranties except as may be stated in its written agreement with and for its custo
41. a D 2 E a patas E Ve 192 168 1 102 0 0 0 0 Note Enter Mask in reverse like 0 0 0 255 _Remove Figure 102 Removing an ACL Class 3 You can confirm that the ACL Class has been removed from this Policy Map by checking the dropdown list under Class Name If you do not see the ACL Class in the list above the dash line but see it below the dash line then it means it has been removed from this Policy Map see Figure 103 217 EtherWAN Managed Switch Users Guide Class Name Police Rate 1 1000000kbps Burst 1 20000 Bytes e Class M 50000 10000 IP Access List IP Clas IP Class 2 Create oT Note Enter Mask in reverse like 0 0 0 255 Figure 103 Verifying ACL Class Removal To remove an existing ACL Policy Map entirely follow the instructions below 1 Select the correct ACL Policy Map that you want to remove entirely from the drop down list next to Policy Map see Figure 104 2 Next detach the Policy Map from all the ports by deselecting all the check boxes below Attach Class Map to Policy Map for all the selected ports 3 Click on the Attach button 4 Next click on the Remove button 218 EtherWAN Managed Switch Users Guide pase rants RE REES Eet Gi 82 3 es es B6 87 es jas S10 1 8 12 S 13 G 1s B 15 16 17 B 18 B 19 E 20 G 21 22 8 23 B 24 2s 026 27 0 28 A ee YY Class Name Police Rate 1 1000000kbps Burst 1 20000 Bytes
42. a config lldp notification E a config q a config q _at Enabling Transmission of the Management IP To enable the transmission of the management IP address through a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax Ildp mgmt ip vlan lt vlan id gt Usage Example switch switch switch switch switch switch switch _a gt enable _a configure terminal _a interface fel a config lldp mgmt ip vlan 1 Si a config q a config q af 258 EtherWAN Managed Switch Users Guide Enabling Specific TLV s on a Port To enable specific TLVs on a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax Ildp tlv select lt TLV ID gt see TLV Parameters on page 256 Usage Example switch _a gt enable switch _a configure terminal switch a interface fel switch a config lldp tlv select mgmt addrs E switch a config q switch a config q switch a 259 EtherWAN Managed Switch Users Guide OTHER PROTOCOLS GVRP Defined in IEEE 802 1Q GVRP is a protocol used to dynamically create VLANs on a switch Any IEEE 802 1Q compliant switch must implement this protocol To navigate to the Other Protocols GVRP page see Figure 124 1 Click on the next to Other Protocols 2 Click on GVRP EtherWAN 4 Management Switch gt System Diagnostics J Disable E OH P Ve
43. a config q switch a write memory Building configuration OK switch a d switch a EtherWAN Managed Switch Users Guide 34 Enable Disable DHCP Client on a VLAN To enable the DHCP client on a VLAN use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax get ip dhcp enable no get ip dhcp enable Usage Example Enable DHCP Client on VLAN2 switch _a gt enable switch _a configure terminal switch a config interface vlanl 3 switch a config if get ip dhcp enable switch a config if q switch a config q switch a write memory Building configuration OK switch a q switch a Enable Disable Static IP on a VLAN To set the IP address use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax ip address lt A B C D gt no ip address lt A B C D gt Usage Example 1 Enable Static IP on VLAN2 switch _a gt enable switch a configure terminal switch a config interface vlanl 3 switch a config if ip address 192 168 1 11 switch a config if q ES switch a config q switch a write memory E Building configuration OK switch a d switch a 35 EtherWAN Managed Switch Users Guide Usage Example 2 Enable DHCP Client on VLAN2 switch switch switch switch switch switch switch OK _a gt enable _a configure termin
44. a q switch ai Usage Example 2 Delete a Remote Logging Host switch _a gt enable switch _a remote log del 192 168 1 100 switch a d switch a 64 EtherWAN Managed Switch Users Guide ARP Table To navigate to the ARP Table page 1 Click on the next to Diagnostics 2 Click on ARP Table The ARP Table page shows ARP Address Resolution Protocol entries that are stored in the Switches ARP Table This is useful for System Administrators for troubleshooting purposes The information shown is e IP Address of the listed device e Hardware Address For Ethernet devices this will always be 1 e Flags o 2 Device responded to ARP Request o 0 No response to ARP Request e Hardware Address MAC Address of the listed device e VLAN The VLAN that the listed device is on EtherWAN 4 K Management Switch SCH System s O5 oss eed Utilization TEER 527 System Log 10 58 7114 eem 00 18 8B 5B B7 11 a 10 58 7 112 1 2 90 18 7C 1F D02 ARP Table 10 58 7 zu fa BC 30 5B C7 43 49 Mj Mo re ES gawa Tak joss r ajesam PO Po KEDAH NANA KENES E i to to E Teke ssrf r o f ooon e STPRing 10 58 7 32 1 2 9C 93 4E 19 38 57 Ea way DER 2 o0s0nees2a22 1 ek KESAN 2 KA KA AN 2 105577 1 2 Bsassesorz0e 1 Sue mossi 1 2 fooasapspazaal 1 aoe Or 2 tenenan 1 Ej EH Mj mM H D to LA ai ef Figure 17
45. be used to filter IP packets based on the packet s source IP address only IP Access List Extended This Access List can be used to filter IP packets based on the packet s source and destination IP addresses as well as the packet s source and destination transport layer protocol port numbers MAC Access List This Access List can be used to filter Ethernet packets based on the packets source and destination Ethernet addresses as well as the packet s Ethernet payload protocol number EtherType Layer 4 This Access List if it is used by itself can only be used to classify IP packets based only on the IP packet s source and destination transport layer protocol port numbers Use this Access List in conjunction with another type of Access List mentioned above if you wish to filter any packet from entry to the switch that did not match the classification rules from this Access Lists otherwise all packets that did not match the classification rules of this Access List will also be allowed entry into the switch Va Note You can use any combination of the above four types of Access Lists to filter packets through the ACL feature the switch will apply these Access Lists in the order that they were configured Since Access List filters allow packets through there must be at least one catch all deny rule that can deny all types of packets from entry to the switch in the very last Access List This will ensure that only packets specifi
46. clarity The Configuration page shows see Figure 21 Port Number fe n for 100mb ports and ge n for Gigabit ports Link Status Operational State of the Port s Link Read Only Port Description User supplied Port Description Admin Setting Administratively Enable or Disable the Port Speed Speed and Duplex Settings for Port Flow Control State of Flow Control for the Port To provide a description to a port on the EtherWAN Managed Switch 1 Click in the Description text box for the appropriate port 2 Type in the description of the port 3 Click on the Submit button To enable or disable a port on the EtherWAN Managed Switch 1 Click on the drop down box under Admin Setting and select either Link Up or Link Down 2 Click on the Submit button 69 EtherWAN Managed Switch Users Guide To set the Port Speed and or Port Duplex Settings on the EtherWAN Managed Switch 1 Click on the drop down box under Speed and select the desired port speed duplex settings for that port Please note not all port types will have the same options For example 100Mb fiber ports will typically be limited to a single option of 100M FD 100Mbps and Full Duplex while running 1Gb UTP ports will have six options for speed duplex 2 Click on the Submit button To enable or disable a port s Flow Control settings on the EtherWAN Managed Switch 1 Click on the drop down box under Flow Control and select eit
47. destination Transport Layer protocol port number into the text entry box under the port 1 65535 column following the destination IP address comparison mask column To enter an extended IP access list entry in order to deny the entry of an IP packet into the switch you must choose the deny option from the drop down list under the Action column Next enter the IP addresses and Transport Layer protocol port numbers using the same steps as in the previous two bullets You can also use the any wild card in lieu of entering an IP address in the text entry box from both the Source Address and Destination Address column You will need to do this if you wish to deny any additional IP packet from entry to the switch that did not match any of the previous rules from all the previous access control lists otherwise these additional IP packets will also be allowed entry into the switch 207 EtherWAN Managed Switch Users Guide Mac Access List Policy Map Setting EE Attach Class Map to Poly Map Police Rate 1 1000000kbps Burst 1 20000 Bytes a ee an MAC Access List Access e EE an TE CACHAN 4612 5 amp 14 Figure 92 MAC Access list 1 To configure a MAC access list select the MAC Access List option from the drop down list below Access List Type see Figure 92 2 Ifa MAC Access List was previously created and you would like to apply it to the new ACL Class then select the Access List number for the previously
48. immediately on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax ntp sync time Usage Example switch _a gt enable switch _a tconfigure terminal switch _a config ntp sync time E switch_a config q switch a To set the current time zone for the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax clock timezone lt Name of Time Zone gt lt UTC Offset in hh mm format gt Usage Example switch _a gt enable switch _a configure terminal switch_a config elock timezone CDT 6 00 switch_a config q switch a 290 EtherWAN Managed Switch Users Guide To set the Daylight Savings Time settings using weekday mode for the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax clock summer time lt Name of Time Zone gt weekday lt start week number gt lt start day gt lt start month gt lt start hour gt lt start minute gt lt end week number gt lt end day gt lt end hour gt lt end minute gt lt time offset in minutes gt Usage Example switch _a gt enable switch a configure terminal E switch a config clock summer time CDT weekday 2 Sun March 2 0 1 Sun November 2 0 60 switch a config q switch a To set the Daylight Savings Time settings using date mode for the Et
49. particular port select the MAC address to be deleted from the Delete MAC Address drop down box 2 Click on the Submit button Static MAC Entry Forward Add MAC Address E es a Ex 0000 1111 2222 Delete MAC Address Ces ta I e0b3 1234 abcfvian 1 Se STEE Figure 33 Removing a Static MAC Adding a MAC to the Static MAC Entry Discard Table To add a MAC address to the Static MAC Entry Discard table see Figure 34 1 Enter a MAC address in the form O000 1234 abdc in the Add MAC Address text box of the Static MAC Entry Discard section 2 Select the VLAN associated with the MAC address 3 It should be noted that while static MAC address for forwarding are associated with the switch on a per port basis Static MAC discards are associated with the switch for all ports 4 Click on the Submit button Static MAC Entry Discard LEE een s ngkan VLAN ID Delete MAC Address aabb 1289 ti p egn po Figure 34 Adding a MAC Static MAC Entry Table 91 EtherWAN Managed Switch Users Guide Removing a MAC address from the Static MAC Entry Discard Table To remove a MAC address from the Static MAC Entry Discard table see Figure 35 1 From the drop down box underneath Delete MAC Address select the MAC address to be deleted 2 Click on the Submit button Static MAC Entry Discard Ze Ge Geier G rz VLAN ID Delete MAC Address 00eb 0321 45advian2 0321 45ad vian 1 Submit F
50. protocol called Regions Each region runs its own instance of the Spanning Tree Protocol Within each Region the MSTP protocol can accommodate a network diameter of up to 40 switches There can be a maximum of 40 Regions in a single MSTP network Va Note If a faster recovery time is required EtherWAN s proprietary a Ring provides a recovery time of lt 15MS with up to 250 switches See STP Ring Page Alpha Ring on page 162 for more information 129 EtherWAN Managed Switch Users Guide STP RING PAGE CONFIGURING RSTP Global Configuration Page To navigate to the STP Ring Global Configuration page 1 Click on the next to STP Ring 2 Click on Global Configuration Enabling the RSTP Protocol RSTP is enabled by Default If RSTP has been disabled and you wish to enable it see Figure 48 1 Click the dropdown box next to Spanning Tree Protocol and choose Enable 2 Click on the dropdown box next to STP Version and select RSTP 3 Click on the Update Setting button Additional Global Configuration page settings e Bridge Priority Bridge Priority is used to set the Root and backup Root Bridge For more details see The Root Bridge amp Backup Root Bridge o Default is 32768 Range is 0 to 61440 e Hello Time This tells how often a BPDU Bridge Protocol Data Unit is sent see Bridge Protocol Data Units Default is 2 seconds Range is 1 to 10 seconds e Max Age Default is 20 Hop count limit for BPDU packets
51. reflected in the first hexadecimal digit of the Bridge ID field after you click the Update Setting button See Figure 57 Set this value to be less than any other switch on the network in order to make this switch the Root Switch To seta Backup Root Bridge set the Bridge ID to be between the Root Bridge and the rest of the network switches 145 EtherWAN Managed Switch Users Guide EtherWAN Management Switch OH Syst eee Bide 8 0000060033307He Port Designated Root 0000000cdb163aa0 ae Rezko r00000e0833307bs Go ege Cita Catia DA RSTP Port Setting Current Hello Time sec PO MSTP Properties Current Forward Delay sec MSTP Instance Setting MSTP Port Setting a Ring Setting Advanced Setting VLAN a Qos ACL SNMP S021K LLDP y 4 30 sec Others Protocols DH 4 opology Change Count CH ime Since Last Topology Change ajaj zE ge JEI SIR Je lal ele aja B pja lajala cl ae on en Alp lL EA J Olelo y wlo o lg 813 2 8 KAWAH S Jersion Figure 57 Bridge ID Display 146 EtherWAN Managed Switch Users Guide Configuring the CST Network Diameter When using MSTP the Max Age parameter is used for the CST Common Spanning Tree topology simply as a hop count limit on how far the Spanning Tree protocol packet can propagate throughout the CST topology therefore the Max Age must
52. switch _a gt enable switch _a configure terminal Po switch _a config mls qos map dscp queue 0 1 2 3 to 1 E switch _a config q switch a 199 EtherWAN Managed Switch Users Guide QoS Interface Commands CLI Interface For more information on CLI command usage see CLI Command Usage To assign a VLAN Priority to an Interface CLI Command Mode Interface Configuration Mode CLI Command Syntax user priority lt 0 7 gt Usage Example The following example shows mapping DSCP values 0 to 3 to queue 1 on the switch switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if user priority 4 switch a config q E switch a config q switch a 200 EtherWAN Managed Switch Users Guide ACL ACCESS CONTROL LIST This section applies only to specific models of EtherWAN Switches The settings in the ACL feature of the EtherWAN switch can be used to control which packets are allowed to enter the switch Packet Filtering as well as to control the amount of bandwidth that can be allocated for those packets Bandwidth Policing General Overview The ACL feature on the EtherWAN Managed Switch filters packets through access control lists Any combination of 4 different types of access control lists called Access Lists can be used for this purpose These four different types of access control lists are explained below IP Access List This Access List can
53. switch will sent the credentials to the EAP compatible RADIUS server that s configured in the switch for the purpose of authenticating the end device If the end device is successfully authenticated by the RADIUS server the RADIUS server will sent an Access Accept message to the switch at this point the EtherWAN switch will inform the Supplicant in the end device of the successful authentication and open up the port for all network traffic to pass Configuring 802 1X from the GUI system To navigate to the 802 1X Radius Configuration page 1 Click on the next to 802 1X 2 Click on Radius Configuration Enabling Radius By default the 802 1X function is globally disabled on the EtherWAN switch If you want to use the 802 1X port based security on a port you must enable it globally on the switch first and then enable it on a per port basis To enable the 802 1X function globally on the switch 1 Choose enable from the drop down list next to Radius Status 2 Click on the Update Setting button See Figure 116 241 EtherWAN Managed Switch Users Guide EtherWAN Ca Management Switch Hic System HE Diagnostics ECH Port Sic Switching Mic Trunking HC STP Ring SCH VLAN SCH Qos icy ACL CH SNMP Figure 116 Enable Radius Adding a Radius Server Next you will need to configure the settings that the switch will need in order to connect to a RADIUS server 1 Click on the Add Radius button see above 2
54. terminal switch al switch al switch a config ip Lomp snooping passive forward fel fe2 fe3 E config q 281 EtherWAN Managed Switch Users Guide To only control how the switch will forward unknown multicast packets when the switch is in IGMP Passive mode and also without a Querier Port present follow the below instructions CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp snooping passive forward all ip igmp snooping passive forward none ip igmp snooping passive forward lt ifname gt lt ifname gt lt ifname gt Usage Example Flood all unknown multicast packets switch _a gt enable switch a configure terminal switch _a config ip igmp snooping passive forward all E switch _a config q switch a Usage Example Drop all unknown multicast packets switch _a gt enable switch a configure terminal switch _a config ip Lomp snooping passive forward none E switch_a config q switch a Usage Example Forward unknown multicast packets to the specified ports only switch _a gt enable switch a configure terminal switch _a config ip Lomp snooping passive forward fel fe2 fe3 E switch_a config q switch a 282 EtherWAN Managed Switch Users Guide To control how the switch will forward unknown multicast packets when the switch is in IGMP Passive mode both with or without a Querier Port present follow the instructions below CLI Command Mode Ge
55. this port will also be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port GMRP Disabled mode When a port is put in GMRP disabled mode that port will not participate in any GMRP activities Enabling the GMRP Feature Globally on the Switch To navigate to the Other Protocols GMRP page 1 Click on the next to Other Protocols 2 Click on GMRP To enable the GMRP function in the switch follow the procedure below 1 Choose the Enable option from the dropdown list next to GMRP 2 Click on the Update Setting button See Figure 140 293 EtherWAN Managed Switch Users Guide EtherWAN Management Switch CH System sebaku SE Trunking CO STPRing VLAN Qos gt ACL SNMP 8021X LLDP CH Others Protocols GVRP IGMP Snooping NIP GMRP DHCP Server UDLD GMRP Global Setting Per Port Setting Include LAG Rl FR ep Bp Be EC EE All Normal x Disable Normal v D Normal l Disable Figure 140 GMRP Global Setting S wo o S 4 JEJE EI Ei EVE DIOU oo oS a a a la lia ja w fofa lfa fa o ZZZ ZZZ oeleieieiele ol all D E D 4 D Configuring the GMRP Feature Per Port To navigate to the Other Protocols GMRP page 1 Click on the next to Other Protocols 2 Click on GMRP GMRP should be enabled on all the p
56. to needed to enter a specific mode General Configuration Mode To set the EtherWAN Managed Switch to General configuration mode run the following commands from the CLI 1 enable 2 configure terminal Example switch _a gt enable switch _a configure terminal switch _a config MSTP Configuration Mode To set the EtherWAN Managed Switch to General MSTP configuration mode run the following commands from the CLI 1 enable 2 configure terminal 3 spanning tree mst configuration Example switch a gt enable switch a configure terminal switch a config spanning tree mst configuration switch _a config mst 24 EtherWAN Managed Switch Users Guide Interface Configuration Mode Interface mode on the EtherWAN Managed Switch is used to configure the Ethernet ports and VLAN information Valid interfaces are e fe lt port gt 100mb ports use fe followed by the port number Example fel e ge lt port gt Gigabit ports use ge followed by the port number Example gel e vlan1 lt vlan gt VLAN s use vlan Followed by the VLAN ID Example vian1 10 Example 1 configures 100mb port 1 switch _a gt enable switch a configure terminal switch _a config interface fel switch _a config if Example 2 configures VLAN ID 9 switch _a gt enable switch _a configure terminal switch _a config interface vlanl 9 switch _a config if VLAN Database Configuration Mode VLAN Database Configuration Mode on the Et
57. trap type enable mac notification snmp server mac notification interval lt 1 to 65535 seconds gt snmp server mac notification history size lt 1 to 500 entries gt snmp server trap mac notification added snmp server trap mac notification removed 238 EtherWAN Managed Switch Users Guide Usage Example swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi swi tch a gt enable tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config tch_a config c tch_a config tch af tch a configure terminal snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server snmp server interface fel tch_a config if q tch_a config q EtherWAN Manag trap community trap community trap community trap community trap community trap ipaddress trap ipaddress trap ipaddress trap ipaddress oF WN FP oO BP WD EB trap ipaddress trap type enable trap type enable trap type enable mac notification mac notification ed Switch Users Guide Trap Group L Trap Group 2 Trap Group 3 Trap Group 4 Trap Group 5 192 168
58. used Link Aggregation Control Protocol Within the IEEE specification the Link Aggregation Control Protocol LACP provides a method to control the bundling of several physical ports together to form a single logical channel LACP allows a network device to negotiate an automatic bundling of links by sending LACP packets to the peer directly connected device that also implements LACP This means that both sides of the LACP channel must be configured for LACP which implies both devices must support it 119 EtherWAN Managed Switch Users Guide LACP also has a couple of very important advantages over static channel e Failover when a link fails and there is for example a media converter between the devices which means that the peer will not see the link down With static link aggregation the peer would continue sending traffic down the link causing it to be lost e The device can confirm that the configuration at the other end can handle link aggregation With Static link aggregation a cabling or configuration mistake could go undetected and cause undesirable network behavior Port Trunking To navigate to the Port Trunking menu 1 Click on the next to Trunking 2 Click on Port Trunking There are 2 versions of Port Trunking supported depending on the model of EtherWAN Manage switch Version 1 see Figure 44 To create a trunk consisting of 100Mbps ports 1 Click on the checkbox for each desired port in the Static Channe
59. 0 Removing a Static MAC EEN 91 Adding a MAC Static MAC Entry Table ssenenenenen anaa nane n anna aan anane anane 91 Deleting a MAC Static MAC Entry Table saaaaeeeeeen anana nn nean anana anana nenen 92 GECKEN geet Ee egene 94 Disabling Port Mirroring EE 94 Link State Tracking sip a KAR a naga A gaga A e ENEE 95 Link State Tracking Port Gettnmgs AAA 96 POE System Setting WEE 97 POE Port e EE 99 S l cting a Port aa a again ga na Aga ga aaa ak ona a b a bah aa akak a tes 100 PoE Power Scheduling EE 101 Port Fret feet ee gd tege tere 121 Port Trunking Version 2 saga a ceed ea E aa cues NENG cues eect seul eng a naanin 122 LACP Trunking Version 1 seic teesttaedarnaehclaacestnadeadeuaaleean tential 124 LAGP Tr nking Version E 126 STP Ring Global eil Deele EE 131 Bridge Ds a ag A A a tices cesta dice tens edt E vas ee a Ba kent eae 132 Bridge Dy DIS BAY ss sasana a a a EE oe A an 133 Max Age Hello Timer amp Forward Delai 135 Spanning Tree Port ROS a tic aa bah gaga aa Ta wists i saeco eb aide ates 136 POM Ek desto 137 Port Priority and Path Gost cccisectiss ccetcctetocd dans cusceteivelsssacedsete eel eaacuistbtetnes 138 gliese 144 EE Jao ee An aka neta en e Gan eens 145 Bridge ID Display asas anga a ain a De aaa SEN Ee ag a aga 146 Max Age Hello Timer amp Forward Delai 148 MSTP Region and Revision Level kee 149 MSTP Properties Max HOpS a g gE ere degt ergeet A 150 VLAN
60. 00000000 0000000000000000 128 200000 0000000000000000 0000000000000000 6 Din Dies S fass Saal 20000 0000000000000 MSTP Port Configuration Pen PiiiGraman it Aaabaneen pal e J w i E Update Setting 0000000000000000 0000000000000000 0000000000000000 o EE RS _ WS WS 200000 jo000000000000000 _ oooooooooooooooo EN O0 EA E EE Figure 64 Port Cost amp Priority 155 EtherWAN Managed Switch Users Guide MSTI Instance Port Membership To navigate to the STP Ring MSTP Port Settings page 1 Click on the next to STP Ring 2 Click on MSTP Port Setting If changes have been made to the port membership of a VLAN you must also reconfigure the MSTI port membership for the MSTI instance that the VLAN maps to To reconfigure the MSTI instance port membership 1 Click on the Port Instance Configuration button see Figure 65 2 Choose the correct MSTI instance from the drop down list next to Instance ID see Figure 66 3 Check the box next to all the ports that should be part of this instance 4 Click on the Update Setting button 5 Save the configuration see the Save Configuration Page EtherWAN 4 Management Switch O System Diagnostics Port Switching CH Trunking 7 STPRing Global Configuration RSTP Port Setting MSTP Properties MSTP Instance Setting MSTP Port Setting a Ring Setting
61. 02 1Q Tag Based VLAN Mode General Overview 802 1Q VLAN configuration consists of the following four elements 1 Creating all VLANs in the VLAN database 2 Configuring an incoming untagged packet s VLAN association rule this is accomplished by configuring the PVID setting on each individual port 3 Configuring the ports that are associated with a VLAN to allow the packets that belong to that VLAN to exit and enter the switch through that port 4 Configuring the tag action on the outgoing packets for each VLAN that is to say deciding on whether or not an outgoing packet will be tagged with the VLAN number that the packet belongs to All ports on the EtherWAN Managed Switch can be configured with different Port Types that have different tagging restrictions as defined below e Access Port If a port is configured to be an Access Port then this port can only be a member of a single VLAN based on the Access Port s PVID VLAN setting and this port s outgoing packets cannot be modified to contain a VLAN Tag e Trunk Port If a port is configured to be a Trunk Port then this port can be a member of multiple VLANs This port s outgoing packets will be automatically modified to contain a VLAN tag of the VLAN that the packet belongs to with the exception of the PVID VLAN on that port The PVID VLAN on a Trunk Port will not be automatically modified to contain a VLAN tag of the PVID VLAN e Hybrid Port A Hybrid Port has no restri
62. 1 100 192 168 2 100 192 168 3 100 192 168 4 100 192 168 5 100 linkDown linkup mac notification interval 60 history size 100 tch_a config if snmp server trap mac notification added tch_a config if snmp server trap mac notification removed 239 Configuring SNMP v1 amp v2 Community Groups To configure the SNMP v1 amp v2 community groups to make the SNMP feature more secure use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax snmp server enable snmp server community get lt 1 256 characters gt snmp server community set lt 7 256 characters gt Usage Example switch a gt enable switch a configure terminal po switch a config snmp server community get public switch _a config snmp server community set private switch a config q switch a Adding SNMP v3 Users To add SNMP v3 Users to the switch and maximize the security for the SNMP feature you must use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax snmp server v3 user lt username gt lt ro rw gt noauth snmp server v3 user lt username gt lt ro rw gt auth lt md5 sha gt lt password gt snmp server v3 user lt username gt lt ro rw gt priv lt md5 sha gt lt password gt des lt pass_phrase gt Usage Example switch a gt enable switch a configure terminal switch_a config snmp server v3 user SNMP User 1 ro noauth switch
63. 3 Click on the Attach button kees er Uh Pobcy Map to Interface 2 RRR jo 15 16 B 17 B 18 B 19 B 2 2 0 22 6 23 5 24 25 B26 8 27 928 a e Class Nahe Polce Rate 1 1000000kbps Burst 1 20000 Bytes AccessLit Type E 3 O C eee eee Figure 97 Applying a Policy Map to a Port 213 EtherWAN Managed Switch Users Guide Modifying Adding an Existing Policy Map To modify or add to an existing ACL Policy Map just follow the instructions below 1 Select the correct ACL Policy Map from the drop down list next to Policy Map see Figure 98 2 Next detach the Policy Map from all the ports by deselecting the check boxes below Attach Class Map to Policy Map for the ports you would like to remove the policy map 3 Click on the Attach button 2 1 CAO OO coc 6 15 16 17 18 JO 19 Class Name Police Rate 1 Burst 1 2 Access List 192 168 1224 Figure 98 Modifying a Policy Map Adding a New ACL Class to an Existing Policy Map If you would like to create a new ACL Class and add it to this ACL Policy Map follow the steps below 1 Make sure that the Create option is selected from the drop down list under Class Name see Figure 99 2 Next follow the instructions on how to create a new 214 EtherWAN Managed Switch Users Guide 3 ACL Policy Map on page 204 4 Next click on the Submit button Policy Map Setting Police Rate 1 1000000kbps Burst 1 20000 Bytes
64. 53 User Privilege E 55 Utilization Page sccicncsccmsnecninents cea tere nana aaa anana eee eee eee 60 SOY SION LOJ E 61 Remote Logging UL Te EE 63 ARP Table sas aaa aba kaa aaa ban aab eee eer er eee baia a apaa Ee 65 Route Table EE 67 Eur Reie EE 68 Trigger Enable aaa ec ne oR eee ne eee eee ere eee 68 POr CONU MOM steht as an Dana E ia tate eu aise aoe 70 KEE getest 71 2 Rate COMO sk kaanan Laa a ANA raa WANARA Ka a Da A NA WANG aa AA kaga A E EA BAN 72 SRMON e asa ena an a aaa a a a Na an ee aaa pe ree ee eee eee 73 Port VLAN Activities anana geneet 74 2 POM SO CUIILY a ska saa aga Ka AN KE E EE REEE A NA NG A a EE AE E eg Ng E ai 75 SEONG DEE 84 eeler E 86 Loopback Detection port sasa aaa anae aaa tie enc sie tas uieviadestacnde ives eeadiesied 87 Storm Detect Ee EE 88 xii EtherWAN Managed Switch Users Guide Figure 31 Figure 32 Figure 33 Figure 34 Figure 35 Figure 36 Figure 37 Figure 38 Figure 39 Figure 40 Figure 41 Figure 42 Figure 43 Figure 44 Figure 45 Figure 46 Figure 47 Figure 48 Figure 49 Figure 50 Figure 51 Figure 52 Figure 53 Figure 54 Figure 55 Figure 56 Figure 57 Figure 58 Figure 59 Figure 60 Figure 61 Figure 62 Figure 63 Figure 64 Figure 65 Figure 66 Figure 67 Figure 68 Figure 69 Figure 70 Figure 71 Figure 72 Figure 73 Preface Storm Detect Per Port 89 MAC Static GE 9
65. 81 Aging Rn EE 82 ae AE 82 Storm GONtrOl KEEN 82 POM EL 83 Block MUNIGAS GE 83 L6opback Datel sesen aaa a a ag vette a a aa aa a e ka aa a Ba R aa ag dee 85 vV EtherWAN Managed Switch Users Guide Preface Loopback Detection Global cet netetean bth enge dE eegene 85 Loopback Detect Action ed eaaa nenen anana nana aa nana anana anan nana 85 Loopback Detect Recovery Time EEN 85 eieiei Wl TEE 86 Loopback Detection Per Pont 87 St rm BEE 88 Enable Disable Storm Detection AEN 88 Static MAC Entry wince ea ag aenak an aapa De aga KE Da KE e teense BG a KA A urns te Dang A eee tae 90 Adding a Static MAC Address to a Port 90 Removing a Static MAC Address from a Port 91 Adding a MAC to the Static MAC Entry Discard Table nnnseeeeeeeeneereeeeseeenee 91 Removing a MAC address from the Static MAC Entry Discard Table 92 Port VITARE IAIA S Sess ee aaa as aed oe ca hed nO a Mia idee ae hae A eae de eg 93 ll State Tracking nanas bana e anane aaa ia apaa a a aan sanga aan aaa Naga ga aana aa 95 Enable Disable Link State Tracking ANNE 95 Nu EE 95 PoE System and Port e EE 97 PoE System Setting D 97 POE Port Setting ET 98 er ne WEE 100 Switch Configuration Examples Using CLI Commandes 102 Setting the Aging Time ET 102 Enabling Port Isolation geegent anana aana anana aana nana aana nee 102 Enabling Block Multicast asas gue geegENeeEE SEENEN 103 Setting Sto
66. Access List Type CA Les GC Action E ESO Note Enter Mask in reverse Re 0 0 0 255 Figure 104 Removing a Policy Map 219 EtherWAN Managed Switch Users Guide To remove an existing ACL Class entirely follow the instructions below 1 Make sure that the ACL Class is not associated with any ACL Policy Map If it is you must remove it from that Policy Map first see Modifying Adding an Existing Policy Map 2 Next make sure that the Create option is selected from the drop down list next to Policy Map see Figure 105 3 Next select the correct ACL Class from the drop down list under Class Name and then wait for the GUI to update itself 4 Next click on the Remove button under Attach Class Map to Policy Map es les Pak Mapes eren PokceRateI 1000000Kbps Bara 120000 Bes _AccestinType A Tee i Teken A kenaa Acton atas Ma TT eil Eege LUS Note Enter Mask in reverse like 0 0 0 255 Figure 105 Policy Map 2 5 You can confirm that this ACL Class has been removed completely by checking the drop down list under Class Name If you do not see the ACL Class in the list then it means it has been completely removed see below 220 EtherWAN Managed Switch Users Guide Policy Map Setting Policy Map Cree e PolcyMapName Attach Class Map to Policy Map pe OOO EE IP Class 1 IP Access List Create ecese ttri tr zo v 1 99 1300 1999 Action Paddress Mask Note Enter Mas
67. Capabilities mgmt addrs Management Address port vian id Port VLAN ID link aggregation Link Aggregation max frame Maximum Frame Size Usage Example switch _a gt enable switch a configure terminal switch _a config lldp tlv global mgmt addrs EZ switch_a config q switch a 256 EtherWAN Managed Switch Users Guide Enabling LLDP Transmit on a Port To enable LLDP Transmit for a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax dp tx pkt Usage Example switch _a gt enable switch a configure terminal switch _a interface fel switch a config lldp tx pkt E switch a config q switch a config q switch a Enabling LLDP Receive on a Port To enable LLDP Receive for a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax Ildp rev pkt Usage Example switch _a gt enable switch a configure terminal switch a interface fel switch a config lldp rev pkt E switch a config q switch a config q switch a 257 EtherWAN Managed Switch Users Guide Enabling LLDP Notify To enable LLDP Notify for a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax Ildp notification Usage Example switch switch switch switch switch switch switch _a gt enable _a configure terminal _a interface fel
68. Command Mode General Configuration Mode CLI Command Syntax bridge 1 spanning tree errdisable timeout enable bridge 1 spanning tree errdisable timeout interval 300 Usage Example switch a gt enable switch a configure terminal switch a config bridge 1 spanning tree errdisable timeout enable switch a config bridge 1 spanning tree errdisable timeout interval 300 switch a config q switch a Enabling the Loop Guard Feature To enable the Loop Guard feature on a switch port use the CLI commands below CLI Command Mode Switch Port Interface Configuration Mode CLI Command Syntax spanning tree guard loop Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if spanning tree guard loop switch a config if q switch a config q switch a 175 EtherWAN Managed Switch Users Guide VLAN Port Based VLAN vs Tagged Based VLAN The EtherWAN Managed Switch can be configured to operate in one of two VLAN modes Port based VLAN mode or Tagged based VLAN mode In Port based VLAN mode packets from different VLANs can only be segregated from one another while within a single switch but not when the packets travel to other switches in the network The VLAN association rule for all incoming packets in Port based VLAN mode is determined only by the VLAN ID that is associated with the port when a packet enters the switch In Tagged ba
69. E config set port gmrp disable fel config q 297 EtherWAN Managed Switch Users Guide When you enable GMRP on a port the Registrar is in Normal mode by default The GMRP Registrar on a port can be configured in 3 different modes by issuing the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gmrp registration normal lt port id gt set gmrp registration fixed fe1 lt port id gt set gmrp registration forbidden lt port id gt Usage Example switch _a gt enable switch a configure terminal switch _a config set gmrp registration normal fel switch _a config set gmrp registration fixed fel switch a config set gmrp registration forbidden fel SS is switch a config switch a By default when you enable GVRP on a port this feature is disabled To enable or disable the Forward All feature on a port use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gmrp fwdall enable lt port id gt set gmrp fwdall disable lt port id gt Usage Example switch _a gt enable switch _a configure terminal switch _a config set gmrp fwdall enable fel switch a config set gmrp fwdall disable fel switch a config q switch a 298 EtherWAN Managed Switch Users Guide DHCP Server DHCP is a TCP IP application protocol that allows any TCP IP device to dynamically obtain its initial TCP IP configurations throug
70. E 30 ks E f UI H EtherWAN 4 A Management Switch System Diagnostics Port Switching Trunking CO STP Ring Global Configuration RSTP Port Setting MSTP Properties MSTP Port Setting a Ring Setting toy sl a cs EA A m Advanced Setting VLAN VLAN ID Instance ID 1 15 Update Setting Figure 62 VLAN Instance ID Modifying MSTP parameters for load balancing To navigate to the STP Ring MSTP Instance Setting page 1 Click on the next to STP Ring 2 Click on MSTP Instance Setting To load balance switches within a MSTP Region set different switches within the MSTP Region to be the Root Bridge for different MSTI instances A Root Bridge in a particular MSTI instance is called a MSTI Regional Root Bridge To designate a specific switch in a MSTP Region to be the Root Bridge in a specific MSTI instance the bridge priority must be set to be the lowest number of all the switches in a particular MSTI instance 152 EtherWAN Managed Switch Users Guide To set the bridge priority on the switch for a specific MSTI Instance see Figure 63 1 Choose the particular instance in the Instance ID drop down list for which the switch will be a MSTI Regional Root Bridge 2 Enter the desired value in the Bridge Priority text box 3 Click on the Update Setting button The valid values for this parameter are from 0 to 61440 in increments of 4096 4 Save th
71. Figure 68 1 Change the Ring coupling state to Enable Click on the Update Setting button next to the Ring coupling state Choose the desired port from the dropdown list under Ring Coupling Port 1 Choose the desired port from the dropdown list under Ring Coupling Port 2 Click on the Update Setting button oa fF O DN Save the configuration see the Save Configuration Page EtherWAN aT Ci Management Switch System CH Diagnostics gt Port CH Switching CH Trunking CO STP Ring Global Configuration RSTP Port Setting MSTP Properties MSTP Instance Setting MSTP Port Setting Ring Coupling Port 1 Ring fan Port 2 a Ring Setting Set Ring Coupling Port 3 i GC b Advanced Setting FORWARD SE OO VLAN E os peat tin ACL Figure 68 Ring Coupling 164 EtherWAN Managed Switch Users Guide STP RING PAGE ALPHA CHAIN The Alpha Chain Protocol Although the Spanning Tree Protocols are very versatile in forming all possible redundant topologies its re convergence time is too slow for most mission critical applications The EtherWAN Alpha Ring protocols can be used in mission critical applications to recover from a link failure in 15 milliseconds or less However with the Alpha Ring protocols Alpha Ring Alpha Ring Coupling the redundant topologies that these protocols can be applied to will be limited to at the most two Rings per switch
72. GMP Passive mode follow the steps below No IGMP Querier port present 1 Under the Passive Mode Forwarding Port section select the PassiveForwardMode radio button 2 Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to 3 Click on the Update Setting button oO Note The presence of an IGMP Querier port will make the settings provided by the PassiveForwardMode to have no effect and all unknown multicast packets will be forwarded to the IGMP Querier port only DCH Qos Passive Mode Forwarding Port ioe _ Passive Mode Forwarding Port CH SNMP Por Port Port Port Port Port Port Port Port Port Port Port Port ree e e Gi e e 7 E E H 8021X RO LLDP d ix NANA Nan h e e E ole Nan a a Eng 19 20 21 2 23 24 25 E 27 a GVRP eee Ejajojojo jo je NTP a snooping is passive mode and router a oe was not learned switch will forward unknown IN Sa ive mode forwarding port E paga eg ForceForwardMode UDLD Update Setting Figure 133 PassiveForwardMode 273 EtherWAN Managed Switch Users Guide IGMP Querier port present or no IGMP Querier port present 1 Under the Passive Mode Forwarding Port section select the ForceForwardMode radio button Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to Click on the Update Setting button o Note The settings
73. Global Configuration Page for more information on queues Each VLAN priority is expressed as the three bit PCP field in the 802 1Q header discussed previously The values shown above are the default values with the higher VLAN priorities corresponding to the higher priority queues HA NANA NANA PA NA PA NA NA PA NA PA KA KA PA KA PA NA NA NA NANA NA KA NAN NAN NA EtherWAN pp eee ee eee ee esses EE v Management Switch HO System H O Diagnostics HO Pon HO Switching Global Configuration 802 1p Priority SDA Ul WI N oO WWI NM Nie lle Ol oO H O Others Protocols Figure 86 802 1p Priority By default the higher priority queue 3 are assigned to VLAN priorities 6 and 7 queue 2 assigned to VLAN priorities 4 and 5 queue 1 assigned to VLAN priorities 2 and 3 and finally queue 0 assigned to VLAN priorities 0 and 1 After making any changes on the page click on the Submit button to ensure that the changes are stored 196 EtherWAN Managed Switch Users Guide 802 1p Priority Submenu CLI Interface For more information on CLI command usage see CLI Command Usage CLI Command Mode General Configuration Mode CLI Command Syntax wrir queue cos map lt QUEUE_ID gt lt COS_VALUE gt Queue ID Range is 0 3 COS_VALUE CoS values Up to 8 values separated by spaces Usage Example The following example shows mapping CoS values 0 and 1 to queue 1 on the switch switch _a gt enable sw
74. I Command Syntax shutdown no shutdown Usage Example 1 Disabling a port switch _a gt enable switch a configure terminal switch a config int fel switch a config if shutdown E switch a config q switch a config q switch ai 76 EtherWAN Managed Switch Users Guide Usage Example 2 Enabling a port switch _a gt enable switch _a configure terminal switch a config int fel switch a config if no shutdown switch a config q switch a config q switch a Setting the Port Speed To set the port speed for a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax bandwidth lt 1 10000000000 bits gt usable units k m g Usage Example switch _a gt enable switch a tconfigure terminal switch a config int fel switch a config if bandwidth 100m switch a config q E switch a config q switch a Setting Port Duplex To set the duplex for a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax duplex lt full half auto gt Usage Example switch _a gt enable switch a configure terminal switch a config int fel switch a config if duplex full E switch a config q switch a config q switch a EtherWAN Managed Switch Users Guide Enable or Disable Port FlowControl To enable or disable flowcontrol for a port use the CLI commands below CLI Comma
75. LI commands CLI Command Mode Interface Mode CLI Command Syntax no storm detect port enable Usage Example swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch_a config interface fel tch_a config if no storm detect port enable tch_a config if q tch_a config q tch af EtherWAN Managed Switch Users Guide 109 Adding a MAC Address for Static MAC Entry Forwarding To add a MAC address for Static MAC Entry Forwarding for a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 address lt mac address gt forward lt interface gt vlan lt vlan id gt Usage Example switch _a gt enable switch a configure terminal switch a config bridge 1 address 00e0 abcd 1245 forward fel vlan 1 switch a config q switch ai Adding a MAC Address for Static MAC Entry Discarding To add a MAC address for Static MAC Entry Discarding for a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 address lt mac address gt discard vlan lt vlan id gt Usage Example switch a gt enable switch a configure terminal switch a config bridge 1 address 00e0 abcd 1245 discard vlan 1 switch a config q switch ai 110 EtherWAN Managed Switch Users Guide Configuring Port Mirroring To configure a port for Port Mirror
76. Mode CLI Command Syntax bridge 1 priority lt 0 61440 gt bridge 1 max age lt 6 40 gt bridge 1 forward time lt 4 30 gt bridge 1 hello time lt 1 10 gt Usage Example switch _a gt enable switch a configure terminal switch _a config bridge 1 priority 4096 switch _a config bridge 1 max age 20 switch _a config bridge 1 forward time 15 switch _a config bridge 1 hello time 2 switch _a config q switch ai 140 EtherWAN Managed Switch Users Guide Modifying the Port Priority and Path Cost To modify the Port Priority and Path Cost on a switch use the below CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax bridge group 1 path cost lt 1 200000000 gt bridge group 1 priority lt 0 240 gt Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch _a config if bridge group 1 path cost 200000 switch a config if bridge group 1 priority 128 switch _a config if q switch _a config q switch a Manually Setting a Port to be a Shared or Point to Point Link To manually force a port to be a shared link or Point to point link use the below CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax spanning tree link type point to point spanning tree link type shared Usage Example 1 Setting port 1 to be point to point switch _a gt enable switch _a configure terminal switch a conf
77. NEE 223 Creating an ACL Class Map with Layer 4 Access Uet 224 Creating a ACL Class Map with an IP or MAC Access List ssseeeeeeee 225 Creating an ACL Policy Map EE 226 Appling an Existing ACL Policy to a bot 227 Deleting ERT EE 227 Deleting an ACL Policy ces acca doe aana dese eg naa anana nana anana naen anane e 228 SNMP 5457595 n5 Pree Pererrerrerereec rarer eer rererrecrerereertere rer rercreertercreertererrer rere reer tere reer tere Tree 229 SNMP General le E 229 Configuring SNMP v1 amp v2 Community Groups 232 Configuring SNMP v3 USers EEN 233 Adding SNMP v3 Users to the switch nenen a aaa a nane nana n aane anana anane nen 233 Deleting SNMP v3 Users from the switch e aaaaaaan nenen aana naen anana nane 236 SNMP Configuration Examples Using CLI Commands saaeeaaananenne nenen anane 237 Enabling SNMP and configuring general settings 0 esaaaananenaa anana nana nee 237 Configuring SNMP E 238 Configuring SNMP vi amp v2 Community Groups 240 Adding SNMP VI USE Sa sarean gana a a aaen E a eee cae 240 EE XK eg 241 Configuring 802 1X from the GUI system saanane aana aana anana aana nane rana 241 Enabling Radlus sasae aane EE 241 Adding CH SEMEN ss aa epee Na a hie Saleh Sa ana NG ein He ea E teh cant oats 242 Ehabling B02 1X On a PO aab aan a a tte ae Ka ana 244 L D ra a aa aaa use ee 246 LLDP General Settings EE 247 Enable Di
78. Na KENAN N GG EGO Wa KNA NEG GENE Wada N ENGGEN iii EIER ge ssasasasasa wadana nana awa Waa NENENG Na NE NEW aa Na KENE NEW wada Na aana Nawa Waa NENENG xii IN CL xvi Changes in this Revision un xvi Docum ni CONVEMUIONS E xvii ee s Warnings E xvii Typographic Conventions E xvii Unpacking and Installation cccccccesseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseneees 18 Package Contents sseeaa eaaa ca acta sua anana nana naa anana anana ven wiacetaceanrueateeautatee 18 et Ee asas an eg E ener eer ere eee eee aaa aa ers ever gaga ee eee 18 Required Equipment and Software ENNEN 19 Computer Setup ass dada saga aa wa aa de ne E Na wa daa NENEK wa daa aa aa da aaia dawa deeeh 20 Management Methods and TE 20 Default UP istsr kakena aba aaa bana a bakin a TAA E aE e A RE 21 Login Process and Default Credentials aeaaaaanenen aana anana nenen a aana nean rena 21 Setting the initial IP address ssnanananeeewewanan anane wena nana nane NENENG NGNE ENENG NGNE 22 Simple IP Addressing E 22 CLI Command Usage ss iasasa sada tawa awa nasa kawa a dawa danawa awa Wawa Nawa kaa wa daka a NE a Wawa Wa Na REENEN 23 Navigating the e Be WE UE 23 NNEN 23 CLI Command Bad a ieto Sez cestendeesntdsnotteeeaiasanaaeetemndeuiedds nie ANK anna anana anana aana nane 24 General Configuration Mode ANEN 24 MSTP Configuration OT 24 Interface Configuration Mode 25 VLAN Database Configuration Mode
79. Priority man Strict Priority Oueue3 WRR Oueue0 2 WRR Queue0 3 Weighted Round Robin Weight 1 20 En Niama Figure 88 Enabling QoS EtherWAN Managed Switch Users Guide 203 ACL Policy Map To create a new ACL Policy Map follow the instructions below 1 Make sure that the Create option is selected from the drop down list next to Policy Map see below 2 Next make sure that the Create option is selected from the drop down list under Class Name see below K Management Switch System OH Diagnostics CO Port CH Switching Trunking CO STPRing VLAN OH Qos DO ACL ACL Information ACL Configuration SNMP 8021X DO LLDP SERIES REES Cas Nane Access List Create Y 1 99 1300 1999 Ma TT Note Enter Mask in reverse like 0 0 0 255 Submit Figure 89 Policy Map Next you will be creating a new ACL Access List which is necessary to create an ACL Class Map From the information listed below you will find the configuration steps necessary for all of the four available ACL Access Lists You can choose one Access List from the below list and follow the steps there to complete the configuration for that Access List One Access List can be created during the initial ACL Policy Map creation process After you have chosen just one Access List from below and have finished all the configuration steps for it please continue onto step 3 204 EtherWAN Managed Switch Users Guide IP Ac
80. Queue0 3 Note Not all switches support this mode Packets must be emptied from the queues in order Starting with queue 3 and ending with queue 0 the packets in each queue must be completely emptied before the next queue s packets are considered for transmission b Strict Priority Queue3 WRR Queue0 2 Packets must be emptied from queue 3 first and the three remaining queues are emptied according the WRR weights in the Weighted Round Robin section see below 191 EtherWAN Managed Switch Users Guide c WRR Queue 0 3 each queue is allowed to discharge a certain number of packets according to the WRR weights in the Weighted Round Robin section before moving to the next queue 4 Enter the Weight for each queue in the Weight Round Robin section 5 Click on the Submit button 6 Save the configuration see the Save Configuration Page Note Weighted Round Robin There are four text fields one for each queue 0 3 A number from 1 to 20 can be assigned for each queue This number is used with WRR policy and is the value of the number of packets that must be emptied from the queue before the next queue is considered By default these values are Queue Weight 0 1 1 2 2 4 3 8 192 EtherWAN Managed Switch Users Guide QoS Global Configuration using the CLI Interface This section gives information on Command line commands related to QOS and assumes the user has a working kn
81. Ring Technician z Figure 9 User Mode 51 EtherWAN Managed Switch Users Guide Creating a New User To create a new user see Figure 10 1 Choose the Create option from the dropdown list next to the User Account row heading Enter a User Name case sensitive for the new user in the User Name text box Enter a Password for the new user in the Password text box Re enter the Password in the Confirm Password text box a fF oO bh Select a Privilege Level from the dropdown list next to the Privilege Level row heading For more information on Privilege levels see the User Privilege Configuration Click on the Update button 7 Save the configuration See the Save Configuration Page EtherWAN M t Switch a fanagement Swi ENENGE f System ee System Information Multi User Lei System Name Password Update Setting IP Address Mase tc Firmware Uperade E Reboot pawa Je A User Account Confirm Password User Privilege Diagnostics i Technician gt Port CH Switching Technician Trunking Figure 10 Creating Users 52 EtherWAN Managed Switch Users Guide Changing an Existing User Account To make modifications to an existing user account 1 Choose an existing user from the dropdown list next to the User Account row heading see Figure 11 Change the password and or access level following the steps in Creating a New User
82. SH and the serial port on the EtherWAN Managed Switch The secure method of accessing the CLI over a network is SSH To enable or disable Telnet 1 Click the Enable or Disable radio button in the Telnet section on the Management Interface page see Figure 6 below 2 Click on the Update Setting button 3 Save the Configuration see Save Configuration 37 EtherWAN Managed Switch Users Guide SSH Secure Shell Secure Shell or SSH is a network protocol that allows data to be exchanged using a secure channel between two networked devices such as a computer and the EtherWAN Managed Switch SSH is disabled by default on the V1 94 2 EtherWAN Managed Switch To enable or disable SSH 1 Click the Enable or Disable radio button in the SSH section on the Management Interface page see Figure 6 2 Click on the Update Setting button 3 Save the Configuration see Save Configuration EtherWAN CQ Management Switch H System WEB A EA E System Information Http Https System Name Password Update Setting IP Address Management Interface TELNET Save Configuration D Disable Enable Firmware Upgrade Update Setting Reboot TFE User Privilege CH Diagnostics Port Switching Trunking s it Figure 6 Management Interface 38 EtherWAN Managed Switch Users Guide Management Interface Configuration using the CLI For more information on CLI command usage see CLI Command Us
83. VID have been configured for all the ports of the switch The GVRP protocol has been globally enabled and GVRP is locally enabled on the Trunk Ports as well The Dynamic VLAN Creation feature has been enabled 261 EtherWAN Managed Switch Users Guide Enabling the GVRP Protocol at the Global Level To enable the GVRP protocol globally on a distribution switch see Figure 125 1 Under GVRP Global Setting choose the Enable option from the drop down list next to GVRP Choose the Enable option from the drop down list next to Dynamic VLAN Creation Click on the Update Setting button 4 Management Switch SCH System Diagnostics gt Port KH Switching Trunking STPRing VLAN Qos ACL CO SNMP i E 1 ESCH GVRP Global Setting Dynamic VLAN Creation Enable gt Update Setting Per Port Setting include LAG Port EE 2 3 LS Ov Disable GVRP Normal Normal Normal Normal Normal Normal CZ Disable Disable Disable Disable Figure 125 GVRP Configuration Distribution Switch To enable the GVRP protocol globally on an Access Switch see Figure 126 1 Under GVRP Global Setting choose the Enable option from the drop down list next to GVRP 2 Click on the Update Setting button m CC e EE Update Setting Figure 126 GVRP Confi
84. _a config snmp server v3 user SNMP User 2 ro auth md5 User2 switch_a config snmp server v3 user SNMP User 3 rw priv md5 User3 des Private User switch a config q switch a 240 EtherWAN Managed Switch Users Guide IEEE 802 1X EtherWAN switches support the IEEE 802 1X protocol to provide port based security ona switch port against unauthorized access In order for this protocol to work two additional components are required an EAP Extensible Authentication Protocol compatible RADIUS server to authenticate a client station that is trying to gain access to the network through a port on the switch and an 802 1X client software known as the Supplicant software used on the end device to communicate with the RADIUS server for the purposes of authenticating the end device that is trying to gain access to the network through the switch port When an end device is initially connected to a port on the EtherWAN switch where the 802 1 X protocol is enabled on the port the switch will only pass 802 1X authentication traffic known as EAPOL traffic on that port between the Supplicant on the end device and the RADIUS server and will not allow any other traffic to pass After the initial connection the EtherWAN switch will request authentication credentials from the Supplicant in the end device that has just connected to the port After the switch receives the proper authentication credentials from the Supplicant in the end device the
85. a Note If using SSH to run the CLI Commands that disable SSH you will lose your connection To Disable SSH using the CLI use Telnet or the RS232 Console port on the switch 40 EtherWAN Managed Switch Users Guide Enabling Disabling HTTP and or HTTPS To enable or disable telnet use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip http server ip http secure server no ip http server no ip http secure server Usage Example 1 Enabling HTTP switch _a gt enable switch _a configure terminal switch _a config ip http server switch _a config q switch a write memory E Building configuration OK switch a d switch a Usage Example 2 Disabling HTTP switch _a gt enable switch a configure terminal switch _a config no ip http server switch _a config q switch a write memory Building configuration OK switch a d EtherWAN Managed Switch Users Guide Usage Example 3 Enabling HTTPS switch _a gt enable switch a configure terminal switch _a config ip http secure server switch _a config q switch a write memory Building configuration OK switch a q switch a Usage Example 4 Disabling HTTPS switch _a gt enable switch a configure terminal EI switch a config no ip http secure server switch _a config q switch a write memory E Building configuration OK switch a q EtherWAN Managed Switch Users
86. aaa ak e ak ap a baa ahaaa E Daka agak bat kah 160 Modifying CIST Port Priority and Port Path Coste 160 Adding a Port to an MSTI WEE 161 STP Ring Page Alpha RING BE 162 Alpha FING le ef Le sa aia teat r hee Ta EEN a bended TE sees 162 EtherWAN a Ring Technology 162 Implementing a Simple omg 162 Connecting two a Ring Networks together sanane anaa a anana anana nana ane 164 STP Ring Page Alpha Cader deed EE nne ewenane 165 The Alpha Chain Protocol E 165 General e 165 Alpha CAA Enn EE 166 Global Settings 44s ea eho aaa chen ee encase Ga eae eee 166 Configuring the Alpha Chain Ports sesane n eaaa nenen a anane nana anane anna 167 Alpha Chain Pass Through Porte 169 Configuring Alpha Chain using CLI commande ae aaaaaaaanena anana anana nenen aane 170 Storm COMO geesde GE ti ANGGANG A A aana E GN 170 COMMOUPING Chali Ge EE 170 Configuring Chain Pass Through Portes 171 STP Ring Page Advanced Setting aaaeesewenanannn nne ewenanan anane wanan anan ane ewenane 172 Advanced Bridge Configuration ENNEN 172 Advanced Per Port Configuration sasae e Geste aaa anana anaa aana nenen aranan 173 Configuring Spanning Tree Advanced Settings using CLI commands 174 Enabling BPDU Guard Globally ageseent ere 174 Enabling BPDU Guard on a POM iia biti dentseuiasbedetdentact bea eege Eder 174 Enabling BPDU Guard Error Disable nmeout 175 VLSI BEE 176 Port Based VLAN vs Tagged Based
87. according to the ForceForwardMode will always be in effect both with and without the presence of an IGMP Querier port In addition when an IGMP Querier port is present all unknown multicast packets will also be forwarded to the IGMP Querier port as well in addition to the settings in the ForceForwardMode function Force Forwarding Port SNE Port ro gg Port gra ge os Port Port Port Port men A 12 13 14 Gros KANAKA eee ajajaja i et Di NIN gg Port Port Port Port Port E Sots ort Port Port Port olla eee E 18 19 20 21 22 23 RER eg 26 27 28 NTP Soe Force switch forward all unknown multicast BEER ECH to force forwarding port this setting will toggle Passive mode forwarding port setting DHCP Server s E D PassiveForwardMode ForceForwardMode UDLD Update Setting Figure 134 ForceForwardMode 274 EtherWAN Managed Switch Users Guide IGMP Querier Mode Forwarding Port Configuration To configure how the switch forwards unknown multicast packets when the switch is in IGMP Querier mode follow the below instructions 1 Under the Passive Mode Forwarding Port section select the ForceForwardMode radio button 2 Select the checkbox under the ports that you would like to have the unknown multicast packets forwarded to 3 Click on the Update Setting button oe Note When the switch is in IGMP Snooping Querier mode there will not be an IGMP Querier port present and the settings accord
88. ace lt interface name gt Usage Example switch _a gt enable switch a show bridge interface fel switch a Setting MAC Port Security To enable MAC port security use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax port security enable Usage Example switch _a gt enable switch _a configure terminal switch a config int fel switch a config if port security enable switch a config q E switch a config q switch a 79 EtherWAN Managed Switch Users Guide To disable MAC port security use the CLI commands below CLI CLI Command Mode Interface Configuration Mode Command Syntax no port security enable Usage Example switch _a gt enable switch _a configure terminal switch a config int fel Ped switch a config if no port security enable E switch a config q EZ switch a config q switch a To set the allowed MAC addresses use the CLI commands below CLI CLI Command Mode Interface Configuration Mode Command Syntax port security allowed address lt value gt in hex format Ex 00aa 0062 c609 Usage Example swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch a config int fel tch_a config if port security allowed address 00aa 0062 c609 tch_a config q tch_a config q tch af To delete an allowed MAC address use the CLI commands below CLI CLI Command Mode I
89. age Enabling Disabling Telnet To enable or disable telnet use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip telnet no ip telnet Usage Example 1 Enabling Telnet switch _a gt enable switch a configure terminal E switch_a config ip telnet switch _a config q switch a write memory Building configuration OK switch a q switch a Usage Example 2 Disabling Telnet switch _a gt enable switch a configure terminal switch _a config no ip telnet switch a config q switch a write memory E Building configuration OK switch a d Va Note If using Telnet to run the CLI Commands that disable telnet you will lose your connection To Disable Telnet using the CLI use SSH or the RS232 Console port on the switch 39 EtherWAN Managed Switch Users Guide Enabling Disabling SSH To enable or disable SSH use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip ssh no ip ssh Usage Example 1 Enabling SSH switch _a gt enable switch _a configure terminal switch _a config ip ssh switch _a config q switch a write memory Building configuration OK switch a q switch a Usage Example 2 Disabling SSH switch _a gt enable switch _a configure terminal switch _a config no ip ssh switch a config q switch a write memory Building configuration OK switch a q V
90. age Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config channel group 2 mode passive switch_a config q q Cc switch a config switch a 127 EtherWAN Managed Switch Users Guide Setting the LACP Port Priority To set the port priority for an interface attached to a LACP trunk on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax lacp port priority lt 1 65535 gt Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config lacp port priority 1 switch_a config q switch a config q switch a Setting the LACP Timeout To set the timeout for an interface attached to a LACP trunk on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax lacp timeout lt ong short gt Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel c switch_a config lacp timeout long switch _a config q q switch a config switch ai 128 EtherWAN Managed Switch Users Guide STP RING PAGE OVERVIEW Choosing the Spanning Tree Protocols The Spanning Tree algorithm works by designating a single switch The Root Bridge in the network as the root or the parent to all the switches All the sw
91. ages Do not reboot or unplug the switch until the final message is received a Downloading now please wait b tftp lt filename gt img from ip lt ip address gt success Install now This may take several minutes please wait C Firmware upgrade success oO Note If a Firewall is running on the PC that is running the TFTP server it may need to be temporarily disabled 48 EtherWAN Managed Switch Users Guide EtherWAN 4 d Management Switch DICH System System Information System Name Password IP Address Management Interface Save Configuration Firmware Upgrade Reboot Figure 8 Firmware Upgrade Page Firmware Update using the CLI For more information on CLI command usage see CLI Command Usage CLI Command Mode Privileged Exec Mode CLI Command Syntax install image lt tftpserver_ipaddress gt lt filename gt Usage Example switch _a gt enable switch a install image 192 168 1 100 flash tgz switch a q switch a Note Depending on the firmware being loaded the extension may not be tgz The Switch does not use the extension to validate firmware 49 EtherWAN Managed Switch Users Guide Reboot To navigate to the Reboot page 1 Click on the next to System 2 Click on Reboot To reboot the EtherWAN Managed Switch 1 Click on the Reboot button 2 Click OK on the popup message Reboot using the CLI For more information on CLI command usage see CLI Command Usage CLI Com
92. al a config interface vlanl1 2 a config if no ip address 192 168 1 11 a config if q _a config q _a write memory EI Building configuration switch a q switch a EtherWAN Managed Switch Users Guide 36 Management Interface To navigate to the Management Interface page 1 Click on the next to System 2 Click on Management Interface The Management Interface configuration page has three settings that allow the user to configure the methods available to manage the EtherWAN Managed Switch HTTPS HTTPS Hypertext Transfer Protocol Secure allows the user to determine what method if any is used to configure the EtherWAN Managed Switch The default is unencrypted HTTP see Figure 6 To disable the Web interface 1 Uncheck Http and Https 2 Click on the Update setting button Ei Warning Once the Submit button is pressed the Web console will no longer function As a safety precaution the configuration is not saved by default Rebooting the EtherWAN Managed Switch will restore the Web Console To save the configuration connect using the new IP address To enable the Web Interface 1 Check HTTP HTTPS or both 2 Click on the Update Setting button 3 Save the Configuration see Save Configuration Telnet Telnet is a network protocol that allows a remote computer to log into the EtherWAN Managed Switch to access its CLI Command Line Interface The CLI can be access using Telnet S
93. ap lt ACL Class Name gt Usage Example switch _a gt enable switch a tconfigure terminal switch_a config no class map IP_Class 1 Po switch_a config q switch a 227 EtherWAN Managed Switch Users Guide Deleting an ACL Policy You can use the below CLI commands to delete an existing ACL Policy CLI Command Mode General Configuration Mode CLI Command Syntax no policy map lt ACL Policy Name gt Usage Example switch _a gt enable switch _a configure terminal switch_a config no policy map IP_Policy 1 E switch _a config q switch ai 228 EtherWAN Managed Switch Users Guide SNMP SNMP is a TCP IP application layer network management protocol that allows any TCP IP device to be managed across a TCP IP network It is based on the client server paradigm The server called a SNMP Agent runs a process on the managed device that listens for a client s a network management software running on a computer usually called a NMS short for Network Management Station polling requests to fetch or to set a data item on the managed device The SNMP Agent can also send alert messages called Traps to a NMS automatically based on the occurrence of certain events on the device that the Agent resides SNMP General Settings To navigate to the SNMP General Settings page 1 Click on the next to SNMP 2 Click on SNMP General Settings To configure the general settings for the SNMP feature see Figure 107 1
94. ardware relay To navigate to the Alarm Setting page 1 Click on the next to Diagnostics 2 Click on Alarm Setting The Alarm Setting page allows users to define Ethernet port Link down and Power failure alarms for triggering an alarm using the relay on the switch To configure an Ethernet port or Power input 1 Select an Ethernet port or Power input from the dropdown box see Figure 19 Alarm Trigger Setting Name Power iy Trigger Enabled fe4 fed Name Trig fe6 fel ei fes fe2 fe9 fe3 fe10 fe4 fe5 fe6 Power3 Figure 19 Alarm Trigger 3 Select YES or NO from the dropdown box next to Trigger Enabled see Figure 20 4 Click Update Setting to save any changes made Alarm Trigger Setting Name Powerl e Trigger Enabled YES Update Setting Figure 20 Trigger Enable 68 EtherWAN Managed Switch Users Guide PORT Configuration To navigate to the Configuration page 1 Click on the next to Port 2 Click on Configuration Port configuration contains such useful features as flow control port speed and duplex settings Some users will find these settings very valuable such as when the switch is connect to a latency critical device such as a VOIP phone or IP camera or video multiplexor In these cases and others the ability to alter the port settings can make the difference between a poorly responding device and one that functions without loss of data or
95. ass Map existing Standard Extended IP Access List or MAC Access List to the ACL Class Map by referencing its Access list ID Va Note The bandwidth policing capabilities of the ACL Class cannot be configured here it can only be configured during the ACL Policy Map creation or modification CLI Command Mode General Configuration Mode Class Map Configuration Mode CLI Command Syntax class map lt ACL Class Name gt match access group lt Access List ID gt Usage Example switch _a gt enable switch _a configure terminal switch_a config class map Layer 2 3 Class switch a config cmap match access group 1 E switch a config cmap q switch a config q switch a 225 EtherWAN Managed Switch Users Guide Creating an ACL Policy Map To create a new ACL Policy Map you must have first created the ACL Class Maps that you want to assign to the ACL Policy Map You can then use the CLI commands below to create the new ACL Policy Map and assign one or multiple existing ACL Class Maps to the ACL Policy Map by referencing its ACL Class Map name You can also complete or modify the bandwidth policing capabilities of the ACL Class Maps used during the ACL Policy Map creation process CLI Command Mode General Configuration Mode Policy Map Configuration Mode Policy Map Class Configuration Mode CLI Command Syntax policy map lt ACL Policy Name gt class lt ACL Class Name gt police lt 1 1000000 gt lt 1 20000 g
96. ave Reboot Logout User Account User Privilege DHCP Client Diagnostics O Port DHCP Client Disable v CH Switching gt Trmking VLAN ID CO STP Ring DHCP Disable DCH VLAN SNMP 8021X LLDP VC Others Protocols Enable v 8 8 8 8 00e0 b323 0150 Figure 5 IP Address 31 EtherWAN Managed Switch Users Guide IP Address Configuration using the CLI For more information on CLI command usage see CLI Command Usage IP Address To set the IP address use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip address lt A B C D M gt IP Address Mask e g 10 0 0 1 8 no ip address Note The Subnet Mask is defined as a Network Prefix instead of the common dotted decimal ex 255 255 255 0 The most commonly used Network Prefixes are e 8 Known as Class A Also known in dotted decimal as 255 0 0 0 e 16 Known as Class B Also known in dotted decimal as 255 255 0 0 e 24 Known as Class C Also known in dotted decimal as 255 255 255 0 Usage Example 1 Assigning an IP address switch _a gt enable switch _a configure terminal switch _a config ip address 192 168 1 1 24 switch _a config q switch a write memory E Building configuration OK switch a d switch a Usage Example 2 Removing an IP address switch _a gt enable switch a configure terminal E swit
97. be configured with a value that is greater than the network diameter of the CST topology The Max Age parameter will need to be configured correctly on both the CIST Root Bridge as well as on the Backup CIST Root Bridge in the event when the CIST Root Bridge fails Setting the MAX Age Forward Delay and Hello Timer Navigate to the STP Ring Global Configuration page 1 Click on the next to STP Ring 2 Click on Global Configuration Relationship between Max Age Forward Delay and Hello Time The following rules must be followed when setting the Max Age Forward Delay and Hello Timer e Max Age gt 2 x Hello Time 1 0 second e 2 x Forward Delay 1 0 second gt Max Age To change the Max Age Forward Delay and Hello Timer see Figure 58 1 Enter the Max Age in the text box to the right of Max Age 6 40 sec label 2 Enter the Hello Time in the text box to the right of the Hello Time 1 10 sec label 3 Enter the Forward Delay in the text box to the right of the Forward Delay 4 30 sec label 4 Click on the Update Setting button 5 Save the configuration see the Save Configuration Page 147 EtherWAN Managed Switch Users Guide K Management Switch HCD System DICH Port HC Switching HC Trunking HO STP Ring Global Configuration RSTP Port Setting MSTP Properties MSTP Instance Setting MSTP Port Setting a Ring Setting a Chain setting VLAN 6 G SNMP 802 1x Other P
98. cess List Policy Map Setting z Class Name Access Lis Type SCENE BEE Ee BE eg ba Note Enter Mask in reverse like 0 0 0 255 5 Figure 90 IP Access List To configure an IP Access List See Figure 90 above 1 Select the IP Access List option from the drop down list below Access List Type 2 If you have already created an IP Access List previously and would like to apply it to the new ACL Class then select the Access List number from the drop down list next to Access List 3 If you want to create a new IP Access List make sure that the Create option is selected from the drop down list next to Access List 4 To give the new IP access list an ID enter a number in the range from 1 99 or from 1300 1999 into the text entry box next to the Create option drop down list 5 You can enter a source IP address to allow an IP packet with that source IP to gain entry into the switch To do this choose the permit option from the drop down list under the Action column 6 Next enter the source IP address into the text entry box from the IP address column 7 Next enter the Comparison Mask for the source IP address in reverse logic into the text entry box from the Mask column In reverse logic 255 255 255 0 would be 0 0 0 255 8 Next click on the Add button 205 EtherWAN Managed Switch Users Guide 9 You can enter a source IP address in order to deny an IP packet with that source IP to gain entry int
99. ch To set the Storm Control Enabled Type 1 Select the check box next to Broadcast and or DFL Multicast for the port that needs to be changed 2 Click on the Update Setting button 82 EtherWAN Managed Switch Users Guide Port Isolation The Port Isolation setting is a per port value Port Isolation can be used to isolate a port or ports so that only the isolated ports can communicate with one another see Figure 27 To update the Port Isolation value for a port on the EtherWAN Managed Switch 1 2 3 4 Click on the Port Isolation drop down box for the port to be isolated Select the value enable on the Port Isolation drop down box Click on the Update Setting button Repeat as necessary for all ports that are to be isolated Block Multicast The Block Multicast setting is a per port value Block Multicast is a straight forward description of a feature that is used to block multicast traffic from accessing a port see Figure 27 To update the Block Multicast value for a port on the EtherWAN Managed Switch 1 2 3 4 Click on the Block Multicast drop down box for the port to be isolated Select the value enable on the Block Multicast drop down box Click on the Update Setting button Repeat as necessary for all ports that are to have multicast traffic blocked 83 EtherWAN Managed Switch Users Guide mamane ar EtherWAN ma Update Setting Port Threshold Level 0 1 100 Storm Control Enabled Type P
100. ch a config q switch ai Usage Example Disabling storm detect switch a gt enable switch a configure terminal switch a config no bridge 1 storm detect errdisable switch a config q switch a To set the storm detect interval use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 storm detect interval lt 2 65535 gt Default 10 Usage Example switch _a gt enable switch a configure terminal switch a config bridge 1 storm detect interval 10 switch a config q switch a 106 EtherWAN Managed Switch Users Guide To set the storm detect recovery time use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 storm detect errdisable recovery lt 0 65535 gt Default 0 No errdisable recovery Usage Example switch _a gt enable switch a configure terminal switch a config bridge 1 storm detect errdisable recovery 60 switch a config q switch a Storm Detect Packet Type Enable this port s storm detect by detect number of broadcast or broadcast plus multicast packets per second Unit is packets per second Set to 0 to disable this feature To set the storm detect packet type use the following CLI commands CLI Command Mode Interface Mode CLI Command Syntax storm detect bc mc bc pps lt 0 100000 gt bc broadcast only mc bc count broadcast amp multicast packets together Default 0 Disab
101. ch_a config no ip address switch_a config q switch a write memory Building configuration OK switch a q switch a 32 EtherWAN Managed Switch Users Guide Default Gateway To set the Default Gateway use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip default gateway lt A B C D gt no ip default gateway Usage Example 1 Setting the Gateway switch _a gt enable switch _a configure terminal switch _a config ip default gateway 192 168 1 254 switch _a config q switch a write memory E Building configuration OK switch a q switch a Usage Example 2 Removing the Gateway switch _a gt enable switch a configure terminal E switch_a config no ip default gateway switch _a config q switch a write memory Po Building configuration OK switch a d switch a EtherWAN Managed Switch Users Guide Domain Name Server DNS To set the DNS use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip dns lt A B C D gt no ip dns Usage Example switch _a gt enable switch _a configure terminal switch a config ip dns 192 168 1 253 switch _a config q switch a write memory Building configuration OK switch a q switch a Usage Example 2 Remove a DNS IP Address switch _a gt enable switch _a configure terminal switch _a config no ip dns switch
102. cond Sunday in March at 2 00AM and ends on the first Sunday in November at 2 00AM then select the values as shown in Figure 138 5 Click on the Update Setting button 286 EtherWAN Managed Switch Users Guide Daylight Saving Setting Daylight Saving Mode Weekday Time Set Offset 1 480 min 60 Name of Daylight Saving Timezone CDT Month Mar Week 3 Day Sun Hour 2 Minute o Month Nov Week Day Sun Hour 2 Minute o From Month Jan Day Hour Minute To Month Jan Day Hour Minute Update Setting Figure 138 Daylight Savings Weekday Mode Daylight Savings Time Date Mode To adjust the switch s clock for Daylight Savings Time using the date mode follow the steps below 1 Select the option Date from the Daylight Saving Mode dropdown box 2 Enter the value for the time offset in the Time Set Offset textbox 3 Enter the name of the Daylight Saving Timezone 4 Inthe Date section select the month and enter the date hour and minute for both the from and to fields For example if Daylight Saving Time begins on March 9th at 2 00AM and ends on November 2nd at 2 00AM then select the values as shown in Figure 139 5 Click on the Update Setting button 287 EtherWAN Managed Switch Users Guide Daylight Saving Setting Daylight Saving Mode Date 3 Time Set Offset 1 480 min en Weekday Month jan Week Day sun Hour Minute Month Jan jan Week Day sun
103. config interface fel switch a config if no poe enable E switch a config if q switch a config q switch ai 113 EtherWAN Managed Switch Users Guide fixed power limit The fixed power limit CLI command sets the maximum wattage that a switch port will provide to the attached PoE device To set a fixed power limit on a port Power Limit by Classification must be disabled on the port first see power classification To set the fixed power limit use the following CLI command CLI Command Mode Interface Configuration Mode CLI Command Syntax poe fixed power limit lt evel gt Level 0 15 4 802 3af 30 802 3at 60 W Usage Example switch _a gt enable E switch a configure terminal switch a config interface fel switch a config if poe fixed power limit 7 5 switch a config if q switch a config q switch a power classification This setting tells the switch to negotiate with the attached PoE device to determine the Watts that will be provided by the switch To change this setting check enable or uncheck disable the check box located in the Power Limit by Classification column The default is checked Enabled This is a per port setting CLI Command Mode Interface Configuration Mode CLI Command Syntax poe power classification enable no poe power classification enable Usage Example 1 Enabling PoE Power Classification on a port switch _a gt enab
104. configured MAC Access List from the drop down list next to Access List If you want to create a new MAC Access List insure that the Create option is selected from the drop down list next to Access List 3 To give this particular MAC Access List an ID enter a number in the range from 2000 2699 into the text entry box next to the Create option drop down list 4 You can enter a source and a destination Ethernet address to allow a specific Ethernet packet entry into the switch To do so you must choose the permit option from the drop down list under the Action column 5 Next enter the source Ethernet address of the Ethernet packet into the text entry box under the Source MAC column 208 EtherWAN Managed Switch Users Guide Next enter the Comparison Mask for the source Ethernet address in reverse logic Ex 255 255 255 0 is 0 0 0 255 in reverse logic into the text entry box from the Mask column following the Source MAC column Next enter the destination Ethernet address of the Ethernet packet into the text entry box under the Destination MAC column Next enter the comparison Mask for the destination Ethernet address in reverse logic into the text entry box from the Mask column following the Destination MAC column Next choose the appropriate encapsulation format of the Ethernet packet that you want to allow entry into the switch from the drop down list under the Format column Next click on the Add button You can also f
105. ction on it If a port is configured to be a Hybrid Port then this port can be a member of multiple VLANs and this port s outgoing packets can be configured to be either with or without a VLAN tag of the VLAN that the packet belongs to including the PVID VLAN of the Hybrid Port For all three types of ports above if an incoming packet contains a VLAN tag then the packet s VLAN association rule will be based on the VLAN Tag 180 EtherWAN Managed Switch Users Guide Enabling 802 1Q Tagged Based VLAN To navigate to the VLAN Mode Setting page 1 Click on the next to VLAN 2 Click on VLAN Mode Setting To enable 802 1Q Tagged Based VLAN on the switch 1 Select Tag based VLAN from the dropdown box see below 2 Click on the Submit button 3 Save the configuration see the Save Configuration Page Tag based VLAN Le Tag based VLAN Port based VLAN Figure 77 Tag based VLAN 181 EtherWAN Managed Switch Users Guide Configuring 802 1Q VLAN Database To navigate to the 802 1Q VLAN Setting page 1 Click on the next to VLAN 2 Click on 802 1Q VLAN Setting To configure the 802 1Q VLAN Database please do the following 1 Click on the Add VLAN button see Figure 78 u a Figure 78 Add VLAN Enter the VLAN ID 3 Enter the VLAN Name 4 Select Attach or Detach for the CPU Port a Attaching the CPU to a VLAN is typically done on the Management VLAN 5 Select the ports to be a member of the VLAN
106. de 73 Per Port VLAN Activities To navigate to the Per Port VLAN Activities page 1 Click on the next to Port 2 Click on Per Port VLAN Activities This is a read only page that will allow the user to see what devices are connected to a particular port and the vlan associated with that device and port To clear the MAC addresses for a particular port on the EtherWAN Managed Switch see Figure 25 1 Click on the link to the port at the top of the Per Port VLAN Activities page 2 Click on the Clear MAC button at the bottom of the page 3 The statistics for the port will update every ten seconds EtherWAN K Management Switch System Diagnostics CO Port Configurati Port Status Rate Control RMON Statistics Per Port VLAN Activities Port Security VC Switching CH Trunking STPRing VLAN Qos SNMP 802 1X LLDP Others Protocols Port 1 fel status Total VLAN Count Total MAC Address Count VLAN Membership MAC Address VLANI1 b8ac 6fb4 deaf Figure 25 Port VLAN Activities 74 EtherWAN Managed Switch Users Guide Port Security To navigate to the Port Security page 1 Click on the next to Port 2 Click on Port Security The Port Security submenu allows the user to control access to the ports on the switch based on the source MAC addresses of t
107. down list next to DHCP Server Status select the VLAN that will get the DHCP provided TCP IP Parameters 2 Enter the starting and ending IP addresses for the DHCP Client IP address range in the text boxes next to Start IP and End IP Enter the Subnet Mask in the text box next to Subnet Mask Enter the IP address for the DHCP Client default router in the text entry box next to Gateway 5 Enter the IP addresses for the DHCP Client primary and secondary DNS servers in the text entry box next to Primary DNS and Secondary DNS 6 Enter the lease period in seconds which the DHCP clients are allowed the use of their leased IP addresses in the text entry box next to Lease Time 7 Click on the Update Setting button d Management Switch HE System SCH Diagnostics ka Porn HC Switching HO Trunking HO STP Ring CH VLAN HO SNMP SE 802 1X SCH LLDP EICH Others Protocols GVRP IGMP Snooping NIP GMRP DHCP Server UDLD DACP Smee BCEE DHCP S General Setting Subnet Mask 255 255 255 0 3 Lease Time 864000 86400 default Figure 141 DHCP Server 300 EtherWAN Managed Switch Users Guide To check what IP addresses has been allocated to which DHCP clients 1 Click on the DHCP Binding Table link see Figure 142 2 Click onthe DHCP General Setting link to get back to the previous DHCP configuration Web GUI page see Figure 143 Management Switch System CH Diagnostics Port Switching
108. e Configuring the IGMP query interval parameter switch _a gt enable switch _a configure terminal switch a config interface vlanl1 1 vo switch a config if ip igmp query interval 125 switch a config q switch a Usage Example Configuring the IGMP max response time parameter switch _a gt enable switch a configure terminal switch a config interface vlanl1 1 switch a config if ip Lomp query max response time 10 E switch a config q switch a 280 EtherWAN Managed Switch Users Guide To control how the switch forwards unknown multicast packets when the switch is in IGMP Disabled mode follow the instructions below CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp snooping passive forward all ip igmp snooping passive forward none ip igmp snooping passive forward lt ifname gt lt ifname gt lt ifname gt Usage Example Flood all unknown multicast packets switch _a gt enable switch a tconfigure terminal switch al switch al switch a config ip Lomp snooping passive forward all Pes config q Usage Example Drop all unknown multicast packets switch _a gt enable switch _a configure terminal switch al switch al switch a config ip Lomp snooping passive forward none Ped config q Usage Example Forward unknown multicast packets to the specified ports only switch _a gt enable switch a configure
109. e CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 ageing time time in ms Usage Example switch _a gt enable switch _a configure terminal switch _a config bridge 1 ageing time 300 E switch _a config q switch a Enabling Port Isolation To enable Port Isolation for a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax port isolation enable Usage Example switch _a gt enable switch a configure terminal switch a tconfigure interface fel switch a config port isolation enable E switch a config q E switch a config q switch ai 102 EtherWAN Managed Switch Users Guide Enabling Block Multicast To enable Block Multicast for a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax switchport block multicast Usage Example switch _a gt enable switch _a configure terminal switch _a configure interface fel switch a config switchport block multicast E switch a config q switch a config q switch a Setting Storm Control To set the value for the Broadcast and or DLF Multicast Storm Control value of a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax stormcontrol lt broadcast d
110. e also uses the following typographic conventions Convention Description Indicates text on a window other than the window title including menus menu options buttons fields and labels Italic Indicates a variable which is a placeholder for actual text provided by the user or system Angled brackets lt gt are also used to indicate variables Indicates text that is displayed on screen or entered by the user lt gt angled Indicates a variable which is a placeholder for actual text provided by the user or system Italic font is also used to brackets indicate variables square Indicates optional values brackets Indicates required or expected values vertical bar Indicates that you have a choice between two or more options or arguments xvii EtherWAN Managed Switch Users Guide EtherWAN UNPACKING AND INSTALLATION This chapter describes how to unpack and install the EtherWAN Managed Switch The topics covered in this chapter are Package Contents Page 18 Unpacking Page 18 Required Equipment and Software Page 19 Computer Setup Page 20 Management Methods and Protocols Page 20 Default IP Page 21 Login Process and Default Credentials Page 21 Ooovocvooo oO Setting the initial IP address Page 22 Package Contents When you unpack the product package you will find the items listed below Please inspect the contents and report any apparent damage or missing items immediately to y
111. e configuration see the Save Configuration Page Bridge Priority 0 61440 100100e0b32103e4 Root Port 0 Root Path Cost 0 Bridge ID 100100e0b32103e4 Update Setting Figure 63 Setting the MSTI Regional Root Bridge 153 EtherWAN Managed Switch Users Guide MSTP Port Setting page Adjusting the blocking port in a MSTP network To navigate to the STP Ring MSTP Port Setting page 1 Click on the next to STP Ring 2 Click on MSTP Port Setting You can adjust the location of the blocking port in a MSTP network by modifying the Port Priority and the Path Cost of the ports on the switch Modifying the Port Priority adjusts the blocking port between two switches Modify the Port Cost adjusts the location of the blocking port in a MSTP loop To modify the Port Priority and the Path Cost of the ports on a MSTP switch for the MSTI instance only please follow the below steps 1 Choose the correct MSTI Spanning Tree instance from the drop down list under Instance ID see Figure 64 2 Choose the correct port number from the drop down list under Port and enter the proper value under the Priority and the Admin Path Cost text box 3 Click on the Update Setting button see Figure 64 4 Save the configuration see the Save Configuration Page EtherWAN Managed Switch Users Guide 154 Port Instance Configuration jee Cost Bridge ID Root ID Path Cost BREET EE 112 Toona jeooeoocooeoenoo 128 200000 00000000
112. e hours can be defined using a dash ex 1 23 To disable PoE scheduling on a port use the no poe enable command Usage Example 1 switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if poe schedule time 0 10 switch a config if q E switch a config q switch a Usage Example 2 Multiple hours switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if poe schedule time 0 10 14 switch a config if q switch a config q switch a EtherWAN Managed Switch Users Guide 117 schedule time hour To enable PoE Power Scheduling on a port use the following CLI command CLI Command Mode Interface Configuration Mode CLI Command Syntax poe schedule time lt day gt lt hour gt Day 0 Sunday to 6 Saturday Hour 1 to 23 To disable PoE scheduling on a port use the no poe enable command Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if poe schedule time 0 10 switch a config if q switch a config q switch a EtherWAN Managed Switch Users Guide 118 TRUNKING Overview Port Trunking refers to the use of multiple network connections in parallel to increase the link speed beyond the limits of any one single cable or port This is commonly called link aggregation These aggregated l
113. e text entry box next to Max Hops 2 Click on the Update Setting button see below 3 Save the configuration see the Save Configuration Page MSTP Properties Region Name Region_1 Revision Level 0 Max Hops Digest 0x0A93D2F3DF9DA7495DB99A256750491A CIST Root ID 100000e0b32103de CIST Reg Root ID 100000e0b32103de CIST Bridge ID 100000e0b32103de Update Setting Figure 60 MSTP Properties Max Hops 150 EtherWAN Managed Switch Users Guide MSTP Instance Setting Page Setting an MSTP Instance Navigate to the STP Ring MSTP Instance Setting page 1 2 Click on the next to STP Ring Click on MSTP Instance Setting To create the Spanning Tree instances to be run inside a MSTP Region and its VLAN mappings follow the below steps 1 2 4 5 Click on the VLAN Instance Configuration button see Figure 61 Choose the VLAN that you want to map to a MSTI instance from the VLAN ID drop down box see Figure 62 Enter the Instance ID that you want the VLAN to map to In the text entry box next to Instance ID 1 15 Click on the Update Settings button Save the configuration see the Save Configuration Page Note You can enter a new instance number here which is how a new MSTI instance is created You can use an existing MSTI instance if it has already been created on another switch 151 EtherWAN Managed Switch Users Guide Ze ex Lie el P ae SEH Le e D I 4 7 I e gt I Gs E
114. e ynamic V Disable Switching Trunking Update Setting STPRing VLAN a Qos ae os GVRP Arisan GVRP Rega SNMP E 021X Disable D Normal Disable EN Cf 2 Disable Normal Disable CO LLDP ieee 3 Disable Normal Disable SAR Disable Normal sl Disable MP Snooping NIP Disable Normal D Disable x Figure 124 GVRP 260 EtherWAN Managed Switch Users Guide General Overview To enable the GVRP protocol on your network you must make sure that the switches in your network are configured with the minimum requirements for each type of switches listed below For the Access Switches at the edge of the network below are the minimum requirements All of the user VLANs have been created in the VLAN Database The IP address for the Management VLAN has been configured The appropriate Port Type Access or Trunk and the PVID have been configured for all the ports of the switch All the member Trunk ports for all the user VLANs have been configured The GVRP protocol has been globally enabled and GVRP is locally enabled on the Trunk Ports as well For the Distribution Switches in the core of the network below are the minimum requirements The Management VLAN has been created in the VLAN Database The IP address for the Management VLAN has been configured The appropriate Port Type Access or Trunk and the P
115. eam drop down box 3 Click on Update Setting Figure 39 Link State Tracking Port Settings 96 EtherWAN Managed Switch Users Guide PoE System and Port Settings This section only applies to Managed EtherWAN Switches with support for PoE To navigate to the PoE page 1 Click on the next to Switching 2 Click on PoE PoE System Setting The PoE Page provides access to PoE System Setting information and configuration The information provided is See Figure 40 1 Main Supply Voltage 2 System Temperature 3 Power Allocation Actual wattage supplied to attached PoE device s 4 System Power Budget Configurable The default value depends on the model of switch PoE System Setting Main Supply Voltage 47 00 V System Temperature 41 74 C Power Allocation 7 81 W System Power Budget 144 11 W The value of System Power Budget should greater than the sum of all port s Consumption Figure 40 PoE System Setting 97 EtherWAN Managed Switch Users Guide PoE Port Setting The PoE Port Setting section provides the following configurable settings and information 5 10 11 12 13 Enable Mode Set the PoE Enable Mode by selecting one of the following settings in the drop down box under PoE Mode see Figure 41 o Enable Enable PoE on a specific port o Disable Disable PoE on a specific port o Scheduling Schedule time of day that PoE will be e
116. ec urrent Forward Delay sec 00000 CH opology Change Count CH Sat Jan 16 18 20 IER 32768 in FA to CH CH ime Since Last Topology Change Spanning Tree Protocol Bridge Priority 0 61440 Hello Time 1 10 sec Max Age 6 40 sec Forward Delay 4 30 sec STP Version j CH D Update Setting ee Figure 55 Enabling MSTP EtherWAN Managed Switch Users Guide 144 The CIST Root Bridge amp Backup CIST Root Bridge In order to configure a switch to be the CIST Root Bridge of a Spanning Tree network you just have to make sure that the Bridge Priority which is the most significant 4 bits of the Bridge ID of the switch is the lowest among any of the switches on the network Similarly for the Backup CIST Root Bridge it must have the next lowest Bridge Priority of all the switches This Bridge ID is a concatenation of 3 values a 4 bit Bridge Priority most significant a 12 bit System ID less significant and the 48 bit MAC address of the local switch least significant see below Bridge II gt Bridge Priority System ID Ext MAC Address 4 bits 12 bits 6 bytes Figure 56 Bridge ID Setting Bridge Priority To set the Bridge Priority 1 Enter the Bridge Priority ID in the text box to the right of Bridge Priority 0 61440 2 Click on the Update Setting button Va Note The valid values for this parameter are from 0 to 61440 in increments of 4096 you will see this value
117. ec MSTP Properties MSTP Instance Setting opology Change Count N Setti E ER ime Since Last Topology Change a Ring Setting 00000e0b33307bc 00000e0b33307bc FE W 3 g 5 TK Te Q in urrent Forward Delay sec C w m o re d w in ih Advanced Setting VLAN Spanning Tree Protocol OH Qos Bridge Priority 0 61440 DCH ACL DCH SNMP DCH 8021X LLDP CH Others Protocols NS O D D zizin 3 E E ilele J aja E a Elala TESE kaa Elule ls MP n A ei Ki Wi als D STP Version Update Setting Figure 51 Max Age Hello Timer amp Forward Delay 135 EtherWAN Managed Switch Users Guide RSTP Port Setting Page To navigate to the STP Ring RSTP Port Setting page 1 Click on the next to STP Ring 2 Click on RSTP Port Setting Spanning Tree Port Roles In a stable RSTP topology each port on a switch can function in any one of 4 different Spanning Tree port roles These Spanning Tree port roles are see Figure 52 e Root Port e Designated Port e Alternate Port e Backup Port TER ERREEN E E 8 Wan ih z ou e 3 64 EtherWAN 2 Management Sitch Ce Dis 16 DsabledDiscarine 128 200000 Shared Conf Awo Cum Edge of Gr E Siting EE 128 200000 Shared Conf Awo Cum Edge of Toni 19 Disabled Discardne 128 200000 Shared Conf Awo Cum Edge o
118. ed in the access list will be allowed 201 EtherWAN Managed Switch Users Guide Configuring ACL To navigate to the ACL ACL Configuration page 1 Click on the next to ACL 2 Click on ACL Configuration In order to enable the ACL feature on the EtherWAN switch the QoS feature must be enabled on the switch as well In order to apply the ACL packet filtering features on a port you must 1 Create and configure an ACL Access List first 2 Next you will need to create and configure an ACL Class Map 3 Associate the previously created ACL Access Lists to this ACL Class Map 4 Next create and configure an ACL Policy Map 5 Associate all the appropriate and necessary ACL Classes into this ACL Policy Map 6 Then apply this ACL Policy Map and all the Access Lists that it contains to a specific port To enable the ACL feature on the EtherWAN switch first enable the QoS feature using the steps below see Figure 88 1 From the drop down list next to QoS choose the Enable option 2 Click on the Submit button For more details see QoS 202 EtherWAN Managed Switch Users Guide EtherWAN i Management Switch gt System gt Diagnostics Port Switching CH Trunking STP Ring VLAN SE Global Configuration 802 ip Priority DSCP ACL CO SNMP 802 1x LLDP Others Protocols ese Gm Strict
119. elow the Chain Pass Through Port 2 heading choose the remaining daisy chained port on the switch to be the Chain Pass Through Port 2 for the switch 3 To change the port number for either of the Chain pass through ports on the switch you must first click on the Disable button to clear the settings for both Chain Pass Through ports Repeat the previous steps to set the new port numbers to be Chain Pass Through 4 Click on the Submit button to load the changes into the running configuration Set Chain Pass Chain Pass Through Port 1 Chain Pass Through Port 2 Through Port fe6 Y FORWARD FORWARD Disable Update Setting 169 EtherWAN Managed Switch Users Guide Configuring Alpha Chain using CLI commands For more information on CLI command usage see CLI Command Usage Storm Control To disable the automatic enabling of Storm Control feature on all the ports use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax no bridge 1 chain storm Usage Example switch _a gt enable switch _a configure terminal switch _a config no bridge 1 chain storm E switch _a config q switch a Configuring Chain Ports To configure the Chain Ports on a Chain Port Switch use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax chain port enable no chain port Usage Example 1 Enabling a chain port switch _a gt enable switch a configure te
120. enable login switch _a configure terminal switch_a config line console 0 E switch _a config Switching Sing ine login e Multi User mode need to reboot the switch to take effect switch _a config ine q E switch _a config q switch a 56 EtherWAN Managed Switch Users Guide Creating a New User To create a new user use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax username lt user name 4 to 16 characters gt privilege lt admin operator technician gt password lt 8 blank gt lt password 1 to 35 characters gt Va Note The optional lt 8 gt CLI command after the CLI command password is used to specify that the password should be displayed in encrypted form in the configuration file Usage Example switch a gt enable switch a configure terminal switch a config switch a config switch a config switch a switch _a config config switch _a config switch a config switch a username username username username username username q userl userl user2 user2 user3 user3 privilege privilege privilege privilege privilege privilege operator password 1234 operator password 8 1234 technician password 4321 technician password 8 4321 admin password 5678 admin password 8 5678 57 EtherWAN Managed Switch Users Guide Permissions T
121. erWAN Managed Switch Users Guide 173 Configuring Spanning Tree Advanced Settings using CLI commands For more information on CLI command usage see CLI Command Usage Enabling BPDU Guard Globally To enable the BPDU Guard feature globally on the switch use the below CLI commands for more information on CLI command usage and typographic conventions please click here CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 spanning tree portfast bpdu guard Usage Example switch _a gt enable switch _a configure terminal switch _a config bridge 1 spanning tree portfast bpdu guard E switch _a config q switch a Enabling BPDU Guard on a Port To enable the BPDU Guard feature on a individual switch port use the CLI commands below CLI Command Mode Switch Port Interface Configuration Mode CLI Command Syntax spanning tree portfast spanning tree portfast bpdu guard enable Usage Example switch _a gt enable switch _a tconfigure terminal switch a config interface fel switch _a config if spanning tree portfast switch config if spanning tree portfast bpdu guard enable config if q config q a switch a switch a switch a 174 EtherWAN Managed Switch Users Guide Enabling BPDU Guard Error Disable timeout To enable the BPDU Guard Error Disable timeout feature on a switch port and set the timeout interval use the CLI commands below CLI
122. ere CLI Command Mode General Configuration Mode CLI Command Syntax snmp server enable snmp server description lt 1 256 characters gt snmp server location lt 1 256 characters gt snmp server contact lt 1 256 characters gt Usage Example switch az enable switch a configure terminal c switch_a config snmp server enable ce switch_a config snmp server description Hub Switch 1 switch confi snmp server location First Floor Closet confi a switch a snmp server contact Administrator a switch a confi switch ai EtherWAN Managed Switch Users Guide 237 Configuring SNMP Traps To configure the Trap features of the SNMP protocol on the switch you use the following CLI commands CLI Command Mode General Configuration Mode Interface Configuration Mode CLI Command Syntax snmp server trap community 1 lt 1 256 characters gt snmp server trap community 2 lt 1 256 characters gt snmp server trap community 3 lt 1 256 characters gt snmp server trap community 4 lt 7 256 characters gt snmp server trap community 5 lt 1 256 characters gt snmp server trap ipaddress 1 lt P Address gt snmp server trap ipaddress 2 lt P Address gt snmp server trap ipaddress 3 lt P Address gt snmp server trap ipaddress 4 lt P Address gt snmp server trap ipaddress 5 lt P Address gt snmp server trap type enable linkDown snmp server trap type enable linkup snmp server
123. ess List to allow or deny an source IP address range and destination IP address range pair access to the switch use the following CLI commands with the Access list ID in the range from 100 199 or from 2000 2699 CLI Command Mode General Configuration Mode CLI Command Syntax ip access list lt 100 199 2000 2699 gt permit ip lt source IP gt lt source bit mask gt lt destination IP gt lt destination bit mask gt ip access list lt 100 199 2000 2699 gt deny ip lt source IP gt lt source bit mask gt lt destination IP gt lt destination bit mask gt ip access list lt 100 199 2000 2699 gt deny ip any any Usage Example swi swi swi 192 swi 192 swi swi swi tch a gt enable tch_a config tch_a config tch_a config tch_a config tch af tch a configure terminal ip access list 100 permit ip 192 168 1 224 0 0 0 31 168 1 224 0 0 0 31 ip access list 100 deny ip 192 168 1 224 0 0 0 31 168 1 224 0 0 0 31 ip access list 100 deny ip any any q 222 EtherWAN Managed Switch Users Guide Creating a MAC Access List To create anew MAC Access List to allow or deny a source and destination Ethernet address pair access to the switch use the CLI commands below with the Access list ID in the range from 100 199 or from 2000 2699 CLI Command Mode General Configuration Mode CLI Command Syntax mac access list lt 2000 2699 gt permit lt source MAC address gt lt source bit mas
124. estore RT EE A4 AUTO EE A4 Save Configuration Page using ell 45 Saving a Configuration oes aawdea eS ea aana aana anana eaaa nana eran 45 Restore Default Settings sananaaae arana aana anana aana ENEE SEN 45 Load Configuration from a TFTP Server naas arene nenen aaa nane nana anana anaa 46 Save Configuration to a TFTP Server aana eea a eaaa eaaa aaa a anana aaa aana nener ene 46 Auto Eet UE e EE 47 Firmware Upgrade eege a E Ee 48 Firmware Update using the CLI aa aaaan anane EEN 49 FRG DOCU Fret aaa Ta D D a AE aga aa a e a a ga aan ga aa abe eee paga e aga ag D 50 Reboot using the EE 50 LOGOUT a PA ees eeh SAN atin ex Newsies A NA RN KAN KA E KAN ra 50 Lee fromthe Ee geegent 50 Ser necount Pages ee ck cee nk een hau eee seh aie Aenean eae ae 51 Changing the User Mode EE 51 Creating a New EE 52 Changing an Existing User Account 53 User Privilege Configuration EE 54 User Account Settings using the Cl 56 MultiUser Mode sasak asia aa eag a aa KE pa a e TG have a a na D Ba aga a a he auc NG aa naa ag oe 56 iv EtherWAN Managed Switch Users Guide Preface Single User Mode aaa aana kaa a aaa bah ga iw na Dada a eth nel pa eag legos 56 Creating WEE 5 Ferron eegene ee ee ENEE a Na ests ceed eeh e D a Ee 58 DIAQNOSUCS Sicuiccncsisincncacuanccdsccandvenauencueccdancedacndadudesdiadventsauccacugeceduceanauencugecucassduevencs 60 E ANON aaa tice naa Sense eae pa aaa Ca
125. etwork camera or any LLDP enabled device regardless of manufacturer Since LLDP runs over the data link layer only a switch running one network layer protocol can discover and learn about an access device running a different network layer protocol 246 EtherWAN Managed Switch Users Guide LLDP General Settings To navigate to the LLDP General Settings page 1 Click on the next to LLDP 2 Click on General Settings Enable Disable LLDP To enable LLDP on the EtherWAN Managed Switch 1 Select Enable or Disable from the Drop Down box in the LLDP field of the LLDP Transmit Settings box see Figure 120 2 Click on the Update Settings button 3 Save the configuration see the Save Configuration Page Holdtime Multiplier The Holdtime multiplier for transmit TTL is used to compute the actual time to live TTL value used in an LLDP frame The TTL value is the length of time the receiving device should maintain the information in its MIB To compute the TTL value the system multiplies the LLDP transmit TX interval by the holdtime multiplier For example if the LLDP transmit TX interval is 30 and the holdtime multiplier for TTL is 4 then the value 120 is encoded in the TTL field in the LLDP header To adjust the Holdtime multiplier 1 Enter a numeric value between 2 and 10 default is 4 in the Holdtime Multiplier text box 2 Click on the Update Settings button The TX Interval setting adjusts the time that LLDP informati
126. f aee E Gan ACL Figure 52 Spanning Tree Port Roles 136 EtherWAN Managed Switch Users Guide Path Cost amp Port Priority By default each port on a Spanning Tree switch will be assigned a Path Cost based on the port s transmission speed according to the IEEE standard below Link speed Recommended value Less than or equal 100Kb s 200 000 000 1 Mb s 20 000 000 10 Mb s 2 000 000 100 Mb s 200 000 1 Gb s 20 000 10 Gb s 2 000 100 Gb s 200 1 Tb s 20 10 Tb s 2 By default each port on a Spanning Tree switch will be assigned a Port Priority of 128 according to the IEEE standard This Port Priority is part of the Port ID which is a concatenation of 2 values Port Priority 4 bits Interface ID 12 bits see below Priority Port ID 4 Bits 12 Bits Figure 53 Port ID Port Priority is part of the Port ID which is a concatenation of 2 values Port Priority 4 bits Interface ID 12 bits The default values will work fine in most scenarios however there are times when you may need to adjust these values manually in order to influence the location of the Alternate Port the Root Port or the Backup Port 137 EtherWAN Managed Switch Users Guide To adjust the Port Priority value or the Path Cost value on a port 1 Choose the correct port from the drop down list under Port see below 2 Enter the proper value u
127. f the EtherWAN Managed Switch see Figure 28 1 Click on the Loopback Detect drop down box 2 Select Enable from the drop down list 3 Click on the Update Setting button Loopback Detect Action To change the action that the switch takes when a loopback condition is detected see Figure 28 1 Choose an action from the Loopback Detect Action dropdown list The available options are None and Error Disable 2 Click on the Update Setting button Loopback Detect Recovery Time To change the length of time that the Loopback Detect Action will stay in effect see Figure 28 1 Enter a value in the text box next to Error Disable Recovery Valid values range from 0 to 65535 seconds 2 Click on the Update Setting button 85 EtherWAN Managed Switch Users Guide Polling Interval To change the polling interval of the Loopback Detect function see Figure 28 1 Enter a value in the text box next to Interval Valid values range from 1 to 65535 seconds 2 Click on the Update Setting button General Setting LoopBack Detect Disable default v LoopBack Detect Action None default Error Disable Recovery 0 0 65535 seconds Default 0 linterval 1 30 seconds Default 1 1 NOTE Error Disable Recovery must over two times of Interval Update Setting Figure 28 Loopback Detection EtherWAN Managed Switch Users Guide 86 Loopback Detection Per Port To enable Loopback Detection for a particular p
128. f6 No Detecting fe7 No Detecting fs No Detecting fe9 No Detecting fe10 No Detecting gel No Detecting Ea CH ii CH CH DI O 4 Sep i CH CH No Detecting Figure 31 Storm Detect Per Port 89 EtherWAN Managed Switch Users Guide Static MAC Entry Occasionally it may be useful to specify a MAC address on a particular port and VLAN rather than adjusting the ageing time for the entire switch Alternatively it is also possible and even desirable to prevent a MAC address from ever being registered with a switch These features are offered under the Static MAC Entry menu To navigate to the Static MAC Entry menu 1 Click on the next to Switching 2 Click on Static MAC Entry Adding a Static MAC Address to a Port To add a static MAC entry for a particular port see Figure 32 1 Enter the MAC address for end the corresponding port s text box The format of the MAC address should be in the form aaaa bbbb cccc 2 Select the VLAN that this MAC address is associated with from the VLAN ID drop down list for the port 3 Click on the Submit button KE Add MAC Address a 0000 1111 2222 Delete MAC Address e0b3 1234 abch 1234 abcf E fe3 fe4 Figure 32 MAC Static Entry 90 EtherWAN Managed Switch Users Guide Removing a Static MAC Address from a Port To remove a static MAC entry for a particular port see Figure 33 1 For a
129. from 100 199 or from 2000 2699 into the text entry box next to the Create option drop down list You can enter a source and a destination IP address to allow an IP packet with these pair of IP addresses to gain entry into the switch To do this choose the permit option from the drop down list under the Action column Next enter the source IP address of the IP packet into the text entry box under the Source Address column Next enter the comparison Mask for the source IP address in reverse logic a binary 0 in the mask means this bit position needs to checked whereas a binary 1 in the mask means this bit position does not need to be checked into the text entry box from the Source Wildcard Bits column In reverse logic 255 255 255 0 is listed as 0 0 0 255 Next enter the destination IP address of the IP packet into the text entry box under the Destination Address column Next enter the comparison Mask for the destination IP address in reverse logic into the text entry box from the Destination Wildcard Bits column Next click on the Add button You can also filter the IP packet using the packet s source and destination Transport Layer protocol port numbers in addition to the source and destination IP addresses Just enter the source Transport Layer protocol port number into the text entry box under the port 1 65535 column following the source IP address comparison mask column Next enter the
130. g eng BEER VLAN Mode Setting 02 10 VLAN Setting 02 10 Port Setting Port Based VLAN Figure 82 VLAN Links 2 Check the check box next to the port number that should be the egress member port for this VLAN 3 Click on the Submit button see Figure 83 o Note If an egress member port for a VLAN has the PVID set on that port to be the same as the VLAN then that port will automatically be configured as an egress member port for the VLAN by the switch If a check box is not checked and is grayed out it is because that port is an Access Port with the PVID set to bea different VLAN than the current VLAN 188 EtherWAN Managed Switch Users Guide SCH ACL SCH we SCH HX HO LD Z CH Others Prococois Figure 83 VLAN Ports If any of the egress member ports are Hybrid ports you must also configure the Tag action on this port see Figure 84 4 Select the correct Tag option in the drop down list under Tag or Untag for this port 5 Click on the Submit button EtherWAN d HEEESREEE ITT a a bua kd GQ Management Switch O System Diagnostics VLAN ID VLAN Name VLANO400 KO Port T eae CPU Port Tronking Tag or Untag PC STPRig VLAN Mode Ser oe ACL fou CH Others Protocols i Unta maal Figure 84 Tag or Untag ports 189 EtherWAN Managed Switch Users Guide QOS QoS Quality of Service refers to severa
131. g aaa Danan 292 GMRP Fixed Mode EE 292 GMRP Forbidden ae TER 293 GMRP Forward All mode E 293 GMRP Disabled mode EE 293 Enabling the GMRP Feature Globally on the Switch ssssssseeeneeesssesrrrrnreesses 293 xi EtherWAN Managed Switch Users Guide Preface Configuring the GMRP Feature Per Port 294 GMRP Configuration Examples Using CLI Commande asaaaananeneen ani 297 NIR 299 General e 299 Configuring the DHCP Server 2 2cc ccccsecccsesecsseeneeaseessseerseseceateecssnctconsceettnerese 299 DHCP Configuration Examples Using CLI Commande sssssssseseeeeeeeeeeeeeeeeeeeee 302 TABLE OF FIGURES Figure 1 Figure 2 Figure 3 Figure 4 Figure 5 Figure 6 Figure 7 Figure 8 Figure 9 Figure 10 Figure 11 Figure 12 Figure 13 Figure 14 Figure 15 Figure 16 Figure 17 Figure 18 Figure 19 Figure 20 Figure 21 Figure 22 Figure 23 Figure 24 Figure 25 Figure 26 Figure 27 Figure 28 Figure 29 Figure 30 Beie age 21 Assigning AN IP address inaa ramene anas A Papa A aa an akak aan ga a NA 22 System Information E 27 System Name Password E 28 e le 31 Management Interface EEN 38 Save Configuration Page vieicc vtemirssecertiamierniee nenen anane nagan ieee aden 44 Firmware Upgrade Page ee eee eee en renee eee eee 49 User e 51 deis 52 Selecting an Existing User Account 53 Deleting a User AC COUN sei acces secs bess acs ca szciagees dacs Baceceencnatess see ceceeneaasels Raretiezecias
132. ged Switch Users Guide PoE Scheduling PoE Scheduling allows PoE ports to have their power up time scheduled by hour of the day and day of the week In order for a port to follow a schedule defined here the port must be set to Scheduling on the PoE settings page see PoE Port Setting To navigate to the PoE Scheduling page 1 Click on the next to Switching 2 Click on PoE Scheduling Each PoE port on the switch can be schedule to power up and down automatically To configure a port 1 Select the port from the drop down list See Figure 42 PoE Per Port Scheduling Port fei Le Status Not Scheduled Figure 42 Selecting a Port 2 Select the hour s of day for each day of the week see Figure 43 3 Click on the Submit button 100 EtherWAN Managed Switch Users Guide Port fel Status Not Scheduled Time Sun mmm mmm 01 00 02 00 03 00 04 00 05 00 06 00 07 00 08 00 09 00 10 00 11 00 12 00 13 00 14 00 15 00 16 00 17 00 18 00 19 00 20 00 21 00 22 00 23 00 Wea Tm Fi S O T T we e emm emm emm em ii z 2 _SelectAll Delete An Figure 43 PoE Power Scheduling 101 EtherWAN Managed Switch Users Guide Switch Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Setting the Aging Time Value To update the Aging Time value on the EtherWAN Managed Switch use th
133. guration Access Switch EtherWAN Managed Switch Users Guide Enabling the GVRP Protocol at the Port Level To navigate to the Other Protocols GVRP page see Figure 124 1 Click on the next to Other Protocols 2 Click on GVRP To enable the GVRP protocol locally at the port level for both the Access switch and the Distribution switch apply the following procedures to all the Trunk Ports of the switch 1 For all the Trunk Ports under the Per Port Setting include LAG section choose the Enable option from the drop down list under the GVRP column 2 For all the Trunk Ports under the Per Port Setting include LAG section choose the Active or Normal option from the drop down list under the GVRP Applicant column o Active Use this option if you want to run the GVRP protocol on that Trunk Port even if it is blocked by the STP protocol o Normal Use this option if you do not wish to run the GVRP protocol ona Trunk Port when it is being blocked by the STP protocol 3 For all the Trunk Ports under the Per Port Setting include LAG section choose the Enable option from the drop down list under the GVRP Registration column 4 Click on the Update Setting button 5 Save the configuration see the Save Configuration Page Ke Management Switch DCH System Senn SC DCH Port SN EE SCH Switching DCH Trunking Update Setting STP Ring DC VLAN OH Qos SE Pon GVRP GVRP Applicant GVRP Regrat SNMP Sie GVRP e Ca pame
134. h _a gt enable switch a configure terminal switch a config multiuser access IP Address tech read write oper read only switch a config multiuser access System Log tech show oper hide switch a config q switch ai EtherWAN Managed Switch Users Guide 59 DIAGNOSTICS Utilization To navigate to the Utilization page 1 Click on the next to Diagnostics 2 Click on Utilization The Utilization page shows see Figure 14 e CPU Utilization Current and Max Utilization e Memory Utilization Total Used and Free Memory mangan EtherWAN Hn B CPU Utilization Current utilization 24 Max utilization 26 Remote Logging Memory Utilization ARP Table Total Used Free Route Table 63200 KB 46112 KB 17088 KB Alarm Setting Figure 14 Utilization Page 60 EtherWAN Managed Switch Users Guide System Log To navigate to the System Log page 1 Click on the next to Diagnostics 2 Click on System Log The System Log shows the data and time of port links going up or down see Figure 15 EtherWAN lt K Management Switch DCH System P E Diagnostics up on Port taken Link up on Port 26 System Log E At Jan 02 2010 00 56 49 04 57 25 Link down on Port 26 SE At Jan 02 2010 00 56 52 04 57 28 Link up on Port 16 ARP Table At Jan 02 2010 00 56 56 04 57 32 Link down on Port 25 Route Table 6 At Jan 02 2010 00 57 00 04 57 36 Link up on Port 24 ECO Port 7 A
135. h the TCP IP protocol itself in this case through the UDP protocol It is based on the client server paradigm The EtherWAN switch can be setup as a DHCP server to allow any DHCP client to dynamically obtain its IP address default router and DNS servers General Overview The EtherWAN switch can function as a DHCP server for a single VLAN it can be any VLAN on the switch When functioning as a DHCP server the EtherWAN switch can be configured with a range of IP addresses default gateway and DNS servers which will allow the switch to use the dynamic configuration function of the DHCP protocol to provide any TCP IP device that is a DHCP client to dynamically obtain an IP address default router and DNS servers The EtherWAN DHCP server can also be configured with a lease period that the DHCP clients are allowed the use of their assigned IP address In this simple implementation both the DHCP Client and the DHCP Server must be on the same network same VLAN Configuring the DHCP Server To navigate to the DHCP Server page 1 Click on the next to Other Protocols 2 Click on DHCP Server see Figure 141 You can use the GUI to set the following DHCP server parameters e DHCP Server Enable e DHCP VLAN e DHCP Client Parameters o IP Address range o Subnet Mask o Default gateway o Primary and Secondary DNS e DHCP Client lease time 299 EtherWAN Managed Switch Users Guide To set the DHCP server parameters 1 From the drop
136. hat you wish to apply this application select the Enable option from the drop down list under the GMRP Forward All column e Click on the Update Setting button H you do not want a port to participate in the GMRP protocol configure the items listed below e For each port that you wish to apply this application select the Disable option from the drop down list under the GMRP column e Click on the Update Setting button 296 EtherWAN Managed Switch Users Guide GMRP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage To enable or disable GMRP globally on the EtherWAN switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gmrp enable bridge 1 set gmrp disable bridge 1 Usage Example switch switch switch switch switch switch _a gt enable _a configure terminal a a a af EZ config set gmrp enable bridge 1 E config set gmrp disable bridge 1 config q To enable GMRP locally on a port on the EtherWAN switch you must use the below CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set port gmrp enable lt port id gt set port gmrp enable lt port id gt Usage Example switch switch switch switch switch switch _a gt enable _a configure terminal a a a af E config set port gmrp enable fel
137. he network devices To Add a MAC Address to a port 1 Select the Enable or Disable from the Mode column for the port you want to configure 2 Enter the MAC Address of the device you want to connect to the port 3 Click Update Setting To remove a MAC Address from a port 1 Select the MAC Address from the Dropdown list next to the port that you want to configure see Figure 26 2 Click on Update Setting fre woe eat Ex 0000 1122 3344 Pn ania ae Disable v A e 3 Disable v fes Disable v fe5 Disable 6 Disable v k fe7 Disable fes Disable v 9 Disable v X fe10 Disable v Update Setting Figure 26 Port Security 75 EtherWAN Managed Switch Users Guide Port Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Setting the Port Description To provide a description of a port use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax description lt description text gt Usage Example switch _a gt enable switch a configure terminal switch a config int fel switch_a config if description A Port Description switch a config q switch a config q switch a Enable or Disable a Port To administratively enable or disable a port use the CLI commands below CLI Command Mode Interface Configuration Mode CL
138. her Enable or Disable 2 Click on the Submit button EtherWAN 3 Management Switch a ink Status i Admin Setting Speed Flow Control SCH System DLC Diagnostics Running LinkUp Auto X Enable v OCH Port fe2 Down LinkUp Auto X Enable v Configuration fe3 Down LinkUp Auto X Enable Port Status fe4 Down LinkUp Auto h Enable v Rate Control Down LinkUp Auto Enable fe5 Down LinkUp e Auto X Enable v RMON Statisti Per Pest ee fe6 Down LinkUp Auto X Enable OR fe7 Down LiikUp Auto X Enable DICH Switching fe8 Down LinikUp Auto X Enable DCH Trunking 9 eege LinkUp 100MFD Enable PE SEE fe10 Down LinkUp 100M FD Enable i o bo gel Down Link Up X Auto X Enable ICH QoS meo HE SNMP ge2 Down LinkUp Auto X Enable v smx H LLDP Figure 21 Port Configuration 70 EtherWAN Managed Switch Users Guide Port Status To navigate to the Port Status page 1 Click on the next to Port 2 Click on Port Status This page is a read only page that lists the settings described in the previous section It is useful if all the user intends to do is read the values of the port settings not modify the port settings The Port Status page shows see Figure 22 Port Number fe n for 100mb ports and ge n for Gigabit ports Link Status Operat
139. herWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax clock summer time lt Name of Time Zone gt date lt start date gt lt start month gt lt start hour gt lt start minute gt lt end date gt lt end month gt lt end hour gt lt end minute gt lt time offset in minutes gt Usage Example switch _a gt enable switch a configure terminal switch a config clock summer time CDT date 9 March 2 0 2 November 2 0 60 switch a config q switch a 291 EtherWAN Managed Switch Users Guide GMRP The settings in the GMRP feature controls how the switch automates the process of multicast packet forwarding both within a single switch as wells as between switches in a bridged network With the GMRP feature enabled when the switch receives any GMRP multicast group registration requests from either a multicast client or a neighbor switch the switch will register these multicast groups on these ports and will only transmit the multicast packets that belong to these groups to these ports The switch will also automatically propagate these multicast group registrations onto the neighbor switches to allow the neighbor switches to forward the multicast packets that belong to these groups to the local switch To navigate to the Other Protocols GMRP page 1 Click on the next to Other Protocols 2 Click on GMRP General Overview The ports on the EtherWAN switch ca
140. herWAN Managed Switch is used to configure the VLAN settings Example switch _a gt enable switch _a configure terminal switch_a config vlan database switch_a config vlan Saving a Configuration from the CLI Example switch _a gt enable switch a write memory Building configuration OK switch_a gt 25 EtherWAN Managed Switch Users Guide SYSTEM MENU System Information The System information link on the Left menu of the Web Configuration page takes you to a page that shows the following see Figure 3 e System Name o The System name is typically used by network administrators If SNMP is enabled on the switch the system name can be found using MIB II RFC1213 in the sysName property e Firmware Version o If SNMP is enabled on the switch the Firmware version can be found using MIB II in the sysDesc property e System Time o System time can be change using NTP e MAC Address o The hardware MAC address of the Management interface e Default Gateway o The IP address of your networks Gateway Typically a Router on your network e DNS Server o The Dynamic Name Server DNS for your network e VLAN ID o One or more listings depending on the number o VLANs defined on the switch o Lists VLAN ID IP address and subnet mask of the VLAN Interface s e Current User Information o Lists the current the currently logged in user and their user privileges 26 EtherWAN Managed Switch Users Guide
141. here can be more than one instance of Spanning Tree Protocol running simultaneously The MSTP protocol can then map multiple VLANs to each instance of Spanning Tree protocol to provide load balancing among the switches Between Regions the MSTP runs a single instance of Spanning Tree similar to and is backward compatible with the RSTP protocol Global Configuration Page Enabling the MSTP Protocol Navigate to the STP Ring Global Configuration page 1 2 3 Click on the next to STP Ring Click on Global Configuration Verify that the Spanning Tree Protocol is enabled see Figure 55 if not choose Enabled from the Spanning Tree Protocol drop down list Choose MSTP in the STP Version drop down list Click on the Update Setting button Save the configuration see the Save Configuration Page 143 EtherWAN Managed Switch Users Guide EtherWAN vd Management Switch KH System Diagnostics Port Switching Trunking STPRing Global Configuration RSTP Port Settin MSTP Properties MSTP Instance Setting MSTP Port Setting a Ring Setting Advanced Setting VLAN a Qos ACL SNMP 3021X DCH LLDP Others Protocols 800000e0b33307bc 000000cdb163aa0 00000e0b33307bc ka Mj Mj Mo Mo o in Gi Designated Root eg Root ID oot Port oot Path Cost Current Max Age sec Current Hello Time s
142. if ip igmp snooping fast leave config q Usage Example Disabling the IGMP fast leave feature switch switch switch swi switch teh swi tch _a gt enable _a configure terminal a a a af ZE config interface vlanl 1 config if no ip Lomp snooping fast leave config q To enable or disable the IGMP Report Suppression feature on a VLAN use the CLI commands below CLI Command Mode VLAN Interface Configuration Mode CLI Command Syntax ip igmp snooping report suppression no ip igmp snooping report suppression Usage Example Enabling the IGMP Report Suppression feature switch switch switch swi swi swi tch tch tch _a gt enable _a configure terminal a a E config interface vlan1 1 a config if ip igmp snooping report suppression a config q af 279 EtherWAN Managed Switch Users Guide Usage Example Disabling the IGMP Report Suppression feature switch _a gt enable switch a configure terminal switch a config interface vlanl1 1 switch a config if no ip igmp snooping report suppression wes switch a config q switch a To configure the IGMP query interval and the max response time settings per VLAN use the CLI commands below CLI Command Mode VLAN Interface Configuration Mode CLI Command Syntax ip igmp query interval lt 10 18000 gt ip igmp query max response time lt 1 240 gt Usage Exampl
143. if multicast gt lt level gt Usage Example switch _a gt enable switch _a configure terminal switch_a configure interface fel switch a config storm control broadcast 20 E switch a config q switch a config q switch a 103 EtherWAN Managed Switch Users Guide Enabling Loopback Detect Global To enable Loopback Detect on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 loopback detect lt enable disable gt Usage Example switch _a gt enable switch _a configure terminal switch _a config bridge 1 loopback detect enable E switch _a config q switch a Setting the Loopback Detect Action To set the action for Loopback Detect on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 loopback detect action lt err disable none gt Usage Example switch _a gt enable switch a configure terminal switch _a config bridge 1 loopback detect action err disable E switch _a config q switch a Setting the Loopback Detect Recovery Time To set the recovery time for Loopback Detect on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 loopback detect errdisable recovery lt 0 65535 gt Usage Example switch a gt enable switch a configure term
144. ig interface fel switch a config if spanning tree link type point to point switch a config if q switch a config q switch ai Usage Example 2 Setting port 1 to be shared switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if spanning tree link type shared switch a config if q switch a config q switch ai 141 EtherWAN Managed Switch Users Guide Enabling Disabling a port to be an Edge Port To manually enable or disable a port to be an Edge Port use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax spanning tree spanning tree edgeport no spanning tree spanning tree edgeport Usage Example 1 Enabling edge port on port 1 switch _a gt enable switch _a tconfigure terminal switch a config interface fel switch a config if spanning tree edgeport switch a config if q E switch a config q switch a Usage Example 2 Disabling edge port on port 1 switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if no spanning tree edgeport switch a config if q P switch a config q switch a 142 EtherWAN Managed Switch Users Guide STP RING PAGE CONFIGURING MSTP The MSTP protocol adds a new concept called a Region to the Spanning Tree algorithm Unlike RSTP and STP inside each MSTP Region t
145. igure 35 Deleting a MAC Static MAC Entry Table 92 EtherWAN Managed Switch Users Guide Port Mirroring Port mirroring allows network traffic from one port to be copied or mirrored to another port This is a very useful troubleshooting feature in that all data from one port is sent to another port which is attached to a computer or other network device that is configured to capture packets This enables a network administrator or technician to see the traffic that is entering or leaving a particular port without disrupting normal network operations on the port that is being mirrored To navigate to the Port Mirroring menu 1 Click on the next to Switching 2 Click on Port Mirroring To configure port mirroring for a port or ports on the EtherWAN Managed Switch see Figure 36 1 Select the port or ports that traffic is to be mirrored from under the Mirror From column 2 Select the destination port under the Mirror To drop down box 3 Select the type of traffic that should be mirrored from the Mirror Mode drop down box The available options are a TX transmit only b RX Receive Only c TX RX Transmit and Receive 4 Click on the Submit button 93 EtherWAN Managed Switch Users Guide Figure 36 Port Mirroring To disable port mirroring for a port or ports on the EtherWAN Managed Switch see Figure 37 1 Under the Current Se
146. ilter the Ethernet packet using the Ethernet packet payload s EtherType number in addition to the source and destination Ethernet addresses Just enter the EtherType number of the Ethernet packet into the text entry box under the Ether type column Next you can also enter a comparison mask for the EtherType number into the text entry box under the Mask column next to the Ether type column To enter a MAC Access List entry in order to deny the entry of an Ethernet packet into the switch you must choose the deny option from the drop down list under the Action column Next enter the Ethernet addresses and the EtherType number using the same steps as in steps 11 and 12 You can also use the any wild card in lieu of entering an Ethernet address in the text entry box from both the Source MAC and Destination MAC column You will need to do this if at any time this Access List should become the very last Access List rule in a ACL Policy Map to serve as the catch all deny rule in order to deny any and all types of packets from entry into the switch that did not match any of the previous rules from all the previous access control lists 209 EtherWAN Managed Switch Users Guide Layer 4 Police Rate 1 1000000kbp ta C e esoe pr TO Figure 93 Layer 4 1 To use the Layer 4 access list feature and apply it to the new ACL Class select the Layer 4 option from the drop down list below Access List Type see Figure 93
147. inal switch a config bridge 1 loopback detect errdisable recovery 30 switch a config q switch ai 104 EtherWAN Managed Switch Users Guide Setting the Loopback Detect Polling Interval To set the polling interval for Loopback Detect on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 loopback detect interval lt 1 65535 gt Usage Example switch _a gt enable switch _a configure terminal switch _a config bridge 1 loopback detect interval 5 E switch _a config q switch a Enabling Loopback Detect Port To enable Loopback Detection on a port on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax loopback detect enable Usage Example switch _a gt enable switch _a configure terminal switch a interface fel switch a config loopback detect enable E switch a config q switch a config q switch a 105 EtherWAN Managed Switch Users Guide Configuring Storm Detect To Enable or Disable Storm Detect use the CLI command Below CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 storm detect errdisable no bridge 1 storm detect errdisable Default Disabled Usage Example Enabling storm detect switch a gt enable switch a configure terminal switch _a config bridge 1 storm detect errdisable swit
148. ing on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax mirror interface lt interface gt direction lt both tx rx gt Usage Example switch _a gt enable switch a configure terminal switch _a interface gel switch a config mirror interface fel direction both Po switch a config q switch a config q switch ai Enabling a Link State Tracking Group To enable a Link State Tracking Group on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax link state track lt group gt Usage Example switch _a gt enable switch _a configure terminal switch _a config link state track A E switch _a config q switch a 111 EtherWAN Managed Switch Users Guide Assigning a Port to a Link State Tracking Group To assign a port to a Link State Tracking group on the EtherWAN Managed Switch use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax link state group lt group gt lt upstream downstream gt Usage Example switch switch switch switch switch switch switch a gt enable a configure terminal a config interface fel a config if link state group 4 downstream a config if q E a config q af Setting PoE Power Budget To set the PoE Power Budget use the followi
149. ing to the ForceForwardMode will always be in effect z pa Force Forwarding Port Got SP geg Ca pi Pori F p Port Port Port P E eg CH E 2 i S BOCH LLDP E eg D a ae e oa ss TIES msg aa 15 16 17 18 gr 21 22 23 24 25 26 27 8 IGMP Snooping ajajojojnjojoajoajojoajoalnjoje Note Force switch forward all unknown multicast packet to force forwarding port this setting will toggle Passive mode forwarding port setting oo PasstveForwardMode ForceForwardMode UDLD NIP GMRP Update Setting Figure 135 IGMP Querier Mode Forwarding 275 EtherWAN Managed Switch Users Guide Monitoring Registered Multicast Groups To navigate to the Multicast Current Table page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping 3 Click on the Multicast Current Table link at the top of the page When the switch is in IGMP Passive or IGMP Querier mode registered Multicast Groups can be monitored on each port as well as the location of the IGMP Querier port see Figure 136 e All the registered multicast Groups will be listed in the Group Address column e The port where each registered Group ID was received can be found in the Membership column in each registered Groups corresponding row Note when an IGMP Querier port is present all registered multicast group IDs will show up in the Membership column as a checked box for the IGMP Querier port
150. inks may be used to interconnect switches or to connect high capacity servers to a network The EtherWAN EtherWAN Managed Switch supports up to six trunks for 100Mbps ports and up to two gigabit trunks Each 100Mbps trunk can be composed of up to eight 100Mbps ports while each gigabit trunk can support up to four gigabit ports There are two popular types of port trunking static and link aggregation control protocol LACH We will take a minute to discuss both types of trunking and why one would want to use them Static Channel Trunking Originally specified in the IEEE802 3AD specification and now in the IEEE 802 1AX2008 specification this type of trunking is the most basic and easiest to understand It simply is the aggregation of two or more Ethernet links to form a virtual link equivalent in bandwidth to the sum of its individual links For example if one had four 100Mbps Ethernet links composing a single static channel the overall bandwidth of the static channel would be 400Mbps Prioritization of data through the channel is simple as well When one of the links of the channel becomes saturated the excess data spills over into the remaining channels For example if one were sending a constant stream of data at 250Mbps through a static channel composed of 4 individual 100Mbps links the first two links of the channel would be completely saturated while the half of the third channel would be utilized and none of the forth channel would be
151. ional State of the Port s Link Port Description User supplied Port Description Admin Setting Administratively State of the Port Speed Speed and Duplex Settings for Port Flow Control State of Flow Control for the Port EtherWAN 2 See Set Port tatus Port Description Duplex Flow Control 2 Diagnostics fel EE 100M Auto Enable NO Port fe2 Down 100M Auto Enable Configuration Down 100M Auto Enable Post Status Down 100M Auto Enable Scorers fe5 Down 100M Auto Enable d cs b Per Port VLAN Activities Down 100M Auto Enable Port Security re CH Switching Down 100M Auto Enable e i gt a fe9 Down 100M Full Enable ie SE Sin Down 100M Full Enable Ae gel Down 1000M Auto Enable 1 SNMP ge2 Down r aan awe Figure 22 Port Status 71 EtherWAN Managed Switch Users Guide Rate Control To navigate to the Rate Control page 1 Click on the next to Port 2 Click on Rate Control The Rate Control page allows the user to set the maximum throughput on a port or ports on both packets entering the port from the connected device or packets leaving the port The Ingress text box controls the rate of data traveling into the port while the Egress text box controls the rate of data leaving the port d Note Entries will be rounded down to the nearest acceptable rate value If the value e
152. it was received When the destination node receives the flooded traffic it sends an acknowledgment packet back to the switch allowing the switch to learn the MAC address of the node and to add the address to its Ethernet switching table The switch uses a process called aging to keep the Ethernet switching table current For each MAC address in the Ethernet switching table the switch records a timestamp of when the information about the network node was learned Each time the switch detects traffic from a MAC address that is in its Ethernet switching table it updates the timestamp of that MAC address A timer on the switch periodically checks the timestamp and if it is older than the value set for mac table aging time the switch removes the node s MAC address from the Ethernet switching table This aging process ensures that the switch tracks only active MAC addresses on the network and that it is able to flush out from the Ethernet switching table MAC addresses that are no longer available The user can configure e How long MAC addresses remain in the Ethernet switching table e Add a MAC address permanently to the switching table e Prevent a MAC address from ever being registered in the switching table To navigate to the Bridging page 1 Click on the next to Switching 2 Click on Bridging 81 EtherWAN Managed Switch Users Guide Aging Time The Aging Time value is a global value and represents the time that a networked device
153. itch you must use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set port gvrp enable lt port id gt set port gvrp disable lt port id gt Usage Example switch switch switch swi swi swi tch tch tch _a gt enable _a configure terminal a config set port gvrp enable fel a config set port gvrp disable fel _a config q af By default when GVRP is enabled on a port the Applicant runs in Normal mode which means that the GVRP protocol will not send out any PDUs from a port if the port is being blocked by STP When you enable the GVRP Applicant to run in Active mode on a port the GVRP protocol will continue to send PDUs from a port even if the port is being blocked by STP The GVRP Applicant can be set to run in Normal or Active mode on a port by issuing the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gvrp applicant state normal lt port id gt set gvrp applicant state active lt port id gt Usage Example switch switch switch switch switch switch _a gt enable _a configure terminal a config set gvrp applicant state normal fel a config set gvrp applicant state active fel _a config q _at 265 EtherWAN Managed Switch Users Guide When you enable GVRP on a port the Registrar is enabled on the port by default You can enable or disable the GVRP Registrar on a po
154. itch _a configure terminal E switch _a config wrr queue cos map 1 0 1 E switch _a config q switch a 197 EtherWAN Managed Switch Users Guide DSCP Page HTTP Interface The DSCP submenu is much like the 802 1p submenu except there are many more DSCP priorities to choose from and they are all assigned to the lowest priority queue 0 For each DSCP priority the user can change the value of the queue to between 0 and 3 See Figure 3 for more information 2 3 H v mn np nn mn np wn nn mp mn AR 7 EtherWAN Ka Management Switch Others Protocols OHO O ojojojojoj ojo ol ojo oljo o Oji ojo ojo ojo ojo ooo Oji ojo 3 SHOP ojo ojo Oo Oji ojo oo Oo Oji oo o Oji ojo ojo ojo ojo ooo Oji ojo 0 4 Submit Figure 87 DSCP If the user changes any values on this page clicking on the Submit button allows them to take effect 198 EtherWAN Managed Switch Users Guide DSCP Submenu CLI Interface For more information on CLI command usage see CLI Command Usage CLI Command Mode General Configuration Mode CLI Command Syntax mls qos map dscp queue lt dscp_value gt to lt queue_ID gt dscp_value Up to 8 values separated by spaces Range is 0 63 queue_ID Range is 0 3 Usage Example The following example shows mapping DSCP values 0 to 3 to queue 1 on the switch
155. itches in the network will use the same algorithm to form unique paths all the way back to the Root Bridge Some switches establish a blocking point a port on a switch somewhere along the path to prevent a loop There are 3 versions of the Spanning Tree protocol STP RSTP MSTP and they are all backwards compatible with each other Spanning Tree Protocol STP This is the original Spanning Tree protocol and it has been supersede by both the RSTP and MSTP protocol It is based on a network with a maximum diameter of no more than 17 switches It uses timers to synchronize any changes in the network topology and this could take minutes It is not recommended that you use this version of the Spanning Tree protocol Rapid Spanning Tree protocol RSTP The RSTP protocol is the new enhanced version of the original STP protocol It uses an enhanced negotiation mechanism to directly synchronize any topology changes between switches it no longer uses timers as in the original STP protocol which results in a faster re convergence time The maximum allowed network diameter for the RSTP protocol is 40 switches Multiple Spanning Tree Protocol MSTP The MSTP protocol extends the RSTP protocol by simultaneously running multiple instances of the Spanning Tree Protocol and mapping different VLANs to each instance thus providing load balance across multiple switches The MSTP protocol accomplishes this by creating new extended sections within the RSTP
156. ite Queue naananane eaaa nana n anana a nana n naa ne 194 8021p Priority RAGS EE 196 Web GUI eg 196 802 1p Priority Submenu CLI Interface AEN 197 DSGP Page HTTP Interface EE 198 DSCP Submenu CLI Interface asas a aaae nenen aa anana aana aaa anana anana aana anane 199 QoS Interface Commands CLI Interface asana ananee anana aana a anana naar anen 200 ACL Access Control LISU sawa sara sasa nawa sasa saw aa a aaa KENE EE NENG NENG NENG EYANGE GENG NENG MENGKENE 201 General OVerWewW ee 201 Configuring EE 202 ACL Policy E EE 204 PAGGESS Sia e E 205 IP Access ish Ee eier kd anana anane nean aana Dees 206 MAC ACCESSES EE 208 Layer Aa leat an dos EE RENE gega ak da aa kada a agek aa a a Ta aaa da aaa ga ak dah 210 Bandwidth LIMitiNg TEE 211 Applying a Policy Map to a Port eege to dheeeth tae ached tones 213 Modifying Adding an Existing Policy Map 214 Adding a New ACL Class to an Existing Policy Map cccceeeeeeeeetteeeeeees 214 ix EtherWAN Managed Switch Users Guide Preface Adding an Existing ACL Class to an Existing Policy Map 215 Removing an ACL Class aas a sae a eaaa eaaa aana nana anana aana anana anana anna anane nne 217 ACL Configuration Examples Using CLI Commands saene enan aa nane nana n aane 221 lee ee 221 Creating a Standard IP Access Let 222 Creating an Extended IP Access Uiet ENNEN 222 Creating a MAC Access List E
157. ither the PassiveForwardMode function or the ForcedForwardMode function When there is a Querier port present the switch will forward all unknown multicast packets to the Querier port In addition all unknown multicast packets will be forwarded to the port specified by the ForcedForwardMode function as well e Querier mode O The switch will forward any multicast packets that have known receivers to the known multicast receiver ports only The switch will forward any unknown multicast packets according to the Forced Forwarding Port setting based on the following rule All unknown multicast packets will be sent to only the port specified by the ForcedForwardMode function The switch will also transmit IGMP Queries to the specified VLAN and according to the specified IGMP Query parameters 267 EtherWAN Managed Switch Users Guide Enabling the IGMP Snooping Modes To navigate to the IGMP Snooping page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping To put the IGMP Snooping feature in the correct Mode follow the steps below e Choose the appropriate choice from the dropdown list next to IGMP mode e Click on the Update Setting button See below EtherWAN kee DES Multicast Current Table ystem Diagnostics Passive D gt Port Switching CH Trunking CO STP Ring a Qs ACL IGMP Version D r 18000 LLDP GVRP Report Suppression Enable IGMP Snooping Update Setting NTP GMRP
158. k orae ane sl GVRP Global Setting Per Port Setting include LAG IGMP Snooping ee GMRP DHCP Server UDLD Figure 127 GVRP Per Port Settings 263 EtherWAN Managed Switch Users Guide GVRP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage To enable or disable GVRP globally on the EtherWAN switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gvrp enable bridge 1 set gvrp disable bridge 1 Usage Example switch _a gt enable switch _a configure terminal switch a config set gvrp enable bridge 1 E switch a config set gvrp disable bridge 1 switch a config q switch a To enable the dynamic VLAN creation feature of GVRP on the EtherWAN switch you must use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gvrp dynamic vian creation disable bridge 1 Usage Example switch _a gt enable switch a configure terminal switch a config set gvrp dynamic vlan creation disable bridge 1 switch a config q switch ai 264 EtherWAN Managed Switch Users Guide To enable or disable GVRP locally on a port on the EtherWAN sw
159. k gt lt destination MAC address gt lt destination bit mask gt lt encapsulation format 1 Ethernet Il 2 SNAP 4 802 3 8 LLC gt ether type lt EtherType gt lt EtherType bit mask gt mac access list lt 2000 2699 gt deny lt source MAC address gt lt source bit mask gt lt destination MAC address gt lt destination bit mask gt lt encapsulation format 1 Ethernet Il 2 SNAP 4 802 3 8 LLC gt ether type lt EtherType gt lt EtherType bit mask gt mac access list lt 2000 2699 gt deny any any lt encapsulation format 1 Ethernet Il 2 SNAP 4 802 3 8 LLC gt ether type lt EtherType gt lt EtherType bit mask gt Usage Example switch a gt enable switch a configure terminal switch a config mac access list 2000 permit 00e0 b321 03de 0000 0000 0000 00e0 b321 03df 0000 0000 0000 1 ether type 800 0000 switch a config mac access list 2000 deny 00e0 b321 03de 0000 0000 0000 00e0 b321 03df 0000 0000 0000 1 ether type 800 0000 switch a config mac access list 2000 deny any any 1 ether type 800 0000 switch a config q switch ai 223 EtherWAN Managed Switch Users Guide Creating an ACL Class Map with Layer 4 Access List In order to create a Layer 4 Access List you must create it within an ACL Class Map Use the CLI commands below to create an ACL Class Map together with the Layer 4 Access List The Layer 4 Access List only classifies the ingress packets for the ACL Policy Map that it is associated with theref
160. k in reverse like 0 0 0 255 Figure 106 Policy Map 3 ACL Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Enabling QoS To enable the ACL feature on the EtherWAN switch by enabling the QoS feature on the switch just follow the steps below CLI Command Mode General Configuration Mode CLI Command Syntax mls gos enable Usage Example switch _a gt enable switch _a configure terminal switch _a config mls qos enable switch_a config q switch ai 221 EtherWAN Managed Switch Users Guide Creating a Standard IP Access List To create a new Standard IP Access List to allow or deny an IP address range access to the switch use the following CLI commands with the Access list ID in the range from 1 99 or from 1300 1999 CLI Command Mode General Configuration Mode CLI Command Syntax ip access list lt 1 99 1300 1999 gt permit lt source IP gt lt source bit mask gt ip access list lt 1 99 1300 1999 gt deny lt source IP gt lt source bit mask gt ip access list lt 1 99 1300 1999 gt deny any Usage Example switch _a gt enable switch a configure terminal switch a config ip access list 1 permit 192 168 1 224 0 0 0 31 switch a config ip access list 1 deny 192 168 1 224 0 0 0 31 switch a config ip access list 1 deny any switch _a config q switch af Creating an Extended IP Access List To create a new Extended IP Acc
161. l Group or the LACP Group A port cannot be in the Static Channel Group and the LACP Group at the same time 2 Click on the Submit button To create a static trunk consisting of 1000Mbps ports 1 Inthe GE Trunking section select Static or LACP 2 Click on the Submit button 120 EtherWAN Managed Switch Users Guide LACP Disable Figure 44 Port Trunking Version 1 Version 2 see Figure 45 To create a static trunk consisting of 100Mbps ports 3 Click on the checkbox for each desired port in a particular trunk 4 Click on the Submit button To create a static trunk consisting of 1000Mbps ports see Figure 45 3 Inthe GE Trunking section click on the checkbox for each desired port ina particular trunk 4 Click on the Submit button 121 EtherWAN Managed Switch Users Guide trunk O O 0 0 trunks O ol ol 6 Note 4 ports maximum per trunk Figure 45 Port Trunking Version 2 122 EtherWAN Managed Switch Users Guide LACP Trunking To navigate to the LACP Trunking menu 1 2 Click on the next to Trunking Click on LACP Trunking There are 2 versions of Port Trunking supported depending on the model of EtherWAN Manage switch Version 1 see Figure 46 To create a LACP trunk 1 2 Gei D N O oO P In the Trunk Configu
162. l related aspects of computer networks that allow the transport of traffic with special requirements In particular technology has been developed to allow computer networks to become as useful as telephone networks for audio conversations as well as supporting new applications with even stricter service demands Beyond the audio applications that QoS was originally intended data traffic such as video or real time information can benefit from QoS QoS as it pertains to the EtherWAN Managed Switch can be broken down into two types CoS and DCSP CoS or Class of Service operates at Layer 2 and was developed by an IEEE working group in the 1990s CoS uses a 3 bit field called the Priority Code Point PCP within an Ethernet frame header when using VLAN tagged frames as defined by IEEE 802 1Q It specifies a priority value between 0 and 7 inclusive that can be used by QoS disciplines to differentiate traffic Although this technique is commonly referred to as IEEE 802 1p there is no standard or amendment by that name published by the IEEE Rather the technique is incorporated into the IEEE 802 1Q standard which specifies the tag inserted into an Ethernet frame Eight different classes of service are available as expressed through the 3 bit PCP field in an IEEE 802 1Q header added to the frame The way traffic is treated when assigned to any particular class is undefined and left to the implementation The IEEE however has made some broad recommendations
163. le switch _a configure terminal switch a config interface vlan1 100 switch a config if ip address 192 168 100 10 24 e switch a config if q E switch a config q switch a 183 EtherWAN Managed Switch Users Guide Removing an IP Address from a Management VLAN To removed an IP address from a management VLAN use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax no ip address Usage Example switch _a gt enable switch _a configure terminal E switch a config interface vlan1 100 switch a config if no ip address switch a config if q E switch a config q switch ai Configuring an Access Port To configure an Access Port use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax switchport mode access CLI Command Syntax switchport access vlan lt 1 4094 gt Usage Example switch _a gt enable switch a configure terminal E switch a config interface fel switch _a config if switchport mode access switch _a config if switchport access vlan 100 a switch _a config if q a switch_a config q switch a 184 EtherWAN Managed Switch Users Guide Configuring a Trunk Port To configure a Trunk Port use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax switchport mode trunk CLI Command Syntax swi
164. le switch _a configure terminal switch a config interface fel switch a config if poe power classification enable switch a config if q switch a config q switch a 114 EtherWAN Managed Switch Users Guide Usage Example 2 Disabling PoE Power Classification on a port switch _a gt enable switch a configure terminal switch a config interface fel switch a config if no poe power classification enable switch a config if q GE switch a config q switch a power down alarm This setting only applies to EtherWAN Switches that have a relay If this setting is enabled losing PoE power on a port triggers the relay on the switch To enable or disable the power down alarm use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax poe power down alarm enable no poe power down alarm enable Usage Example 1 Enabling PoE power down alarm on a port switch _a gt enable switch a configure terminal switch a config interface fel switch a config if poe power down alarm enable switch a config if q switch a config q switch a Usage Example 2 Disabling PoE power down alarm on a port switch _a gt enable switch a configure terminal switch a config interface fel switch a config if no poe power down alarm enable switch a config if q wes switch a config q swi
165. led Usage Example 1 Enabling Multicast Broadcast switch _a gt enable switch a configure terminal switch a config interface fel switch a config if storm detect mc bc pps 50000 switch a config if q switch a config q switch a 107 EtherWAN Managed Switch Users Guide Usage Example 2 Enabling Multicast Broadcast swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch_a config interface fel tch_a config if storm detect bc pps 50000 tch_a config if q tch_a config q tch af To set the storm detect utilization use the following CLI commands CLI CLI Command Mode Interface Mode Command Syntax storm detect utilization lt 0 100 gt Default 0 Disabled Usage Example swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch_a config interface fel tch_a config if storm detect utilization 80 tch_a config if q tch_a config q tch af To disable storm detect on a port use the following CLI commands CLI CLI Command Mode Interface Mode Command Syntax no storm detect port enable Usage Example swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch_a config interface fel tch_a config if no storm detect port enable tch_a config if q tch_a config q tch af 108 EtherWAN Managed Switch Users Guide To disable storm detect on a port use the following C
166. list under Port and choose Enable or Disable under Point to Point Link see Figure 54 2 Click on the Update Setting button 3 Save the configuration see the Save Configuration Page Edge Port By enabling the Edge Port feature on a port the switch will stop reacting to any linkup event on this port and will not send out any Topology Change notification to the neighbor bridges 1 Choose the correct port from the drop down list under Port and choose Enable or Disable under Edge Port see Figure 54 2 Click on the Update Setting button 3 Save the configuration see the Save Configuration Page 139 EtherWAN Managed Switch Users Guide RSTP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Enabling the Spanning Tree Protocol To enable the Spanning Tree function on a switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax no bridge shutdown 1 bridge 1 protocol rstp vian bridge Usage Example switch _a gt enable switch _a configure terminal switch a config no bridge shutdown 1 switch a config bridge 1 protocol rstp vlan bridge switch a config q switch a Bridge Priority Max Age Forward Delay and Hello Time To configure the Bridge Priority Max Age Forward Delay and Hello Time of a Spanning Tree Bridge please use the following CLI commands CLI Command Mode General Configuration
167. mand Mode Privileged Exec Mode CLI Command Syntax reload Usage Example switch _a gt enable switch_a reload switch a q switch a Logout To logout of the Web Configuration Console 1 Click on the next to System 2 Click on Logout Logout from the CLI CLI Command Mode Exec mode or Privileged Exec Mode CLI Command Syntax logout 50 EtherWAN Managed Switch Users Guide User Account Page To navigate to the User Account page 1 Click on the next to System 2 Click on User Account From the User Account page multiple users can be setup with different access privileges to the switch There are two modes that can be used Single User or Multi User Changing the User Mode To set the user mode see Figure 9 1 Select Single User or Multi User in the dropdown box in the Multi User Mode section 2 Click on the Update Setting button 3 Click OK on the Popup message that appears Va Note Changing the mode to Multi User Mode saves the configuration and reboots the switch Y 3 3 R KEN EF H o el CC E EtherWAN 4 kh Tj d Wd ei Ka St eo 4 Management Switch 2 Mame Multi User Mode DICH System System Information Mode Single User SES Single User EEN System Name Password MakeUser Update Setting IP Address Management Interface User Account Save Configuration J Create D Firmware Upgrade Reboot Logout User Privilege DICH Diagnostics HG Port H Switching H Trunking DCH STP
168. mers EtherWAN shall not be held liable to anyone for any indirect special or consequential damages due to omissions or errors The information and specifications in this document are subject to change without notice Copyright 2014 All Rights Reserved All trademarks and registered trademarks are the property of their respective owners EtherWAN EtherWAN Managed Switch User Manual December 5 2014
169. mit button Enabling Notifications To enable notification whenever a port receives changed LLDP information 1 Select Enable from the Drop Down box under the Notify field for each port that should send a notification whenever received LLDP information changes 2 Click onthe Submit button 3 Save the configuration see the Save Configuration Page after making changes shown on this page 250 EtherWAN Managed Switch Users Guide Figure 121 LLDP Ports Settings 251 EtherWAN Managed Switch Users Guide LLDP Neighbors LLDP Neighbors is a read only page see Figure 122 that will display all the LLDP capable devices detected by the switch The following information about connected LLDP enabled devices is displayed in a tabular format The columns displayed are EtherWAN Ka Management Switch System Diagnostics Port CH Switching O Trunking STP Ring VLAN Qos ACL SNMP S021K LLDP fh le DI D D D LLDP General Settings LLDP Ports Settings LLDP Neighbors LLDP Statistics DCH Others Protocols Port The local switch port to which the remote device is connected Chassis ID The MAC address of the remote device Port ID The port number of the remote device IP Address The management IP address of the remote device TTL Time to Live the amount time remaining before the remote device s LLDP is aged
170. n be configured with the GMRP feature in five modes e Disabled e Normal e Fixed e Forbidden e Forward All GMRP Normal mode When a port is put in GMRP Normal mode that port can accept both multicast group registration and multicast group deregistration from the multicast client or the neighbor switch that is residing on that port Also the switch will propagate all the registered multicast groups on the switch to the neighbor switch residing on that port GMRP Fixed mode When a port is put in GMRP Fixed mode that port can accept group registration but will not accept any group deregistration from multicast clients or neighbor switches that reside on that port Also the switch will be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port 292 EtherWAN Managed Switch Users Guide GMRP Forbidden mode When a port is put in GMRP Forbidden mode all multicast groups will be deregistered on that port and that port will not be accepting any further multicast group registrations However the switch will still be propagating all the registered multicast groups on the switch to the neighbor switch residing on that port GMRP Forward All mode When a port is put in GMRP Forward All mode all the registered multicast groups on the switch will automatically be registered to this port so the switch will be forwarding all the multicast packets that belong to these groups to this port and
171. nable DI 32768 N n N da lar a o IO a g A a J E Update Setting Figure 48 STP Ring Global Configuration 131 EtherWAN Managed Switch Users Guide The Root Bridge amp Backup Root Bridge To configure the Spanning Tree protocol on your network you will need to setup a Root Bridge and Backup Root Bridge In order to configure a switch to be the Root Bridge of a Spanning Tree network you have to make sure that the Bridge Priority which is the most significant 4 bits of the Bridge ID of the switch is the lowest among any of the switches on the network Similarly for the Backup Root Bridge it must have the next lowest Bridge Priority of all the switches oO Note Since the Bridge Priority is the most significant 4 bit of the Bridge ID the lowest Bridge Priority will always be the Root Bridge and the second lowest Bridge Priority will be the Backup Root Bridge If all switches have the same Bridge Priority then The 12 bit System ID or MAC Address if the system ID s are the same will be used to determine the Root and Backup Root Bridge See below lt lt Bridge 1D gt Bridge Priority System ID Ext MAC Address 4 bits 12 bits 6 bytes Figure 49 Bridge ID Bridge ID is a concatenation of 3 values a 4 bit Bridge Priority most significant a 12 bit System ID less significant and the 48 bit MAC address of the local switch least significant
172. nabled per port see PoE Scheduling Power Limit by Classification This setting tells the switch to negotiate with the attached PoE device to determine the Watts that will be provided by the switch To change this setting check enable or uncheck disable the check box located in the Power Limit by Classification column The default is checked Enabled This is a per port setting see Figure 41 Fixed Power Limit Provides a fixed Wattage to the attached PoE PD device This setting is only enabled after the Power Limit by Classification is disabled on a port and the Submit button is clicked Power Priority Use the Drop Down box in the Power Priority column to set the priority to High Medium or Low Power Down Alarm This setting only applies to EtherWAN Switches that have a relay If this box is check losing PoE power on a port triggers the relay on the switch Status Informational only Provides the status of the PoE port PD Class Informational only Provides the PoE Classification of the PoE PD device attached to the PoE port Current mA Informational only Shows the current draw from the attached PoE PD device Consumption W Informational only Shows the power consumption of the attached PoE PD device 98 EtherWAN Managed Switch Users Guide PD Class 12 20 0 57 0 0 0 fe8 Scheduling e Figure 41 PoE Port Setting 99 EtherWAN Mana
173. nd Mode Interface Configuration Mode CLI Command Syntax flowcontrol on Usage Example switch _a gt enable switch a configure terminal switch a config int fel switch_a config if lowcontrol on switch a config q switch a config q switch a Display Port Status To display the port status for a port use the CLI commands below CLI Command Mode Privileged Exec Mode CLI Command Syntax show interface lt ifname gt Usage Example switch _a gt enable switch _a show interface fel Setting a Ports Rate Control To set a ports rate control use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax rate control lt ingress egress gt value lt value in kbps gt Usage Example switch _a gt enable switch a tconfigure terminal Switch a config int fel switch a config if rate control ingress value 100000 switch_a config q switch a config q switch a 78 EtherWAN Managed Switch Users Guide Display a Ports RMON Statistics To display a ports RMON statistics use the CLI commands below CLI Command Mode Privileged Exec Mode CLI Command Syntax show interface statistics lt interface name gt Usage Example switch _a gt enable switch a tshow interface statistics fel switch a Display a Ports VLAN Activities To display a port s VLAN activities use the CLI commands below CLI Command Mode Privileged Exec Mode CLI Command Syntax show bridge interf
174. nder the Priority Granularity 16 a The Port Priority range is between 0 and 240 in multiples of 16 3 Enter the proper value under the Admin Path Cost text entry box a The Path Cost range is between 1 and 200 000 000 4 Click on the Update Setting button 5 Save your configuration see the Save Configuration Page EtherWAN K Management Switch a Poe Pon Suns Esbard Pomno Pome Sep oe RRE Shared Cont Auto Cur Edge of gt S E S ee S E is cicais 6 DiabedDacardng 128 RSTP Pon San CC Faas 12 Ver Diaea 128 VII eye eres 12 MisahledMiscardins 128 200000 Shared Conf Anto Curr Edge off ACL e RSTP Port Configuration SNMP ae Pot Priority Gramulaity 16 E LLDP Update Setting Figure 54 Port Priority and Path Cost 138 EtherWAN Managed Switch Users Guide Point to Point Link By default RSTP will assume any full duplex link as a Point to Point Link but if the switch detects that the neighbor switch is not running the RSTP protocol it will assume the port to be a Shared Port You can force a port to be a Shared Port if you know in advance that there will be more than one switch connecting to this link through an unmanaged switch for example or if you know in advance that the other switch on this link will be running the older STP protocol To manually force a port to be a Shared Port or a Point to Point Link 1 Choose the correct port from the drop down
175. neral Configuration Mode CLI Command Syntax ip igmp snooping force forward all ip igmp snooping force forward none ip igmp snooping force forward lt ifname gt lt ifname gt lt ifname gt Usage Example Flood all unknown multicast packets switch _a gt enable switch _a configure terminal switch _a config ip igmp snooping force forward all E switch _a config q switch a Usage Example Drop all unknown multicast packets switch _a gt enable switch a configure terminal switch _a config ip igmp snooping force forward none SE switch_a config q switch a Usage Example Forward unknown multicast packets to the specified ports only switch _a gt enable switch _a configure terminal switch _a config ip Lomp snooping force forward fel fe2 fe3 ZE switch_a config q switch a 283 EtherWAN Managed Switch Users Guide To control how the switch will forward unknown multicast packets when the switch is in IGMP Querier mode follow the below instructions CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp snooping force forward all ip igmp snooping force forward none ip igmp snooping force forward lt ifname gt lt ifname gt lt ifname gt Usage Example Flood all unknown multicast packets switch _a gt enable switch a tconfigure terminal switch al switch al switch a config ip Lomp snooping force forward all Pes config q
176. nfiguration To set the Auto Save Configuration use the following CLI commands CLI Command Mode Privileged Exec Mode CLI Command Syntax service auto config enable no service auto config enable service auto config interval lt number gt Usage Example 1 Enabling Auto Save and setting the interval switch _a gt enable switch a service auto config enable switch a service auto config inverval 10 switch a q switch a gt Usage Example 2 Disabling Auto Save switch _a gt enable switch _a no service auto config enable switch a d switch a gt EtherWAN Managed Switch Users Guide 47 Firmware Upgrade To navigate to the Firmware Upgrade page 1 Click on the next to System 2 Click on Firmware Upgrade To upgrade the firmware on the EtherWAN Managed Switch a TFTP server is required The firmware file for the V1 94 2 EtherWAN Managed Switch is in a TGZ or IMG format This is a compressed file however it should not be decompressed before updating the V1 94 2 EtherWAN Managed Switch To update the firmware on the EtherWAN Managed Switch see Figure 8 1 Copy the firmware file to the correct directory for your TFTP server The correct directory depends on your TFTP server settings Enter the filename of the firmware in the Filename text box Enter the IP Address of your TFTP server in the TFTP Server IP text box Click on the Upgrade button a FF eo DN During the firmware upgrade you will see the following mess
177. nfigure terminal switch a config ip igmp snooping enable switch a config no ip igmp snooping querier switch a config q switch a 277 EtherWAN Managed Switch Users Guide To put the IGMP Snooping feature in Querier Mode use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp snooping enable ip igmp snooping querier Usage Example switch _a gt enable switch a configure terminal switch a config ip igmp snooping enable E switch a config ip Lomp snooping querier switch a config q switch a To set the IGMP version per VLAN use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax ip igmp version lt 1 3 gt Usage Example switch _a gt enable switch _a configure terminal EI switch a config interface vlan1 1 switch a config if ip Lomp version 2 E switch a config q switch a 278 EtherWAN Managed Switch Users Guide To enable or disable the IGMP fast leave feature on a VLAN use the CLI commands below CLI Command Mode VLAN Interface Configuration Mode CLI Command Syntax ip igmp snooping fast leave no ip igmp snooping fast leave Usage Example Enabling the IGMP fast leave feature switch switch swi swi swit tch tch ch switch _a gt enable _a configure terminal a a a af i config interface vlan1 1 config
178. ng CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax poe system power budget lt value gt Usage Example switch a gt enable switch a configure terminal switch _a config poe system power budget 144 14 E switch _a config q switch a 112 EtherWAN Managed Switch Users Guide PoE Port Settings The following commands are use to set PoE functions related directly to individual PoE ports CLI Command click link for syntax Function enable Enables PoE on a port fixed power limit Sets a fixed wattage for a PoE port power classification Sets a port to negotiate power classification power down alarm Turns on alarm by relay on PoE power down power priority Sets priority of power distribution to ports scheduling Enable Scheduling schedule time Sets schedule time to power PoE ports schedule time hour Schedule time hour enable To enable or disable PoE on a port use the following CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax poe enable no poe enable Usage Example 1 Enabling PoE on a port switch _a gt enable switch a configure terminal switch a config interface fel switch a config if poe enable E switch a config if q switch a config q switch a Usage Example 2 Disabling PoE on a port switch _a gt enable switch _a configure terminal Switch a
179. ng Telnet SSH or serial ports to configure the switch navigating the Command Line Interface CLI typing keyboard shortcuts and moving between the levels This chapter assumes the user has a working understanding of Telnet SSH and Terminal emulation applications o Note For a serial port connection use a standard DB9F to DB9M Modem Cable The default Serial port parameters are 115200 8 None 1 No Flow Control Navigating the CLI Hierarchy The CLI is organized into a hierarchy of levels Each level has a group of commands for a specific purpose For example to configure a setting for the VLAN server one would navigate to the VLAN level which is under the config level CLI Keyboard Shortcuts Ctrl a place cursor at the beginning of a line Ctrl b backspace one character Ctrl d delete one character Ctrl e place cursor at the end of the line Ctrl f move cursor forward one character Ctrl k delete from the current position to the end of the line Ctrl l redraw the command line Ctrl n display the next line in the history Ctrl p display the previous line in the history Ctrl u delete entire line and place cursor at start of prompt Ctrl w delete one word back 23 EtherWAN Managed Switch Users Guide CLI Command modes Throughout this manual each section that has CLI commands relevant to that section requires that the CLI be in a specific configuration mode This section shows the main CLI commands
180. nking DCH STP Ring SNMP General Setting SNMP vi v2 SNMP v3 Figure 109 Add User 2 Next select the desired authentication privacy protocols from the drop down list next to NMP Version according to the chart below also see Figure 110 a SNMPv3 No Auth Only user name match is required for SNMP access to the switch No user authentication or data encryption will be used b SNMPv3 Auth MD5 User authentication will be required using the MD5 hashing algorithm but no data encryption will be used c SNMPv3 Auth SHA User authentication will be required using the SHA 1 hashing algorithm but no data encryption will be used d SNMPv3 Priv Auth MD5 User authentication will be required using the MD5 hashing algorithm and in addition all data in protocol message will be encrypted using 56 bit DES encryption algorithm e SNMPv3 Priv Auth SHA User authentication will be required using the SHA 1 hashing Algorithm and in addition all data in protocol message will be encrypted using 56 bit DES encryption algorithm 233 EtherWAN Managed Switch Users Guide SNMP V3 Setting SNMP Version SNMPv3 No Auth M D i No Auth SMP Ath SNMPv3 Auth SHA SAMP Piv auth MOS Auth Password SNMPv3 Priv Auth SHA Privacy PassPhrase SNMP General Setting SNMP viiv2 SNMP v3 Figure 110 SNMP v3 Settings Next enter the desired username in the text entry box next to User Name Next please select the desired access au
181. nt Revision Level This section provides a history of the revision changes to this document Revision Document Version Description B Version 1 12 5 2014 Updated for Firmware version 1 94 2 Changes in this Revision Updated Setting the initial IP address Section Updated System Menu IP Address Section Updated GUI Images to 1 94 2 Firmware Updated Port Security Section Updated Storm Control Section Updated Port Trunking Section to support multiple switch models New sections added Storm Detect GUI Storm Detect CLI Global PoE GUI Global PoE CLI PoE Port GUI PoE Port CLI xvi EtherWAN Managed Switch Users Guide Preface Document Conventions This guide uses the following conventions to draw your attention to certain information Safety and Warnings This guide uses the following symbols to draw your attention to certain information Description Notes emphasize or supplement important points of the main text Tips provide helpful information guidelines or suggestions for performing tasks more effectively Warning Warnings indicate that failure to take a specified action could result in damage to the device or could result in serious bodily injury Electric Shock Hazard This symbol warns users of electric shock hazard Failure to take appropriate precautions such as not opening or touching hazardous areas of the equipment could result in injury or death Typographic Conventions This guid
182. ntax priority queue strict priority queue out no priority queue out mls qos lt WRR_WTS gt 4 values separated by spaces Range is 1 20 See the Usage Example Usage Example Enable QoS Strict Priority Queue 0 3 switch _a gt enable switch _a configure terminal Po switch _a config priority queue strict E switch _a config q switch a 194 EtherWAN Managed Switch Users Guide Usage Example Enable QoS Strict Priority Queue 3 WWR Queue 0 2 switch _a gt enable switch a configure terminal switch _a config priority queue out switch_a config q switch a Usage Example Disable QoS Strict Priority switch _a gt enable switch _a configure terminal switch _a config no priority queue out switch_a config q switch a Usage Example The following example specifies the bandwidth ratios of the four transmit queues starting with queue 0 on the switch WRR_WTS Weighted Round Robin WRR weights for the 4 queues 4 values separated by spaces Range is 1 20 switch _a gt enable switch _a configure terminal switch a config mls qos 1 2 4 8 JE switch_a config q switch a 195 EtherWAN Managed Switch Users Guide 802 1p Priority Page Web GUI Interface To navigate to the QoS 802 1p Priority page see Figure 86 1 Click on the next to QoS 2 Click on 802 1p Priority The 802 1p Priority page allows a user to assign the queues to VLAN priorities see
183. ntered is below the lowest acceptable value then the lowest acceptable value will be used The Rate Control page is shown below see Figure 23 To provide either an ingress or egress rate control for a port on the EtherWAN Managed Switch 1 Click in the Ingress or Egress Text Box for the appropriate port 2 Type in the ingress egress rate for the port according to the values listed above 3 Click on the Update Setting button GG GB RE na KARA EtherWAN Configuration Port Status Rate Control RMON Statistics Per Port VLAN Activities Port Security Switching CH Trunking STP Ring VLAN Qos SNMP 8021X LLDP nancang Hoan ee ee ee ee e e e kbps Egress 0 kbps kbps 0 kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps kbps ojojojojojojojoj oo kbps kbps kbps ojojojojojojojojo kbps kbps Update Setting Figure 23 Rate Control EtherWAN Managed Switch Users Guide 72 RMON Statistics To navigate to the RMON Statistics page 1 Click on the next to Port 2 Click on RMON Statistics RMON Statistics gives a detailed listing of the types and quantity of packets that a particular port has seen since the last reboot of the switch see Figure 24 To view the RMON statistics for a particula
184. nterface Configuration Mode Command Syntax no port security allowed address lt value gt in hex format Ex 00aa 0062 c609 Usage Example swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch a config int fel tch_a config if no port security allowed address 00aa 0062 c609 tch_a config q tch_a config q tch af 80 EtherWAN Managed Switch Users Guide SWITCHING Bridging To learn MAC addresses a switch reads all packets that it detects on the LAN or on the local VLAN looking for MAC addresses of sending nodes It places these addresses into its Ethernet Switching table along with the interface on which the traffic was received and the time when the address was learned When the switch receives traffic on an interface it searches the Ethernet switching table for the MAC address of the destination If the MAC address is not found the traffic is flooded out all of the other interfaces associated with the VLAN If traffic is received on an interface that is associated with VLAN 1 and there is no entry in the Ethernet switching table for VLAN 1 then the traffic is flooded to all access and trunk interfaces that are members of VLAN 1 Flooding allows the switch to learn about destinations that are not yet in its Ethernet switching table If a certain destination MAC address is not in the Ethernet switching table the switch floods the traffic to all interfaces except the interface on which
185. o configure the IST Max Hops parameter on a switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 max hops lt 1 40 gt Usage Example switch _a gt enable switch a configure terminal switch a config bridge 1 max hops 20 E switch_a config q switch a 158 EtherWAN Managed Switch Users Guide MSTP Regional Configuration Name and the Revision Level To configure both the MSTP Regional Configuration Name and the Revision Level ona switch use the following CLI commands CLI Command Mode MSTP Configuration Mode CLI Command Syntax bridge 1 region lt region_name gt bridge 1 revision lt revision_number gt Usage Example switch _a gt enable switch _a configure terminal E switch a config spanning tree mst configuration E switch _a config mst bridge 1 region R1 E switch_a config mst bridge 1 revision 0 E config mst q a switch a a E switch _a config q switch a Creating an MSTI Instance To create a MSTI instance and map it to a VLAN use the following CLI commands CLI Command Mode MSTP Configuration Mode CLI Command Syntax bridge 1 instance lt 1 15 gt vlan lt vian_ID gt Usage Example switch _a gt enable switch a configure terminal E switch a config spanning tree mst configuration switch _a config mst bridge 1 instance 1 vlan 10 switch a config mst q switch a config q
186. o set the Web GUI permissions for each privilege level use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax multiuser access lt Web GUI permission name gt tech lt hide read only read write show gt oper lt hide read only read write show gt Below are the CLI names case sensitive for all the Web GUI permissions System Name Password IP Address Save Configuration Firmware Upgrade Reboot User Account User Privilege Remote Log Alarm Setting Configuration Rate Control RMON Statistics Port Security Bridging Loopback Detect Static MAC Entry Port Mirroring Link State Tracking Port Trunking LACP Trunking Global Configuration RSTP Port Setting MSTP Prties MSTP Instance Setting MSTP Port Setting Ring Setting Chain Setting Chain pass through setting Advanced Setting VLAN Mode Setting 802 1Q VLAN Setting 802 1Q Port Setting Port Based VLAN QosGlobal Configuration 802 1p Priority DSCP SNMP General Setting SNMP v1 v2 SNMP v3 Radius Configuration Port Authentication LLDP General Settings LLDP Ports Settings GVRP IGMP Snooping NTP GMRP DHCP Server EtherWAN Managed Switch Users Guide System System Information Logout Diagnostics Utilization System Log ARP Table Route Table Port Port Status Per Port VLAN Activities Switching Trunking STP Ring VLAN QoS SNMP 802 1X LLDP LLDP Neighbors LLDP Statistics Others Protocols 58 Usage Example switc
187. o the switch To do so you must choose the deny option from the drop down list under the Action column Next enter the IP address and mask as described in step 6 and 7 a You can also use the any wild card in lieu of entering a source IP address in the text entry box from the IP address column You will need to do this if you wish to deny any additional IP packet from entry to the switch that did not match any of the previous rules from all the previous access control lists otherwise these additional IP packets will also be allowed entry into the switch IP Access List Extended Policy Map Setting Attach Class Map to Policy Map 1 K List Extended 100 199 2000 2699 ort oe Destination Port 1 65535 Destination Address widcard Bits 1 65535 Note EE ELE E OO ao y a rel 5 amp 12 6 amp 13 7 11 8 amp 13 9 11 Seng Figure 91 Access List Extended 1 Select the IP Access List Extended option from the drop down list below Access List Type see Figure 91 2 To apply an existing Extended IP Access to the new ACL Class then select the Access List number for the previously configured Extended IP Access List from the drop down list next to Access List 3 if you want to create a new Extended IP Access List verify that the Create option is selected from the drop down list next to Access List 206 EtherWAN Managed Switch Users Guide To give this particular Extended IP access list an ID enter a number in the range
188. on To save a running configuration use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax write memory Usage Example 1 Saving a Configuration switch _a gt enable switch a write memory Building configuration OK switch a d switch ai Restore Default Settings To restore the switch to its default settings use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax restore default Usage Example 1 Saving a Configuration switch _a gt enable switch_a trestore default switch a q switch a 45 EtherWAN Managed Switch Users Guide Load Configuration from a TFTP Server To Load a Configuration from a TFTP server use the following CLI commands CLI Command Mode Privileged Exec Mode CLI Command Syntax install config file lt tftpserver_ipaddress gt lt filename gt Usage Example Loading a Configuration switch _a gt enable switch _a install config file 192 168 1 100 file name txt switch a d switch a Save Configuration to a TFTP Server To Save a Configuration to a TFTP server use the following CLI commands CLI Command Mode Privileged Exec Mode CLI Command Syntax write confige file lt tftpserver_ipaddress gt lt filename gt Usage Example Saving a Configuration switch _a gt enable switch _a write config file 192 168 1 100 flash tgz switch a q switch a gt EtherWAN Managed Switch Users Guide 46 Auto Save Co
189. on is transmitted by the switch Values can range from 5 to 32768 seconds default is 30 seconds To adjust the TX Interval setting see Figure 120 1 Enter a numeric value between 5 and 32768 default is 30 in the TX Interval text box 2 Click on the Update Settings button 3 Save the configuration see the Save Configuration Page 247 EtherWAN Managed Switch Users Guide Global TLV Setting The global TLV Time Length Value settings are advertised by the switch to other LLDP devices The TLVs supported by the EtherWAN Managed Switch are see Figure 120 Port Description System Name System Description System Capabilities Management Address Port VLAN ID MAC PHY Configuration Status Port And Protocol VLAN ID VLAN Name Protocol Identity Power Via MDI Link Aggregation Maximum Frame Size To enable specific TLVs for the EtherWAN Managed Switch 1 Select the check box for each TLV that is to be enabled or select the checkbox for the All option which will enable all TLVs for the switch 2 Click on the Update Settings button 3 Save the configuration see the Save Configuration Page 248 EtherWAN Managed Switch Users Guide EtherWAN a Management Switch ICH System LLDP Global Setting H O Diagnostics CH Port H Switching LLDP Enable ICH Trunking Holdtime multiplier 2 10 4 EC STP Ring Tx Interval 5 32768 sec 30 CH VIAN All LLDP Transmit Setting Port Description Sy
190. ore all packets will be allowed entry to the switch with the Layer 4 Access List You will have to use this Access List in conjunction with another type of Access List if you wish to filter any packet that did not match the classification rules from this Access List Note The bandwidth policing capabilities of the ACL Class cannot be configured here it can only be configured during the ACL Policy Map creation or modification CLI Command Mode General Configuration Mode Class Map Configuration Mode CLI Command Syntax class map lt Class Map Name gt match layer4 source port lt 7CP UDP Port number gt match layer4 destination port lt TCP UDP Port number gt Usage Example switch _a gt enable switch a configure terminal switch _a config class map FTP switch _a config cmap match layer4 destination port 21 switch _a config cmap q switch_a config switch_a config class map FTP_Download switch _a config cmap match layer4 source port 20 switch _a config cmap q switch_a config q switch a 224 EtherWAN Managed Switch Users Guide Creating a ACL Class Map with an IP or MAC Access List To create a new ACL Class Map with a Standard Extended IP Access List or a MAC Access List you must have first created a Standard Extended IP Access List or MAC Access List already You can then use the CLI commands below to create a new ACL Class Map and assign one you can only assign one Access List per Cl
191. ort Isolation fl Level Broadcast DLF Multicast Disable fe2 Level Broadcast DLF Multicast Disable fe3 Level Broadcast DLF Multicast Disable v fe4 Level Broadcast DLF Multicast Disable fe5 Level E Broadcast TM DLF Multicast Disable v fe6 Level l Broadcast DLF Multicast Disable fe7 Level Broadcast _ DLF Multicast Disable fe8 Level Broadcast DLF Multicast Disable v Level Broadcast _ DLF Multicast Disable v fe10 El Broadcast F DLF Multicast Disable v Level sd El Broadcast F DLF Multicast Disable v Level Broadcast DLF Multicast Disable v Update Setting Figure 27 Bridging 84 EtherWAN Managed Switch Users Guide Loopback Detect Loopback detection is quite simply the ability of the switch to detect when a port on the switch has been connected directly or looped back to another port on the switch This configuration would likely lead to a broadcast storm on the switch which would cause network performance to suffer Loopback detection offers the ability of the switch to detect this condition and shutdown the loop backed port before any disruption of network traffic occurs To navigate to the Loopback Detect page 1 Click on the next to Switching 2 Click on Loopback Detect Loopback Detection Global To globally enable the Loopback Detect feature o
192. ort or ports on the EtherWAN Managed Switch see Figure 29 1 Select the value Enable from the Mode drop down list for a port on the Loopback Detect page 2 Click on the Update Setting button Port Mode State ei Disable defaut fe2 Disable default v fe3 Disable default fed Disable defaut fe5 Disable default Se fe6 Disable default k SS Disable default X fes Disable default E f9 Enable Noml fe10 Enable Nom gel Disable default v Ee ge2 Disable defaut Figure 29 Loopback Detection port 87 EtherWAN Managed Switch Users Guide Storm Detect The Storm Detect feature allows the switch to be configured to disable a port that is receiving a large number of Broadcast and or Multicast packets The switch can monitor for packets and take action based on percentage of bandwidth utilization or number of packets per second To navigate to the Storm Detect page 1 Click on the next to Switching 2 Click on Storm Detect Enable Disable Storm Detection 1 Enable or Disable Storm Detection by Clicking on the drop down box in the Storm Detect Configuration box see Figure 30 Set the Storm Detect interval to a number between 2 and 65535 seconds The Default value is 10 seconds Set the Storm Detect errdisable recovery time to value between 0 and 65535 seconds The Default is 0
193. orts that could be a potential source of multicast traffic and on the ports that are connected to multicast clients You can also further configure each GMRP enabled port with the particular application modes described in the below configuration To allow a port to dynamically receive GMRP multicast group registrations and dynamically transmit the multicast packets that belong to these multicast groups on this port configure the items listed below e For each port that you wish to apply this application select the Enable option from the drop down list under the GMRP column 294 EtherWAN Managed Switch Users Guide e For each port that you wish to apply this application select the Normal option from the drop down list under the GMRP Registration column e For each port that you wish to apply this application select the Disable option from the drop down list under the GMRP Forward All column e Click on the Update Setting button To allow a port to dynamically receive GMRP multicast group registrations and then make the multicast packets that belong to these multicast groups constantly available on this port configure the items listed below e For each port that you wish to apply this application select the Enable option from the drop down list under the GMRP column e For each port that you wish to apply this application select the Fixed option from the drop down list under the GMRP Registration column e For each port that you
194. our authorized reseller e This Managed Switch e Product CD e Quick Installation Guide e External power adapter Cable depending on model Unpacking Follow these steps to unpack the EtherWAN Managed Switch and prepare it for operation 1 Open the shipping container and carefully remove the contents 2 Return all packing materials to the shipping container and save it 3 Confirm that all items listed in the Package Contents section are included in the shipment Check each item for damage If any item is damaged or missing notify your authorized EtherWAN representative EtherWAN Managed Switch Users Guide Required Equipment and Software The following hardware and software are needed in order to manage the switch from the web interface e Computer with an Ethernet Interface RJ 45 Managing the switch requires a personal computer PC or notebook computer equipped with a 10 100base TX Ethernet interface and a physical RJ 45 connection The preferred operating system for the computer is Microsoft Windows XP Vista 7 It is possible to use Apple OSX or Linux systems as well but for the sake of brevity all web configurations in this manual will be shown using Windows 7 as the underlying operating system e Cat 5 Ethernet Cables An Ethernet cable of at least Category 5 rating is required to connect your computer to the switch The cable can be configured as straight through or crossover e TFTP Server Software T
195. out from the switch LLDP Neighbor Table Pon Sei Chasse Pomo Sage RRE EE EECHER Figure 122 LLDP Neighbors 252 EtherWAN Managed Switch Users Guide LLDP Statistics This is a read only page see Figure 123 that displays LLDP device statistics and LLDP statistics on a per port basis The information collected on this page includes e Port switch port number e TX Total Total LLDP packets sent e RX Total Total LLDP packets received e Discards Number of LLDP packets discarded e Errors LLDP errors e Ageout LLDP information that has been aged out by the switch e TLV Discards TLV information discarded e TLV Unknown TLV information that is unknown EtherWAN M t Switch Manga D LLDP Device Statistics DCH System SCH Diagnostics 130585126 Switching Cy aie Total Deletes o Sen Cape 7 ae geouts Sg HUH ACL SNMP 802 1x CO LLDP LLDP General Settings LLDP Ports Settings LLDP Neighbors LLDP Statistics KC Others Protocols Figure 123 LLDP Statistics 253 EtherWAN Managed Switch Users Guide LLDP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Enable Disable LLDP To enable or disable LLDP on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax lld
196. owledge of connecting to the switch using Telnet SSH or the Serial port Telnet is enabled by default To enable or disable Telnet or SSH see the Management Interface section For more information on CLI command usage see CLI Command Usage Enabling Disabling QoS To get to the CLI level to configure QoS CLI Command Mode Interface Configuration Mode CLI Command Syntax mls qos enable no mls qos Usage Example Enabling QoS switch _a gt enable switch _a configure terminal switch a config int fel switch a config if mls qos enable E switch a config q switch a config q switch a Usage Example Disabling QoS switch _a gt enable switch _a configure terminal switch a config int fel switch a config if no mls qos E switch a config q switch a config q switch a 193 EtherWAN Managed Switch Users Guide Enable Disable QoS Trust CLI Command Mode General Configuration Mode CLI Command Syntax mls qos trust lt cos dscp gt no qos trust Usage Example Enable QoS Trust switch _a gt enable switch a configure terminal switch_a config mls qos trust cos E switch _a config q switch a Usage Example Disable QoS Trust switch _a gt enable switch _a configure terminal switch _a config no mls gos trust E switch _a config q switch a Configuring the Egress Expedite Queue CLI Command Mode General Configuration Mode CLI Command Sy
197. p enable no Ildp enable Usage Example Enabling LLDP switch _a gt enable switch a configure terminal switch _a config lldp enable E switch_a config q switch a Usage Example Disabling LLDP switch _a gt enable switch _a configure terminal switch_a config no lldp enable E switch _a config q switch a EtherWAN Managed Switch Users Guide 254 LLDP Holdtime Multiplier To modify LLDP holdtime multiplier use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax Ildp holdtime multiplier lt 1 10 gt Usage Example switch _a gt enable switch a configure terminal switch _a config lldp holdtime multiplier 4 Po switch_a config q switch a LLDP Transmit Interval To modify LLDP Transmit Interval use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax Ildp txinterval lt 5 32768 gt Usage Example switch _a gt enable switch _a configure terminal switch _a config lldp txinterval 30 switch_a config q switch ai 255 EtherWAN Managed Switch Users Guide Enable Disable Global LLDP TLVs To enable or disable global LLDP TLVs use the CLI commands below CLI Command Mode General Configuration Mode CLI Command Syntax Ildp tlv global lt TL V gt TLV Parameters TLV Parameters Description port descr Port Description sys name System Name TLV sys descr System Description TLV sys cap System
198. r Long Click on the Submit button Repeat steps 1 7 for each additional port that is to be used in the trunk EtherWAN Managed Switch Users Guide 125 Port Status Port Trunk Type Admin Key LACP Mode LACP Port Priority LACP Timeout LACP Sync LACP Sync Port None None None None None None None WwWinie a joju Note 8 ports maximum per trunk Update Setting Figure 47 LACP Trunking Version 2 126 EtherWAN Managed Switch Users Guide Trunking Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Adding an Interface to a Static Trunk To add an interface to a static trunk on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax static channel group lt static channel gt 1 6 for 100Mbps 7 8 for 1Gbps ports Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel c switch a config switch_a config q q static channel group 1 switch a config switch ai Adding an Interface to a LACP Trunk To add an interface to a LACP trunk on the EtherWAN Managed Switch use the CLI commands below CLI Command Mode Interface Configuration Mode CLI Command Syntax channel group lt LACP Channel gt mode lt active passive gt LACP Channel is 1 6 for 100Mbps 7 8 for 1Gbps ports Us
199. r port on the EtherWAN Managed Switch 1 Click on the link to the port at the top of the RMON Statistics page To clear the RMON statistics for a particular port on the EtherWAN Managed Switch 1 Click on the link to the port at the top of the RMON Statistics page 2 Click on the Clear button at the bottom of the page 3 The statistics for the port will update every ten seconds Q Pay particular attention to the values for CRC Alignment errors and collisions Nonzero values for these fields can indicate that a port speed or duplex mismatch exists on the port fel fe7 Port 1 fel Statistics Drop Events 0 Broadcast Packets Received 836467 Multicast Packets Received 1584880 Undersize Packets Received 0 Oversize Packets Received 0 Fragments Packets Received 0 64 byte Packets Received 606350 65 to 127 byte Packets Received 381794 128 to 255 byte Packets Received 321375 256 to 511 byte Packets Received 961517 512 to 1023 byte Packets Received 163465 1024 to 1518 byte Packets Received 4339 Jabber Packets 0 Bytes Received 574580429 Packets Received 2438841 Collisions 0 CRC Alignment Errors Received 0 TX No Errors 312082 RX No Errors 2438841 Status of statistics will be refresh per 30 seconds after click Clear Clear Figure 24 RMON Page EtherWAN Managed Switch Users Gui
200. r these ports in the MAC Notification Added section Select which ports on the switch for which traps should be sent when there is a MAC address being removed from the MAC table for the port by checking the appropriate check boxes for these ports in the MAC Notification Removed section Click on the Update button after you have finished the configuration of the SNMP Server Agent General Settings Save the configuration see the Save Configuration Page 230 EtherWAN Managed Switch Users Guide SNMP Status Enable S d Description Location Contact Trap Community Name 1 Trap Community Name 2 Trap Community Name 3 Trap Community Name 4 Trap Community Name 5 Trap Host 1 IP Address Trap Host 2 IP Address Trap Host 3 IP Address Trap Host 4 IP Address Trap Host 5 IP Address Link Down Trap Link Up Trap MAC Notification Trap MAC Notification Interval 1 to 65535 seconds amp 6 Link Down Trap eege Link Up Trap Ene MAC Notification Trap 2 leg CH MAC Notification Removed 13 Trap_Group_3 Trap_Group_4 Trap_Group_6 492 168 1100 Lo 192 168 2 100 192 168 3 100 192 168 4 100 192 168 5 100 Enable _ Enable Enable Y PI P2 P3 P4 PS P P7 P3 0 sia ak kl KKK mam LJ 8 P19 P4 P5 P6 P7 P8 W CID D 0 Pll P12 P13 P14 P15 P16 B BBB 8 P19 P20 P21 P22 P23 P24 B p S O 6 P27 P28 IW e
201. ral Overview saanane renea aana a aana anaa anana anana aana anana aana anane 267 Enabling the IGMP Snooping Modes saaeaeea aaa cette nenen anane anana aranana 268 Configuring IGMP Snooping General properties aaaaaaaan anana aaaan anane 269 Configuring IGMP Passive Mode Specific properties aanranaaaanaaaaean ai 270 Configuring IGMP Querier Mode Specific properties cceeeseeeeeeeeeeeeees 271 Configuring IGMP Unknown Multicast Forwarding sssssseeeeeeesseesenrrrneesssrrenee 272 Monitoring Registered Multicast Group ccceeeeeeeneeeeeeeeeeeeeeeenneeeeeeeeeeteeee 276 IGMP Configuration Examples Using CLI Commande sseeesseseeeeerreeesenrenee 277 Network Time Protocol asasaran a nga a E Ka ga tapenade apenas 285 Enabling NIR rreri ada aa daka ga a a a daka a ga a daa aa a kaa hs bac 285 Setting the NTP Server IP Address AAA 285 Setting ERR ee 285 Setting the Polling Periodi EEN 285 Manually Syncing Time scscicdssiccsiceeds awneehesecnnas aaa anana anana anana anana aaa nana arene 286 Daylight Savings Time Weekday Mode aana anana nana anane nee 286 Daylight Savings Time Date Mode 287 Network Time Protocol Configuration Examples Using CLI Commands 289 E OT sa taa a a easton eee cae a ag a el heey eater Grecia Ra case ae a angan terre tates 292 General OVEMCW EE 292 GMRP Normal MOOG rents i Tia aaa ttn backs coset aa Ta ig ae a Rear Ta aaa a
202. ration section select a port in the LACP trunk Select LACP from the Trunk Type dropdown box for this port Enter an admin key for this port in the Admin Key textbox 100Mbps ports admin keys must be 1 and 1Gbps ports must be 3 Select the LACP Mode to either Active or Passive Enter a value in the Port Priority textbox Select a Timeout value of Short or Long Click on the Submit button Repeat steps 1 7 for each additional port that is to be used in the trunk To set the LACP System Priority 1 2 Enter a value between 1 and 65535 The default value is 32768 Click on the Submit button EtherWAN Managed Switch Users Guide 123 Port Status Port rot Type SSC LACP Mose Ee Lat Timeout LACH Sync Dei e None None None None None None fel Non fe9 LACH 1 Active None i gel None None None None None None None None None None Figure 46 LACP Trunking Version 1 124 EtherWAN Managed Switch Users Guide Version 2 see Figure 47 To create a LACP trunk 1 2 Gei oN DO o P In the Trunk Configuration section select a port in the LACP trunk Select LACP from the Trunk Type dropdown box for this port Enter an admin key for this port in the Admin Key textbox 100Mbps ports admin keys must be between 1 6 and 1Gbps ports must be between 7 8 Select the LACP Mode to either Active or Passive Enter a value in the Port Priority textbox Select a Timeout value of Short o
203. rivial file transfer protocol TFTP server software is needed to update the switch firmware and to upload download configuration files to the switch Users not performing these tasks do not need TFTP software installed Several good TFTP servers are available for free online The server that will be used in this manual is TFTPD32 by Philippe Jounin e Web Browser Software The end user can employ any of the following web browsers during switch configuration Internet Explorer Firefox or Chrome Internet Explorer is the preferred browser for EtherWAN switch configuration If there is trouble with other browsers while attempting to program the switch Internet Explorer should be used EtherWAN Managed Switch Users Guide COMPUTER SETUP The end user s management computer may need to be reconfigured prior to connecting to the switch in order to access the switch s web interface through its default IP address See Default IP Management Methods and Protocols There are several methods that can be used to manage the switch This manual will show the details of configuring the switch using a web browser Each section will be followed by the CLI Command Line Interface commands needed to achieve the same results as described in that section The methods available to manage the EtherWAN Managed Switch include e SSH Secure Shell CLI that is accessible over TCP IP networks which and is generally regarded as the most secure method of remotel
204. rm Control scsi tet cha hate iaai ag A A GE e ag Ka e ab ak a gag GK tote leaned 103 Enabling Loopback Detect Global 104 Setting the Loopback Detect Action AEN 104 Setting the Loopback Detect Recovery Time ssesssssssserrnrersserrrerrrnrrsssrrrrne 104 Setting the Loopback Detect Polling Internal 105 Enabling Loopback Detect Port eegnen steggdt getrei esree t eege gea 105 Configuring SlONM DOLS E 106 Adding a MAC Address for Static MAC Entry Forwarding ceceeeeseeeeeeeees 110 Adding a MAC Address for Static MAC Entry Discarding ceeeeeeereeees 110 Configuring Port Mirroring oes nice dec eet ege 111 Enabling a Link State Tracking Group 111 Assigning a Port to a Link State Tracking Group 112 Setting PoE Power Budeet sust ges eehEEde ENER ER EEEEEEAEReEEEEEEAEE 112 POE sr OP SOHN Seo ss seed eaten Da aaa a Seem emer gala mc aaa E ag Dera NG apa Rees 113 POE SCS e ass octets aga ech das ated ag a aaa aka ag a bean ae doa da kaba aa aka 116 TRUNKING RE 119 OVEINIGW eet aa te E aa aa ea anan ota Oe see Ee 119 Static Channel Trunking saaenee aee anae aane nne anana anana anan nana ENEE 119 vi EtherWAN Managed Switch Users Guide Preface Link Aggregation Tute Bi e EE 119 EG EENEG a aa ks E oe hace EE 120 LACP TrUnkiINg sasa sana a De ak aaa A Sete ca a ga vs D a Ke D EEN Benang kak a te 123 Trunking Configuration Examples Using CLI Commande 127 Adding an Interface to a Static Trunk
205. rminal switch a config in Cep config if chain port enable switch al switch_a config if q a config q switch 170 EtherWAN Managed Switch Users Guide Usage Example 2 Disabling a chain port switch _a gt enable switch _a configure terminal switch a config fin Cep switch config if no chain port _a switch _a config if q a switch_a config q Configuring Chain Pass Through Ports o configure the Chain Pass Through Ports on a Chain Pass through Switch use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax chain pass through lt port 1 port 2 gt no chain pass through Usage Example 1 Enabling chain pass through switch _a gt enable switch _a configure terminal switch _a config chain pass through fe3 fe4 E switch _a config q switch a Usage Example 2 Disabling chain port pass through switch _a gt enable switch _a configure terminal E switch_a config no chain pass through E switch _a config q switch a EtherWAN Managed Switch Users Guide 171 STP RING PAGE ADVANCED SETTING To navigate to the STP Ring Advanced Setting page 1 Click on the next to STP Ring 2 Click on Advanced Setting Advanced Bridge Configuration The Advanced Setting Page contain several settings to determine how the switch will handle BPDU packets Bridge bpdu guard configuration When the BPDU
206. rotocols GG Bridge ID Designated Root Reg Root ID Root Port Root Path Cost Current Max Age sec Current Hello Time sec Current Forward Delay sec Topology Change Count Time Since Last Topology Change Spanning Tree Protocol Bridge Priority 0 61440 Hello Time 1 10 sec Max Age 6 40 sec Forward Delay 4 30 sec 100000e0b32103de 100000e0b32103de 100000e0b32103de 0 0 30 2 4 16 1 Fri Jan 1 20 01 56 2010 Enable v e Update Setting Figure 58 Max Age Hello Timer amp Forward Delay MSTP Properties Page Configuring an MSTP Region In order to form a MSTP Region the switches that will be connected together to form the MSTP Region must have the same values for the configuration parameters listed below Two of the parameters can be configured directly the third parameter Configuration Digest will be automatically calculated by the switch based on the VLAN to MSTI Multiple Spanning Tree Instance mapping The VLAN to MSTI instance mapping must be the same for all the switches within the same MSTP Region see MSTP Instance Setting Page e Region name e Revision level e Configuration Digest To navigate to the STP Ring MSTP Properties page 1 Click on the next to STP Ring 2 Click on MSTP Properties EtherWAN Managed Switch Users Guide 148 To configure both the MSTP Regional Configuration Name and the Revision Level for each of the switches located in the same
207. rt by issuing the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax set gvrp registration normal lt port id gt set gvrp registration forbidden lt port id gt Usage Example switch _a gt enable switch a configure terminal switch _a config set gvrp registration normal fel switch a config set gvrp registration forbidden fel switch a config q switch ai 266 EtherWAN Managed Switch Users Guide IGMP Snooping The settings in the IGMP Snooping feature of the EtherWAN switch controls how the switch forwards multicast packets General Overview The EtherWAN Managed Switch has been outfitted with the IGMP Snooping function in three modes e Disabled o The switch will forward all multicast packets according to the Forced Forwarding Port setting based on the following rule All multicast packets will be forwarded to only the port specified by either the PassiveForwardMode or the ForcedForwardMode function e Passive mode o The switch will forward any multicast packets that have known receivers to the known multicast receiver ports only The switch will forward any unknown multicast packets multicast packets without any known receivers according to the Forced Forwarding Port setting based on the following rule When there is no Querier Port a port that receives IGMP queries present all unknown multicast packets will be forwarded to the port specified by e
208. s with each port being a member of a single VLAN Since no ports are members of more than one VLAN the ports in different groups cannot communicate with each other EtherWAN K Management Switch VLAN Mode 2 Port Based VLAN H System Diagnostics VLAN VLAN VLAN DC Port 1 Switching Trunking CO STPRing EICH VLAN VLAN Mode Setting 02 10 VLAN Setting 02 10 Port Setting Port Based VLAN Qos ACL gt SNMP 8021X LLDP Others Protocols Figure 75 Port Based VLAN Example 1 177 EtherWAN Managed Switch Users Guide In the example below ports 1 through 6 are all on their own VLAN and cannot communicate with each other Port 7 and 8 are members of all 6 VLANS and therefore can communicate with all ports that are in any of the VLANs that they share membership with 2 EtherWAN E VLAN Mode 2 Port Based VLAN CH System Diagnostics Port ei Switching Trunking STPRing D VLAN VLAN Mode Setting 02 10 VLAN Setting 02 10 Port Setting Port Based VLAN Qos ACL SNMP S021K DO LLDP Others Protocols A s IO ks IO ort 2 ort 3 Port 4 ort 5 ort 6 oo Figure 76 Port Based VLAN
209. s can also be limited To do this enter the bandwidth amount that you want to allocate for the traffic in the text entry box under Police Rate 1 1000000Kbps see Figure 95 2 To allow certain amount of bursting in the traffic enter the maximum number of bytes that are allowed in a single continuous burst under Burst 1 20000 Bytes 211 EtherWAN Managed Switch Users Guide pama ema Patapan Attach Map to Policy Map Class Name Police Rate 1 1000000kbps Burst 1 20000 Bytes Access List Type e IP Class 3 50000 1 10000 2 Im Access List gt IP Access List Create 1 1 99 1300 1999 192 168 1224 0 0 0 31 Note Enter Mask in reverse like 0 0 0 255 Figure 95 Police Rate 3 Next please enter a name in the text entry box next to Policy Map Name for the new ACL Policy Map that you are currently creating and click on the submit button see Figure 96 ese Map SEN Attach Class Map to Policy Map Class Name DESTEIE st amma OOOO Aeien _____Padess ee ema aten REES inet a Figure 96 Policy Map Name 212 EtherWAN Managed Switch Users Guide Applying a Policy Map to a Port To apply an ACL Policy Map to a port just follow the instructions below 1 Select the correct ACL Policy Map from the drop down list next to Policy Map see Figure 97 2 Next check the boxes below Attach Class Map to Policy Map next to all the ports that you would like to apply this Policy Map to
210. sPhrase raue Qos ACL CO SNMP SNMP General Setting SNMP viiv2 SNMP v3 Figure 113 Privacy PassPhrase EtherWAN Managed Switch Users Guide 235 Deleting SNMP v3 Users from the switch 1 Goto SNMP gt SNMP v3 you should see a list of previously configured users Next click on the Delete User button See below Ka Management Switch System SNMPv3 Setting Add User Delete User SNMP Usas w pw mes Le SNMP Daa ro awh mas SNMP User i ro ooh lt i SNMP General Setting SNMP vi v2 SNMP v3 Figure 114 Delete User 2 Next select the user that you wish to delete from the drop down list next to Select User Name 3 Click on the Submit button See below oo EE EH DCH Port ELCH Switching CH Trunking BC STP Ring gt VLAN a Qs O ACL DO SNMP SNMP General Setting SNMP v1 v2 SNMP v3 Figure 115 Select User 236 EtherWAN Managed Switch Users Guide SNMP Configuration Examples Using CLI Commands For more information on CLI command usage see CLI Command Usage Enabling SNMP and configuring general settings To enable the SNMP feature of the switch and configure its general settings Description Location and Contact information you must use the below CLI commands for more information on CLI command usage and typographic conventions please click h
211. sable LE DP is sciicisssncccecstersndss3etvat ege aana nana anana anana eaaa ene 247 leien CR ut EE 247 Global TLV Setling aane eke eh eae Na ee eh eae eae 248 BE DP POMS SG MING Ss asana aaa a ten eleven aa na are aaa aa Ti ag ae a bag tem aaa ag aga eae 250 Enabling LLDP transmission for a specific Port 250 Enabling LLDP Reception for a Specific Port 250 ENabiing NOUNGANONS fen ge ipa ee dc dees tenets 250 CEDR Ee lee 252 LLDP ue 253 K EtherWAN Managed Switch Users Guide Preface LLDP Configuration Examples Using CLI Commande sssssseeseeeesseererrrnereseereree 254 Enable Disable LLDP ee Ee Ee ee Ee 254 LLDP Holdtime Multiple rt eh cxtereeas decvet ex cecpees detest anana anana anana seer eaaa nane 255 EEDP Transmitlntenval saga aaa na oa tbe EN 255 Enable Disable Global LLDP TUNe sk sanene eee a aana nenen a nana nana anana nne 256 Enabling LLDP Transmit on EE ege Eesen 257 Enabling LLDP Receive on a Port 257 Enabling LLDP Notify TER 258 Enabling Transmission of the Management IP 258 Enabling Specific TLV s on a Pott EES 259 Other Proto Col S si aniar iieiea aea aa aaa aaa iea NEE NEE aaa aaide Eai nen 260 EE 260 General a 261 Enabling the GVRP Protocol at the Global Level sssssssseseeseseeseesereereerererreeeee 262 Enabling the GVRP Protocol at the Port Level 263 GVRP Configuration Examples Using CLI Commande ssssssssrrrrrrrrrrrrnnnn 264 IGMP Snooping EE 267 Gene
212. sed VLAN mode traffic from different VLANs can be segregated from one another even after it travels to another switch This is done by tagging inserting information inside a packet a packet with the VLAN ID that the packet belongs to when the packet exits the switch The VLAN association rule for incoming packets in Tag based VLAN mode can either be based on the VLAN ID that is assigned to the port PVID when a packet enters the switch in the event when the packet does not contain a VLAN ID or it can be determined from the packet itself when the packet does contains a VLAN ID Configuring VLANs in Port Based VLAN Mode Enabling Port Based VLAN To navigate to the VLAN Mode Setting page 1 Click on the next to VLAN 2 Click on VLAN Mode Setting To enable Port Based VLAN on the switch 1 Select Port based VLAN from the dropdown box see below 2 Click on the Submit button 3 Save the configuration see the Save Configuration Page VLAN Mode Setting Port based VLAN Figure 74 Port Based VLAN 176 EtherWAN Managed Switch Users Guide Port Based VLAN Configuration Examples To navigate to the Port Based VLAN page 1 Click on the next to VLAN 2 Click on Port Based VLAN In Port Based VLAN mode you can configure a port to be a member for a single VLAN or multiple VLANs By default all the ports on the switch are all members of a single VLAN VLAN 1 below is an example on how to configure two groups of port
213. see Configuring the VLAN Egress outgoing Member Ports 6 Click on Submit button Repeat for all the VLANs that are needed 8 Save the configuration see the Save Configuration Page GEES OR TT VEANName Td CPU Pon BC EE EE Pp ae eee ee ee ee gt Cd PB Uta pe tag A AAN Figure 79 Add VLAN Page 182 EtherWAN Managed Switch Users Guide 802 1Q Tag Based VLAN Configuration Examples Using CLI Commands Configuring a 802 1Q VLAN To configure a 802 1Q VLAN on a switch use the following CLI commands for more information on CLI command usage see CLI Command Usage CLI CLI Command Mode VLAN Database Configuration Mode Command Syntax switchport portbase add vlan lt 1 16 gt vlan lt 1 4094 gt bridge 1 name VLAN NAME state enable Usage Example swi swi swi swi swi swi swi swi swi tch a gt enable tch a configure terminal tch_a config vlan database tch_a config vlan vlan 100 bridge 1 name Management state enable tch_a config vlan vlan 200 bridge 1 name Accounting state enable tch_a config vlan vlan 300 bridge 1 name Sales state enable tch_a config vlan q tch_a config q tch af Configuring an IP Address fora Management VLAN To configure the IP address for the management VLAN use the following CLI commands CLI CLI Command Mode Interface Configuration Mode Command Syntax ip address IP_ADDRESS PREFIX e g 10 0 0 1 24 Usage Example switch _a gt enab
214. see Setting the MAX Age Forward Delay and Hello Timer e Forward Delay Default is 15 sec Va Note Bridge Protocol Data Units BPDUs are frames that contain information about the Spanning tree protocol STP Switches send BPDUs using a unique MAC address from its origin port and a multicast address as destination MAC 01 80 C2 00 00 00 There are three kinds of BPDUs e Configuration BPDU used by Spanning Tree Protocol to provide information to all switches e TON Topology change tells about changes in the topology e TCA Topology change Acknowledgment confirm the reception of the TCN 130 EtherWAN Managed Switch Users Guide EtherWAN i Management Switch DICH System Diagnostics CH Port Switching eg Root ID Trunking oot Port CO STPRing oot Path Cost Global Configuration Current Max Age sec RSTP Port Setting Current Hello Time sec MSTP Properties H sec MSTP Instance Setting opology Change Count ESM ime Since Last Topology Change a Ring Setting Advanced Setting VLAN Qs Bridge Priority 0 61440 CO ACL Hello Time 1 10 sec DCH SNMP 1x Max Age 6 40 sec LLDP Forward Delay 4 30 sec Others Protocols STP Version a 00000e0b3 00000e0b3 07 07bc Bridge ID Designated Root w f uw w w o n n wj m ies to Tala JHE 5 g d 2 S y RK in in ER Lui Ln tw 0 ka CH un Jan 3 1 E
215. stem Name System Description System Capabilities Management Address LLDP General Settings Port VLAN ID LLDP Ports Settings PSS dati MAC PHY Configuration Status LLDP Neighbors Port And Protocol VLAN ID LLDP Statistics VLAN Name CH Others Protocols Protocol Identity Power Via MDI Link Aggregation Maximum Frame Size Update Setting Figure 120 LLDP Global Settings 249 EtherWAN Managed Switch Users Guide LLDP Ports Settings LLDP Ports Settings allows the individual ports on the switch to be configured for LLDP independently of one another Each port can be configured to transmit LLDP information receive LLDP information and notify via SNMP or Syslog if there are changes in the LLDP information received from neighboring devices To navigate to the LLDP Port Settings page 1 Click on the next to LLDP 4 Click on LLDP Ports Settings see Figure 121 Enabling LLDP transmission for a specific Port To enable the transmission of LLDP information for a specific port 1 Select Enable from the Drop Down box under the Transmit field for each port for which the transmission of LLDP information should be enabled 2 Click on the Submit button Enabling LLDP Reception for a specific Port To enable the reception of LLDP information for a specific port 1 Select Enable from the Drop Down box under the Receive field for each port for which the reception of LLDP information should be enabled 2 Click on the Sub
216. switch a 159 EtherWAN Managed Switch Users Guide Setting MSTI Priority To set the MSTI priority of a switch in a MSTP Region use the following CLI commands CLI Command Mode General Configuration Mode CLI Command Syntax bridge 1 instance lt 1 15 gt priority lt 0 61440 gt Usage Example switch _a gt enable switch _a configure terminal switch a config bridge 1 instance 1 priority 0 E switch _a config q switch a Modifying CIST Port Priority and Port Path Cost To modify the CIST Port Priority and CIST Port Path Cost on a switch use the below CLI commands CLI Command Mode Interface Configuration Mode port CLI Command Syntax bridge group 1 path cost lt 1 200000000 gt bridge group 1 priority lt 0 240 gt Usage Example switch _a gt enable switch a configure terminal switch a config interface fel switch _a config if bridge group 1 path cost 200000 switch _a config if bridge group 1 priority 128 switch _a config if q switch _a config q switch a 160 EtherWAN Managed Switch Users Guide To modify the MSTI Port Priority and MSTI Port Path Cost for an Instance on a switch please use the below CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax bridge group 1 instance lt 1 15 gt path cost lt 1 200000000 gt bridge group 1 instance lt 1 15 gt priority lt 0 240 gt Usage Example switch _a gt enable switch _a configure
217. t exceed action drop Usage Example switch switch switch switch switch switch switch switch switch switch switch switch switch switch switch _a gt enable _a configure terminal fig p fig pm fig pm fig pm fig pm fig pm fig pm fig pm fig pm fig pm fig pm fig q olicy map IP Policy 1 ap class IP Class 1 ap c police 50000 5000 exceed action drop ap c q ap class IP Class 2 ap c police 50000 5000 exceed action drop ap c q ap class IP Class 3 ap c police 50000 5000 exceed action drop ap c q ap q 226 EtherWAN Managed Switch Users Guide Appling an Existing ACL Policy to a Port To apply the ACL packet filtering features on a port you must have first created an ACL Policy already You can then use the CLI commands below to apply the existing ACL Policy to a port CLI Command Mode General Configuration Mode Interface Configuration Mode CLI Command Syntax interface lt Interface Name gt service policy input lt ACL Policy Name gt Usage Example switch _a gt enable switch a configure terminal switch a config interface fel switch _a config if service policy input IP Policy 1 switch a config if q switch a config q switch a Deleting an ACL Class You can use the CLI commands below to delete an existing ACL Class CLI Command Mode General Configuration Mode CLI Command Syntax no class m
218. t Jan 02 2010 00 57 05 04 57 41 Link down on Port 16 FC Switching At Jan 02 2010 00 57 08 04 57 44 Link up on Port 14 DO Trunking 9 At Jan 02 2010 00 57 09 04 57 45 Link down on Port 24 10 S leie At Jan 02 2010 00 57 12 04 57 49 Link up on Port 19 E VLAN Figure 15 System Log System log using CLI command For more information on CLI command usage see CLI Command Usage CLI Command Mode Exec Mode or Privileged Exec Mode CLI Command Syntax show system log Usage Example switch a tshow system log switch a q switch a 61 EtherWAN Managed Switch Users Guide Remote Logging To navigate to the Remote Logging page 1 Click on the next to Diagnostics 2 Click on Remote Logging Remote Logging to a Syslog server allows administrators to log important system and debugging information The Remote Logging configuration page allows reporting to a Syslog server to be enabled or disabled as well as management of a list of Syslog servers to report to see Figure 16 To configure the Remote Logging on the EtherWAN Managed Switch 1 Click on the Enable or Disable radio button under Remote Logging 2 Click on the Update Setting button To add a Syslog server 1 Enter the IP Address of the Syslog Server in the Syslog Server IP text box 2 Click on the Add Syslog Server button To delete a Syslog server from the list of servers currently on the switch 1 Select the Syslog ser
219. t be configured even if you are not configuring IGMP Querier mode For IGMP version 1 and 2 the membership registration timer used to time out the membership status on each port is based on these two parameters on the local switch These two parameters should configure to match that of the current active IGMP Querier The formula for the membership registration timer is 2 X query interval max response time Timeout period 270 EtherWAN Managed Switch Users Guide Configuring IGMP Querier Mode Specific properties To navigate to the IGMP Snooping page 1 Click on the next to Other Protocols 2 Click on IGMP Snooping To configure specific properties for IGMP Querier Mode follow the steps below see Figure 131 1 Inthe text box next to Query Interval enter a value between 10 and 18000 This value will represent the time interval in seconds between any two queries that the switch scents on to the network It is recommended that you use the default setting of 125 seconds that are according to the IGMP standard 2 Inthe text box next to Max Response Time enter a value between 1 and 240 This value represents the maximum time in seconds that a multicast client will have to respond to an IGMP query Any response received after this time will not be accepted by the Querier It is recommended that you use the default setting of 10 seconds according to the IGMP standard vd Management Switch System Diagnostics IGMP
220. tch a 115 EtherWAN Managed Switch Users Guide power priority Use this setting to set the priority to High Medium or Low To set the PoE power priority use the following CLI command CLI Command Mode Interface Configuration Mode CLI Command Syntax poe power priority lt high medium low gt Usage Example switch _a gt enable E switch a configure terminal switch a conf ig interface fel switch a conf ig if poe power priority medium ig if q switch a config fo E switch a con switch a PoE Scheduling PoE Scheduling allows PoE ports to have their power up time scheduled by hour of the day and day of the week scheduling To enable PoE Power Scheduling on a port use the following CLI command CLI Command Mode Interface Configuration Mode CLI Command Syntax poe scheduling enable To disable PoE scheduling on a port use the no poe enable command Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if poe scheduling enable switch a config if q switch a config q switch a 116 EtherWAN Managed Switch Users Guide schedule time To enable PoE Power Scheduling on a port use the following CLI command CLI Command Mode Interface Configuration Mode CLI Command Syntax poe schedule time lt day gt lt hour s gt Day 0 Sunday to 6 Saturday Hour 1 to 23 Multipl
221. tch s S E SE a Radius Server Global Setting DICH Port Update Setting HE Switching H Trunking STP Ring DICH VLAN ore Order Rade SeverI Pon Timeout Revansnit Key as Per meno fien s o sor DO 8021X Radius Configuration Delete Radius Port Authentication Figure 118 Resulting Radius Server Setup Enabling 802 1X on a Port After the 802 1X port based security is enabled globally you must enable it locally on the port To navigate to the 802 1X Port Authentication page 1 Click on the next to 802 1X 2 Click on Port Authentication To enable 802 1X on a port see Figure 119 1 Choose the desired port from the drop down list next to Interface to have the 802 1X feature applied to that port 2 Next make sure Enabled is selected from the drop down list next to Authentication State this will enable the 802 1X function on the previously selected port 3 Next make sure that the choice Auto is selected in the drop down list next to Port Control this will allow the port to use 802 1X to authentic the end station a If you choose to have the port to be always unauthorized or to be always authorized you can choose the appropriate choice in the drop down list 244 EtherWAN Managed Switch Users Guide 4 Next you can choose to have the end station to be re authenticated periodically To do this choose Enabled in the drop down list next to Periodic Re authentication
222. tchport trunk allowed vlan add 100 200 300 CLI Command Syntax switchport trunk native vian 1 Usage Example switch a gt enable switch a configure terminal switch a config interface fe7 switch a config if switchport mode trunk switchport trunk allowed vlan add 100 200 300 switchport trunk native vlan 1 switch a config if switch a config if switch a config if q switch a config q switch ai 185 EtherWAN Managed Switch Users Guide Add an IP to the Management VLAN To navigate to the System IP Address page 1 Click on the next to System 2 Click on IP Address To add an IP for a Management VLAN 1 Enter the IP address and subnet mask for the management VLAN 2 Click on the Submit button see below 3 Save the configuration see the Save Configuration Page VLANID ID TP Address Address IP Subnet Mask Subnet Mask mm 10 58 7 78 255 255 255 0 mm 192 168 100 12 255 255 255 0 Disable Y Apply amp Save Figure 80 Management VLAN IP Address To delete an IP from a VLAN the default VLAN for an example 1 Delete the IP and the subnet mask of the default VLAN and leave it as blank 2 Click on the Submit button A Warning Before completing the steps above make sure that you have already set up another management IP on another VLAN and have set up a port properly for accessing that VLAN 186 EtherWAN Managed Switch Users Guide Configuring the Port T
223. te aca area Dat TAA Sarre Dated ne Saeed Suen eaten E aga Da 60 SOY SUSI LOG EE 61 system log using CLI command aa aaaaa aee EENS EE AE SEENEN AEN 61 Eege e Ur e E 62 Remote Logging using CLI commande AA 64 e KEE 65 ARP Table using CLI Commands EE 66 Route Table ence el ek re de Ga ga daa aaa ae ce a aan aaa na aa gae aaa T 67 Route Table Using CLI Commands sanane e nenen anana tinadel anit ale eddie 67 Alarm SCAG aana aan ag aa cece sedate ees eee a occa ne iced a E nel eect ang 68 POf sasana aana anaa anana ga aaa gana aaa aana Ee nanang aaa ag NE Ga aaa aa GE a aa a E Aah 69 GOnfguratiOn s 5 EE EEE 69 Port StatUS a ra a ga aee ea DEE dae nega a aana beak we ean dite a a aga coke 71 Pale COMO saat aaa aba a tenet aa aa aaah alte aa a aaa Ge sa a ae he aa aa 72 eil Kee EE 73 Per Port VLAN PACH V eege Da Bag a sel Sele avec ed ate acta 74 EES 75 Port Configuration Examples Using CLI Commande 76 Setting the Port Description EE 76 Enable or Disable a EE 76 Setting the Port EE 77 Ale Ben dE 77 Enable or Disable Port FlowControl ssssssesseessesssnrrrnnrsssrrennrrnnrsserrrnernnnnesserenne 78 Display Port Status en aaa ta ya a aan NA a Kn e Pa Ng ga Eiaa aga 78 Setting a Ports Rate Control EE 78 Display a Ports RMON Statistics iccicccctssietiiccnte ceuns sheadieneadneecseheaauannaseauenederueuotees 79 WD eine 79 Setting MAC Port Security E 79 NL UD CN iale le aTe oor oe eh eee ea ate ee en eet ea ab aa aa
224. terminal switch a config interface fel switch _a config if bridge group 1 instance 1 path cost 20000 switch _a config if bridge group 1 instance 1 priority 128 switch _a config if q switch _a config q switch a Adding a Port to an MSTI Instance To add a port to a MSTI instance this port must be a member port of the VLAN that is mapped to the MSTI instance please use the below CLI commands CLI Command Mode Interface Configuration Mode CLI Command Syntax bridge group 1 instance lt 1 15 gt Usage Example switch _a gt enable switch _a configure terminal switch a config interface fel switch a config if bridge group 1 instance 1 switch a config if q E switch a config q switch a 161 EtherWAN Managed Switch Users Guide STP RING PAGE ALPHA RING Alpha Ring Setting Page To navigate to the STP Ring a Ring Settings page 1 Click on the next to STP Ring 2 Click on a Ring Setting EtherWAN a Ring Technology The a Ring protocol was designed and developed by EtherWAN to overcome traditional STP and RSTP s inability to provide fast network recovery and minimize packet loss caused by link failure Among the advantages of a Ring are e High speed Recovery Less than 15 milliseconds e Flexibility for Network Deployment Coexistence with STP RSTP and MSTP e Ring Coupling Smaller rings coupled together to increase network efficiency Implemen
225. the switch follow the steps below 1 Select the proper timezone from the dropdown list next to Time Zone 2 Click on the Update Setting button Setting the Polling Period To alter the polling period how often the NTP client checks the server for the correct time follow the steps below 1 Enter the new polling period in the Polling Interval textbox 2 Click on the Update Setting button 285 EtherWAN Managed Switch Users Guide Manually Syncing Time To set the time immediately using an NTP server follow the steps below 1 Enter the new polling period in the Polling Interval textbox 2 Click on the Sync Time button in the NTP Server field NTP Setting NTP Status Enable NTP Server R ae Ime e a nist gov 1 IP Address or Domain Name y Time Zone GMT 06 00 Central Time US amp Canada Current Time Thu Mar 27 12 42 43 CST 2014 Polling Interval 1 10080 min s Update Setting Figure 137 NTP Settings Daylight Savings Time Weekday Mode To adjust the switch s clock for Daylight Savings Time using the weekday mode follow the steps below 1 Select the option Weekday from the Daylight Saving Mode dropdown box 2 Enter the value for the time offset in the Time Set Offset textbox 3 Enter the name of the Daylight Saving Timezone 4 Inthe Weekday Box select the month week day hour and minute for both the from and to fields For example if Daylight Saving Time begins on the se
226. the text entry enter the VLAN number of a VLAN that is supported on all the switches in the Aloha Chain segment see Figure 69 Alpha Chain SettingFigure 69 2 Priority 0 255 default 128 The Chain Port switche s at the ends of an Alpha Chain segment will automatically determined which Chain Port switch should be forwarding and which should be blocking However if you should have a preference as to which Chain Port switch should be forwarding on the Alpha Chain segment then you can enter a priority number in the range of 0 255 in the text entry box to control if the local switch will be forwarding or blocking a Enter a number that is lower than the partner Chain Port switch s Priority setting if you want the local switch to be the forwarding Chain Port switch b Enter a number that is higher than the partner Chain Port switch s Priority setting if you want the partner Chain Port switch to be the forwarding switch 3 Timeout Count 3 255 default 5 Enter the number PDUs protocol data units that a Chain Port is allowed to miss into the text entry box a The Alpha Chain protocol works by sending PDUs between two Chain Ports to determine the forwarding and blocking status of each the two Chain Ports at the end points of an Aloha Chain Segment One PDU is sent every 200 milliseconds You can configure the number PDUs that a Chain Port is allowed to miss before the port determines a link failure has occurred 4 Storm Con
227. thorization for the user from the drop down list next to Access Mode See Figure 111 S our ie J Access Mode Read Only Po jacy PassPhrase io pf suit ACL SO SNMP SE General Setting SNMP viiv SNMP v3 Figure 111 User name amp Access Mode 234 EtherWAN Managed Switch Users Guide Next if authentication is required for this user and you have chosen an authentication protocol then the text entry box next to Auth Password will have been enabled Enter a password for this user inside this text entry box See Figure 112 Ya Management Switch SNMP V3 S CH System SNMP V3 Setting i Dapa SNMP Version SNMPv3 Auth MD5 e O Port User Name SNMP_User_2 Switching Access Mode Read Only Trunking STPRing Auth Password User2 ag an ACL OO SNMP SNMP General Setting SNMP vie SNMP v3 Figure 112 Auth Password Next if both authentication and privacy are required for this user and you have chosen both an authentication and privacy protocol then the text entry box next to Privacy PassPhrase will have been enabled Enter a pass phrase inside this text entry box as part of the key used to encrypt the protocol message for this user See Figure 113 Management Switch S K ag SNMP V3 Setting Diagnostics SNMP Version SNMPv3 Priv Auth MD5 e O ses Trunking STPRing Auth Password User3 WAN Privacy Pas
228. ting a Simple a Ring 1 Change the Ring State to Enabled 2 Click on the Update Setting button Next the ports that will be used to connect this switch to the a Ring need to be assigned to provide the connection redundancy see Figure 67 1 Change Ring Port 1 to the port you will be using for the first redundant connection 2 Change Ring Port 2 to the port you will be using for the second redundant connection 3 Click on the Update Setting button 4 Save the configuration see the Save Configuration Page 162 EtherWAN Managed Switch Users Guide 3 a www etherwan com E EtherWAN Ba 4 Gy Management Switch Diagnostics H Port a seta Spa Trunking FORWARD BLOCK alii Global Configuration RSTP Port Setting SE MSTP Instance Setting MSTP Port Setting i Ring Coupling Port 1 Ring Coupling Port 2 a Ring Setting a zb 4 e Adon seing ng Coping Pon S DOWN DOWN DCH VLAN GER DCH ACL Figure 67 a Ring Settings 163 EtherWAN Managed Switch Users Guide Connecting two a Ring Networks together To navigate to the STP Ring a Ring Settings page 1 Click on the next to STP Ring 2 Click on a Ring Setting As additional switches are added to a network it may become necessary to connect multiple a Ring networks together This is called Ring coupling and uses two additional Ethernet ports on the switch To setup Ring coupling see
229. to all the ports of the switch To modify the default behavior and to control how the switch will forward unknown multicast packets when the switch is in IGMP Snooping Disabled mode 1 Select either the PassiveForwardMode or the ForceForwardMode radio button 2 Make sure that only the ports that you would like to have the unknown multicast packets to be forwarded to have a check mark next to it 3 Then click on the Update Setting button TA Passive Mode Forwarding Port _ Passive Mode Forwarding fen HO 8021X 1 HERR 8 9 10 11 12 13 14 one SISISTSISTSISTSTSTSISTEISIST 15 16 17 18 19 20 21 22 23 24 25 26 27 28 gei RISISISISISISTSISISISISISIST Note If IGMP snooping is passive mode and router port was not learned switch will forward unknown multicast packet to passive mode forwarding port PassiveForwardMode ForceForwardMode IGMP Snooping NIP GMRP DHCP Server UDLD Update Setting Figure 132 Disabled Mode Forwarding Port 272 EtherWAN Managed Switch Users Guide Passive Mode Forwarding Port Configuration You can control how the switch forwards unknown multicast packets under IGMP Passive mode in two different conditions e When there is no IGMP Querier port a port that receives IGMP queries present e When an IGMP Querier port is present or when no IGMP Querier port is present To configure how the switch forwards unknown multicast packets when the switch is in I
230. trol broadcast and multicast Choose Disable or Enable from the dropdown list a Warning When this option is enabled all the ports on the switch will have the Storm Control feature automatically enabled 5 Click on the Submit button to load the changes into the running configuration 166 EtherWAN Managed Switch Users Guide Global Setting VLAN 1 4094 default 1 imeout Count 3 255 default 5 Ss torm Control broadcast and multicast Figure 69 Alpha Chain Setting Configuring the Alpha Chain Ports 1 Check th e check box next to the port number of the ports that you want to be configured as a Chain Port see Figure 70 2 Click on the Submit button to load the changes into the running configuration j a Ce o WA mla Wi co a a us a D Air Figure 70 Chain Ports Master and Slave on one Switch 167 EtherWAN Managed Switch Users Guide None Figure 71 Chain Ports Master Chain Port 168 EtherWAN Managed Switch Users Guide Alpha Chain Pass Through Ports To navigate to the Chain Pass Through Setting page 1 Click on the next to STP Ring 2 Click on Chain Pass Through Setting To configure the Alpha Chain Pass Through ports 1 From the drop down list below the Chain Pass Through Port 1 heading choose one of the daisy chained ports on the switch to be the Chain Pass Through Port 1 for the switch 2 Next from the drop down list b
231. ttings on this page Static IP see Simple IP Addressing DHCP Client Use this to enable or disable DHCP on a VLAN To enable the DHCP Client 1 Use the drop down box to enable the DHCP client on a particular VLAN 2 Click the Submit Button Default Gateway If DHCP is enabled the gateway setting is controlled by the DHCP server The setting will be grayed out and the gateway supplied by the DHCP server will be displayed The default gateway setting can be used when using a Static IP address To enable the default gateway 1 Use the dropdown box to enable the default gateway 2 Type in the default gateway in the Default Gateway text box 3 Click on the Apply amp Save button DNS Server If DHCP is enabled the DNS Server setting is controlled by the DHCP server The setting will be grayed out and the DNS Server supplied by the DHCP server will be displayed The DNS Server setting can be used when using a Static IP address To enable the DNS Server 1 Use the dropdown box to enable the DNS Server 2 Type in the default gateway in the Default Gateway text box 3 Click on the Submit button Note After making changes to settings in the IP address section the configuration needs to be saved using the System Save configuration page See Save Configuration 30 EtherWAN Managed Switch Users Guide Le kadha 2 EtherWAN GE Static IP IP Subnet Mask Subnet Mask 10 58 7 78 255 255 255 0 Enable v Apply amp S
232. ttings section the current port mirroring configuration should be displayed 2 Click on the Delete button Figure 37 Disabling Port Mirroring 94 EtherWAN Managed Switch Users Guide Link State Tracking Link state tracking binds the link state of multiple interfaces Link state tracking provides redundancy in the network when used with server network interface card NIC adapter teaming or bonding When the server network adapters are configured in a primary or secondary relationship known as teaming and the link is lost on the primary interface connectivity transparently changes to the secondary interface To navigate to the Link State Tracking menu 1 Click on the next to Switching 2 Click on Link State Tracking Enable Disable Link State Tracking To enable Link State Tracking for a particular group on the EtherWAN Managed Switch see Figure 38 1 Under Group Setting click the check box of the Link State groups that are to be enabled or disabled 2 Click on Update Setting Link State Tracking Setting Group Setting comme Enable Figure 38 Link State Tracking Port Settings To configure individual ports for a Link State group on the EtherWAN Managed Switch see Figure 39 1 Under Port Setting select the Link State Group that the port will belong to from the Group drop down box 95 EtherWAN Managed Switch Users Guide 2 Select if the port is upstream or downstream from the Up Down Str
233. ver from the Drop down box Syslog Server IP List 192 168 1 12 192 168 1 11 192 168 1 12 192 168 1 13 2 Click on the Delete Syslog Server button Slog Sener PE 62 EtherWAN Managed Switch Users Guide 4 a Management Switch System i E E Gc eee FE La EtherWAN CH Diagnostics Utilization i System Log Remote Logging ARP Table Route Table Port Switching Trunking CO STPRing VLAN Enable Disable Update Setting i TO Add Syslog Server Syslog Server IP List 192 168 1 11 Delete Syslog Server Figure 16 Remote Logging Page EtherWAN Managed Switch Users Guide 63 Remote Logging using CLI commands For more information on CLI command usage see CLI Command Usage Enable Disable Remote Logging CLI Command Mode General Configuration Mode CLI Command Syntax remote log enable no remote log enable Usage Example 1 Enable Remote Logging switch _a gt enable switch _a remote log enable switch a d switch ai Usage Example 2 Disable Remote Logging switch _a gt enable switch a no remote log enable switch a q switch a Add Delete a Remote Logging Host CLI Command Mode General Configuration Mode CLI Command Syntax remote log add lt ip_address gt remote log del lt ip_address gt remote log del all Usage Example 1 Add a Remote Logging Host switch _a gt enable switch _a remote log add 192 168 1 100 switch
234. wish to apply this application select the Disable option from the drop down list under the GMRP Forward All column e Click on the Update Setting button If you do not wish to transmit any multicast packets on a port based on the received GMRP multicast group registrations on that port but would like to receive multicast packets that belong to the currently registered multicast groups on the switch on that port configure the items listed below e For each port that you wish to apply this application select the Enable option from the drop down list under the GMRP column e For each port that you wish to apply this application select the Forbidden option from the drop down list under the GMRP Registration column e For each port that you wish to apply this application select the Disable option from the drop down list under the GMRP Forward All column e Click on the Update Setting button If you wish to transmit all the multicast packets that belong to all the currently registered multicast groups on the switch on a port configure the items listed below e For each port that you wish to apply this application select the Enable option from the drop down list under the GMRP column 295 EtherWAN Managed Switch Users Guide e For each port that you wish to apply this application select the appropriate option from the drop down list under the GMRP Registration column according to the previous instructions e For each port t
235. wn list next to Link Down Trap This will allow or stop the switch from sending a trap to the identified trap community groups when any port on the switch moves from the link up state to the link down state Enable or disable the link up trap by selecting the appropriate choice from the drop down list next Link Up Trap This will allow or stop the switch from sending a trap to the identified trap community groups when any port on the switch moves from the link down state to the link up state Enable or disable the MAC notification trap by selecting the appropriate choice from the drop down list next to MAC Notification Trap This will allow or stop the switch from sending a trap to the identified trap community groups anytime there is a change in the MAC table on certain selected ports of the switch Set the interval between the MAC notification traps that you want the switch to send by entering the interval in number of seconds from 1 to 65535 into the text entry box next to MAC Notification Interval 1 to 65535 seconds Set the size of the MAC notification history table by entering the total number of records from 1 to 500 that the switch will keep for user to review at any one time into the text entry box next to MAC Notification History Size 1 to 500 Select which ports on the switch for which traps should be sent when there is a new MAC address added to the MAC table for the port by checking the appropriate check boxes fo
236. y accessing a device e Telnet is like SSH in that it allows a CLI to be established across a TCP IP network but it does not encrypt the data stream e HTTP Hypertext Transfer Protocol is the most popular switch management protocol involving the use of a web browser e RS232 The EtherWAN Managed Switch is equipped with a RS232 serial port that can be used to access the switches CLI The Serial port is DCE DB9F A straight through serial cable is used to connect to a typical computer serial port 20 EtherWAN Managed Switch Users Guide Default IP The switch s default IP address is 192 168 1 10 The user will need to modify the management computer so that it is on the same network as the switch For example the user could change the IP address of the management computer to 192 168 1 100 with a subnet mask of 255 255 255 0 Login Process and Default Credentials Once a compatible IP address has been assigned to the management computer the user is ready to log in to the switch To log in type the URL http 192 168 1 10 into the address field of the browser and hit return The following will appear in the browser window See Figure 1 e The Default Login is root case sensitive e There is no password by default e Enter the login name and click the Login button 1 Enter root for the login name 2 Leave the password field blank 3 Click the Login button Figure 1 Login screen 21 EtherWAN Managed
237. ype and the PVID setting To navigate to the 802 1Q Port Setting page 1 Click on the next to VLAN 2 Click on 802 1Q Port Setting To configure the proper port type and the PVID setting for each switch port 1 aS P N Choose the port type for each port in the drop down list see General Overview for port type details Enter the PVID VLAN for each port see below Enter the Priority Level optional Click on the Update Setting button Save the configuration see the Save Configuration Page A Warning Modifying the Port Type using the Web GUI will cause that switch port to lose all its current VLAN membership and become a member port for the PVID VLAN only You will lose your current connection to the switch should you choose to modify the PVID of the port that connects your Computer to the switch Ether WAN vi Management Segch ic System EE CM sam HE Sandang Access v SCH SNMP SCH MX SCH LLDP HC Others Protocols Update Setting Figure 81 VLAN Port Setting 187 EtherWAN Managed Switch Users Guide Configuring the VLAN Egress outgoing Member Ports To navigate to the 802 1Q VLAN Setting page 1 Click on the next to VLAN 2 Click on 802 1Q VLAN Setting To configure the egress member ports for each VLAN 1 Click on the VLAN link that you want to configure see below WE VLAN Mode 1 Tag Based VLAN SCH System E PO Pt H Switchin
Download Pdf Manuals
Related Search