- Connection Technology Systems
Contents
1. DHCP Opt82 Relay Agent To enable or disable DHCP Option 82 Relay Agent Global setting When enabled Relay Agent Information option is inserted by the DHCP relay agent when forwarding client originated DHCP packets to a DHCP server Servers recognizing the Relay Agent Information option may use the Information to implement IP address or other parameter assignment policies Switch or Router as the DHCP relay agent intercepting the DHCP requests appends the circuit ID remote ID into the option 82 fields and forwards the request message to DHCP server Opt82 Port By default all ports port 1 24 are Opt82 enabled ports Enable V Add Agent information Disable Forward 151 Configure Opt82 Trust Port Setting Opt82 Trust Port Lok cancer Cancel Opt82 Trust Port Select V if you would like ports to become trust ports The trusted ports will not discard DHCP messages For example DHCP Opt82 Settings Hvil viv Hvi iy Current Remote ID A DHCP request is from Port 1 that is marked as both Opt82 port and trust port A Ifa DHCP request is with Opt82 Agent information and then the Managed Switch will forward it B If a DHCP request is without Opt82 Agent information and then the Managed Switch will add Opt82 Agent information and forward it 152 A DHCP request is from P2. Command Parameter Description Switch firmware A B C D Enter the IP address of your FTP server upgrade ftp file name Enter the firmware file name that you want to A B C D upgrade file_name user_name Enter the username for FTP server login user_name password password Enter the password for FTP server login Switch firmware A B C D Enter the IP address of your TFTP server upgrade tftp EE Ile name Enter the firmware file name that you want to Ile name upgrade Switch firmware upgrade ftp 192 168 1 198 HS 0600_file bin edgeswitch10 abcxyz Switch firmware upgrade tftp 192 168 1 198 HS 0600 file bin 2 5 3 Ping Command Command Parameter Description Switch ping A B C D Enter the IP address that you would like to ping A B C D s size s size Enter the packet size that would be sent The r repeat t timeout allowable packet size is from 8 to 4000 bytes optional r repeat Enter the number of times that ping packets are sent The allowable repeat number is from 1 to 99 optional t timeout Enter the timeout value when the specified IP address is not reachable optional Switch gt ping 127 0 0 1 s 128 r 5 t 10 2 5 4 Reload Command To restart the Managed Switch enter the reload command Command Example Switch reload 2 5 5 Write Command To save running configurations to startup configurations enter the write c
3. Step 3 Connect your clients to the Managed Switch After you complete Step 1 amp 2 connect your clients to the Managed Switch Your clients will send a DHCP Request out to DHCP Server soon after they receive a DHCP offer When 156 DCHP Server responds with a DHCP ACK message that contains lease duration and other configuration information the IP configuration process is complete If you connect clients to the Managed Switch before you complete Step 1 amp 2 please disconnect your clients and then connect your clients to the Managed Switch again to enable them to initiate conversations with DHCP server 4 4 14 6 Storm Control Select the option Storm Control from the Security Configuration menu to set up storm control parameters for ports and then the following screen page appears Storm Control Unknown Unicast Rate Off pps When a device on the network is malfunctioning or application programs are not well designed or properly configured broadcast storms may occur which eventually degrades network performance and even worse cause a complete halt The network can be protected from broadcast storms by setting a threshold for broadcast traffic for each port Any broadcast packet exceeding the specified threshold will then be dropped see Anti broadcast Configuration Three options of frame traffic are provided to allow users to enable or disable the storm control Unknown Unicast Rate
4. Switch config user NAME no level Show command Switch config show user name Reset access level privilege back to the factory default access denied List all user accounts Switch config show user name user_name user_name Show the specific account s information Switch config user NAME show User command example Switch config user name miseric Show or verify the newly created user account s information Create a new login account miseric Switch config user miseric description misengineer Add a description to this new account miseric Switch config user miseric password mis2256i Set up a password for this new account miseric Switch config user miseric ip security Enable IP security function Switch config user miseric ip address 192 180 10 3 Set IP address for IP security function to 192 180 10 3 Switch config user miseric level rw Set this user account s privilege level to read and write 2 Configure RADIUS server settings No command Switch config no user radius User command Parameter Description Switch config user radius Enable RADIUS authentication Switch config user radius 1025 Specify RADIUS server port number radius port 1025 65535 65535 Switch config user radius 0 2 Specify the retry value This is the number of ret
5. Preamble SFD DA SA Type LEN PAYLOAD FCS Original frame Preamble SFD DA SA ee emp Tupel EN PAYLOAD Fcs 17 SG PRE Preamble 62 bits Used to synchronize traffic SFD Start Frame Delimiter 2 bits Marks the beginning of the header DA Destination Address 6 bytes The MAC address of the destination SA Source Address 6 bytes The MAC address of the source TCI Tag Control Info 2 bytes set to 8100 for 802 1p and Q tags P Priority 3 bits Indicates 802 1p priority level 0 7 C Canonical Indicator 1 bit Indicates if the MAC addresses are in Canonical format Ethernet set to 0 VID VLAN Identifier 12 bits Indicates the VLAN 0 4095 T L Type Length Field 2 bytes Ethernet II type or 802 3 length Payload lt or 1500 bytes User data FCS Frame Check Sequence 4 bytes Cyclical Redundancy Check Important VLAN Concepts for 802 1Q VLAN Configuration There are two key concepts to understand The Default Port VLAN ID PVID specifies the VID to the switch port that will assign the VID to untagged traffic from that port The VLAN ID VID specifies the set of VLAN that a given port is allowed to receive and send labeled packets Both variables can be assigned to a switch port but there are significant differences between them An administrator can only assign one PVID to each switch port since the 802 1Q protocol assigns any single packet to just one VLAN The PVID defines the default VLAN ID tag that will be added to un t
6. Remarking command Parameter Description Switch config oos remarking dscp 0 7 queue_list Specify a queue value 0 7 queue_list 0 63 0 63 Specify a DSCP value Switch config qos remarking 0 7 queue_list Specify a queue value 802 1p 0 7 queue_list 0 7 0 7 Specify a 802 1p priority value No command Switch config no qos remarking 0 7 queue_list Remove DSCP and queue dscp 0 7 queue _list mapping Switch config no qos remarking 0 7 queue_list Remove 802 1p and queue 802 1p 0 7 queue _list mapping Show command Switch config show qos interface port_list Show or verify the selected port_list ports QoS configurations Switch config show oos remarking Show or verify remarking settings 3 Use interface command to configure a group of ports QoS settings QoS amp Interface command Parameter Switch config interface port_list port_list Description Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT 0 7 or low qos default class 0 7 or low normal normal medium high medium high Specify the selected interfaces default queue Switch config if PORT PORT weight qos queuing mode weight Specify egress mode as weight queuing mode The default queuing mode is strict weight W
7. Switch config if 1 3 channel group lacp type active Set the selected interfaces to active LACP type 2 6 8 Loop Detection Command vlan id 1 4094 No command Switch config no loop detection Command Parameter Description Switch config loop detection Enable Loop Detection function Switch config loop detection 0 180 Set up Loop Detection time interval interval 1 180 from 1 to 180 seconds Switch config loop detection 1 1440 Set up Loop Detection unlock time unlock interval 1 1440 interval fromo 1440 minutes Switch config loop detection 1 4094 Set up Loop Dtection VLAN ID Disable Loop Detection function Switch config no loop detection interval Reset Loop Detection time interval to default setting Switch config no loop detection unlock interval Reset Loop Detection unlock time interval to default setting Switch config no loop detection vian id Show command Switch config show loop detection Reset Loop Detection unlock time interval to default setting Show Loop Detection settings Switch config show loop detection status port_list port_list Loop Detection command example Switch config loop detection interval 60 Show Loop Detection status of the ports Set the Loop Detection time interval to 60 seconds Switch config loop detection unlock interval 120 Set the Loop Detection unlock time i
8. Disable DHCP Option 82 Relay Agent 50 Show command Switch config show ip address Show the current IP configurations or verify the configured IP settings Switch config show ip dhcp snooping Show each interface s DHCP Snooping settings Switch config show ip dhcp snooping interface Show each port s DHCP Snooping Option 82 and trust port settings Switch config show ip dhcp snooping interface port_list port_list Show the specific ports DHCP Snooping Option 82 and trust port settings Switch config show ip dhcp snooping status IP DHCP Snooping example Switch config ip dhcp snooping Show DHCP Snooping status Enable DHCP snooping function Switch config ip dhcp snooping dhcp server port_list Configure DHCP server trust ports Switch config ip dhcp snooping initiated 10 Specify the time value that packets might be received to 10 seconds Switch config ip dhcp snooping leased 240 Specify packets expired time to 240 seconds Switch config ip dhcp snooping option Enable DHCP Option 82 Relay Agent 3 Use Interface command to configure a group of ports DHCP Snooping settings DHCP amp Interface Command Switch config interface port_list Parameter port_list Description Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or
9. Ip ttl Specify IP TTL bit any Specify any to denote the value which is either zero or not zero 0 Specify 0 to indicate that the TTL filed in IPv4 header is 0 4 If the value in TTL field is not 0 use 1 to indicate that ip_ fragment Specify IP fragment bit any Specify any to denote the value which is either 0 or not 0 0 Specify 0 to indicate that the fragment filed in IPv4 header is 0 4 If the value in TTL field is not 0 use 1 to indicate that 36 Ip option Specify IP option bit any Specify any to denote the value which is either 0 or not 0 4 Specify 1 to indicate that the IPv4 header is bigger than 5 bytes 0 Specify 0 to indicate that the IPv4 is 5 bytes tcp_fin Specify 0 to indicate that the FIN value in TCP header is zero 1 to indicate the FIN value in TCP header is one Specify any to indicate that the value is either 1 or 0 tcp_syn Specify O to indicate that the SYN value in TCP header is zero 1 to indicate the SYN value in TCP header is one Specify any to indicate that the value either 1 or 0 tcp_rst Specify 0 to indicate that the RST value in TCP header is zero 1 to indicate the RST value in TCP header is one Specify any to indicate that the value is either
10. MAC addresses learned by the Managed Switch Switch config show mac address table clear Clear MAC address table address table mac mac_addr Switch config show mac port_list Show MAC addresses learned by the address table interface specified interfaces port_list Switch config show mac mac_addr Show the specific MAC address information Switch config show mac learning Show MAC learning setting of each interface Switch config show mac static mac Show static MAC address table Switch config show mac aging time MAC command example 200 Switch config mac address table aging time Show current MAC address table aging time or verify currently configured aging time Set MAC address aging time to 200 seconds Use Interface command to configure a group of ports MAC Table settings MAC amp Interface command Switch config interface port_list Parameter port_list Description Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT mac address table Static mac Xx XX XX XX XX XXx XX XX XX XX XX XX Create a MAC address to VLAN entry Specify a MAC address 59 vlan 1 4094 1 4094 Specify the VLAN where the packets with the Destination MAC address can be forwarded Switch config if PORT Enable
11. Medium or High The default class level of each port is Low 131 Configure OCL QoS Port Configuration Cancel A QCL number is assigned to each port based on the information in the QCL table Please refer to QoS Control List for QCL settings Configure User Priority QoS Port Configuration There are eight priority levels that you can choose to classify data packets Choose one of the listed options from the pull down menu for CoS Class of Service priority tag values The default value is 0 The default 802 1p settings are shown in the following table Priority Level normal low low normal medium Medium High high 802 1p Value 0 1 2 3 4 5 6 7 132 Configure Queuing Mode QoS Port Configuration a Ee i Strict v strict J ng x Strict el me ell Strict el N GC Di N d There are two different queuing modes Strict This indicates that services to the egress queues are offered in the sequential order and all traffic with higher priority queues is transmitted first before lower priority queues are serviced Weight Weighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for queues 1 through 4 respectively Co
12. Switch config no ntp syn interval Set the synchronization interval back to the default setting Switch config no ntp time zone Show command Switch config show ntp NTP command example Switch config ntp Set the time zone setting back to the default Show or verify current time server settings Enable the Managed Switch to synchronize the clock with a time server Switch config ntp daylight saving Enable the daylight saving function Switch config ntp offset 1 Offset 1 hour for daylight saving function Switch config ntp server1 192 180 0 12 Set the primary time server IP address to 192 180 0 12 Switch config ntp server2 192 180 0 13 Set the secondary time server IP address to 192 180 0 12 Switch config ntp syn interval 6000 Set the synchronization interval to 6000 minutes Switch config ntp time zone 4 Set the time zone to GMT 8 00 Vancouver 2 6 17 QoS Command 1 Set up QoS Control List QCL QCL command Parameter Description Switch config qos qcl 1 24 1 24 Create a QoS control list for traffic classification Switch config qcl LIST dscp 0 0 63 Specify a DSCP value between 63 low normal medium high 0 and 63 low normal Specify one priority level to medium high classify data packets Switch config qcl LIST ether type OxWXYZ Specify the ether type for this Ox
13. 3 Configure Port Reauthenticate Set up Physical ability and edge status of port 4 4 5 1 Configure System Click the option Configure System from the 802 1X Configuration folder and then the following screen page appears Configure System RADIUS IP 0 0 0 0 RADIUS Secret PEE Munem sient Disabled v Reauthentication Period Sec 1 3600 EAP Timeout Sec 1 255 Mode Enable or disable 802 1X on the Managed Switch When enabled the Managed Switch acts as a proxy between the 802 1 X enabled client and the authentication server In other words the Managed Switch requests identifying information from the client verifies that information with the authentication server and relays the response to the client RADIUS IP Specify RADIUS Authentication server address RADIUS Secret The identification number assigned to each RADIUS authentication server with which the client shares a secret Reauthentication Enabled Enable or disable Reauthentication Reauthentication Period Specify a period of authentication time that a client authenticates with the authentication server EAP Timeout Specify the time value in seconds that the Managed Switch will wait for a response from the authentication server to an authentication request 119 4 4 5 2 Configure Port Admin State Click the option Configure Port Admin State from the 802 1X Configuration menu and then the following screen page appears Configur
14. Disab Disab Disab Disab 102 State Enable or disable the function of sending trap to the specified destination Destination Enter the specific IP address of the network management system that will receive the trap Community Enter the community name of the network management system 4 3 7 Trap Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears Trap Configuration Cold Start Trap Enabled v Warm Start Trap Enabled ze EU EERE Enabled Port Link Up Down Trap Enabled v Broadcast Storm Trap Disabled Upper Limit Packets Sec System Power Down Trap 1st Destination Only Enabled wl Case Fan Trap Enabled se SFP Abnormality Trap Enabled v Anti Beast Trap Enabled ze Cold Start Trap Enable or disable the Managed Switch to send a trap when the Managed Switch is turned on Warm Start Trap Enable or disable the Managed Switch to send a trap when the Managed Switch restarts Authentication Failure Trap Enable or disable the Managed Switch to send authentication failure trap after any unauthorized users attempt to login Port Link Up Down Trap Enable or disable the Managed Switch to send port link up link down trap Broadcast Storm Trap Enable or disable broadcast storm trap sending from the Managed Switch when broadcast packets reach the upper limit
15. Show or verify MVR group settings 62 2 6 16 NTP Command Command Switch config ntp Parameter Description Enable the Managed Switch to synchronize the clock with a time server Switch config ntp daylight saving Enable the daylight saving function Switch config ntp offset 1 2 1 2 Offset 1 hour or 2 hours for daylight saving function Switch config ntp server A B C D Specify the primary time server IP A B C D address Switch config ntp server2 A B C D Specify the secondary time server IP A B C D address Switch config ntp syn interval 1 99999 Specify the interval time to synchronize 1 99999 from NTP time server The allowable value is between 1 and 99999 minutes Switch config ntp time zone 0 0 146 Specify the time zone that the Managed 146 No command Switch config no ntp Switch belongs to Use space and a question mark to view the complete code list of 147 time zones For example Switch config ntp time zone Disable the Managed Switch to synchronize the clock with a time server Switch config no ntp daylight saving Disable the daylight saving function Switch config no ntp offset Set the offset value back to the default setting Switch config no ntp server1 Delete the primary time server IP address Switch config no ntp server2 Delete the primary time server IP address
16. Upper Limit Maximum broadcast packets number per second The broadcast storm trap will be sent when the Managed Switch exceeds the specified limit System Power Down Trap Send a trap notice while the Managed Switch is power down 103 Case Fan Trap Enable or disable the Managed Switch to send a trap when the fan is not working or fails SFP Abnormality Trap Enable or disable the Managed Switch to send SFP abnormality trap Anti Bcast Trap Enable or disable the Managed Switch to send anti broadcast trap when broadcast packets exceed the specified threshold value 4 3 8 Mal attempt Log Configuration Click the option Trap Configuration from the Network Management menu and then the following screen page appears Mal attempt Log Configuration Log Server Disabled v SKIL EITE Disable Log Geroer 1 7 0 0 0 0 Log Geroer ID 3 0 0 0 0 metered 0 0 0 0 When DHCP Snooping filters unauthorized DHCP packets on the network the Mal attempt log will allow the Managed Switch to send event notification messages to Log server Log Server Enable or disable Mal attempt log function SNTP Status View only field that shows the SNTP server status Log Server IP 1 Specify the default Log server IP address Log Server IP 2 Specify the second Log server IP address When the default Log Server is down the Managed Switch will automatically contact the second or third Log server Log Server IP 3 Specify the third L
17. e x S S 2 Disable Customize Stop Restart Help The dhcpd service is started once usually when the system is booted runs in the background and wakes up when needed This service is running Description dhcpd provides the Dynamic Host Configuration Protocol DHCP server 1 Choose dhcpd 2 Enable DHCP service 3 Start running DHCP service NOTE DHCP service can also be enabled using CLI Issue dhcpd command to enable DHCP service 198 Troot localhost File Edit View Terminal Help R root localhost dhcp Step 3 Modify dhcpd conf File Open dhcpd conf file in etc dhcp directory File Edit View Go Bookmarks Tabs Help 2 as d e 100 amp Icon view Zs Places alte ddns met D E Desktop dhclient d dhcpd conf dhcpd6 conf J File system Network LO Floppy Drive E Tash EJ Applications Places system E Z aa Documents r3 E Music Die Edit View Search Tools Documents Help Pictures 9 open v Gave 3 P AA SH e F Link to dhcpd conf 2 dhcpd conf X Downloads allow bootp ddns update style ad hoc autol png SeeseeseestesHRseRseEsHRsHANOEXseesesssesHEsEReHESERsHR ERASE eeeee start dhcp server command is dhcpdesessersereereesaes sees stop dhcp server command is killall dhcpdesssesseweun subnet 192 168 0 0 netmask 255 255 255 0 range 192 168 6 21 192 168 6 100 option b
18. status port_list Interface command example Switch config interface 1 3 Enter port 1 to port 3 s interface mode Switch config if 1 3 auto negotiation Set the selected interfaces to auto negotiation Switch config if 1 3 duplex full Set the selected interfaces to full duplex mode Switch config if 1 3 flowcontrol Enable the selected interfaces flow control function Switch config if 1 3 speed 1000 Set the selected ports speed to 1000Mbps Switch config if 1 3 media type sfp Set the selected ports media type to fiber Switch config if 1 3 shutdown Administratively disable the selected ports status 2 6 5 ACL Command Parameter 1 110 Command Switch config acl 1 110 Description The total number of ACL rule can be created is 110 Use this command to enter ACL configuration mode for each ACL rule When you enter each ACL rule you can further configure detailed settings for this rule Switch config acl RULE action deny deny Deny the action for this rule Switch config acl RULE port action port copy port Specify a port number 1 24 This command will send a copy of packets to the specified port Switch config acl RULE action rate limiter id 1 14 1 14 Specify a rate limiter ID Switch config acl RULE action shutdown Shutdown the interface Switch conf
19. Click the LACP Monitor folder and then the two options will appears SJ Main Menu LACP Port Status D System Information D User Authentication Network Management C ey Aggr ID sg Switch Management yey Switch Monitor D Switch Port State D Port Traffic Statistics 7 Port Packet Error Statistics D Part Packet Analysis Statistics LACP Monitor D LACH Port Status D LACH Statistics a RSTP Monitor 802 1X Monitor a0 IGMP Monitor OD MAC Address Table a0 SFP Information D DHCP Snooping D LLDP Status D Loop Detection Status o 4 5 5 1 LACP Port Status LACP Port Status allows users to view a list of all LACP ports information Select LACP Port Status from the LACP monitor menu and then the following screen page appears LACP Port Status eeh kk sssssk SE foot Imo f a Jessssc KH Jessssc E foot E fowo E Ce E Jessssssk DREES 00 00 00 00 00 00 0 mo f fa fomo DR kl owo In this page you can find the following information about LACP port status Port Number The number of the port Partner ID The current operational key for the LACP group In LACP mode link aggregation control protocol data unit LACPDU is used for exchanging information among LACP enabled devices After LACP is enabled on a port the port sends 176 LACPDUs to notify the remote system of its system LACP priority system MAC address port LACP pri
20. MAC Address Management aS VLAN Configuration amp Port Based VLAN O Configure VLAN O VLAN Interface O Management VLAN 1 Configure VLAN To create edit or delete 802 1Q Tag VLAN settings 2 VLAN Interface To set up VLAN mode on the selected port 3 Management VLAN To set up management VLAN and management ports 4 4 7 4 1 Configure VLAN The following screen page appears if you choose Configure VLAN Configure IEEE 802 1q Tag VLAN manname vio 2 3 4 s 6 7 9 10 11 12 13 14 15 16 17 18 1920 21 22 23 24 cru V Member Not Member Click New to add a new VLAN entity an then the following screen page appears Click Edit to view and edit current IEEE 802 1Q Tag VLAN setting Click Delete to remove a VLAN entity 128 Configure IEEE 802 1q Tag VLAN VLAN Name VLAN ID 1 2 Members zl aiil will V Member Mot Member Cancel Current Total Max View only field Current This shows the number of current registered VLAN s Total This shows the number of total registered VLAN s Max This shows the number of maximum VLANs that are available for registration VLAN Name Use the default name or specify a VLAN name VLAN ID Specify a VLAN ID between 1 and 4094 VLAN Members If you select V from the pull down menu it denotes that the ports selected belong to the specified
21. Switch config archive auto backup time 13 Backup a copy of configuration file automatically at 13 00 o clock 2 6 7 Channel Group Command 1 Configure a static link aggregation group LAG Command Switch config channel group trunking group_name Parameter group_name Description Specify a name for this link aggregation group Switch config interface port_list Switch config if PORT PORT channel group trunking group_name port_list group_ name Use interface command to configure a group of ports link aggregation link membership Assign the selected ports to the specified link aggregation group Switch config channel group type destination mac Load balancing depending on destination MAC address Switch config channel group type source mac No command Switch config no channel group trunking group_name group_name Load balancing depending on source MAC address Delete a link aggregation group Switch config interface port_list Switch config if PORT PORT no channel group trunking port_list Remove the selected ports from a link aggregation group Switch config no channel group type destination mac Disable load balancing based on destination MAC address Switch config no channel group type source mac Show command Switch config show channel group trunking Disable load balancing based on de
22. Switch info Command Switch config switch info company name company_name Parameter company_name Description Enter a company name up to 55 alphanumeric characters for this Managed Switch Switch config switch info system contact sys_contact sys_contact Enter contact information up to 55 alphanumeric characters for this Managed switch Switch config switch info system location sys_location sys_location Enter a brief description up to 55 alphanumeric characters for the Managed Switch location For example 13th Floor Switch config switch info system name sys_name sys_name Enter a unique name up to 55 alphanumeric characters for this Managed Switch Use a descriptive name to identify the Managed Switch in relation to your network For example Backbone 1 This name is mainly used for reference only 81 Switch config switch info host_name Enter a new hostname up to 15 host name host_name alphanumeric characters for this Managed Switch By default the hostname prompt shows the model name of this Managed Switch You can change the factory assigned hostname prompt to the one that is easy for you to identify during network configuration and maintenance No command Switch config no switch info company name Delete the entered company name information Switch config no switch info system contact Delete the entere
23. button to return to IEEE 802 1q Tag VLAN table 3 Check Management VLAN 10 settings Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN ze Management VLAN 10 that includes Port 24 as a member port 3 Main Menu O System Information D User Authentication E Network Management 3 Switch Management VLAN Name Configure IEEE 802 1q Tag VLAN SE VIVIVIVIVIVIVIVIVIY L Switch Configuration D Port Configuration B Link Aggregation Rapid Spanning Tree 802 1X Configuration V Member Default_VLAN 1 Not Member MAC Address Managemen New Edit Delete EI VLAN Configuration s Port Based VLAN SSS IEEE 802 1q Tag VLAN D Configure VLAN O VLAN Interface D Management VLAN VIVIVIV IJV Iv Vv JV iv iv Jv iv fv IV NOTE By default all ports are member ports of the Default_VLAN Before removing the Deafult_VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command 216 4 Change the Management VLAN to VLAN 10 and set Port 24 to Trunk mode Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Management VLAN amp Main Menu _ Management VLAN O System Information D User Authentication e Network Management S3 Switch Management L Switch Configuration
24. for this segment 50 Switch config segment 50 range 224 10 0 2 Specify a multicast IP range 229 10 0 1 224 10 0 2 to 229 10 0 1 Switch config ip igmp profile Silverprofile Specify a name Silverprofile for this profile Switch config profile Silverprofile segment 50 Silverprofile includes segment 50 54 6 Use Interface command to configure a group of ports IGMP Filtering function IGMP amp Interface Command Switch config interface port_list Parameter port_list Description Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT ip igmp filter Enable IGMP Filter on the selected ports Switch config if PORT PORT ip igmp filter profile profile name profile_name Assign the selected ports to a profile Switch config if PORT PORT ip igmp max groups 1 512 1 512 Specify the maximum number of multicast streams Switch config if PORT PORT ip igmp static multicast ip E F G H vlan 1 4094 E F G H Create a static multicast IP to VLAN entry Specify static multicast IP address 1 4094 Specify a VLAN ID Switch config if PORT PORT ip sourceguard dhcp fixed ip dhcp fixed ip Specify authorized access information for the selected ports dhcp DHCP server assigns IP address fixed IP Only Static IP Create Sta
25. port_list commas or a range of port numbers For example 1 3 or 2 4 Switch config if PORT PORT no speed Set the selected ports speed to the default setting Switch config if PORT PORT no auto negotiation Set auto negotiation setting to the default setting Switch config if PORT PORT no duplex Set the selected ports duplex mode to the default setting half duplex Switch config if PORT PORT no flowcontrol Set the selected ports flow control function to the default setting Switch config if PORT PORT no description Delete the entered descriptive name for the selected interfaces Switch config if PORT PORT no media type Set the selected ports media type to the default setting 26 Switch config if PORT PORT no shutdown Show command Switch config show interface Administratively enable the selected ports status Show each interface s port configuration including media type forwarding state speed duplex mode flow control and link up down status Switch config show interface port_list Show the selected interface s port port_list configuration Switch config show interface Show each interface s port status status including media type forwarding state speed duplex mode flow control and link up down status Switch config show interface port_list Show the selected interface s port status
26. 4 5 9 ee 184 4 E E normalom ses a a a A 185 4 5 10 VSFP POMIMO EE 185 oa EE EE 186 4 5 11 DCHP SMOODING eege eene ee eege ee dee eer 187 SEENEN 188 4 513 Loop Detection Statusi insi aa 189 4 6 Syst m Re EE 190 AG EE E 191 4 6 2 Upgrade EE 191 4 6 3 Load Factory Settings miira ireset eena sth elaine aE aeiaai este 192 4 6 4 Load Factory Settings Except Network Confguraion 193 4 6 5 Backup Configuration ccccccceeeeeeeeeeeeeeeeeeeeeeeeeeaaeeeeeeeeeeeeeceenaaeeeeeeeeeeteeeeenaaees 193 4 7 Save COMIQUI TEE 194 AC E 194 APPENDIX A Free RADIUS readme s seeeeeeeeeeeeeeneeeeeeeeeeeeeeeeeeeneeeneeeeeeeeeeesenneeeeneees 195 APPENDIX B Set Up DHCP Auto ProviSiOning eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeneees 196 APPENDIX C VLAN Application Note ccccccceesseeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneees 205 1 INTRODUCTION Thank you for using the 20 Ports 100 1000 Base X SFP with 4 Combo Ports Uplink Managed Switch that is specifically designed for SMB small and medium businesses SME and for FTTx applications The Managed Switch provides a built in management module that enables users to configure and monitor the operational status both locally and remotely This User s Manual will explain how to use Command Line Interface and Web Management to configure your Managed Switch The readers of this manual should have knowledge about their network topologies and about basic networking
27. Command Command Description Show the original configurations Switch config show default setting assigned to the Manged Switch by the factory Switch config show running config Show configurations currently used in the Manged Switch Please note that you must save running configurations into your switch flash before rebooting or restarting the device Switch config show start up config Display system configurations that are stored in flash 3 SNMP NETWORK MANAGEMENT The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices It is part of the TCP IP protocol suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth SNMP consists of following key components Managed device is a network node that contains SNMP agent Managed devices collect and store management information and make this information available to NMS using SNMP Managed device can be switches Hub etc MIB Management Information Base defines the complete manageable entries of the managed device These MIB entries can be either read only or read write For example the System Version is read only variables The Port State Enable or Disable is a read write variable and a network administrator can not only read but also set its value remotely SNMP Agent is a managem
28. D Port Configuration 3 a6 Link Aggregation 4 Rapid Spanning Tree 802 1X Configuration a0 MAC Address Managemen Management VLAN ow o E Management Port Change CPU VLAN ID to 10 Select Trunk VLAN Configuration 2 Port Based VLAN 53 IEEE 802 1q Tag VLAN D Configure VLAN L VLAN Interface L Management VLAN QoS Configuration fox Cancer Click OK to apply the settings 5 Check Management VLAN 10 settings again Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN Ga amp Main Menu Configure IEEE 802 1q Tag VLAN L System Information L User Authentication s Network Management S3 Switch Management L Switch Configuration D Port Configuration s Link Aggregation Rapid Spanning Tree 802 1X Configuration s MAC Address Managemen 3 VLAN Configuration e Port Based VLAN Sy IEEE 802 1q Tag VLAN D Configure VLAN O VLAN Interface D Management VLAN V Member Mot Member vaname vo aefa alee 72 9 sof 2 3 4 15 16 17 1 120 21 22 29 2 cru Default_VLAN 1 VIVIVIVIVIVIVIVIVIV IV IV IV IV IV IV IV IV IV IV IV IV IV Vv Vv Now Port 24 and CPU are member ports in Management VLAN 10 Treatments of Packets 1 A tagged packet arrives at Port 24 In this example port 24 is assigned as a management port Therefore the client can manage the Managed Switch remotely When management traffic w
29. Permit packets from the address ranging from 0180C2000000 to 0180C200000F Switch config switch bpdu 20 2F permit Permit packets from the address ranging from 0180C2000020 to 0180C200002F Switch config switch bpdu 10 permit Permit packets from the address 018002000010 Switch config switch mtu 9600 Set the maximum transmission unit to 9600 bytes 2 6 21 SNMP Server Command 1 Create a SNMP community and set up detailed configurations for this community server community community Snmp server command Parameter Description Switch config snmp Enable SNMP server function globally server Switch config snmp community Specify a SNMP community name of up to 20 alphanumeric characters Switch config community Enable this SNMP community account NAME active Switch config community Description Enter the description for this SNMP NAME description community of up to 35 alphanumerical Description characters 77 Switch config community NAME level admin rw ro admin rw ro No command Switch config no snmp server Specify the access privilege for this SNMP account admin Full access right including maintaining user account system information loading factory settings etc rw Read amp Write access privilege Partial access right unable to modify user account system information and load factory s
30. Set the aggregated ports priority to 0 Switch config spanning tree aggregated port edge Set the aggregated ports to edge ports Switch config spanning tree aggregated port p2p forced_true Set the aggregated ports to P2P ports Switch config spanning tree delay time 20 Set the Forward Delay time value to 10 seconds 73 Switch config spanning tree hello time 2 Set the Hello Time value to 2 seconds Switch config spanning tree max age 15 Set the Maximum Age value to 15 seconds Use Interface command to configure a group of ports Spanning Tree settings Spanning tree amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT Enable spanning tree protocol on spanning tree the selected interfaces Switch config if PORT PORT 1 Specify cost value on the selected spanning tree cost 1 200000000 200000000 interfaces Switch config if PORT PORT 0 24 Specify priority value on the spanning tree priority 0 240 selected interfaces Switch config if PORT PORT spanning tree edge Set the selected interfaces to edge ports Switch config if PORT PORT spanning tree p2p forced_fasle auto No command Switch config if POR
31. Switch config Switch config management web Enable Web management 2 6 14 Mirror Command Command Parameter Description port_list No command Switch config no mirror destination Switch config mirror port Specify the preferred destination port destination port 1 24 for mirroring Switch config mirror source port_list Specify a source port number or several source port numbers for port mirroring Disable port mirroring function or remove mirroring destination port Switch config no mirror source Show command Switch config show mirror Mirror command example Switch config mirror destination 24 Remove mirroring source ports Show or verify current port mirroring destination and source ports The selected source ports data will mirror to port 24 Switch config mirror source 1 10 Port 1 to 10 s data will mirror to the destination target port 2 6 15 MVR Command Command Parameter Description Switch config mvr Enable MVR function Switch config mvr vlan 1 4094 1 4094 Specify a VID 1 4094 to create a MVR VLAN Switch config mvr group 1 4094 1 4094 E F G H E F G H Specify a registered MVR VID 1 4094 and add specify the multicasting channel that would belong to MVR VLAN E F G H E F G H Specify the low and high multicast IP address ranging from 224 0 1 0 to
32. a Link Aggregation a Rapid Spanning Tree a6 802 1X Configuration 53 VLAN Configuration Port Based VLAN S3 IEEE 802 1q Tag VLAN D Configure VLAN L VLAN Interface L Management VLAN a QoS Configuration D DSCP Remark O Port Mirroring 2C IGMP Snooping l a MAC Address Managemen D Static Multicast Configurati v ACCESS mces wf access vi ACCESS M access M access se access v ACCESS ACCESS si ACCESS e ACCESS wll SE Select TRUNK Click OK to apply the settings 213 Treatments of Packets 1 An untagged packet arrives at Port 1 When an untagged packet arrives at Port 1 port 1 s Port VLAN ID 11 will be added to the original port Because port 24 is set as a trunk port it will forward the packet with tag 11 out to the Carrier Ethernet 2 Atagged packet arrives at Port 1 In most situations data VLAN will receive untagged packets sent from the client PC or workstation If tagged packets are received possibly sent by malicious attackers they will be dropped lll Management VLAN For security and performance reasons it is best to separate user traffic and management traffic When Management VLAN is set up only a host or hosts that is are in this Management VLAN can manage the device thus broadcasts that the device receives or traffic e g multicast directed to the
33. s s i lt COS exit Quit the User Mode or close the terminal connection help Display a list of available commands in User Mode history Display the command history logout Logout from the Managed Switch ping Test whether a specified network device or host is reachable or not enable Enter the Privileged Mode 2 4 1 Ping Command Ping is used to test the connectivity of end devices and also can be used to self test the network interface card Enter the ping command in User Mode In this command you can add an optional packet size value and an optional value for the number of times that packets are sent and received Command Parameter Description Switch gt ping A B C D Enter the IP address that you would like to ping A B C D s size s size 8 Enter the packet size that would be sent The 8 4000 bytes r 4000 bytes allowable packet size is from 8 to 4000 bytes repeat 1 99 times optional t timeout 1 r repeat 1 Enter the number of times that ping packets are 99 secs 99 times sent The allowable repeat number is from 1 to 99 optional t timeout 1 Enter the timeout value when the specified IP 99 secs address is not reachable optional Switch gt ping 127 0 0 1 Switch gt ping 127 0 0 1 s 128 r 5 t 10 19 2 5 Privileged Mode The only place where you can enter the Privileged Enable Mode is in User Mode When you successfull
34. to mean any IP mask 255 255 0 0 Specify a specific IP mask Ip ttl Specify IP TTL bit any Specify any to denote the value which is either zero or not zero 0 Specify 0 to indicate that the TTL filed in IPv4 header is 0 41 If the value in TTL field is not 0 use 1 to indicate that ip_ fragment Specify IP fragment bit any Specify any to denote the value which is either 0 or not 0 0 Specify 0 to indicate that the fragment filed in IPv4 header is 0 41 If the value in TTL field is not 0 use 1 to indicate that 34 Ip option Specify IP option bit any Specify any to denote the value which is either 0 or not 0 0 Specify 0 to indicate that the IPv4 is 5 bytes 1 Specify 1 to indicate that the IPv4 header is bigger than 5 bytes Switch config acl RULE frame type tcp dest_mac source_port dest_port source_ip ip mask dest_ip ip mask ip_ ttl Ip fragment ip option tcp_fin tcp_syn tcp_rst tcp_psh tcp_ack tcp_urg dest_mac Define destination MAC address type any Specify any to apply ACL rule to any destination MAC addresses uc Specify uc to apply ACL rule to unicast traffic mc Specify mc to apply ACL rule to multicast traffic be Specify bc to apply
35. you need to further specify a VLAN ID VLAN ID Specify a VLAN ID Tag Priority Select a tag priority from the pull down menu Ethernet Type Parameters EtherType Filter Select Any or Specific for EtherType Filter If Specific is selected you need to further specify an Ethernet type value Ethernet Type Value Specify an Ethernet type value 163 ARP Frame Type OK Cancel MAC Parameters SMAC Filter Select Any or Specific for source MAC filtering If Specific is selected you need to further specify a source MAC address SMAC Value Specify a source MAC address DMAC Filter Select Any UC MC or BC for destination MAC filtering Select Any to filter any kind of traffic Select UC to filter unicast traffic Select MC to filter multicast traffic Select BC to filter broadcast traffic VLAN Parameters VLAN ID Filter Select Any or Specific for VLAN ID Filter If Specific is selected you need to further specify a VLAN ID VLAN ID Specify a VLAN ID Tag Priority Select a tag priority from the pull down menu 164 ARP Parameters ARP RARP Select Any ARP RARP or Other as the desired protocol Request Reply Select Any Reply or Request Sender IP Filter Select Any Host or Network for sender IP filter If Host is selecte
36. 2 1 to 192 168 2 1 Switch config syslog server2 Set the secondary system log server IP 192 168 2 2 address to 192 168 2 2 Switch config syslog server3 Set the third system log server IP address to 192 168 2 3 192 168 2 3 2 6 25 VLAN Command 1 Create a 802 1q VLAN port based VLAN and a management VLAN rule interface port_list Exit command Switch config vlan VID exit Switch config vlan dotiq vlan 100 Dotiq amp Port based VLAN example VLAN dot1iq command Parameter Description Switch config vlan dotiq vlan 1 4094 Enter a VID number to create an 1 4094 802 1q VLAN Switch config vlan VID name vlan_name Specify a descriptive name for this vlan_name VLAN Switch config vlan 1 4094 Enter the management VLAN ID management vlan 1 4094 port_list Specify the management port management port port_list mode number trunk access trunk Specify whether the management access port is in trunk or access mode trunk mode Set the selected ports to tagged access mode Set the selected ports to untagged Switch config vlan port based name Specify a name for this port based name VLAN No command Switch config no vlan dotiq 1 4094 Delete the specified VLAN vlan 1 4094 Switch config vlan VID no Remove the descriptive name for name the specified VLAN Switch config no vlan port name Delete
37. 3 Silverprofile Switch config if 1 3 ip igmp filter profile Assign the selected ports to the specified profile Silverprofile Switch config if 1 3 ip igmp max groups 400 Set the maximum number of multicast streams to 400 56 224 10 0 5 vlan 50 Switch config if 1 3 ip igmp static multicast ip Create a static multicast IP to VLAN entry 2 6 11 LLDP Command LLDP stands for Link Layer Discovery Protocol and runs over data link layer It is used for network devices to send information about themselves to other directly connected devices on the network By using LLDP two devices running different network layer protocols can learn information about each other A set of attributes are used to discover neighbor devices These attributes contains type length and value descriptions and are referred to TLVs Details such as port description system name system description system capabilities and management address can be sent and received on this Managed Switch Use Spacebar to select ON if you want to receive and send the TLV LLDP command Parameter Description Switch config Ildp 1 3600 Specify the amount of time in seconds A receiving hold time 1 3600 device will keep the information sent by your device for a period of time you specify here before discarding it The allowable hold time value is between 1 and 3600 seconds Switch config Ildp 0 300 Specify a pe
38. ACL rule to any destination MAC addresses uc Specify uc to apply ACL rule to unicast traffic mc Specify mc to apply ACL rule to multicast traffic be Specify bc to apply ACL rule to broadcast traffic XX IXX XX XX XX XX Enter the specific destination MAC address mac_mask Specify MAC mask any Specify any mean any MAC mask ff ff ff 00 00 00 Enter a specific MAC mask ether_type any Specify any to apply ACL rule to any Ether types 0OxXXXX Enter the specific Ether Type 31 Switch config acl RULE frame type icmp dest_mac icmp_type icmp_code source_ip ip_mask dest_ip Ip maskl Ip ttl Ip fragment Ip option dest mac Define the destination MAC filtering type any Specify any to filter any kind of traffic uc Specify uc to filter unicast traffic me Specify mc to filter to filter multicast traffic be Specify bc to filter broadcast traffic icmp_type This parameter is to show and filter the ICMP type defined in the type field of the ICMP header any Specify any to filter any types 0 255 Specify 0 255 to filter different defined types icmp_code This parameter is to show and filter the ICMP code defined in the code field of the ICMP header any Specify
39. Ethernet 0x6 and the Protocol Address Length field is not equal to IPv4 0x4 1 Specify 1 to indicate that HLN Hardware Address Length field in the ARP RARP frame is equal to Ethernet 0x6 and the Protocol Address Length field is equal to IPv4 0x4 ip any Specify any to indicate a match and not a match 0 Specify 0 to indicate that Protocol Address Space field in ARP RARP frame is not equal to IP 0x800 1 Specify 1 to indicate that Protocol Address Space is equal to IP 0x800 Ethernet any Specify any to indicate a match and not a match 0 Specify 0 to indicate that Hardware Address Space field in ARP RAPP frame is not equal to Ethernet 1 1 Specify 1 to indicate that Hardware Address Space field is equal to Ethernet 1 30 Switch config acl RULE frame type ethernet type source_mac mac_mask dest_mac mac_mask ether_type source_mac Define source MAC address any Specify any to apply ACL rule to any source MAC addresses XX XX XX XX XX XX Specify a specific source MAC address mac_mask Specify MAC mask any Specify any mean any MAC mask ff ff ff 00 00 00 Specify a specific MAC mask dest_mac Define destination MAC address type or a specific MAC address any Specify any to apply
40. FE fixed address 192 168 0 1 1 Define DHCP default and maximum lease time in seconds Default lease time If a client does not request a specific IP lease time the server will assign a default lease time value Maximum lease time This is the maximum length of time that the server will lease for 2 Define subnet subnet mask IP range broadcast address router address and DNS server address 3 Map a host s MAC address to a fixed IP address 4 Map ahost s MAC address to a fixed IP address Use the same format to create multiple MAC to IP address bindings 200 euch 5 1 O tftp 1 ftp ion E protocol code 1 unsigned integer 8 Emer code 2 ipaddress Jerver login name code 3 text Jerver login pass word oode 4 text fra vare file name oode 5 text class vendor classes match option vendor class identifier server ip l 92 168 025 Server login name anonymous lc server login pass word dept 9 Se te te te This value is configurable and can be defined by users Specify the protocol used Protocol 1 FTP Protocol 0 TFTP Specify the FTP or TFTP IP address Login TFTP server anonymously TFTP does not require a login name and password Specify FTP Server login name and password 10 Specify the product model name 11 Specify the firmware filename 12 Specify the MD5 for firmware image 13 Specify the configuration fi
41. Leaves IGMP Version 2 leaves 4 5 8 2 IGMP Group Table In order to view the real time IGMP multicast group status of the Managed Switch select IGMP Group Table from the IGMP monitor menu and then the following screen page appears IGMP Group Table Update Click Update to update the table VLAN ID VID of the specific VLAN Group The multicast IP address of IGMP querier Port The port s grouped in the specific multicast group 4 5 9 MAC Address Table MAC Address Table displays MAC addresses learned Address Learning are enabled MAC Address Table Paget j All 7 Update Clear Index MAC Address 00 06 19 00 67 04 00 0D 0B A7 8A C4 00 06 19 03 A0 24 00 0C 6E C2 E3 00 1 Port 3 dynamic Port 3 dynamic ner 2 5 P 10 00 11 2F 4A 9D E6 00 0E A6 08 CB 7C 00 0E A6 45 A1 33 00 0E 4A6 61 9C 52 00 0F EA EF D1 DE 00 0F EA F0 14 F9 Port 3 dynamic Port 3 dynamic Port 3 dynamic 184 when System Reset and MAC The table above shows the MAC addresses learned from each port of the Managed Switch Click Update to update the MAC Address Table Click Clear to clear the MAC Address table 4 5 10 SFP Information Click the SFP Information folder and then the following screen page appears S Main Menu SFP Port Info _ System Information User Authentication Network Management Vendor SN RO Switch Management lt a
42. MAC learning function PORT mac learning No command Switch config if PORT xXX XX XX XX XX XX Remove the specified MAC address PORT no mac address from the address table lable Slave mar 1409 Specify the VLAN to that the specified xx xX xXX xXX xXX Xx vlan 1 MAC bel 4094 elongs Switch config if PORT PORT no mac learning Disable MAC learning function Show command Switch config show mac address table Show MAC addresses learned by the Managed Switch Switch config show mac address table clear Clear MAC address table Switch config show mac address table interface Show MAC addresses learned by the port_list specified interfaces Switch config show mac address table mac Show the specific MAC address mac addr information Switch config show mac learning Show MAC learning setting of each interface Switch config show mac static mac Show static MAC address table Switch config show mac aging time Show current MAC address table aging time or verify currently configured aging time 2 6 13 Management Command Command Parameter Description Switch config management 0 5 To disconnect the Managed Switch when console timeout 0 5 9999 9999 console management is inactive for a certain period of time Specify 0 to disable timeout function The allowable value is from 5 to 9999 seconds Switch config management
43. Port Trunking ocon nare D PEM PTL ETS The Managed Switch allows users to create 13 trunking groups Each group consists of 2 to 16 links ports Click New to add a new trunk group and then the following screen page appears Click Delete to remove a current registered trunking group setting Click Edit to view and edit a registered trunking group s settings Port Trunking OEA EIGEES 1 1 13 Groups Port Members Group Name Specify the trunking group name up to 15 alphanumeric characters Port Members Select ports that belong to the specified trunking group Please keep the rules below in mind when assign ports to a trunking group Must have 2 to 16 ports in each trunking group Each port can only be grouped in one group If the port is already set On in LACP Port Configuration it can t be grouped anymore Click OK and return back to Link Aggregation menu NOTE All trunking ports in the group must be members of the same VLAN and their Spanning Tree Protocol STP status and QoS default priority configurations must be identical Port locking port mirroring and 802 1X can not be enabled on the trunk group Furthermore the LACP aggregated links must all be of the same speed and should be configured as full duplex 110 4 4 3 3 LACP Port Configuration The Managed Switch supports dynamic Link Aggregation Control Protocol LACP which is specified in IEEE 802 3ad
44. Protocol is a communication protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It can be used for online streaming video and gaming and allows more efficient use of resources when supporting these uses IGMP Snooping is the process of listening to IGMP traffic IGMP snooping as implied by the name is a feature that allows the switch to listen in on the IGMP conversation between hosts and routers by processing the layer 3 packets IGMP packets sent in a multicast network When IGMP snooping is enabled in a switch it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network When a switch hears an IGMP report from a host for a given multicast group the switch adds the host s port number to the multicast list for that group And when the switch hears an IGMP Leave it removes the host s port from the table entry IGMP snooping can very effectively reduce multicast traffic from streaming and other bandwidth intensive IP applications A switch using IGMP snooping will only forward multicast traffic to the hosts interested in that traffic This reduction of multicast traffic reduces the packet processing at the switch at the cost of needing additional memory to handle the multicast tables and also reduces the workload at the end hosts since their network cards or operating syst
45. Static trunks have to be manually configured at both ends of the link In other words LACP configured ports can automatically negotiate a trunked link with LACP configured ports on other devices You can configure any number of ports on the Managed Switch as LACP as long as they are not already configured as part of a static trunk If ports on other devices are also configured as LACP the Managed Switch and the other devices will negotiate a trunk link between them If an LACP trunk consists of more than four ports all other ports will be placed in a standby mode Should one link in the trunk fail one of the standby ports will automatically be activated to replace it Configure Port Protocol Click the option LACP Port Configuration from the Link Aggregation menu and then select Protocol from the pull down menu of Select Setting The screen page is shown below LACP Port Configuration Geet Protocol x Port Protocol C DR CC Co D 1 1 2 Disable v Disable x Disable x Disable v Disable v Disable v Disable x 5 2 Disable Disable x Disable v This allows LACP to be enabled or disabled on each port 111 Configure Key Value Select Key Value from the pull down menu of Select Setting LACP Port Configuration Ports in an aggregated link group must have the same LACP port Key In order to allow a port to join an aggregat
46. Switch can support up to 128 entries of MAC security list Click New to add a new MAC address entity and then the following screen page appears Click Edit to view and edit the selected MAC address entity Click Delete to remove a MAC address entity Static MAC Table Configuration OEA EEES 1 1 128 Groups MAC Address 00 00 00 00 00 00 Current Total Max The number of current total and maximum MAC address entry or entries MAC Address Specify a destination MAC address in the packet with the 00 00 00 00 00 00 format VID Specify the VLAN where the packets with the Destination MAC address can be forwarded Forwarding Port If the incoming packet has the same destination MAC address as the one specified in VID it will be forwarded to the selected port directly 122 4 4 7 VLAN Configuration A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme rather than the physical layout VLAN can be used to combine any collections of LAN segments into a group that appears as a single LAN VLAN also logically segments the network into different broadcast domains All broadcast multicast and unknown packets entering the Switch on a particular VLAN will only be forwarded to the stations or ports that are members of that VLAN VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nod
47. Switch config show ip address IP command example Switch config ip address 192 168 1 198 255 255 255 0 192 168 1 254 Disable DHCP mode Show the current IP configurations or verify the configured IP settings Set up the Managed Switch s IP to 192 168 1 198 subnet mask to 255 255 255 0 and default gateway to 192 168 1 254 Switch config ip address dhcp Get an IP address automatically 2 Enable DHCP server function IP DHCP Snooping Command Parameter Switch config ip dhcp snooping Description Enable DHCP snooping function Switch config ip dhcp port_list Configure DHCP server trust ports snooping dhcp server port_list Switch config ip dhcp 1 9999 Specify the time value 1 9999 Seconds snooping initiated 0 9999 that packets might be received Switch config ip dhcp 180 Specify packets expired time 180 259200 snooping leased 180 259200 259200 Seconds Switch config ip dhcp snooping option No command Switch config no ip dhcp snooping Enable DHCP Option 82 Relay Agent Disable DHCP Snooping function Switch config no ip dhcp snooping dhcp server Remove DHCP server trust ports Switch config no ip dhcp Reset the initiated value back to the default snooping initiated setting Switch config no ip dhcp Reset the leased value back to the default snooping leased setting Switch config no ip dhcp snooping option
48. The device will retry for 3 times if the file is incorrect and then it gives up until getting another DHCP ACK packet again New Configuration or Firmware qm e Old Configuration or ISC DHCP Server Firmware Access Switch DHCP DISCOVER 60 OTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTTETTTTTTTTTTETTE DTD Ee e e a e e e a e mm a e um e vm um em Normal DHCP 204 APPENDIX C VLAN Application Note Overview A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme instead of the physical layout It can be used to combine any collection of LAN segments into a group that appears as a single LAN so as to logically segment the network into different broadcast domains All broadcast multicast and unknown packets entering the Switch on a particular VLAN will only be forwarded to the stations or ports that are members of that VLAN Generally end nodes that frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network In this way the use of VLANs can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains Another benefit of VLAN is that you can change the network topology without physically moving stations or changing cable connections Stations can be moved to another VLAN and thus communicate with its members and share its resources simply by cha
49. To management the Managed Switch via telnet Telnet Switch config management 1025 When telnet is enabled you can set up the telnet port 1025 65535 65535 port number that allows telnet access The default port number is set to 23 However you can also identify a port number between 1025 and 65535 Switch config no management console timeout Switch config management To manage the Managed Switch via SSH ssh Switch config management To manage the Managed Switch via Web web management No command Disable console management Switch config no management telnet Disable Telnet management Switch config no management telnet port Set Telnet port back to the default setting The default port number is 23 Switch config no management ssh Disable SSH management Switch config no management web Show command Switch config show management Management command example 600 Switch config management console timeout Disable Web management Show or verify current management settings including management platform that can be used and Telnet port number The console management will timeout logout automatically when it is inactive for 600 seconds Switch config management telnet Enable Telnet management Switch config management telnet port 23 Set Telnet port to port 23 management web Enable SSH management i A OS
50. VLAN 4 4 7 4 2 VLAN Interface The following screen page appears if you choose VLAN Interface VLAN Interface ain L a SE KH ACCESS he oss o DS 1 Mode Select the appropriate mode for each port 129 Access Set the selected port to access mode untagged Trunk Set the selected port to trunk mode tagged Trunk Native Enable native VLAN for untagged traffic on the selected port Dot1q Tunnel Enable Q in Q function on the selected port PVID Specify the selected ports VLAN ID PVID VLAN Member This shows the VLAN ID to which a port belongs 4 4 7 4 3 Management VLAN The following screen page appears if you choose Management VLAN Management VLAN Management VLAN OK Cancel CPU VLAN ID Specify an existing VLAN ID Mode Select the VLAN mode for this Management VLAN Management Port Tick the checkbox on the ports that you would like them to become Management ports 4 4 8 QoS Configuration Network traffic is always unpredictable and the only basic assurance that can be offered is the best effort traffic delivery To overcome this challenge Quality of Service QoS is applied throughout the network This ensures that network traffic is prioritized according to specified criteria and receives preferential treatments QoS enables you to assign various grades of net
51. VLAN ID 0 Don m Current Total Max View only field Current This shows the number of current registered Static IP addresses Total This shows the total number of registered Static IP addresses Max This shows the maximum number available for Static ID address registration 155 IP address Specify an IP address that you accept Mask Address Specify the Mask address VLAN ID Specify the VLAN ID 0 means without VLAN ID Port Specify the communication port number Port 1 24 4 4 14 5 Configure DHCP Snooping When you want to use DHCP Snooping function follow the steps described below to enable a client to receive an IP from DHCP server Step 1 Select each port s IP type DHCP Port Settings 14 DHCP zi Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited d Se Unimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited Unlimited x Unlimited Unlimited se Unlimited Unlimited Unlimited Unlimited Unlimited se Unlimited Select Unlimited or DHCP Step 2 Enable DHCP Snooping Filter Configuration DHCP Snooping Enabled v Default DHCP Initiated Time pecs 0 9999 Default DHCP Leased Time 36400 Secs 180 259200 Port Isolation Disabled v Set Du ee ED ae Disabled v
52. case fan A trap will be sent when the fan is not working or fails cold start A trap will be sent when the device boots up port link A trap will be sent when the link is up or down power down A trap will be sent when the device s power is down sfp A trap will be sent when slide in SFP modules function abnormally storm A trap will be sent when broadcast packets reach the upper limit upper limit 0 148810 Maximum broadcast packets number per second The broadcast storm trap will be sent when the Managed Switch exceeds the specified limit warm start A trap will be sent when the device restarts 8 0 Switch config no snmp server trap type all anti bcast auth fail case fan cold start port link power down sfp storm upper limit 0 148810 pps warm start type Switch config show snmp server trap all anti bcast auth fail case fan cold start port link power down sfp storm upper limit 0 148810 pps warm start Show command Show the current enable disable status of each type of trap Trap type example Switch config snmp server trap type all All types of SNMP traps will be sent No command Specify a trap type that will not be sent when a certain situation occurs 2 6 22 Switch info Command Set up the Managed Switch s basic information including company name hostname system name etc
53. concepts so as to make the best of this users manual and maximize the Managed Switch s performance for your personalized networking environment 1 1 Interface There are 5 models in this series Descriptions and interface figures are provided below Model 1 20 Ports 100 1000BASE X SFP With 4 Combo Ports 10 100 1000BASE T 100 1000BASE X SFP Uplink Management Switch Fixed 1 AC Model 2 20 Ports 100 1000BASE X SFP With 4 Combo Ports 10 100 1000BASE T 100 1000BASE X SFP Uplink Management Switch Fixed 2 Reduandant AC Model 3 20 Ports 100 1000BASE X SFP With 4 Combo Ports 10 100 1000BASE T 100 1000BASE X SFP Uplink Management Switch Fixed 1 DC Model 4 20 Ports 100 1000BASE X SFP With 4 Combo Ports 10 100 1000BASE T 100 1000BASE X SFP Uplink Management Switch Fixed 2 Redundant DC Model 5 20 Ports 100 1000BASE X SFP With 4 Combo Ports 10 100 1000BASE T 100 1000BASE X SFP Uplink Management Switch Fixed 1 Redundant AC AND 1 Redundant DC These 5 models have the same front panel d A Goel Cowes 8 D sl D GER e Co J f EA emmena bn ng E EON EEE eee mn z a x z z Daa ae Figure 1 Front Panel Each model has a different rear panel Figure 2 1 Model 1 Rear Panel AC 100 240V Figure 2 2 Model 2 Rear Pane 7 6 Figure 2 3 Model 3 Rear Panel Figure 2 4 Model 4 Rear Panel g Battery DC 12V Figure 2 5 Model 5 Rear Panel 1 2 Managemen
54. config show acl 1 110 1 110 Show ACL information for the specified rule Switch show acl rate limiter Switch config show acl rate limiter Show each rate limiter ID s setting Switch show acl rate limiter 1 14 Switch config show acl rate limiter 1 14 1 14 Show the specified rate limiter s setting Switch show acl interface port_list Switch config show acl interface port_list Show the specified interfaces access control list rule 41 Use interface command to configure ACL rules for a group of ports Command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT acl deny Deny the specified interfaces action action deny Switch config if PORT PORT acl port Specify a port number 1 24 This action port copy port command will send a copy of packets from the specified interfaces to the specified port Switch config if PORT PORT acl action rate limiter id 1 14 1 14 Apply the specified interfaces to the assigned rate limiter rule Switch config if PORT PORT acl action shutdown Shutdown the specified interfaces Switch config if PORT PORT acl policy 1 8 1 8 Apply the specified interfaces to the assigned pol
55. configure the system REMOTELY because conventional Factory Reset will bring network settings back to default and lose all network connections Select Load Factory Setting Except Network Configuration from the System Utility menu the following screen page shows up Load Factory Settings Except Network Configuration System Will Need to Be Reset Load Factory Settings Except Network Click OK to start loading factory settings except network configuration 4 6 5 Backup Configuration Select Backup Configuration from the System Utility menu and then the following screen page appears Backup Configuration Configuration E anonymous Password Auto Backup To enable or disable auto backup The default setting is disabled Backup Time Set up the time 24 hr clock to automatically backup once a day If the 193 remote server fails or does not exist this function allows the system to retry around once per minute until the system completes a successful backup or the system times out next hour Protocol Select FTP or TFTP server to backup Server Address Specify a FTP or TFTP server IP address User Name Specify a username for FTP server Password Specify a password for FTP server File Directory Specify the local file directory where backup files will be saved File Name The name of backup files which will be saved by date Transmitting Progress View only field that
56. example if you want to assign an IP address for the Managed Switch you need to enter the following command with the required parameter and IP subnet mask and default gateway IP command syntax Switch config ip address A B C D 255 X X X A B C D Switch config ip address 192 168 1 198 255 255 255 255 192 168 1 254 Hostname This means that This allows you to Enter the IP address subnet mask and you are in Global assign IP address default gateway address Configuration mode The following table lists common symbols and syntax that you will see very frequently in this User s Manual for your reference Symbols Brief Description gt Currently the device is in User Mode Currently the device is in Privileged Mode config Currently the device is in Global Configuration Mode Syntax Brief Description Brackets represent that this is a required field s size r repeat t timeout These three parameters are used in ping command and are optional which means that you can ignore these three parameters if they are unnecessary when executing ping command A B C D Brackets represent that this is a required field Enter an IP address or gateway address 255 X X X Brackets represent that this is a required field Enter the subnet mask port Enter one port number See section 2 6 4 for edtailed explanations port_list Enter a range of port numbers
57. management port will be minimized In the network diagram provided the management PC on the right would like to manage the Managed Switch on the left remotely You can follow the steps described below to set up the Management VLAN Carrier Ethernet Management PC Management VLAN Tag 10 Un tag I ZE E Port24 I Management VLAN Network Diagram 214 CLI Configuration Commands 1 Enter Global Configuration SWH gt enable mode Password f SWH config SWH config 2 Crate VLAN 10 SWH config vlan dotlq vlan 10 OK SWH config vlan 10 3 Name VLAN 10 to SWH config vlan 10 name Management Management Fs SWH config vlan 10 exit 4 Assign Port 24 to VLAN 10 SWH config interface 24 SWH config if 24 vlan dotlq vlan trunk vlan 10 OK 5 Assign VLAN 10 to SWH config vlan management vlan 10 management Management VLAN and Port port 24 mode trunk 24 to Management port an 6 Show currently configured SWH config show vlan dotiq vlan dot1q settings and check EE CPU has been a member IEEE 802 1q Tag VLAN port in Management VLAN Lats 10 VLAN Name VLAN 1 8 9 16 17 24 CPU NOTE By default all ports are member ports of the Default_VLAN Before removing the Default_VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Manage
58. mib which SNMP based compiler can read Please refer to the appropriate documentation for the instructions of installing the system private MIB 90 4 WEB MANAGEMENT You can manage the Managed Switch via a Web browser However you must first assign a unique IP address to the Managed Switch before doing so Use the RS 232 DB 9 console port or use a RJ45 LAN cable and any of the 10 100 1000Base T RJ 45 ports of the Managed Switch as the temporary RJ 45 Management console port to login to the Managed Switch and set up the IP address for the first time The default IP of the Managed Switch can be reached at http 192 168 0 1 You can change the Managed Switch s IP to the needed one later in its Network Management menu Follow these steps to manage the Managed Switch through a Web browser Use the RS 232 DB 9 console port or one of the 10 100 1000Base TX RJ 45 ports as the temporary RJ 45 Management console port to set up the assigned IP parameters of the Managed Switch including IP address Subnet Mask and Default Gateway of the Managed Switch if required Run a Web browser and specify the Managed Switch s IP address to reach it The Managed Switch s default IP can be reached at http 192 168 0 1 before any change Login to the Managed Switch to reach the Main Menu Once you gain the access a Login window appears like this Connect to 192 168 0 1 The server 192 168 0 1 at Web Management requires a use
59. name This field is limited to 20 characters Segment ID Specify the segment ID that is registered in IPMC Segment 143 4 4 11 5 IGMP Filtering Select the option IGMP Filtering from the IGMP Snooping menu and then the following screen page appears IGMP Filtering ALE Disabled v Channel Limit Ny Ponz a2 BL ona fa BL C a 1 ons o2 BL rons a2 BL ont fa BL one sia BL one sia BL Salz BCL ponja BL Sc BL asia BL oala BL Sr BCL Sab BCL IGMP Filter This option may enable or disable the IGMP filter The default setting is Disabled Channel Limit View only field that shows the maximum limit of each port s multicast streams Enable View only field that shows each ports IGMP filter is turned on or off IPMC Profile View only field that shows the specified IPMC Profile s 144 Select the current IPMC Profile and click Edit to view and edit the ability setting Then the following screen page appears IGMP Filtering Channel um 512 1 512 IPMC Profile Channel Limit Specify the maximum transport multicast stream Enable To enable each port s IGMP filtering function The default setting is Off which is disabled Port View only field that shows the port number that is currently configured IPMC Profile In IGMP filtering it only allows information specified in IPMC Profile fields to pass through The field for IPMC Profile name is from the en
60. of performing Loop Detection The maximum time interval is 180 seconds Looped port unlock interval Specify the time interval of unlocking looped ports The maximum time interval is 1440 minutes VLAN ID Specify the VLANs where Loop Detection will be performed Port 1 24 Enable or disabled Loop Detection function on the specific port s 170 4 5 Switch Monitor Switch Monitor allows users to monitor the real time operation status of the Managed Switch Users may monitor the port link up status or traffic counters for maintenance or diagnostic purposes Select the folder Switch Monitor from the Main Menu and then the following screen page appears Sa Main Menu Switch Port State System Information D User Authentication E Network Management Port Media Type Port State Anti Bcast State Link State Speed Mbps lex Flow Control E EE Port Media Type Pon State Link State Duplex Flow Conta a Switch Monitor FX Forwarding Unlocked Switch Port State FX Forwarding Unlocked D Port Traffic Statistics Port Packet Error Statistics FX Forwarding Port Packet Analysis Statistics FX Forwarding Unlocked FX Forwarding Unlocked FX Forwarding Unlocked FX Forwarding Unlocked D LLDP Status FX LU Loop Detection Status FX ni nl nl a LACP Monitor nl n Forwarding Unlocked H Forwarding Unlocked System Utility nl nl n ni n a 802 1X Monitor a IGMP Monitor MAC Addres
61. or server discontinuous port numbers See section 2 6 4 for edtailed explanations forced_false auto There are three options that you can choose Specify one of them 1 8191 Specify a value between 1 and 8191 17 0 7 802 1p_list Specify one value more than one value or a 0 63 dscp_list range of values Example 1 specifying one value Switch config qos 802 1lp map 1 0 Switch config qos dscp map 10 3 Example 2 specifying three values separated by commas Switch config qos 802 1p map 1 3 0 Switch config qos dscp map 10 13 15 3 Example 3 specifying a range of values separated by a hyphen Switch config qos 802 1p map 1 3 0 Switch config qos dscp map 10 15 3 2 3 4 Login Username amp Password Default Login When you enter Console session a login prompt for username and password will appear to request a valid and authorized username and password combination For first time users enter the default login username admin and press Enter key in password field no password is required for default setting When system prompt shows Switch gt it means that the user has successfully entered the User Mode For security reasons it is strongly recommended that you add a new login username and password using User command in Configuration Mode When you create your own login username and password you can delete the default username admin to prevent unauth
62. priority will designate the interface to forward packets first A lower number denotes a higher priority Edge If you know a port is directly connected to an end device that doesn t support RSTP then set it as an edge port to ensure maximum performance This will tell the switch to immediately start forwarding traffic on the port and not bother trying to establish a RSTP connection Otherwise turn it off Point to Point Forced True parameter indicates a point to point P2P shared link P2P ports are similar to edge ports however they are restricted in that a P2P port must operate in full duplex Similar to edge ports P2P ports transit to a forwarding state rapidly thus benefiting from RSTP Forced False indicates that the port cannot have P2P status Auto allows the port to have P2P status whenever possible and operates as if the P2P status were true If the port cannot maintain this status for example if the port is forced to half duplex operation the P2P status changes to operate as if the P2P value were false The default setting for this parameter is true 115 4 4 4 3 RSTP Physical Port Settings Click the option RSTP Physical Port Settings from the Rapid Spanning Tree menu and then the following screen page appears Configure Port State Select State from the pull down menu of Select Setting RSTP Physical Port Settings i x ess ess isable x Disable Disable x Disabl
63. relocate the receiving antenna Increase the separation between the equipment and receiver WR Connect the equipment into an outlet on a circuit different from that to which the receiver is connected WR Consult your local distributors or an experienced radio TV technician for help WR Shielded interface cables must be used in order to comply with emission limits Changes or modifications to the equipment which are not approved by the party responsible for compliance could affect the user s authority to operate the equipment Copyright 2011 All Rights Reserved Company has an on going policy of upgrading its products and it may be possible that information in this document is not up to date Please check with your local distributors for the latest information No part of this document can be copied or reproduced in any form without written consent from the company Trademarks All trade names and trademarks are the properties of their respective companies Table of Content T INTRODUCTION i EE EKUNESNEEREEEEEEKNEKUEEEE KEE EEKEEKUNESNEEEEAEEEENEKKEOEEERAe 8 E Nie g t ere Seem Cee eee Farle eee Or Orn ee re ee rr Ory ee en ey Sree Or err ney Sr N ey Seer er er ere eres eer er tree 8 1 2 Management Options ee 9 13 Management SoftWare esiin ea a a e e e EAE ge eet 10 1 4 Management Preparations cccceceeceeeeeeeeeeeeeenneeeeeeeeeeeeeecccaaaeeeeeeeeeeeeseeceneeeeeeeees 11 2 Command Line Interface CL 14 2 USING
64. removing the Deafult_VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command 4 Change Port 1 s PVID to 15 and set Port 1 to DOT1Q TUNNEL mode and Port 24 to TRUNK mode Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt VLAN Interface Set Port 1 to DOT1Q TUNNEL mode and change Port 1 s PVID to 15 a 3 Main Menu E Por EE DS ELE VLAN Member D System Information L User Authentication Port _ DOT1Q TUNNEL_ DOT1Q TUNNEL S Network Management 3 Switch Management D Switch Configuration ACCESS ell D Port Configuration mes s Link Aggregation Rapid Spanning Tree sE 802 1X Configuration n S MAC Address Managemen VLAN Configuration Pont Based VLAN GJ EEE 802 19 Tag VLAN D Configure VLAN L VLAN Interface ACCESS sel D Management VLAN em Ie 2 QoS Configuration ACCESS mye L DSCP Remark ACCESS I D Port Mirroring IGMP Snooping access eil D Static Multicast Configurati v f f a Ponts iaccess Et 221 D User Authentication ACCESS ME 3 Network Management 3 Switch Management O Switch Configuration L Port Configuration Rapid Spanning Tree CH 802 1X Configuration 4 MAC Address Managemen S
65. settings The IP and Gateway addresses will be set to the factory default as well 4 Load Factory Setting Except Network Configuration Selecting this function will also restore the configuration of the Managed Switch to its original factory default settings However this will not reset the IP and Gateway addresses to the factory default 5 Backup Configuration Set up the configuration for backup 190 4 6 1 Event Log Event log keep a record of user login and logout timestamp information Select Event Log from the System Utility menu and then the following screen page appears Event Log Description Name Community Address 1 l D day 00 00 21 System cold start local cold start 2 O day 00 00 22 Case fan case fan ok local case fan ok 3 l O day 00 00 22 Case fan2 case fan ok local case fan ok 4 l D day 00 00 28 Local port 1 fiber link down local link down 5 D day 00 00 28 Local port 2 fiber link down local link down 6 D day 00 00 28 Local port 3 fiber link down local link down 7 D day 00 00 28 Local port 4 fiber link down local link down 8 D day 00 00 28 Local port 5 fiber link down local link down g l D day 00 00 28 Local port 6 fiber link down local link down 10 D day 00 00 28 Local port 7 fiber link down local link down 11 D day 00 00 28 Local port 8 fiber link down local link down 12 D day 00 00 28 Local port 9 fiber link down loca
66. shows the file transmitting progress Backup State View only field that shows the backup status 4 7 Save Configuration In order to save configuration setting permanently users need to save configuration first before resetting the Managed Switch Select Save Configuration from the Console main menu and then the following screen page appears Save Configuration Save All Changes to Flash Click OK to save the configuration 4 8 Reset System After any configuration change Reset System can make it effective Select Reset System from the Console main menu and then the following screen page appears Reset System All Unsayed Changes Configurations Will be Lost Reset System Click OK to perform System Reset 194 APPENDIX A Free RADIUS readme The advanced RADIUS Server Set up for RADIUS Authentication is described as below When free RADIUS client is enabled on the device On the server side it needs to put this file dictionary sample under the directory raddb and modify these three files users clients conf and dictionary which are on the disc shipped with this product Please use any text editing software e g Notepad to carry out the following file editing works In the file users Set up user name password and other attributes In the file clients conf Set the valid range of RADIUS client IP address In the file dictionary Add this following line I
67. status and authentication status Switch config show dot1x Show or verify 802 1x statistics statistics Switch config show dot1x port_list Show or verify the selected interfaces statistics port_list statistics Switch config show dot1x status Show or verify 802 1x status Switch config show dot1x status port_list Show or verify the selected interfaces port_list 802 1x status Dot1x amp interface command example Switch config interface 1 3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if 1 3 dot1x port control auto Set the selected ports to auto state Switch config if 1 3 dot1x reauthenticate Re authenticate the selected interfaces immediately 2 6 10 IP Command 1 Set up an IP address of the Managed Switch or configure the Managed Switch to get an IP address automatically from DHCP server IP command Switch config ip address A B C D 255 X X X A B C D Parameter Description A B C D Enter the desired IP address for your Managed Switch 255 X X X Enter subnet mask of your IP address A B C D Enter the default gateway address Switch config ip address dhcp No command Switch config no ip address Enable DHCP mode Remove the Managed Switch s IP address Switch config no ip address dhcp Show command
68. tHe Bee ee 14 2 2 Remote Console Management Telnet AEN 15 2 3 Navigating OE EE 15 SEITEN 16 23 2 QUICK ENEE eege 16 E Command OM E 17 2 3 4 Login Username amp Password WEE 18 SEENEN geed Cast een cette eld edhe S E 19 2AM PING COMMANG RE 19 2 5 Privileged Ae el 20 2 5 1 Copy cfg ONIN LAN sah he a ac Sa a ea ace Reece ae ec ea ea See ce ear ceee eee a 20 2 5 2 Firmware Command EE 21 2 5 3 Ping Command WE 22 254 Reload Command eebe 22 2 5 5 Write Command EE 22 20O Congre COMMA e DEE 22 2 6 Configuration Mode x sices be onicaihe laren Cagle ceceainsan dade sande diauw scl es daienwndiedisen de denen captioned 23 2 6 1 Entering Interface Numbers AEN 23 2 6 2 NOAZOMIMANG ses eieieg Se ebegr eee ee ege eege ee ee eege eege 24 2 6 3 Show Command EE 24 2 6 4 Interface Command EE 26 26 5 ACLCOMMA NA BEE 27 26 BO AIChive COMIMANG ee 43 2 6 7 Channel Group ComMand navwwareneknwaneetinneneweeannn angie 44 2 6 8 Loop Detection Command RE 46 26 9 Dot ne DEE 47 26G10lIPCommand 50 2 6 11 LLDP Commande 57 SEENEN 59 2 6 13 Management Se ul EI RE 60 2 6 14 Mirror EIERE eege 61 26 TO MV COMMGNG Ee 62 2 6 16 NTP Command eege geet DEE efte Eege e egeeeg 63 26 17 QOS COMMA EE 64 2 6 18 SOCUNILY GOMMANG ee 67 2 6 19 Spanning Tree Commande 71 2620 SWIHCHMGOMIMANG aise cect ti dco torte ed Senha a Sos ol Stak Soe Sok se East oi 76 2 6 21 SNMP Sever Commands aineaieenan atime aiieceans 77 26 22 SWiteh info Command si EE ia EE 81 2 6 23 Use
69. the specified port based based name VLAN Show command Switch config show vlan Display global VLAN information including 802 1q VLAN Enable Disable status and CPU VLAN ID Switch config show vlan dot1q Show 802 1q VLAN table vian Switch config vlan VID show Show the selected VLAN s membership Switch config show vlan port Show port based VLAN table based Switch config show vlan port_list Show the selected ports VLAN assignment and VLAN mode Return to Global configuration Mode Create a new dotiq VLAN 100 86 Switch config vlan port based MKT_ Office Create a port based VLAN MKT_Office Switch config vlan management vlan 1 management port 1 3 mode access Set VLAN 1 to management VLAN untagged and port 1 3 to management ports 2 Use Interface command to configure a group of ports VLAN settings VLAN amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT 1 4094 Specify the selected ports VLAN ID vlan dotiq vlan access vlan 1 PVID 4094 Switch config if PORT PORT Set the selected ports that belong to vlan dotiq vlan mode access the specified VLAN to access mode untagged Switc
70. their full single port soeed while not allowing any one single device to occupy all available backbone capacities Click Link Aggregation folder from the Switch Management menu and then three options within this folder will be displayed SJ Main Menu Trunk Mode Configuration D System Information User Authentication Source MAC Address Disabled v ANESEC Disabled v a Network Management y Switch Management Switch Configuration Port Configuration Sy Link Aggregation J Trunk Mode Configuration Port Trunking D LACH Part Configuration 1 Trunk Mode Configuration Enable or disable Source and Destination MAC address 2 Port Trunking Create edit or delete port trunking group s 3 LACP Port Configuration Set up the configuration of LACP on all or some ports 4 4 3 1 Trunk Mode Configuration Click the option Trunk Mode Configuration from the Link Aggregation menu the following screen page appears Trunk Mode Configuration Source MAC Address Disabled v BEE EER Disabled v There are two fields for you to set up packets according to operations Source MAC Address Enable or disable packets according to source MAC address Destination MAC Address Enable or disable packets according to Destination MAC address 109 4 4 3 2 Port Trunk Configuration Click the option Port Trunk Configuration from the Link Aggregation menu and then the following screen page appears
71. trap destination 1 Show and verify the selected trap destination account s information Return to Global Configuration Mode Create a trap destination account Switch config trap 1 active Activate this trap destination account Switch config trap 1 community mycomm Refer this trap destination account to the community mycomm Switch config trap 1 description redepttrapdest Add a description for this trap destination account Switch config trap 1 destination 192 168 1 254 Set trap destination IP address to 192 168 1 254 79 3 Set up SNMP trap types that will be sent Parameter Trap type command Switch config snmp all anti server trap type all janti bcast auth bcast auth fail case fan fail case fan cold start port link cold start power down sfp storm port link upper limit 0 148810 pps power down warm start sfp storm upper limit 0 148810 pps warm start Description Specify a trap type that will be sent when a certain situation occurs all A trap will be sent when authentication fails broadcast packets exceed the threshold value the device cold warm starts port link is up or down and power is down anti bcast A trap will be sent when broadcast packets exceed the specified threshold value auth fail A trap will be sent when any unauthorized user attempts to login
72. value In each sub section below the use of no command to fulfill different purposes will be introduced 2 6 3 Show Command The show command is very important for network administrators to get information about the device receive outputs to verify a commande configurations or troubleshoot a network configuration error It can be used in Privileged or Configuration Mode The following describes different uses of show command 1 Display system information Enter show switch info command in Privileged or Configuration Mode and then the following similar screen page will appear System Information z Connection Technology Systems 1 3 6 1 4 1 9364 166 31242 z info ctsystem com Managed 24 Ports 1666M Switch 18F 6 No 79 Sec 1 Kintai Sth Rd Xizhi Dist Taiwan FOS 3124 1 66 66 M B Version gt ABIL ABBCDDEFSsSHH006 Date Code 20110707 day 66 05 04 Local Time Temperature PHY1 Temperature Temperature PHY3 Temperature failed Case Fan2 failed installed Type S AC gt active installed Type S AC NG 24 Company Name Display a company name for this Managed Switch Use switch info company name company name command to edit this field System Object ID Display the predefined System OID System Contact Display contact information for this Managed Switch Use switch info sys contact sys contact command to edit this field System Name Display a descriptive sys
73. you would like to assign a rate value to it rate_pps Assign the rate to this specified rate limiter ID The allowable rates are listed below 0 1pps 1 2pps 2 4pps 3 8pps 4 16pps 5 32pps 6 64pps 7 128pps 8 256pps 9 512pps 10 1kpps 11 2kpps 12 4kpps 13 8kpps 14 16kpps 15 32kpps 16 64kpps 17 128kpps 18 256kpps 19 51 2kpps 20 1024kpps Specify 0 to denote 1pps and so on 40 Switch config acl RULE no action No command Permit the action Switch config acl RULE no action port copy Disable port copy function Switch config acl RULE no action rate limiter id Disable rate limiter function Switch config acl RULE no action shutdown Activate the interface Switch config acl RULE no frame type Reset the frame type back to the default value Switch config acl RULE no ingress port Reset the ingress port to the default setting Switch config acl RULE no tag priority Reset tag priority value back to the default value Switch config acl RULE no vid Reset VID filter setting back to the factory default Switch config no acl 1 110 1 110 Delete the specified ACL rule Switch config no acl rate limiter 1 14 Show command Switch show acl Switch config show acl 1 14 Delete the specified Rate limiter rule Show ACL information Switch show acl 1 110 Switch
74. your management PC to the Managed Switch immediately when you enter the command Web Management Configuration 1 Select Configure VLAN option in Port Based VLAN menu Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN amp Main Menu Configure Port Based VLAN O System Information L User Authentication EE ee O Switch Configuration E Rapid Spanning Tree 4 802 1X Configuration 4 MAC Address Managemen ie VLAN alas at 0 E VLAN 207 2 Click New to add a new Port Based VLAN Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN amp Main Menu Configure Port Based VLAN O System Information O User Authentication a Network Management S Switch Management O Switch Configuration D Port Configuration DO Link Aggregation Rapid Spanning Tree SO 802 1X Configuration SO MAC Address Managemen aS VLAN Configuration ES Port Based VLAN O Configure VLAN H6 IEEE 802 1q Tag VLAN ES DEEDB DD 0 1 2 3 4 15 16 17 10 10 20 21 22 29 3 Add Port 1 20 22 and 24 in a group and name it to Marketing Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN CH Main Menu O System Information D User Authentication H Network Management HO Switch Management 3 O Switch Configuration D Port Configuration Link Aggregation Configure Port
75. 0 11 0 00 0 00 0 00 pe bp be p p po p po _ Select Choose the Traffic Statistics from the pull down menu Bytes Received Total bytes received from each port Frames Received Total frames received from each port Received Utilization The ratio of each port receiving traffic and current port s total bandwidth Bytes Sent The total bytes sent from current port Frames Sent The total frames sent from current port 173 Sent Utilization The ratio of real sent traffic to the total bandwidth of current ports Total Bytes Total bytes of receiving and sending from current port Total Utilization The ratio of real received and sent traffic to the total bandwidth of current ports Clear All All port s counter values will be cleared and set back to zero 4 5 3 Port Packet Error Port Packet Error Statistics mode counters allow users to view the port error of the Managed Switch The event mode counter is calculated since the last time that counter was reset or cleared Select Port Packet Error Statistics from the Switch Monitor menu and then the following screen page appears Port Packet Error Statistics Select Choose the Packet Error Statistics from the pull down menu RX CRC Align Error CRC Align Error frames received RX Undersize Frames Undersize frames received RX Fragments Frames Fragments frames received RX Jabber Frames Jabber frames
76. 0 Network Management a0 Switch Management 2 Switch Port State 1 idle o o o o o o _ Port Traffic Statistics _ Port Packet Error Statistics _ Port Packet Analysis Statistics L3LACP Monitor QRSTP Monitor 4802 1 Monitor 5 lt aIGMP Monitor _ IGMP Snooping Status _ IGMP Group Table 4 5 8 1 IGMP Snooping Status IGMP Snooping Status allows users to view a list of IGMP queries information in VLAN s such as VLAN ID Querier and Queries Transmitted Received packets Select IGMP Snooping Status from the IGMP Monitor menu and then the following screen page appears IGMP Snooping Status VLAN ID Queries Transmitted v1 Reports v2 Reports v3 Reports 1 Idle 0 0 0 0 0 0 Update Click Update to update the table VLAN ID VID of the specific VLAN The IGMP querier periodically sends IGMP general queries to all hosts and routers 224 0 0 1 on the local subnet to find out whether active multicast group members exist on the subnet Upon receiving an IGMP general query the Managed Switch forwards it through all ports in the VLAN except the receiving port Querier The state of IGMP querier in the VLAN Queries Transmitted The total IGMP general queries transmitted will be sent to IGMP hosts Queries Received The total received IGMP general queries from IGMP querier 183 v1 Reports IGMP Version 1 reports v2 Reports IGMP Version 2 reports v3 Reports IGMP Version 3 reports v2
77. 000001 802 3 Clause 31 use i e Full Duplex PAUSE operation 0180C2000002 802 3 Clause 43 Link Aggregation and Clause 57 OAM use aka Slow Protocols Multicast address 0180C2000003 802 1X Port Authenticator Entity PAE address 0180C2000004 5 Reserved for future media access specific method standardization 0180C2000006 7 Reserved for future standardization 0180C2000008 All Provider Bridges 0180C2000009 C Reserved for future standardization 0180C200000D Provider Bridge GVRP Address 0180C200000E 802 1AB Link Layer Discovery Protocol address 0180C200000F Reserved for future standardization 0180C200002X Select either Not Filter or Filter When Filter is selected packets from the address ranging from 018002000020 to 0180C200002F will be dropped Multicast addresses from 018002000020 to 0180C2000022 are for GMRP GVRP and GARP respectively 018002000010 Select either Not Filter or Filter When Filter is selected packets from the address 018002000010 will be dropped 107 4 4 2 Port Configuration Click the option Port Configuration from the Switch Management menu and then the following screen page appears Port Configuration Port Number Port 1 20 v Preferred Media Type Port Type Auto Negotiation v Port Speed 1000Mbps Full Flow Control Disabled Port Number Click the pull down menu to select the port number for configuration P
78. 1 or 0 tcp_psh Specify 0 to indicate that the PSH value in TCP header is zero 1 to indicate the PSH value in TCP header is one Specify any to indicate that the value is either 1 or 0 tcp_ack Specify 0 to indicate that the ACK value in TCP header is zero 1 to indicate the ACK value in TCP header is one Specify any to indicate that the value is either 1 or 0 tcp_urg Specify 0 to indicate that the URG value in TCP header is zero 1 to indicate the URG value in TCP header is one Specify any to indicate that the value is either 1 or 0 37 Switch config acl RULE frame type udp dest_mac source_port dest_port source_ip ip mask dest_ip ip mask ip_ ttl Ip fragment ip option dest_mac Define destination MAC address type any Specify any to apply ACL rule to any destination MAC addresses uc Specify uc to apply ACL rule to unicast traffic mc Specify mc to apply ACL rule to multicast traffic be Specify bc to apply ACL rule to broadcast traffic source_port any Specify any to filter frames from any source ports 0 65535 Specify a source port between 0 and 65535 0 65535 0 65535 Specify a range of source ports For example 1000 2000 means that port numbers from 1000 to 200 are specified The starting source
79. 2 168 0 0 24 match option vendor class identifier Sending on Socket fallback fallback net root localhost Je option SWITCH protocol 1 option SW ITCH server ip 192 168 0 251 option SW ITCH server login name anonymous option SW ITCH server login name FAE option SW ITCH server login password dept subclass vendor classes HS 0600 vendor option spa SW ITCH option SW ITCH firmware file name HS 0600 provision option SW ITCH firmware md5 Bee i Zo 32 24 50 0cbb option SWITCH firmware file name HS 0600 pro A option SW ITCH firmware md5 16 2c 2e 4d 30 e5 ER Scoot saidas 33 7d db option SW ITCH configuration file name 3WO503A3C4 bin option SW ITCH configuration md5 ef 30 03 13 a1 0 86 05 afc7 28 6f 25 10 96 84 option SWITCH option 1 Se te te te Every time you modify dhcpd conf file DHCP service must be restarted Issue killall dhcpd command to disable DHCP service and then issue dhcpd command to enable DHCP service Step 4 Backup a Configuration File Before preparing a configuration file in TFTP FTP Server please make sure the device generating the configuration file is set to Get IP address from DHCP assignment DHCP Auto provisioning is running under DHCP mode so if the configuration file is uploaded by the network type other than DHCP mode the downloaded configuration file has no chance to be equal to DHCP when provisioning and it results in MD5 never matching and caus
80. 2 1x client ot1x e authenticates via the Switch exit Exit the configuration Mode help Display a list of available commands in Configuration Mode history Show commands that have been used ip Set up the IP address and enable DHCP Mode amp IGMP snooping Ildp Set up LLDP Link Layer Discovery Protocol configurations mac Set up MAC learning function of each port management Set up console telnet SSH web access control and timeout value mirror Set up target port for mirroring mvr Configure Multicast VLAN Registration MVR settings ntp Set up required configurations for Network Time Protocol qos Set up the priority of packets within the Managed Switch security Configure broadcast multicast unknown unicast storm control settings snmp server Create a new SNMP community and trap destination and specify the trap types spanning tree Set up RSTP status of each port and aggregated ports switch Set up acceptable frame size and address learning etc switch info Set up company name host name system contact system location etc syslog Set up required configurations for Syslog server user Create a new user account vlan Set up VLAN mode and VLAN configuration no Disable a command or set it back to its default setting interface Select a single interface or a range of interfaces show Show a list of commands or show the current setting of each listed command 2 6 1 Entering Interface Numbers In the Global Configuration Mode you can
81. 2 4 Switch config if PORT PORT ip dhcp snooping option Enable the selected interfaces DHCP Option 82 Relay Agent Switch config if PORT PORT ip dhcp snooping trust No command Switch config interface port_list port_list Configure the selected interfaces to DHCP Option 82 trust ports Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT no ip dhcp snooping option Set the selected interfaces to non DHCP Option 82 Relay Agent Switch config if PORT PORT no ip dhcp snooping trust Show command Switch config show ip dhcp snooping Set the selected interfaces to non DHCP Option 82 trust ports Show each port s DHCP Snooping Option 82 and trust port settings Switch config show ip dhcp snooping interface port_list Show the specified ports DHCP Snooping trust port settings 51 DHCP A Interface Example Switch config interface 1 3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if 1 3 ip dhcp snooping Set the selected interfaces to DHCP Option option 82 Relay Agent Switch config if 1 3 ip dhcp snooping trust Set the selected interfaces to DHCP Option 82 trust ports 4 Enable or disable IGMP snooping globally IGMP Internet Group Management
82. 238 255 255 255 No command Switch config no mvr Disable MVR function Switch config no mvr group 1 1 4094 4094 E F G H E F G H E F GH E GH Remove a MVR multicasting group Switch config if PORT PORT no 1 4094 mvr vlan 1 4094 Remove a registered MVR VLAN Switch config show mvr Show or verify current MVR settings Switch config show mvr group Show or verify MVR group settings MVR command example Switch config mvr Enable MVR function Switch config mvr vlan 50 Create a MVR VLAN 50 Switch config mvr group 50 224 10 0 10 238 10 0 10 Add a multicasting IP group to the registered MVR VLAN Use Interface command to configure a group of ports MVR settings MVR amp Interface command Parameter Description Switch config interface port_list Enter several discontinuous port port_list numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT 1 4094 Specify a VLAN ID for this multicast PORT mvr vlan 1 4094 VLAN type receiver source receiver source Indicate whether the selected ports are receiver or source ports No command Switch config if PORT 1 4094 PORT no mvr vlan 1 4094 Show command Delete this Multicast VLAN Switch config show mvr Show or verify current MVR settings Switch config show mvr group
83. 3 or 2 4 Switch config if PORT PORT Specify the selected ports to auto or dot1x port control auto unauthorized unauthorized auto This requires 802 1X aware clients to be authorized by the authentication server Accesses from clients that are not dot1x aware will be denied unauthorized This forces the Managed Switch to deny access to all clients neither 802 1 X aware nor 802 1X unaware 48 authorized This forces the Managed Switch to grant access to all clients both 802 1X aware and 802 1x unaware No authentication exchange is required By default all ports are set to authorized Switch config if PORT PORT dot1x reauthenticate No command Re authenticate the selected interfaces Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT no Reset the selected interfaces 802 1x dot1x port control state to the factory default authorized state Show command Switch config show dot1x Show or verify 802 1x settings Switch config show dot1x Show or verify each interface s 802 1x interface settings including port status and authentication status Switch config show dot1x port_list Show or verify the selected interfaces interface port_list 802 1x settings including port
84. 4 6 MAC Address Management Click the folder MAC Address Management from the Switch Management menu and then the following screen page appears S Main Menu MAC Table Learning D System Information 3 User Authentication Network Management S9 Switch Management Switch Configuration D Port Configuration aE Link Aggregation s0 Rapid Spanning Tree sE 802 1X Configuration Poa MAC Address Management 5 Static MAC Table C x D Static MAC Table Configuration ca a VLAN Configuration 22 23 2 E QoS Configuration D DSCP Remark Port Mirroring eo IGMP Snooping O Static Multicast Configuration 1 MAC Table Learning To enable or disable learning MAC address function 2 Static MAC Table Configuration To create edit or delete Static MAC Table setting 4 4 6 1 MAC Table Learning Click the option MAC Table Learning from the MAC Address Table menu and then the following screen page appears MAC Table Learning Auto Enable port MAC address learning Disabled Disable port MAC address learning 121 4 4 6 2 Static MAC Table Configuration Click the option Static MAC Table Configuration from the MAC Address Table menu and then the following screen page appears Static MAC Table Configuration NOTE The Managed Switch only supports switch based MAC security and does not support port based MAC security The Managed
85. ACL rule to broadcast traffic source_port any Specify any to filter frames from any source ports 0 65535 Specify a source port between 0 and 65535 0 65535 0 65535 Specify a range of source ports For example 1000 2000 means that port numbers from 1000 to 200 are specified The starting source port number is100 whereas the ending source port number is 2000 dest_port any Specify any to filter frames from any destination ports 0 65535 Specify a destination port between 0 and 65535 0 65535 0 65535 Specify a range of destination ports For example 1000 2000 means that port numbers from 1000 to 2000 are specified The starting destination port number is1000 whereas the ending destination port number is 2000 35 source_ip This is sender IP filtering function Specify any to filter frames from any sender IP addresses Or specify a host IP address x x x x ip_mask Define source IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask dest_ip This is destination IP filtering function any Specify any to filter frames to any target IP addresses X X X X Specify either a host IP address ip_mask Define destination IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask
86. Based VLAN Rapid Spanning Tree 802 1X Configuration MAC Address Managemen aS VLAN Configuration 28 Port Based VLAN O Configure VLAN IEEE 802 1q Tag VLAN QoS Configuration O DSCP Remark V Member Not Member Click OK to apply the settings 4 Click New to add a new Port Based VLAN Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN amp Main Menu Configure Port Based VLAN O System Information O User Authentication Network Management 2 Switch Management VLAN Name 1 O Switch Configuration D Port Configuration amp Link Aggregation DO 802 1X Configuration MAC Address Managemen 2 VLAN Configuration Rapid Spanning Tree V Member Not Member 5 Add Port 2 21 22 and 24 in a group and name it to RD Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN 208 amp Main Menu Configure Port Based VLAN O System Information O User Authentication Network Management Sa Switch Management O Port Configuration Link Aggregation Rapid Spanning Tree 802 1X Configuration Members H MAC Address Managemen a8 VLAN Configuration 2 8 Port Based VLAN O Configure VLAN V Member Not Member G IEEE 802 1q Tag VLAN amp QoS Configuration le O DSCP Remark Click OK to apply the settings 6 C
87. E Link Aggregation Port17 ACCESS je access IE ACCESS wll VLAN Configuration S Port Based VLAN SY IEEE 802 1q Tag VLAN D Configure VLAN _ L VLAN Interface s IGMP Snooping D Static Multicast Configurati v gt Le 7 Management VLAN SE QoS Configuration J L DSCP Remark D Port Miroing Ponas itmunk hr Set Port 24 to TRUNK mode Click OK to apply the settings Treatments of Packets 1 A tagged packet arrives at Port 1 When a packet with a tag 12 arrives at Port 1 the original tag will be kept intact and then added an outer tag 15 by Port 1 which is set as a tunnel port When this packet is forwarded to Port 24 two tags will be forwarded out because Port 24 is set as a trunk port 2 An untagged packet arrives at Port 1 If an untagged packet is received function will not work it will also be added a tag 15 However Q in Q 222 This page is intentionally left blank
88. Enable or disable unknown Unicast traffic control and set up unknown Unicast Rate packet per second pps Multicast Rate Enable or disable Multicast traffic control and set up Multicast Rate packet per second pps Broadcast Rate Enable or disable Broadcast traffic control and set up broadcast Rate packet per second pps 157 4 4 14 7 Anti Broadcast Configuration Select the option Anti bcast Configuration from the Security Configuration menu and then the following screen page appears Anti bcast Configuration Port Enable Port Threshold pps 1 Disable v 20 Disable 20 Disable ze Disable v 2 3 4 5 Disable zw 6 Disable ze 7 Disable v 2 e e 11 12 13 0 20 Disable v Disable v Disable v Disahle se 20 Polling Interval Specify a time interval for the frequency of the Managed Switch checking or refreshing broadcast traffic Port Enable Enable or disable anti broadcast function in each port Port Threshold pps Enter the threshold value for each port When the port exceeds the threshold value in the time specified the port will be temporarily blocked until the value is refreshed in the next polling interval For example if you enable port 1 s anti broadcast function and set polling interval to 9 seconds and port threshold to 14880 then the total packets within 9 seconds can not exceed 133920 14880X9 133920 If the packets e
89. GMP filter 4 4 11 1 IGMP Configuration Select the option IGMP Configuration from the IGMP Snooping menu and then the following screen page appears IGMP Configuration Snooping Disabled x Wels Cel ease Disabled v Query Interval 1 6000 Second 125 Query Response Interval 100 1 6000 1 10 Sec uter Port Roi Snooping When enabled the Managed Switch will monitor network traffic and determine which hosts to receive multicast traffic Unregistered IPMC Flooding Set forwarding mode for unregistered not joined IP multicast traffic The traffic will flood when enabled However the traffic will be forwarded to router ports only when disabled Query Interval The Query Interval is used to set the time between transmitting IGMP queries entries between 1 6000 seconds are allowed Default value 125 One Unit 1 second Query Response Interval This determines the maximum amount of time allowed before sending an IGMP response report Default value 100 One Unit 0 1 second Immediate Leave The Immediate Leave option may be enabled or disabled When enabled this allows an interface to be ignored without sending group specific queries The default setting is Disabled Router Ports When ports are connected to the IGMP administrative routers they should be set to Y Otherwise the default N will be applied 140 4 4 11 2 IGMP VLANID Configuration Select
90. L configuration then the screen page is shown below Click Delete to remove an existing ACL configuration Click Edit to view and edit an existing ACL configuration ACL Configuration C MAC Parameters DMAC Filter Current Max ACL View only field Current This shows the number of the current ACL rule Max ACL This shows the maximum number available for registering ACL rule The maximum default number is 110 161 Ingress Port Select a Policy ID or a port number as the ingress port Frame Type Select Any Ethernet Type ARP or IPv4 as the desired frame type Options displayed in MAC and VLAN parameters will vary according to the frame type you select here When the information conforms to MAC and VLAN parameters then actions set 3 D o in Action Rate Limiter Port Copy and Shutdown will be taken Action Deny or permit the action Rate Limiter Disable or enable rate limiter Port Copy Send a copy of packets to the selected port Shutdown If enabled the Managed Switch will shutdown the interface Hit Counter View only filed that shows the amount of packets that conform to the configured rules Any Frame Type 1 1 110 Action Rate Limiter Port Copy Frame Type Any hs Deny e Disable 7 Disabled 7 MAC Parameters VLAN Parameters OX Cancel MAC Parameters DMAC Filt
91. Monitor Click the RSTP Monitor folder and then three options appear 3 Main Menu RSTP Bridge Overmew _ System Information _ User Authentication a0 Network Management a Switch Management Switch Montor fereg E Heno time rwa pty E EE _ Switch Port State C Port Traffic Statistics 32769 00 06 19 06 E4 C8 20 2 15 32769 00 06 19 06 E4 C8 0 _ Port Packet Error Statistics _ Port Packet Analysis Statistics 3LACP Monitor lt aRSTP Monitor _ RSTP Bridge Overview _ RSTP Port Status A RSTP Statistics 4 5 6 1 RSTP VLAN Bridge Overview RSTP VLAN Bridge Overview allows users to view a list of all RSTP VLANs brief information such as VLAN ID Bridge ID topology status and Root ID and to obtain detailed VLAN information after selecting Select RSTP VLAN Bridge Overview from the RSTP Monitor menu and then the following screen page appears RSTP Bridge Overview Update Bridge ID Hello Time Fwd Delay Topology Root ID Root Port 32769 00 06 19 06 EA C8 32769 00 06 19 06 EA C8 jo In this page you can find the following information about RSTP VLAN bridge Update Update the current status VLAN ID VID of the specific VLAN Bridge ID RSTP Bridge ID of the Managed Switch in a specific VLAN Max Age Max Age setting of the Managed Switch in a specific VLAN Hello Time Hello Time setting of the Managed Switch in a specific VLAN Forward Delay The Managed Switch s setting of F
92. NCLUDE dictionary sample 195 APPENDIX B Set Up DHCP Auto Provisioning Networking devices such as switches or gateways with DHCP Auto provisioning function allow you to automatically upgrade firmware and configuration at startup process Before setting up DHCP Server for auto upgrade of firmware and configuration please make sure the Managed Switch that you purchased supports DHCP Auto provisioning Setup procedures and auto provisioning process are described below for your reference A Setup Procedures Follow the steps below to set up Auto Provisioning server modify dhcpd conf file and generate a copy of configuration file Step 1 Set Up Environment DHCP Auto provisioning enabled products that you purchased support the DHCP option 60 to work as a DHCP client To make auto provisioning function work properly you need to prepare ISC DHCP server File server TFTP or FTP and the switching device See below for a possible network topology example ISC DHCP Server TFTP FTP Server Topology Example 196 Step 2 Set Up Auto Provision Server Update DHCP Client root localhost File Edit View Terminal Help root localhost yum install dhclient Link to dhcpd conf Linux Fedora 12 supports yum function by default First of all update DHCP client function by issuing yum install dhclient command Install DHCP Server File Edit View Terminal Help root localhost yum install dc Iss
93. NZ CTS CONNECTION TECHNOLOGY SYSTEMS FOS 3124 SERIES 20 PORTS 100 1000BASE X SFP WITH 4 COMBO PORTS 10 100 1000BASE T 100 1000BASE X SFP UPLINK MANAGED SWITCH Network Management User s Manual Version 1 0 Trademarks CTS is a registered trademark of Connection Technology Systems Inc Contents subject to revision without prior notice All other trademarks remain the property of their owners Copyright Statement Copyright Connection Technology Systems Inc This publication may not be reproduced as a whole or in part in any way whatsoever unless prior consent has been obtained from Connection Technology Systems Inc FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limitations are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following measures HR Reorient or
94. P address of this Managed Switch You can use the default IP address or specify a new one when the situation of address duplication occurs or the address does not match up with your network The default factory setting is 192 168 0 1 Subnet Mask Specify the subnet mask The default subnet mask values for the three Internet address classes are as follows e Class A 255 0 0 0 e Class B 255 255 0 0 e Class C 255 255 255 0 Gateway Specify the IP address of a gateway or a router which is responsible for the delivery of the IP packets sent by the Managed Switch This address is required when the Managed Switch and the network management station are on different networks or subnets The default value of this parameter is 0 0 0 0 which means no gateway exists and the network management station and Managed Switch are on the same network Current State This View only field shows currently assigned IP address by DHCP or manual Subnet Mask and Gateway of the Managed Switch 98 4 3 2 System Service Configuration Click the option System Service Configuration from the Network Management menu and then the following screen page appears System Service Configuration SSH Service Disabled wR aeg Enabled v Telnet Service To enable or disable the Telnet Management service SSH Service To enable or disable the SSH Management service To enable SSH Service Telnet Service must be disabled SNMP Service T
95. PORT no channel group lacp key Reset the key value of the selected interfaces to the factory default Switch config if PORT PORT no channel group lacp type Show command Switch config show channel group lacp Reset the LACP type of the selected interfaces to the factory default passive mode Show or verify each interface s LACH settings including current mode key value and LACP type Switch config show channel port_list Show or verify the selected interfaces group lacp port_list LACP settings Switch config show channel Show or verify each interface s current group lacp status LACP status Switch config show channel port_list Show or verify the selected interfaces group lacp status port_list current LACP status Switch config show channel Show or verify each interface s current group lacp statistics LACP traffic statistics Switch config show channel port_list Show or verify the selected interfaces group lacp statistics port_list current LACP statistics Switch config show channel group lacp statistics clear Clear all LACP statistics 9 CEl QrOoup o CO Switch config interface 1 3 Enter port 1 to port 3 s interface mode Switch config if 1 3 channel group lacp Enable LACP on the selected interfaces Switch config if 1 3 channel group lacp key 10 Set a key value 10 to the selected interfaces
96. Procedures I Port Based VLAN CLI WEB II Data VLAN CLI WEB II Management VLAN CLI WEB IV Q in Q CLI WEB 205 I Port Based VLAN Port Based VLAN is uncomplicated in implementation and is useful for network administrators who wish to quickly and easily set up VLANs to isolate the effect of broadcast packets on their network In the network diagram provided below the network administrator is required to set up VLANs to separate traffic based on the following design conditions Switch 1 is used in the Marketing Department to provide network connectivity to client PCs or other workstations Switch 1 also connects to Port 1 in Managed Switch Client PCs in the Marketing Department can access the Server 1 and Public Server Switch 2 is used in the RD Department to provide network connectivity to Client PCs or other workstations Switch 2 also connects to Port 2 in Managed Switch Client PCs in the RD Department can access the Server 2 and Public Server Client PCs in the Marketing and RD Department can access the Internet Marketing Department oan eee Zeeeeeee enee Q RD Department deeg Server1 Switch 1 Switch 2 Public Sever Un tag L Swich Port1 Port 20 I LU i I I Port 21 i i Port 22 i Port Based VLAN Network Diagram Based on design conditions described above port based VLAN assignments can be summarized in the table bel
97. Show or verify each interface s interface 802 1x settings including port status and authentication status Switch config show dot1x port_list Show or verify the selected interface port_list interfaces 802 1x settings including port status and authentication status Switch config show dot1x Show or verify 802 1x statistics statistics Switch config show dot1x port_list Show or verify the selected statistics port_list interfaces statistics Switch config show dot1x status Show or verify 802 1x status Switch config show dot1x status port_list Show or verify the selected port_list interfaces 802 1x status Dot1x command example Switch config dot1x Enable IEEE 802 1x function Switch config dot1x reauth period 3600 Set the reauthentication period to 3600 seconds Switch config dot1x reauthentication Enable re authentication function Switch config dot1x secret agagabcxyz Set the shared secret to agagabcxyz Switch config dot1x server 192 168 1 10 Set the 802 1x server IP address to 192 168 1 10 Switch config dot1x timeout 120 Set the timeout value to 120 seconds Use Interface command to configure a group of ports IEEE 802 1x settings Blo ab amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1
98. Switch Monitor _ Switch Port State _ Port Traffic Statistics _ Port Packet Error Statistics _ Port Packet Analysis Statistics CQLACP Monitor LORSTP Monitor a0 802 1 Monitor IGMP Monitor D MAC Address Table 7 SSFP Information _ SFP Port Info _ SFP Port State 4 5 10 1 SFP Port Info SFP Port Info displays each port s slide in SFP Transceiver information e g Speed Length Vendor Name Vendor PN Vendor SN and detection Temperature Voltage TX Bias etc Select SFP Port Info from the SFP Information menu and then the following screen page appears SFP Port Info Port The number of the port Speed Data rate of the slide in SFP Transceiver 185 Distance Transmission distance of the slide in SFP Transceiver Vendor Name Vendor name of the slide in SFP Transceiver Vendor PN Vendor PN of the slide in SFP Transceiver Vendor SN Vendor SN of the slide in SFP Transceiver 4 5 10 2 SFP Port State Select SFP Port Status from the SFP Information menu and then the following screen page appears SFP Port State Port Number The number of the SFP module slide in port Temperature C The Slide in SFP module operation temperature Voltage V The Slide in SFP module operation voltage TX Bias mA The Slide in SFP module operation current TX Power dbm The Slide in SFP module opti
99. T PORT no spanning tree forced_fasle auto Set the aggregated ports to non point to point ports forced_false or allow the Managed Switch to detect point to point status automatically auto By default aggregated ports are set to point to point ports forced_true Disable spanning tree protocol on the selected interfaces Switch config if PORT PORT no spanning tree cost Set the cost value back to the factory default Switch config if PORT PORT no spanning tree priority Set the priority value back to the factory default Switch config if PORT PORT no spanning tree edge Set the selected interfaces to non edge ports Switch config if PORT PORT no spanning tree p2p Show command Switch config show spanning tree Set the selected interface to point to point ports Show or verify STP settings on the per switch basis Switch config show spanning tree aggregated port Show or verify STP settings on aggregated ports Switch config show spanning Show each interface s STP tree interface information including port state path cost priority edge port state and p2p port state Switch config show spanning port_list Show the selected interfaces STP tree interface port_list information including port state path cost priority edge port state and p2p port state Switch config show spanning Show each interface and each link tree statist
100. Tag VLAN Based VLAN Default_VLAN 1 VLAN Name oct 2 Member NOTE By default all ports are member ports of the Default_VLAN Before removing the Deafult_VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command 4 Change Port 1 s PVID to 11 and set Port 24 to trunk mode Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt VLAN Interface LJ Swit CoMmlguranorr L Port Configuration a Link Aggregation Rapid Spanning Tree 802 1X Configuration a MAC Address Managemen S VLAN Configuration e Port Based VLAN SJ IEEE 802 1q Tag VLAN O Configure VLAN janagement VLAN QoS Configuration D DSCP Remark D Port Mirroring IGMP Snooping D Static Multicast Configurati MVR Configuration Security Configuration Access Control List Manag Port VLAN Interface Change Port t s PVID to 11 Port Port2 Port3 Port4 Ports Port Port7 ACCESS k ACCESS D ACCESS vi ACCESS at ACCESS B l CO ACCESS ACCESS El 1 11 Main Menu D System Information _ User Authentication Network Management Switch Management D Switch Configuration D Port Configuration
101. VR EE 146 r a Ee a ROL e 148 4 4 13 2 MVR Group EE 149 4 4 14 Security Configuration ee 150 4 4 14 1 DHCP Option 82 Senings EE 151 4 4 14 2 DACP Port Settings a i cic dict cngechinen ies ndecntdeadlcd cndecnan ee ead eddi 153 44 14 38 EE 154 4 4 14 4 Static IP Table CGontouraton EE 155 4 4 14 5 Configure DHCP Snooping un 156 4 4 14 6 Storm Control Sess hcetenits event nietene sac desie dae dad ode iapienienie ade i cee beceniniestene 157 4 4 14 7 Anti Broadcast Configuration ccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeneee 158 4 4 15 Access Control List Management ACLM sssssssssssnnnnsesssesrrrnnnnnssserrrrernn 159 4 4 16 LLDP E e e 169 4 4 17 Loop Detection Configuration ccccceceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeenaaees 170 ASS WICH MOMMOM EE 171 Ae Switch POW EE 172 4 5 2 POP ee 173 45 3 Port Packet e EE 174 4 5 4 Port Packet Analysis eebe ee vad ee ee 175 4 520 LACE MONITO EE 176 4 5 5 1 LACP Port Status iegegetege egeie egugetetegeieZegegeiee ee fEeCEeiedeEee ee CEee E eier 176 AD 2 ACP E e 177 ADB AS TP el te 178 4 5 6 1 RSTP VLAN Bridge Cverview ssssssssssesereesssssrrrrrrnrrnsserrrrrnnnnresserrrrrrnnnn 178 AO Oo2 Mor kee 179 EE 180 AST BO beet 181 E en EE 181 4 5 7 2 802 1X Statistics EE 182 4 5 8 IGMP e ne 183 4 5 8 1 IGMP Snooping Gtatus EEN 183 4 5 8 2 IGMP Group Table nsssseeesessnnenenneesseerrrrrnnrtrsseerrrrrnnrtnsstrrrnrnnnnnnnsernnnnn nnn 184
102. W XYZ low normal medium QoS rule between 0x600 and high FFFF low normal Specify one priority level to medium high classify data packets Switch config qcl LIST tcpudp 0 65535 Specify a TCP or UDP port port 0 65535 port_list low normal port_list number or several TCP UDP medium high port numbers between 0 and 65535 low normal Specify one priority level to medium high classify data packets Switch config qcl LIST tos 0 7 0 7 tos_list Specify a TOS priority value tos_list low normal medium from 0 7 high low normal Specify one priority level to medium high classify data packets Switch config qcl LIST vian id 1 vlan id 1 4094 Specify the VID to this QoS rule 4094 How normal imedium high low normal Specify one priority level to medium high classify data packets Switch config qcl LIST 802 1 0 7 802 1p_list low normal 0 7 802 1p list Specify a tag priority value between 0 and 7 medium high low normal Specify one priority level to medium high classify data packets No command Switch config no qos qcl 1 24 1 24 Delete a QCL rule Switch config qcl LIST no dscp 0 63 Remove DSCP value setting 0 63 Switch config qcl LIST no ether OxXwWXYZ Remove Ether type setting type OxWXYZ Switch config qcl LIST no tcpudp 0 65535 Remove TCP UDP port setting port 0 65535 port_list por
103. _name gin password Enter the password for FTP server login Switch copy cfg A B C D Enter the IP address of your TFTP server from tftp A B C D file name Enter the configuration file name that you file_name want to restore Switch copy cfg from ftp 192 168 1 198 HS 0600 file conf misadmin1 abcxyz Switch copy cfg from tftp 192 168 1 198 HS 0600 file conf 2 Backup a configuration file to FTP or TFTP server Parameter Description Switch copy cfg to A B C D Enter the IP address of your FTP server ftp A B C D file file name Enter the configuration file name that you want to name user_name backup 20 password user_name Enter the username for FTP server login password Enter the password for FTP server login Switch copy cfg to A B C D Enter the IP address of your TFTP server tftp A B C D file name Enter the configuration file name that you want to file_name backup Switch copy cfg to ftp 192 168 1 198 HS 0600_file conf misadmin1 abcxyz Switch copy cfg to tftp 192 168 1 198 HS 0600 _file conf 3 Restore the Managed Switch back to default settings Command Example Switch copy cfg from default 4 Restore the Managed Switch back to default settings but keep IP configurations Command Example Switch copy cfg from default keep ip 2 5 2 Firmware Command To upgrade Firmware via TFTP or FTP server
104. agged frames receiving from that port ingress traffic On the other hand a port can be defined as a member of multiple VLAN multiple VID These VIDs constitute an access list for the port The access list can be used to filter tagged ingress traffic the switch will drop a tagged packet as belonging in one VLAN if the port on which it was received is not a member of that VLAN The switch also consults the access list to filter packets it sends to that port egress traffic Packets will not be forwarded unless they belong to the VLANs that the port is one of the members The differences between Ingress and Egress configurations can provide network segmentation Moreover they allow resources to be shared across more than one VLAN 125 Important VLAN Definitions Ingress The point at which a frame is received on a switch and the switching decisions must be made The switch examines the VID if present in the received frames header and decides whether or not and where to forward the frame If the received frame is untagged the switch will tag the frame with the PVID for the port on which it was received It will then use traditional Ethernet bridging algorithms to determine the port to which the packet should be forwarded Next it checks to see if each destination port is on the same VLAN as the PVID and thus can transmit the frame If the destination port is a member of the VLAN used by the ingress port the frame will be forwarded If
105. al means that the Managed Switch uses RSTP Disable STP on aggregated ports Switch config no spanning tree aggregated port cost Reset aggregated ports cost to the factory default Switch config no spanning tree aggregated port priority Reset aggregated ports priority to the factory default Switch config no spanning tree aggregated port edge Disable aggregated ports edge ports status Switch config no spanning tree aggregated port p2p Reset aggregated ports to point to point ports forced_true Switch config no spanning tree delay time Reset the Forward Delay time back to the factory default Switch config no spanning tree hello time Reset the Hello Time back to the factory default Switch config no spanning tree max age Show command Reset the Maximum Age back to the factory default Switch config show Show or verify STP settings on the per spanning tree switch basis Switch config show Show or verify STP settings on spanning tree aggregated port aggregated ports Switch config show spanning tree interface Show each interface s STP information including port state path cost priority edge port state and p2p port state Switch config show port_list Show the selected interfaces STP spanning tree interface information including port state path port_list cost priority edge port state
106. and p2p port state Switch config show Show each interface and each link spanning tree statistics aggregation group s statistics information including the total RSTP packets received RSTP packets transmitted STP packets received STP packets transmitted TCN Topology Change Notification packets received TCN packets transmited illegal packets received and unknown packets received Switch config show spanning tree statistics port_list llag port_list llag Show the selected interfaces or link aggregation groups statistics information including the total RSTP packets received RSTP packets transmitted STP packets received STP packets transmitted TCN Topology Change Notification packets received TCN packets transmited illegal packets received and unknown packets received Switch config show Show current RSTP port status spanning tree status Switch config show port_list llag Show the selected interfaces or link spanning tree status port_list aggregation groups statistics information llag Switch config show Show the current STP state spanning tree overview Spanning tree command example Description Switch config spanning tree aggregated port Enable Spanning Tree on aggregated ports Switch config spanning tree aggregated port cost 100 Set the aggregated ports cost to 100 Switch config spanning tree aggregated port priority 0
107. ansmit files to the server A transmitting progress will be displayed during file transfer Once completed a process completed message will pop up to remind users Click Stop to abort the current operation Select Update then press Enter to instruct the Managed Switch to update existing firmware configuration to the latest firmware configuration received After a successful update a message will pop up The Managed Switch will need a reset to make changes effective 4 6 3 Load Factory Settings Load Factory Setting will set all the configurations of the Managed Switch back to the factory default settings including the IP and Gateway address Load Factory Setting is useful when network administrators would like to re configure the system A system reset is required to make all changes effective after Load Factory Setting Select Load Factory Setting from the System Utility menu and then the following screen page appears Load Factory Settings System Will Need to Be Reset Load Factory Settings Click OK to start loading factory settings 192 4 6 4 Load Factory Settings Except Network Configuration Load Factory Settings Except Network Configuration will set all the configurations of the Managed Switch back to the factory default settings However IP and Gateway addresses will not restore to the factory default Load Factory Settings Except Network Configuration is very useful when network administrators need to re
108. any to filter any codes 0 255 Specify 0 255 to filter different defined codes source_ip This is sender IP filtering function Specify any to filter frames from any sender IP addresses Or specify either a host IP address or a network address X X X X Ip _mask Define source IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask dest_ip This is destination IP filtering function any Specify any to filter frames to any target IP addresses X X X X Specify a host IP address 32 ip_mask Define destination IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask ip_ ttl Specify IP TTL bit any Specify any to denote the value which is either zero or not zero 0 Specify 0 to indicate that the TTL filed in IPv4 header is 0 41 If the value in TTL field is not 0 use 1 to indicate that ip_ fragment Specify IP fragment bit any Specify any to denote the value which is either 0 or not 0 0 Specify 0 to indicate that the fragment filed in IPv4 header is 0 41 If the value in TTL field is not 0 use 1 to indicate that Ip option Specify IP option bit any Specify any to denote the value which is either 0 or
109. artup configurations Refer to show default setting command show running config command and show start up config command sections 2 6 4 Interface Command Use interface command to set up configurations of several discontinuous ports or a range of ports Command Parameter Description Switch config interface port_list Enter several port numbers separated by port_list commas or a range of port numbers For example 1 3 or 2 4 Switch config if PORT PORT 1000 100 Set up the selected interfaces speed speed 1000 100 10 10 Speed configuration only works when no auto negotiation command is issued Switch config if PORT PORT Set the selected interfaces to auto auto negotiation negotiation When auto negotiation is enabled speed configuration will be ignored Switch config if PORT PORT full Set the selected interfaces to full duplex duplex full mode Switch config if PORT PORT Enable the selected interfaces flow flowcontrol control function Switch config if PORT PORT description Specify a descriptive name for the description description selected interfaces Switch config if PORT PORT sfp Set the selected interfaces type to fiber media type sfp Switch config if PORT PORT Administratively disable the selected shutdown ports status No command Switch config interface port_list Enter several port numbers separated by
110. at shows the port number of the neighboring device System Name View only field that shows the system name advertised by the neighboring device Port Description View only field that shows the port description of the remote port System Capabilities View only field that shows the capability of the neighboring device Management Address View only field that shows the IP address of the neighboring device 188 4 5 13 Loop Detection Status Select Loop Detection Status from the Switch Monitor menu and then the following screen page appears Loop Detection Status EE 3 A 4 E 1 1 1 1 Status View only filed that shows the loop status of each port 7 omar 2 Lock Cause View only filed that shows the cause why the port is locked Click Update to refresh the Loop Detection status of each port 189 4 6 System Utility System Utility allows users to easily operate and maintain the system Select the folder System Utility from the main menu and then the following screen page appears Main Menu Event Log System Information J User Authentication E Switch Management D day 00 00 21 System cold start cold start Switch Monitor a System Utility D Event Log 1 2 nm D day 00 00 22 Case fan1 case fan ok oca S 3 D day 00 00 22 Case fan2 case fan ok case fan ok Upgrade Load Factory Settings 4 D day 00 00 28 Local port 1 fiber link down ink down D Load Factory Settings Exc
111. be copied to this target port for monitoring 138 4 4 11 IGMP Snooping The Internet Group Management Protocol IGMP is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It can be used more efficiently when supporting activities such as online streaming video and gaming IGMP Snooping is the process of listening to IGMP traffic IGMP snooping as implied by the name is a feature that allows the switch to listen in on the IGMP conversation between hosts and routers by processing the layer 3 packets that IGMP packets sent in a multicast network When IGMP snooping is enabled in a switch it analyses all the IGMP packets between hosts connected to the switch and multicast routers in the network When a switch receives an IGMP report for a given multicast group from a host the switch adds the host s port number to the multicast list for that group When the switch hears an IGMP Leave it removes the host s port from the table entry IGMP snooping can reduce multicast traffic from streaming and make other bandwidth intensive IP applications run more effectively A switch using IGMP snooping will only forward multicast traffic to the hosts in that traffic This reduction of multicast traffic reduces the packet processing at the switch at the cost of needing additional memory to handle the multicast
112. bit any Specify any to denote the value which is either 0 or not 0 0 Specify 0 to indicate that the fragment filed in IPv4 header is 0 4 If the value in TTL field is not 0 use 1 to indicate that 39 Ip option Specify IP option bit any Specify any to denote the value which is either 0 or not 0 4 Specify 1 to indicate that the IPv4 header is bigger than 5 bytes 0 Specify 0 to indicate that the IPv4 is 5 bytes Switch config acl RULE ingress port any policy1 8 port any policy1 8 port 1 24 Specify one option for ingress port command any Specify any to mean any ports are ingress ports policy1 8 Specify a policy that applies to ingress port command To make this command work properly you must configure Switch config if xx xx acl policy 1 8 command port Specify a port number 1 24 as an ingress port Switch config acl RULE tag priority 0 7 0 7 Configure the tag priority for this ACL rule The allowable tag priority value is between 0 and 7 Switch config acl RULE vid any 1 4094 any 1 4094 Configure the VLAN ID filter function any Specify any to mean any VLAN ID 1 4094 Specify an existing VLAN ID Switch config acl rate limiter 1 14 rate_pps 1 14 Specify the rate limiter ID that
113. bled Configure 802 1p Remark Select 802 1p Remark from the pull down menu of Select Setting DSCP Remark Osa ese m m Disable x Disable v Disable Disable v v Disable x Disable x Disable v Disable v Disable x Disable x Disable x This allows you to enable or disable 802 1p remarking for each port The default setting is disabled Configure Queue Mapping Select Queue Mapping from the pull down menu of Select Setting 137 DSCP Remark Queue Mapping x Queue mapping to DSCP 0 63 Queue mapping to 802 1p 0 7 DSCP mapping to Queue Assign a value 0 63 to four different levels 802 1p mapping to Queue Assign a value 0 7 to four different levels 4 4 10 Port Mirroring In order to allow Target Port to mirror Source Port and enable traffic monitoring select the option Port Mirroring from the Switch Management menu and then the following screen page appears Port Mirroring Source Port Source Port Choose Y enable or N disable from the pull down menu to enable or disable Target Port s mirroring on the TX and RX of Source port Target Port Select the preferred target port for mirroring or select Disable to turn off port mirroring function When enabled the traffic flowing from the selected source ports will
114. cal Transmission power RX Power dbm The Slide in SFP module optical Receiver power 186 4 5 11 DCHP Snooping DHCP Snooping displays the Managed Switch s DHCP Snooping table Select DHCP Snooping from the Switch Monitor menu and then the following screen page appears DHCP Snooping Update Click Update to update the DHCP snooping table Cli Port View only field that shows where the DHCP client binding port is SrvPort View only field that shows where the DHCP server binding port is VID View only field that shows the VLAN ID of the client port ClilP Addr View only field that shows client IP address Cli MAC Addr View only field that shows client MAC address Srv Addr View only field that shows server MAC address TimeLeft View only field that shows DHCP client lease time 187 4 5 12 LLDP Status Select LLDP Status from the Switch Monitor menu and then the following screen page appears LLDP Status Local Remote Port System Management Hen Ge ege Capabilities 00 06 19 03 9d 17 MAC Sw 5 S P e address iflias Switch ctsystem com Switch Port 5 192 168 1 199 ipv4 Click Update to refresh LLDP Status table Local Port View only field that shows the port number on which LLDP frames are received Chassis ID View only field that shows the MAC address of the LLDP frames received the MAC address of the neighboring device Remote Port View only field th
115. ccess 1 1 12 access 1 1 ES access 1 1 14 access 1 1 15 access 1 1 16 access 1 I 17 access 1 1 18 access 1 1 19 access 1 d 20 access 1 1 21 access 1 1 22 access 1 1 23 access 1 1 Hl Hl 24 trunk ALS 219 Web Management Configuration 1 Select Configure VLAN option in IEEE 802 1Q Tag VLAN menu Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN A amp Main Menu Configure IEEE 802 1q Tag VLAN O System Information D User Authentication s Network Management 83 Switch Management D Switch Configuration D Port Configuration e Link Aggregation Rapid Spanning Tree 802 1X Configuration B MAC Address Managemen 53 VLAN Configuration Port Based VLAN D Configure VLAN SSE D Management VLAN VLAN Name 5 7 8 9 20 9 12 2 Create a new Service VLAN 15 that includes Port 1 and Port 24 as member ports Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN A amp Main Menu Configure IEEE 802 1q Tag VLAN L System Information D User Authentication Network Management Switch Management D Switch Configuration D Port Configuration Link Aggregation Rapid Spanning Tree VLAN Name V Member Mot Member 802 1X Configuration ISn MAC Address Managemen VLAN Configuration RE Click New to create a new VLAN IEEE 802 1q Tag VLAN D Configure VLAN D VLAN Interface LO Managem
116. cified threshold will then be dropped The packet rates that can be specified are listed below 1 2 4 8 16 32 64 128 256 512 1k 2k 4k 8k 16k 32k 64k 128k 256k 512k 1024k NOTE To view a list of allowable values that can be specified you can press spacebar and then followed by For example Switch config security storm protection multicast Switch config security storm protection unicast 1 1024k No command Switch config no security storm protection broadcast 1 1024k Specify the maximum unicast packets per second pps Any unicast packets exceeding the specified threshold will then be dropped The packet rates that can be specified are listed below 1 2 4 8 16 32 64 128 256 512 1k 2k 4k 8k 16k 32k 64k 128k 256k 512k 1024k NOTE To view a list of allowable values that can be specified you can press spacebar and then followed by For example Switch config security storm protection unicast Disable broadcast storm control Switch config no security storm protection multicast Disable multicast storm control Switch config no security storm protection unicast Disable unicast storm control Show command security storm protection interface Switch config show Show current storm control settings security storm protection Switch config show Show each interface s storm protection s
117. cify anti broadcast threshold value for the selected interfaces Disable anti broadcast function on the selected interfaces Switch config if PORT PORT no security anti broadcast threshold Set the anti broadcast threshold value back to the factory default Switch config show security Show Port Isolation IPv6 filter and UPnP filter setting Switch config show security anti broadcast Show or verify anti broadcast polling interval setting Switch config show security anti broadcast interface Show each interface s anti broadcast settings including port state and threshold value Switch config show security anti broadcast interface port_list Show the selected ports anti broadcast settings 70 2 6 19 Spanning Tree Command The Spanning Tree Protocol STP defined in the IEEE Standard 802 1D creates a spanning tree within a mesh network of connected layer 2 bridges typically Ethernet switches and disables the links which are not part of that tree leaving a single active path between any two network nodes Multiple active paths between network nodes cause a bridge loop Bridge loops create several problems First the MAC address table used by the switch or bridge can fail since the same MAC addresses and hence the same network hosts are seen on multiple ports Second a broadcast storm occurs This is caused by broadcast packets being forwarded in an endle
118. configure a command that is only applied to interfaces specified For example you can set up each interface s VLAN assignment speeds or duplex modes To configure you must first enter the interface number There are four ways to enter your interface numbers to signify the combination of different interfaces that apply a command or commands Commands Description Switch config interface 1 Enter a single interface Only interface 1 will Switch config if 1 apply commands entered Switch config interface 1 3 5 Enter three discontinuous interfaces Switch config if 1 3 5 separated by commas Interface 1 3 5 will apply commands entered 23 Switch config interface 1 3 Enter three continuous interfaces Use a Switch config if 1 3 hyphen to signify a range of interface numbers In this example interface 1 2 and 3 will apply commands entered Switch config interface 1 3 5 Enter a single interface number together with Switch config if 1 3 5 a range of interface numbers Use both commas and hypens to signify the combination of different interface numbers In this example interface 1 3 4 5 will apply commands entered 2 6 2 No Command Almost every command that you enter in Configuration Mode can be negated using no command followed by the original or similar command The purpose of no command is to disable a function remove a command or set the setting back to the default
119. d you need to indicate a specific host IP address If Network is selected you need to indicate both network address and subnet mask Sender IP Address Specify a sender IP address Sender IP Mask Specify a subnet mask Target IP Filter Select Any Host or Network for target IP filter If Host is selected you need to indicate a specific host IP address If Network is selected you need to indicate both network address and subnet mask Target IP Address Specify a target IP address Target IP Mask Specify a subnet mask ARP SMAC Match Select 0 to indicate that the SHA Sender Hardware Address field in the ARP RARP frame is not equal to source MAC address Select 1 to indicate that SHA field in the ARP RARP frame is equal to source MAC address Select Any to indicate a match and not a match RARP DMAC Match Select 0 to indicate that the THA Target Hardware Address field in the ARP RARP frame is not equal to source MAC address Select 1 to indicate that THA field in the ARP RARP frame is equal to source MAC address Select Any to indicate a match and not a match IP Ethernet Length Select 0 to indicate that HLN Hardware Address Length field in the ARP RARP frame is not equal to Ethernet 0x6 and the Protocol Address Length field is not equal to IPv4 0x4 Select 1 to indicate that HLN Hardware Address Length field in the ARP RARP frame is equal t
120. d Switch immediately when you enter the command Web Management Configuration 1 Select Configure VLAN option in IEEE 802 1Q Tag VLAN menu Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN CO Main Menu Configure IEEE 802 1q Tag VLAN L System Information D User Authentication ess wee vran name vo 2 3 4 5 6 7 elo io RG 4 15 16 OK 19 20 21 2223 24 cru L Switch Configuration ieee viMember _ not member o O Link Aggregation V Member Not Member Rapid Spanning Tree E 802 1X Configuration 4 MAC Address Managemen VLAN Configuration Port Based VLAN Click New to create a new VLAN e Management VLAN 215 2 Create anew Management VLAN 10 that includes only Port 24 as a member port Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN J Main Menu D System Information D User Authentication E Network Management Switch Management L Switch Configuration L Port Configuration S Link Aggregation s Rapid Spanning Tree 802 1X Configuration s MAC Address Managemen GC VLAN Configuration J Port Based VLAN Gy IEEE 802 1q Tag VLAN D Configure VLAN D VLAN Interface D Management VLAN QoS Configuration D DSCP Remark D Port Mirroring v ol Configure IEEE 802 1q Tag VLAN Current Total Max Members V Member Not Member ford cancer Click OK
121. d system contact information Switch config no switch info system location Delete the entered system location information Switch config no switch info system name Delete the entered system name information Switch config no switch info host name Set the hostname to the factory default Switch config show switch info Show or verify switch information including company name system contact system location system name model name firmware version and fiber type Switch info example Switch config switch info company name Set the company name to telecomxyz telecomxyz Switch config switch info system contact Set the system contact field to info company com info compnay com Switch config switch info system location Set the system location field to 13thfloor 13thfloor Switch config switch info system name Set the system name field to backbone1 backbone Switch config switch info host name Change the Managed Switch s hostname edgeswitch10 to edgeswitch10 2 6 23 User Command 1 Create a new login account User command Parameter Description Switch config user name user_name Enter the new account s username The user_name authorized user login name is up to 20 alphanumeric characters Only 3 login accounts can be registered in this device Switch config user Activate this user account NAME active Switch config u
122. ddress Managemen a VLAN Configuration Port Based VLAN 9 IEEE 802 1q Tag VLAN D V Member Not Member D VLAN Interface E O Management VLAN amp QoS Configuration Click New to create a new VLAN J Porcomguranon S Link Aggregation Configure IEEE 802 1q Tag VLAN Rapid Spanning Tree aE 802 1X Configuration G MAC Address Manageme VLAN Configuration E Port Based VLAN SEEE 802 1q Tag VLAN N Configure VLAN O VLAN Interface O Management VLAN QoS Configuration D DSCP Remark O Port Mirroring G IGMP Snooping O Static Multicast Configura MVR Configuration sE Security Configuration Access Control List Manz O LLDP Configuration D Loop Detection Configure Switch Monitor System Utility Data VLAN 11 that includes Port 1 and Port 24 as member ports V Member Not Member Click OK button to return to IEEE 802 1q Tag VLAN table 212 3 Check Data VLAN 11 settings Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN Port ro OTTO OTT sE Link Aggregation Rapid Spanning Tree Sg 802 1X Configuration MAC Address Manageme SS VLAN Configuration SS IEEE 802 1q Tag VLAN Configure VLAN O VLAN Interface D Management VLAN sE QoS Configuration D DSCP Remark 2 Port Mirroring Ze Configure IEEE 802 1q
123. e x Disable x v v Disable Disable x This allows ports to be enabled or disabled When it is On RSTP is enabled Configure Port Path Cost Select Path Cost from the pull down menu of Select Setting RSTP Physical Port Settings This sets up each port s path cost The default value is 0 116 Configure Port Priority Select Priority from the pull down menu of Select Setting RSTP Physical Port Settings You can choose Port Priority value between 0 and 240 The default value is 0 Configure Port Edge Select Edge from the pull down menu of Select Setting RSTP Physical Port Settings Da e E 8 Disabled AE D Disabled Di Disabled x Disabled x Disabled 22 Disabled x Disabled ze Disabled Set the port to enabled or disabled When it is On Port Edge is enabled 117 Configure Port Point2point Select Point2point from the pull down menu of Select Setting RSTP Physical Port Settings EEGEN Point2point v Port Point2point 1 1 16 9 20 21 7 vv vl Set up the Point to Point setting The default setting is Forced True 4 4 5 802 1X Conf
124. e Port Admin State Authorized sei Authorized y Authorized Authorized v Authorized Authorized v eS eee ES SS Lae Ce y Authorized Authorized y Authorized Authorized Authorized Authorized Authorized w Authorized y Authorized zl Authorized sell Authorzed sell Authorized sell Authorized sc 22 FE 24 Authorized This forces the Managed Switch to grant access to all clients either 802 1X aware or 802 1x unaware No authentication exchange is required By default all ports are set to Authorized Unauthorized This forces the Managed Switch to deny access to all clients either 802 1X aware or 802 1X unaware Auto This requires 802 1X aware clients to be authorized by the authentication server Accesses from clients that are not dot1x aware will be denied 4 4 5 3 Configure Port Reauthenticate Click the option Configure Port Reauthenticate from the 802 1X Configuration menu and then the following screen page appears Configure Port Reauthenticate Disabled x Disabled x Disabled x Disabled ze Disabled x Disabled Disabled x Disabled Disabled x Disabled x pesses eset This allows users to enable or disable port Reauthenticate When enabled the authentication message will be sent immediately after you click the OK button 120 4
125. ecret abcxyzabc Set up a secret for validating communications between RADIUS clients Switch config user radius server1 Set the primary RADIUS server address to 192 180 3 1 192 180 3 1 Switch config user radius server2 Set the secondary RADIUS server address 192 180 3 2 to 192 180 3 2 2 6 24 Syslog Command Syslog command Parameter Description Switch config syslog Enable system log function Switch config syslog A B C D Specify the primary system log server IP server1 A B C D address Switch config syslog A B C D Specify the secondary system log server IP server2 A B C D address Switch config syslog A B C D Specify the third system log server IP server3 A B C D address No command Switch config no syslog Disable System log function Switch config no syslog server1 Delete the primary system log server IP address Switch config no syslog server2 Delete the secondary system log server IP address Switch config no syslog server3 Delete the third system log server IP address Switch config show syslog Show current system log settings Switch config show log Show event logs currently stored in the Managed Switch These event logs will be saved to the system log server that you specify Switch config syslog Enable System log function Switch config syslog server Set the primary system log server IP address 192 180
126. ed MVR VLAN configuration Total This shows the total number of registered MVR VLAN configuration Max This shows the maximum number available for MVR VLAN configuration VLAN Specify a VLAN ID for multicast VLAN Receive port Indicate the MVR receive port Source port Indicate the MVR source port 148 4 4 13 2 MVR Group Select the option MVR Group from the MVR Configuration menu and then the following screen page appears MYR Group VLAN View only field that shows the current MVR VLAN ID Group Range View only field that shows the MVR Group Range Click New to register anew MVR Group and then the following screen page appears Click Edit to edit and view the MVR Group settings Click Delete to remove a current MVR Group MYR Group fOe 1 1 120 Group Range 224 0 1 0 239 255 255 255 Current Total Max VLAN View only field Current This shows the number of current registered MVR Group Total This shows the total number of registered MVR Groups Max This shows the maximum number available for registered MVR Group VLAN ID Specify a VLAN ID number that is registered in MVR port settings Group Range Specify the multicasting channels that would belong to MVR VLAN 149 4 4 14 Security Configuration In this section several Layer 2 security mechanisms are provided to increase the security level of your Managed Switch Layer 2 attacks are typically launched by or from a d
127. ed group the port Key must be set to the same value The range of key value is between 0 and 255 When key value is set to 0 the port Key is automatically set by the Managed Switch Configure Port Role Select Role from the pull down menu of Select Setting LACP Port Configuration 3 E Sep 11 assive EN Passive x Passive EN Passive Passive m Passive Passive Passive sell Passive Active Port Role Active LACP ports are capable of processing and sending LACP control frames This allows LACP compliant devices to negotiate the aggregated link so that 112 the group may be changed dynamically as required In order to utilize the ability to change an aggregated port group that is to add or remove ports from the group at least one of the participating devices must designate LACP ports as active Both devices must support LACP Passive Port Role LACP ports that are designated as passive cannot initially send LACP control frames In order to allow the linked port group to negotiate adjustments and make changes dynamically one end of the connection must have active LACP ports 4 4 4 Rapid Spanning Tree The Spanning Tree Protocol STP defined in the IEEE Standard 802 1D creates a spanning tree within a mesh network of connected layer 2 bridges typically Ethernet switches and disables the links which are not part of that tree leaving a si
128. efault DHCP Initiated Time Specify the time value 0 9999 Seconds that packets might be received Default DHCP Leased Time Specify packets expired time 180 259200 Seconds Port Isolation Enable or disable port isolation function If port isolation is set to enable the customer port port 1 24 can t communicate to each other IPv6 auto discovery DHCPv6 Enable or disable IPv6 filter When enabled IPv6 packets will be dropped UPnP Enable or disable UPnP filter When enabled UPnP packets will be dropped DHCP Server Trust Port Select one or several ports to be DHCP Server Trust Port s 154 4 4 14 4 Static IP Table Configuration Select the option Static IP Table Configuration from the Security Configuration menu and then the following screen page appears Static IP Table Configuration This static IP address and Port mapping table shows the following information IP Address View only field that shows the current static IP address Mask Address View only field that shows the current Mask address VLAN ID View only field that shows the VLAN ID Port View only field that shows the connection port number Click New to register a new Static IP address and then the following screen page appears Click Edit to edit and view Static IP Table settings Use Delete to remove a current Static IP address Static IP Table Configuration OEA EGEES 17 1 40 Groups IP Address 0 0 0 0 Mask Address 0 0 0 0
129. eferred QCE Type you can further specify VLAND ID value from 1 to 4094 TCP UDP Port When you choose UDP TCP Port as your preferred QCE Type you can further specify TCP UDP Port by selecting Specific or Range from the pull down menu Specific allows you to assign TCP UDP Port No On the other hand Range allows you to assign TCP UDP port range in TCP UDP Port Range field DSCP When you choose DSCP as your preferred QCE Type you can further specify DSCP value Traffic Class When you choose Ethernet Type VLAN ID UDP TCP Port or DSCP as your preferred QCE Type you can further specify traffic class queues Four types of Traffic Class you can choose from are Low Normal Medium and High Priority Class When you choose ToS or Tag Priority as your preferred QCE Type you can assign a priority level Low Normal Medium or High to the specific priority class 4 4 8 3 QoS Rate Limiter Select the option QoS Rate Limiter from the QoS Priority Configuration menu and then the following screen page appears Configure Policer Rate QoS Rate Limiters Policer Rate 500 1000000 KBits Sec 0 Disable 135 This allows users to specify each porte inbound bandwidth The excess traffic will be dropped Specifying 0 is to disable this function Configure Shaper Rate Shaper Rate 500 1000000 KBits Sec 0 Disable This allows users to specif
130. eged Mode Configuration Mode Gate Logout from the CLI or terminate User Mode g Console or Telnet session Privileged Mode 2 3 2 Quick Keys In CLI there are several quick keys that you can use to perform several functions The following table summarizes the most frequently used quick keys in CLI Keys Purpose iab Enter an unfinished command and press Tab key to complete the command Press key in each mode to get available commands Enter an unfinished command or keyword and press key to complete the command and get command syntax help Unfinished Example List all available commands starting with the characters that command you enter followed by Switch h help Show available commands history Show history commands Enter a command and then press Spacebar followed by a key to view A space the next parameter followed by Up arrow Use Up arrow key to scroll through the previous entered commands beginning with the most recent key in commands Use Down arrow key to scroll through the previous entered commands Down arrow beginning with the commands that are entered first 2 3 3 Command Format While in CLI you will see several symbols very often As mentioned above you might already know what gt and config represent However to perform what you intend the device to do you have to enter a string of complete command correctly For
131. eighted Round Robin shares bandwidth at the egress ports by using scheduling weights 1 2 4 8 for queues 1 through 4 respectively strict This indicates that services to the egress queues are offered in the sequential order and all traffic with higher priority queues is transmitted first before lower priority queues are serviced Switch config if PORT PORT 1 24 qos qcl 1 24 Apply the selected ports to the specified QCL rule Switch config if PORT PORT 0 500 Specify ingress rate limit value qos rate limit ingress 0 500 1000000 1000000 kbps kbps Switch config if PORT PORT 0 500 qos rate limit egress 0 500 1000000 1000000 kbps kbps Specify egress rate limit value Switch config if PORT PORT qos remarking dscp Enable DSCP bit remarking on the selected interfaces Switch config if PORT PORT qos remarking 802 1p Enable 802 1p remarking on the selected interfaces Switch config if PORT PORT 0 7 qos remarking user priority 0 7 Specify the default priority bit to the selected interfaces Switch config if PORT PORT 1 2 4 8 qos queue weighted 1 2 4 8 No command Switch config if PORT PORT no qos default class Specify the queue weight of the selected interfaces Set QoS default class setting back to default Switch config if PORT PORT no qos queuing mode Set queuing mode setting back to the factory defaul
132. elay LLDP Initialization Secs 0 300 Selection of LLDP TLVs to send Port Description Enabled v oe Port Tick the checkbox to enable LLDP Receiver Hold Time TTL Enter the amount of time for receiver hold time in seconds The Managed Switch will keep the information sent by the remote device for a period of time you specify here before discarding it Sending LLDP Packet Interval Enter the time interval for updated LLDP packets to be sent Sending Packets Per Discovery Enter the amount of packets sent in each discovery Delay LLDP Initialization A period of time the Managed Switch will wait before the initial LLDP packet is sent Selection of LLDP TLVs to send LLDP uses a set of attributes to discover neighbor devices These attributes contains type length and value descriptions and are referred to TLVs Details such as port description system name system description system capabilities management address can be sent from this Managed Switch 169 4 4 17 Loop Detection Configuration To set up Loop Detection function select the option Loop Detection Configuration from the Switch Management menu and then the following screen page appears Loop Detection Configuration Loop detection Disable el Detection Interval Looped eerie 1440 Minutes Loop Detection Enable or disable Loop Detection function Detection Interval Specify the time interval
133. em will not have to receive and filter all the multicast traffic generated in the network Command Example Parameter Description Switch config ip igmp Enable IGMP Snooping function snooping Switch config ip igmp Set forwarding mode for unregistered not snooping flooding joined IP multicast traffic The traffic will be flooded when enabled However the traffic will be forwarded to router ports only when disabled Switch config ip igmp Enable IGMP immediate leave function snooping immediate leave 52 Switch config ip igmp 1 6000 Specify the maximum response time This snooping max response time 1 1 10secs determines the maximum amount of time 6000 1 10secs allowed before sending an IGMP response report Switch config ip igmp port_list Specify multicast router ports snooping mcast router port_list Switch config ip igmp 1 6000 Specify Query time interval This is used to snooping query interval 1 6000 set the time interval between transmitting secs IGMP queries Switch config ip igmp 1 4094 Specify a VLAN ID This enables IGMP snooping vlan 1 4094 Snooping on a specified VLAN Switch config ip igmp 1 4094 Enable a querier on the specified VLAN snooping vlan 1 4094 query No command Switch config no ip igmp Disable IGMP Snooping function snooping Switch config no ip igmp Disable flooding function Traffic will be
134. ent VLAN Dale le 3 12 13 14 3 Main Menu D System Information O User Authentication Network Management 3 Switch Management Configure IEEE 802 1q Tag VLAN Current Total Max D Switch Configuration D Port Configuration Link Aggregation Rapid Spanning Tree S 802 1X Configuration 2 MAC Address Managemen VLAN Configuration Port Based VLAN ener IEEE 802 1q Tag VLAN D Configure VLAN D VLAN Interface L Management VLAN CH QoS Configuration O DSCP Remark D Port Mirroring K m gt Click OK button to return to IEEE 802 1q Tag VLAN table 220 Create S VLAN 15 that includes Port 1 and Port 24 as member ports 3 Check S VLAN 15 settings Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN amp Main Menu Configure IEEE 802 1q Tag VLAN D System Information D User Authentication Network Management Switch Management D Switch Configuration Defauit_vLAN 1 O Port Configuration z Link Aggregation Eai N EN il lfc Pl acl la cM Ll aA G ce G i ad VR file ce ae A KS GS CO Rapid Spanning Tree 802 1X Configuration S MAC Address Managemen VLAN Configuration Port Based VLAN SG IEEE 802 1q Tag VLAN D Configure VLAN D VLAN Interface D Management VLAN NOTE By default all ports are member ports of the Default_VLAN Before
135. ent module resides in the managed device that responds to the SNMP Manager request SNMP Manager NMS executes applications that monitor and control managed devices NMS provide the bulk of the processing and memory resources required for the complete network management SNMP Manager is often composed by desktop computer work station and software program such like HP OpenView Totally 4 types of operations are used between SNMP Agent amp Manager to change the MIB information These 4 operations all use the UDP IP protocol to exchange packets GET This command is used by an SNMP Manager to monitor managed devices The SNMP Manager examines different variables that are maintained by managed devices GET Next This command provides traversal operation and is used by the SNMP Manager to sequentially gather information in variable tables such as a routing table SET This command is used by an SNMP Manager to control managed devices The NMS changes the values of variables stored within managed devices Trap Trap is used by the managed device to report asynchronously a specified event to the SNMP Manager When certain types of events occur a managed device will send a trap to alert the SNMP Manager The system built in management module also supports SNMP management Users must install the MIB file before using the SNMP based network management system The MIB file is on a disc or diskette that accompanies the system The file name extension is
136. ept Network Configuration 5 0 day 00 00 28 Local port 2 fiber link down inkdown Backup Configuration fei O E Save Configuration 6 D day 00 00 28 Local port 3 fiber link down ink down 7 8 9 D day 00 00 28 Local port 5 fi own ink down D day 00 00 28 Local port 6 fi i own ink down 10 D day 00 00 28 Local port 7 fi own ink down 11 D day 00 00 28 Local port 8 fiber li own ink down 12 LCE D day 00 00 28 Local port 9 fiber link down n n n 13 D day 00 00 28 Local port 10 fiber link down ink down 14 BE Local port 11 fiber link down n n n 15 D day 00 00 28 Local port 12 fiber link down ink down 16 D day 00 00 28 Local port 13 fiber link down ink down 17 i D day 00 00 28 Local port 14 fiber link down 1 Event Log Event log can keep a record of system s log events such as system warm start cold start link up down user login logout etc They will be kept only when your CPU version is A06 with Boot ROM version A08 or later version If your CPU or Boot ROM version is older than the one mentioned above all events will lose when the system is shut down or rebooted 2 Upgrade This allows users to upgrade the latest firmware save current configuration or restore previous configuration to the Managed Switch 3 Load Factory Setting Load Factory Setting will set the configuration of the Managed Switch back to the factory default
137. er If Range is selected you need to further specify a source port range Source Port NO Specify a source port number 0 65535 Source Port Range Specify a source port range The source port number is from 0 to 65535 Destination Port Filter Select Any to filter frames to any destination port If Specific is selected you need to further specify a destination port number If Range is selected you need to further specify a destination port range Destination Port NO Specify a destination port number 0 65535 Destination Port Range Specify a destination port range The source port number is from 0 to 65535 TCP FIN Select 0 to indicate that the FIN value in TCP header is zero 1 to indicate the FIN value in TCP header is one Select any to indicate either 1 or 0 TCP SYN Select 0 to indicate that the SYN value in TCP header is zero 1 to indicate the SYN value in TCP header is one Select any to indicate either 1 or 0 TCP RST Select 0 to indicate that the RST value in TCP header is zero 1 to indicate the RST value in TCP header is one Select any to indicate either 1 or 0 TCP PSH Select 0 to indicate that the PSH value in TCP header is zero 1 to indicate the PSH value in TCP header is one Select any to indicate either 1 or 0 TCP ACK Select 0 to indicate that the ACK value in TCP header is zero 1 to indicate
138. er Select an option from the pull down menu for destination MAC filtering Select Any to filter any kind of traffic Select UC to filter unicast traffic Select MC to filter multicast traffic Select BC to filter broadcast traffic VLAN Parameters VLAN ID Filter Select Any or Specific for VLAN ID Filter If Specific is selected you need to further specify a VLAN ID VLAN ID Specify a VLAN ID Tag Priority Select a tag priority from the pull down menu 162 Ethernet Frame Type SE SCH Geen Geet ee VLAN Parameters VLAN ID Filter Ethernet Type Parameters EtherType Filter fetherType Fiter mel JUL px Cancel MAC Parameters SMAC Filter Select Any or Specific for source MAC filtering If Specific is selected you need to further specify a source MAC address SMAC Value Specify a source MAC address DMAC Filter Select Any UC MC BC or Specific for destination MAC filtering If Specific is selected you need to further specify a destination MAC address Select Any to filter any kind of traffic Select UC to filter unicast traffic Select MC to filter multicast traffic Select BC to filter broadcast traffic DMAC Value Specify a destination MAC address VLAN Parameters VLAN ID Filter Select Any or Specific for VLAN ID Filter If Specific is selected
139. er or straight through CAT 5 UTP or STP cables may be used RJ 45 DB 9 Port The RJ 45 DB 9 port is located on the front panel of the Managed Switch This RJ 45 DB 9 port is used for local out of band management This DB 9 port is DTE therefore a null modem is required to connect the Managed Switch and the PC With a connection through RJ 45 DB 9 port users can configure and check the Managed Switch even when the network is down IP Addresses IP addresses have the format n n n n The default factory setting is 192 168 0 1 IP addresses are made up of two parts The first part for example 192 168 n n refers to the network address that identifies the network where the device resides Network addresses are assigned by three allocation organizations Depending on your location each allocation organization assigns a globally unique network number to each network which is intended to connect to the Internet The second part for example n n 0 1 identifies the device within the network Assigning unique device numbers is your responsibility If you are unsure of the IP addresses allocated to you consult with the allocation organization where your IP addresses were obtained Remember that an address can be assigned to only one device on a network If you connect to the outside network you must change all the arbitrary IP addresses to comply with those you have been allocated by the allocation organization If you do not do this your
140. ermit packets from the address permit 018002000010 Switch config switch mtu 1518 9600 No command 1518 9600 bytes Switch config no switch sfp temperature Specify the maximum transmission unit in bytes The allowable MTU value is between 1518 and 9600 bytes Set the SFP temperature back to the default setting Switch config no switch sfp tx bias Set the SFP TX bias power back to the default setting Switch config no switch sfp tx power Set the SFP TX power value back to the default setting Switch config no switch sfp rx power Set the SFP RX power value back to the default setting Switch config no switch sfp voltage Show command Switch config show switch sfp Set the SFP voltage value back to the default setting Show the slide in SFP module s current temperature voltage and TX Bias power Switch config show switch bpdu Show current BPDU information Switch config show switch mtu Switch command example Switch config switch sfp temperature 0 70 Show current maximum transmission unit setting Set the slide in SFP safety temperature rang to 0 70 degrees Celsius Switch config switch sfp tx bias 400 Set the slide in SFP safety TX Bias to 400 Switch config switch sfp voltage 3 3 6 Set the slide in SFP safety voltage in a range of 3 and 3 6 Switch config switch bpdu 00 0F permit
141. erver 2nd RADIUS Server Address IP address of the second RADIUS server 96 4 3 Network Management In order to enable network management of the Managed Switch proper network configuration is required To do this click the folder Network Management from the Main Menu and then the following screen page appears SJ Main Menu Network Configuration System Information D User Authentication Sa Network Management MAC Address 00 06 19 06 EA C amp Network Configuration d System Service Configuration E EGE Manual v Current State RS232 Telnet Console Configuration 192 168 01 192 168 0 1 Time Server Configuration D Device Community Subnet Mask 255 255 255 0 D Trap Destination Trap Configuration Gateway 0 0 0 0 Mal attempt Log Configuration Switch Management OK Cancel a Switch Monitor ma cansat a System Utility D Save Configuration Reset System 1 Network Configuration Set up the required IP configuration of the Managed Switch 2 System Service Management Enable or disable the specified network services 3 RS232 Telnet Console Configuration View the RS 232 serial port setting specific Telnet and Console services 4 Time Server Configuration Set up the time server s configuration 5 Device Community View the registered SNMP community name list Add a new community name or remove an existing community name 6 Trap Destination View the registered SNMP trap d
142. es reply to denote reply frames request to denote request frames source_ip This is sender IP filtering function Specify any to filter frames from any sender IP addresses Or specify either a host IP address x x x X Ip maekl Define source IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask dest_ip This is destination IP filtering function any Specify any to filter frames to any destination IP addresses X X X X Specify either a host IP address or a network address ip_mask Define destination IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask arp_smac_match This is to configure whether ARP source MAC sent and received are matched or not any Specify any to denote both a match and not a match 0 Denote not a match 4 Denote a match 29 rarp_dmac_match This is to configure whether RARP destination MAC sent and received are matched or not any Specify any to denote both a match and not a match 0 Denote not a match 4 Denote a match length_check any Specify Any to indicate a match and not a match 0 Specify 0 to indicate that HLN Hardware Address Length field in the ARP RARP frame is not equal to
143. es the device to reboot endlessly In order to have your Managed Switch retrieve the correct configuration image in TFTP FTP Server please make sure the filename of your configuration file is defined exactly the same as the one specified in in dhcpd conf For example if the configuration image s filename specified in dhcpd conf is metafile the configuration image filename should be named metafile as well Step 5 Place a Copy of Firmware and Configuration File in TFTP FTP The TFTP FTP File server should include the following items 1 Firmware image This file is provided by the vendor 2 Configuration file This file is generally created by users 3 User account for your device For FTP server only 203 B Auto Provisioning Process This switching device is setting free through auto upgrade and configuration and its upgrade procedures are as follows 1 The device will recognized by the ISC DHCP server whenever it sends an IP address request and the ISC DHCP server will tell the device how to get a new firmware or configuration 2 The device will compare the firmware and configuration MD5 code form of DHCP option whenever it communicates with DHCP server 3 If MD5 code is different and the device will then upgrade the firmware or configuration However it will not be activated immediately 4 If the Urgency Bit is set the device will be reset to activate the new firmware or configuration immediately 5
144. es grouped by logics instead of physical locations End nodes that frequently communicate with each other are assigned to the same VLAN no matter where they are physically located on the network Another benefit of VLAN is that you can change the network topology without physically moving stations or changing cable connections Stations can be moved to another VLAN and thus communicate with its members and share its resources simply by changing the port VLAN settings from one VLAN to another This allows VLAN to accommodate network moves changes and additions with the greatest flexibility Main Menu Configure Port Based VLAN D System Information Pe de ee ee a MM D User Authentication E Network Management vuan nare J1 BEID BER BEIS 12 13 14 15 ODER EIER a Switch Management Switch Configuration Port Configuration aE Link Aggregation S Rapid Spanning Tree New Edit Delete 802 1 Configuration a MAC Address Management VLAN Configuration a Port Based VLAN D Configure VLAN IEEE 802 1q Tag VLAN 4 4 7 1 Port Based VLAN Port based VLAN can effectively segment one network into several broadcast domains Broadcast multicast and unknown packets will be limited to within the VLAN Port Based VLAN is uncomplicated and fairly rigid in implementation and is useful for network administrators who wish to quickly and easily set up VLAN so as to isolate the effect of broadcast packets on their network The follow
145. esired settings to enable Telnet or SNMP services Follow these steps to begin a management session using Local Console Management Step 1 Attach the serial cable to the RJ 45 DB 9 port Step 2 Attach the other end to the serial port of a PC or workstation Step 3 Run a terminal emulation program using the following settings e Emulation VT 100 ANSI compatible e BPS 9600 e Data bits 8 e Parity None e Stop bits 1 e Flow Control None e Enable Terminal keys Step 4 Press Enter to access the CLI Command Line Interface mode 2 2 Remote Console Management Telnet You can manage the Managed Switch via Telnet session However you must first assign a unique IP address to the Switch before doing so Use the Local Console to login the Managed Switch and assign the IP address for the first time Follow these steps to manage the Managed Switch through Telnet session Step 1 Use Local Console to assign an IP address to the Managed Switch e P address e Subnet Mask e Default gateway IP address if required Step 2 Run Telnet Step 3 Log into the Switch CLI Limitations When using Telnet keep the following in mind Only two active Telnet sessions can access the Managed Switch at the same time 2 3 Navigating CLI When you successfully access the Managed Switch you will be asked for a login username Enter your authorized username and password and then you will be directed to User mode In CLI management the User mode o
146. estination list Add a new trap destination or remove an existing trap destination 7 Trap Configuration View the Managed Switch trap configuration Enable or disable a specific trap 8 Mal attempt Log Configuration Set up the Mal attempt Log server s configuration 97 4 3 1 Network Configuration Click the option Network Configuration from the Network Management menu and then the following screen page appears Network Configuration MAC Address 00 06 19 06 EA C8 Or EE EA Manual ae Current State IP Address 192 168 0 1 192 168 0 1 Subnet Mask 255 255 255 0 255 255 255 0 0 0 0 0 0 0 0 0 MAC Address This view only field shows the unique and permanent MAC address assigned to the Managed switch You cannot change the Managed Switch s MAC address Configuration Type There are two configuration types that users can select from the pull down menu DHCP and Manual When DHCP is selected and a DHCP server is also available on the network the Managed Switch will automatically get the IP address from the DHCP server If Manual is selected users need to specify the IP address Subnet Mask and Gateway NOTE This Managed Switch also supports auto provisioning function that enables DHCP clients to automatically download the latest Firmware and configuration image from the server For information about how to set up a DHCP server please refer to APPENDIX B IP Address Enter the unique I
147. et d Managed Switch I I PC1 I we I Scat I I Un tag Data VLAN Tag 11 Un tag i l I I I I I I I I Managed _ P Switch sd Port Port 24 i I Data VLAN Network Diagram 210 CLI Configuration Steps 1 Enter Global Configuration mode Commands SWH gt enable Password SWH SWH config config Create VLAN 11 SWH OK config vlan dotlq vlan 11 Name VLAN 11 to Data_VLAN SWH OK SW config vlan 11 name Data VLAN Assign Port 1 and Port 24 to VLAN 11 SW SW 11 OK SW config vlan 11 exit config interface 1 24 config if 1 24 vlan dotlg vlan trunk vlan config if 1 24 exit Show currently configured dotiq VLAN membership SW config show vlan dotlq vlan 802 1q Tag VLAN CP U VLAN ID 1 VLAN Name VLAN 1 8 9 16 L7 24 CPU Default VLAN 1 VVVVVVVV VVVVVVVV VVVVVVVV V Data_VLAN 11 V v NOTE By default all ports are member ports of the Default_VLAN Before removing the Default VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command Set Port 24 to trunk mode SW SW OK SW config interface 24 config if 24 vlan dot
148. ettings Switch config show security storm protection interface port_list port_list Show the selected interfaces storm protection settings Security command example Switch config security storm protection broadcast 1024k Set the maximum broadcast packets per second pps to 1024k Any broadcast packets exceeding this specified threshold will then be dropped Switch config security storm protection multicast 1024k Set the maximum unknown multicast packets per second pps to 1024k Any unknown multicast packets exceeding this specified threshold will then be dropped Switch config security storm protection unicast 1024k Set the maximum unicast packets per second pps to 1024k Any unicast packets exceeding the specified threshold will then be dropped 3 Use Interface command to configure a group of ports security settings Security amp Interface command Switch config interface port_list Parameter port_list Description Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT security anti broadcast Enable anti broadcast function on the selected interfaces Switch config if PORT PORT security anti broadcast threshold 20 1488000 No command Switch config if PORT PORT no security anti broadcast 20 1488000 Spe
149. ettings ro Read Only access privilege Disable SNMP function Switch config no snmp server community community community Delete the specified community Switch config community NAME no active Disable this SNMP community account In this example mycomm community is disabled Switch config community Remove the SNMP community descriptions for mycomm Switch config community NAME no description NAME no level Show command Switch config show snmp server Remove the configured access privilege This will set this community s level to access denied Show or verify whether SNMP is enabled or disabled Switch config show snmp server community Show or verify each SNMP server account s information Switch config show snmp server community community Show the specified SNMP server account s settings Switch config community NAME show Exit command Switch config community NAME exit Show the selected community s settings Return to Global Configuration Mode Switch config snmp server community mycomm Create a new community mycomm and edit the details of this community account Switch config community mycomm active Activate the SNMP community mycomm Switch config community mycomm description rddeptcomm Add a description for mycomm community Switch config commun
150. etween 0 and 3600 seconds Switch config dot1x reauthentication Enable re authentication function Switch config dot1x secret shared_secret shared_secret Specify a shared secret of up to 30 characters This is the identification word or number assigned to each RADIUS authentication server with which the client shares a secret Switch config dot1x server A B C D Specify the RADIUS Authentication A B C D server IP address Switch config dot1x timeout 1 1 255 Specify the time value in seconds 255 No command Switch config no dot1x The Managed Switch will wait for a period of time for the response from the authentication server to an authentication request before it times out The allowable value is between 1 and 255 seconds Disable IEEE 802 1 x function Switch config no dot1x reauth period Reset the re authentication period value back to the default setting 60 seconds Switch config no dot1x reauthentication Disable re authentication function Switch config no dot1x secret Remove the original shared secret Switch config no dot1x server Remove the specified server IP address Switch config no dot1x timeout Reset the timeout value back to the default setting 10 seconds 47 Show command Switch config show dot1x Show or verify 802 1x settings Switch config show dot1x
151. evice that doesn t support RSTP then set it as an edge port to ensure maximum performance This will tell the switch to immediately start forwarding traffic on the port and not bother trying to establish a RSTP connection Otherwise turn it off 71 Switch config spanning tree aggregated port p2p forced_false auto forced_false auto Set the aggregated ports to non point to point ports forced_false or allow the Managed Switch to detect point to point status automatically auto By default aggregated ports are set to point to point ports forced_true Switch config spanning 4 30 Specify the Forward Delay value in tree delay time 4 30 seconds The allowable value is between 4 and 30 seconds Switch config spanning 1 10 Specify the Hello Time value in seconds tree hello time 1 10 The allowable value is between 4 and 30 seconds Switch config spanning 6 200 Specify the Maximum Age value in tree max age 6 200 seconds The allowable value is between 6 and 200 Switch config spanning 0 61440 Specify a priority value on a per switch tree priority 0 61440 basis The allowable value is between 0 and 61440 Switch config spanning compatible Set up RSTP version tree version compatible normal normal No command Switch config no spanning tree aggregated port compatible means that the Managed Switch is compatible with STP norm
152. evice that is physically connected to the network For example it could be a device that you trust but has been taken over by an attacker By default most security functions available in this Managed Switch are turned off to prevent your network from malicious attacks it is extremely important for you to set up appropriate security configurations This section provides several security mechanisms to protect your network from unauthorized access to a network or redirect traffic for malicious purposes such as Source IP Spoofing and ARP Spoofing Select the folder Security Configuration from the Switch Management menu and then the following screen page appears SJ Main Menu DHCP Opt82 Settings j System Information D User Authentication SE Network Management Disable x 59 Switch Management Switch Configuration Opt62 Port SC ee e e fe e p fe Link Aggregation a Rapid Spanning Tree ae a a us us vs vs sl sl sl sl ize ize aE 802 1 Configuration Ga MAC Address Management b mn DER aa fu Vise VLAN Configuration vil Mare eae nares arc Iara nares DSCP Remark QoS Configuration 3 17 o a EE e jz Te je a 7 IGMP Snooping Viel Vivid vivid viv D Static Multicast Configuration a MYR Configuration Opt82 Trust Port Q DHCP Port Settings il ie ail ied ie die lee ee eil el e fio fn fie fis Ju fis fie Filter Configuration Static IP Table Configuration Storm Control D Anti beas
153. g Switch config no Ildp tlv select capability Disable Capability attribute to be sent Switch config no Ildp tlv select management address Disable Management Address attribute to be sent Switch config no Ildp tlv select port description Disable Port Description attribute to be sent Switch config no Ildp tlv select system description Disable System Description attribute to be sent Switch config no Ildp tlv select system name Show command Switch config show Ildp Disable System Name attribute to be sent Show or verify LLDP settings Switch config show lldp interface Show or verify each interface s LLDP port state Switch config show lldp interface port_list Show or verify the selected interfaces LLDP port state Switch config show Ildp status LLDP command example Switch config Ildp hold time 60 Show current LLDP status Description Set the hold time value to 60 seconds Switch config Ildp initiated delay 60 Set the initiated delay value to 60 seconds Switch config Ildp interval 10 Set the updated LLDP packets to be sent in very 10 seconds Switch config lldp packets 2 Set the number of packets to be sent in each discovery to 2 Switch config Ildp tlv select capability Enable Capability attribute to be sent Switch config Ildp tlv select management address Enable Management Address attribute to be se
154. gs System Information User Authentication SE Network Management EG ofsdlta 32760 v a Switch Management Switch Configuration 20 Secs 6 200 POF or Pontiguistion Hella Time i Secs 1 10 Link Aggregation SI Rapid Spanning Tree Forward Delay 15 Secs 4 30 D RSTP Switch Settings RSTP Aggregated Port Settings Normal v RSTP Physical Port Settings a 802 1 Configuration OKs lucancel a0 MAC Address Management cancel 1 RSTP Switch Settings Set up system priority max Age hello time etc 113 2 RSTP Aggregated Port Settings Set up aggregation path cost priority edge etc 3 RSTP Physical Port Settings Set up physical ability and edge status of port 4 4 4 1 RSTP Switch Settings Click the option RSTP Switch Settings from the Rapid Spanning Tree menu and then the following screen page appears RSTP Switch Settings Gustem Drot 32 60 v Max Age 20 Secs 6 200 Hello Time 2 Secs 1 10 Forward Delay 15 Secs 4 30 Force Version Normal v System Priority Each interface is associated with a port number in the STP code And each switch has a relative priority and cost that is used to decide what the shortest path is to forward a packet The lowest cost path is always used unless the other path is down If you have multiple bridges and interfaces then you may need to adjust the priority to achieve optimized performance The Managed Switch with the lo
155. h config if PORT PORT Enable Q in Q function in the selected vlan dot1q vlan mode dot1q tunnel interfaces Switch config if PORT PORT Set the selected ports to trunk mode vlan dotiq vlan mode trunk tagged Switch config if PORT PORT Enable native VLAN for untagged vlan dot1q vlan mode trunk native traffic Switch config if PORT PORT 1 4094 Specify a VID to trunk VLAN vlan dotiq vlan trunk vlan 1 4094 Switch config if PORT PORT name Set the selected ports to a specified vlan port based name port based VLAN No command Switch config if PORT PORT no Set the selected ports PVID to the vlan dot1q vlan access vlan default setting Switch config if PORT PORT no Remove VLAN dot1q mode vlan dotigq vlan mode Switch config if PORT PORT no Disable native VLAN for untagged vlan dotiq vlan mode trunk native traffic Switch config if PORT PORT no 1 4094 Remove the selected ports from the vlan dotiq vlan trunk vlan 1 4094 specified trunk VLAN Switch config if PORT PORT no name Delete the selected ports from the vlan port based name VLAN amp interface command example Switch config interface 1 3 specified port based VLAN Enter port 1 to port 3 s interface mode Switch config if 1 3 vlan dotiq vlan access vlan 10 Set port 1 to port 3 s VLAN ID PVID to 10 Switch config if 1 3 vlan dot1q vlan mode access Set the selected ports to access mode u
156. heck Port Based VLAN settings Switch Management gt VLAN Configuration gt Port Based VLAN gt Configure VLAN Main Menu Configure Port Based VLAN O System Information O User Authentication Network Management 2 vane 112 3 5 6 7 0 9 10 10 2 3 4 15 1 7 10 SEIN Swit comgzaion ota wan v vfvlylvivivvyyly Jv Jv Jv Jv Iv Iv I I Iy Iy Iy Iy Iy v Lee ean ee a a a OC PN SO PF TO SCH Link Aggregation as es ee es ee 4 Rapid Spanning Tree 802 1X Configuration H MAC Address Managemen a VLAN Configuration a8 Port Based VLAN V Member Not Member NOTE By default all ports are member ports of the Default_VLAN Before removing the Deafult_VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command Treatments of packets 1 An untagged packet arrives at Port 1 Untagged packets received on the Managed Switch will be forwarded out untagged Therefore in this example the Managed Switch will look at the Port Based forwarding table for Port 1 and forward untagged packets to member port 20 22 and 24 2 An untagged packet arrives at Port 2 Untagged packets received on the Managed Switch will be forwarded out untagged Therefore in this example the Managed Switch will look at the Port Based forwarding table for Port 2 and forwa
157. his state prepares to participate in frame relay Frame relay is temporarily disabled in order to prevent temporary loops which may occur in a Bridged LAN during the lifetime of this state as the active topology of the Bridged LAN changes Learning is enabled to allow information to be acquired prior to frame 172 relay in order to reduce the number of frames that are unnecessarily relayed Forwarding A port in this state participates in frame relay Packets can be forwarded only when port state is forwarding Anti Bcast State This shows whether the port is locked or unlocked due to broadcast traffic specified Link State The current link status of the port either up or down Speed Mbps The current operation speed of ports which can be 10M 100M or 1000M Duplex The current operation Duplex mode of the port either Full or Half Flow Control The current state of Flow Control either on or off 4 5 2 Port Traffic Statistics In order to view the real time port traffic statistics of the Managed Switch select Port Traffic Statistics from the Switch Monitor menu and then the following screen page appears Port Traffic Statistics Bytes Received Frames Received Received Utilization Sent Utilization Total Utilization 1 0 0 3 599 5 0 00 SS 0 01 Li 0 00 4 0 0 0 00 0 00 0 00 fe Jo Jo Jos JoJo ono Jo oro 0 00 0 00 0 00 oe oe oe epo b Jou JoJo pow p po epo p bo p p pow p po 10 0 00 0 00 0 0
158. ics aggregation group s statistics information including the total RSTP packets received RSTP packets transmitted STP packets received STP packets transmitted TCN Topology Change Notification packets received TCN packets transmited illegal packets received and unknown packets received Switch config show spanning port_list Show the selected interfaces or link tree statistics port_list llag llag aggregation groups statistics information including the total RSTP packets received RSTP packets transmitted STP packets received STP packets transmitted TCN Topology Change Notification packets received TCN packets transmited illegal packets received and unknown packets received Switch config show spanning Show current RSTP port status tree status Switch config show spanning port_list Show the selected interfaces or link tree status port_list llag llag aggregation groups statistics information Switch config show spanning Show the current STP state tree overview Spanning tree amp interface command example Description Switch config interface 1 3 Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if 1 3 spanning tree cost 100 Set the selected interfaces cost to 100 Switch config if 1 3 spanning tree priority 0 Set the selected interfaces priority t
159. icy Switch config if PORT PORT no acl action Permit the action on the specified interfaces Switch config if PORT PORT no acl action port copy Disable the Managed Switch to send a copy of traffic from the specified interfaces to the defined port Switch config if PORT PORT no acl action rate limiter id Remove rate limiter rule from the specified interfaces Switch config if PORT PORT no acl action shutdown Activate the specified interfaces Switch config if PORT PORT no acl policy id Remove the specified interfaces from the policy ID Show command Description Switch config show acl Show ACL information Switch config show acl 1 110 1 110 Show ACL information for the specified rule Switch config show acl rate limiter Show each rate limiter ID s setting Switch config show acl rate limiter 1 14 1 14 Show the specified rate limiter s setting Switch config show acl interface port_list Show the specified interfaces access control list rule 42 2 6 6 Archive Command Backup a copy of configuration file to FTP or TFTP server automatically Archive command Parameter Description Switch config archive auto To enable auto backup function backup Switch config archive auto A B C D Specify the IP address of the FTP server backup path ftp A B C D to which a copy of configuration fi
160. iece She ee 114 4 4 4 2 RSTP Aggregated Port Gettngs AAA 115 4 4 4 3 RSTP Physical Port Geng 116 445802 1X Tue ele EE 118 4 4 5 1 Configure SY SUC EEN 119 4 4 5 2 Configure Port AGmMiIn E 120 4 4 5 3 Configure Port Reauthenticate ccccccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeneee 120 4 4 6 MAC Address Management 121 4 4 6 1 MAC Table Learning ccccccccceeeeeeenneeeeeeeeeeeeeeceaeeeeeeeeeeeteeeceneeeeeeeeeeeteee 121 4 4 6 2 Static MAC Table Configuration cccccccceeeceeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeteee 122 4 4 7 ECK TI e EE 123 4 4 7 1 Port Based VLAN EE 123 447 2 802 10 EK 124 AA eo MNtrod ction ee ln E EE 126 4AT AO Oe VOY CAN DEE 128 4 4 7 4 1 Configure E Aan wa Raat ae ae ania aaa saat 128 4 4 7 4 2 VLAN Interface enn 129 4 4 7 4 3 Management VAN n 130 4 4 8 QoS Configuration E 130 4 4 81 QOS Port GOMNGUIALOM EE 131 4 4 8 2 QoS Control EE 134 EN TE 135 44 9 DSCP NET E 136 4 410 Port BAN ee E 138 AAA IGMP SMOODING EE 139 4 4 11 1 IGMP Configuration 0 cccccceeceeeecccenee cess eee eeeeceeaeeeeeeeeeeeeeecceaeeeeeeeeeeeneee 140 4 4 11 2 IGMP VLANID Configuration cccceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneeeeeeeeeeeeeee 141 4 4 11 3 IPMC SCOMCM end eer deeg eege edd eet ede ge 141 4 4 11 4 IPMC Profile 2 0 0 2 ececccecceee cece eee eeeeeea eee sees eee eeeeceaaaaeeeeeeeeeeeeeeceaeeeeeeeeeeeeeee 143 44 115 IGMP WE te EE 144 4 4 12 Static Multicast Confguraion 145 JA h M
161. ig acl RULE frame type any dest_mac dest_mac Define the destination MAC filtering type any Specify any to filter any kind of traffic uc Specify uc to filter unicast traffic mc Specify mc to filter to filter multicast traffic be Specify bc to filter broadcast traffic Switch config acl RULE frame type arp Source_mac mac_mask dest_mac type opcode source_ip ip mask dest_ip ip mask arp_smac_match source_mac Define source MAC address any Specify any to apply ACL rule to any source MAC addresses XXIXX IXX IXX XX XX Specify the specific source MAC address rarp_dmac_match mac_mask Specify MAC mask length_check ip Ethernet any Specify any mean any MAC mask ff ff ff 00 00 00 Specify a specific MAC mask dest_mac Define the destination MAC filtering type any Specify any to filter any kind of traffic uc Specify uc to filter unicast traffic mc Specify mc to filter to filter multicast traffic be Specify bc to filter broadcast traffic type Specify ARP type any Specify any to use any ARP type arp Specify arp to use ARP type rarp Specify rarp to use RARP type 28 opcode Specify any to apply ACL rule to both reply and request fram
162. iguration The IEEE 802 1X standard provides a port based network access control and authentication protocol that prevents unauthorized devices from connecting to a LAN through accessible switch ports Before services are made available to clients connecting to a VLAN clients that are 802 1 X complaint should successfully authenticate with the authentication server Initially ports are in the authorized state which means that ingress and egress traffic are not allowed to pass through except 802 1X protocol traffic When the authentication is successful with the authentication server traffic from clients can flow normally through a port If authentication fails ports remain in unauthorized state but retries can be made until access is granted Click the folder 802 1X Configuration from the Switch Management menu and then three options will be displayed as follows Si Main Menu Configure System D System Information D User Authentication SE Network Management 23 Switch Management 7 5 Switch Configuration SU Aggregation Ee ttts s Link Aggregation eee 9 802 1 Configuration 2 Configure System D Configure Port Admin State Configure Port Reauthenticate 30 MAC Address Management a VLAN Configuration QoS Configuration 118 1 Configure System Set up 802 1X RADIUS IP RADIUS Secret Reauthentication and Timeout 2 Configure Port Admin State Set up aggregation Path Cost Priority Edge etc
163. ill respond to the requests from the SNMP based network management system These requests which you can control can vary from getting system information to setting the device attribute values The Managed Switch s private MIB is provided for you to be installed in your SNMP based network management system Web Browser Application You can manage the Managed Switch through a web browser such as Internet Explorer or Netscape etc The default IP address of the Managed Switch port can be reached at http 192 168 0 1 For your convenience you can use either this Web based Management Browser Application program or other network management options for example SNMP based management system as your management system 1 4 Management Preparations After you have decided how to manage your Managed Switch you are required to connect cables properly determine the Managed switch IP address and in some cases install MIB shipped with your Managed Switch Connecting the Managed switch It is very important that the proper cables with the correct pin arrangement are used when connecting the Managed switch to other switches hubs workstations etc 100 1000Base X SFP Port The small form factor pluggable SFP is a compact optical transceiver used in optical data communication applications It interfaces a network device mother board for a switch router or similar device to a fiber optic or unshielded twisted pair networking cable I
164. ing IEEE 802 1ad Its purpose is to expand the 802 1q VLAN space by tagging the inner tagged packets In this way a double tagged frame is created so as to separate customer traffic within a service provider network As shown below in Double Tagged Frame illustration an outer tag is added between source destination and inner tag at the provider network s edge This can support C VLAN Customer VLAN over Metro Area Networks and ensure 126 complete separation between traffic from different user groups Moreover the addition of double tagged space increases the number of available VLAN tags which allow service providers to use a single SP VLAN Service Provider VLAN tag per customer over the Metro Ethernet network Preamble SED R gt PPeLEN payLoap FCS Original frame Ds TAG 802 1q Preamble SFD Aa onip TyPe LEN PAYLOAD FCS Ge e Inner Tag Double Preamble SFD A or C Tag Type LEN PAYLOAD FCS tagged TCI P C VID Frame Double Tagged Frame As shown below in Q in Q Example illustration Headquarter A wants to communicate with Branch 1 that is 1000 miles away One common thing about these two locations is that they have the same VLAN ID of 20 called C VLAN Customer VLAN Since customer traffic will be routed to service provider s backbone there is a possibility that traffic might be forwarded insecurely for example due to
165. ing screen page appears when you choose Port Based VLAN mode and then select Configure VLAN Configure Port Based VLAN 123 Since source addresses of the packets are listed in MAC address table of specific VLAN except broadcast multicast packets in every VLAN the traffic between two ports will be two way without restrictions Click New to add a new VLAN entity and then the following screen page appears Use Edit to view and edit the current VLAN setting Click Delete to remove a VLAN entity Configure Port Based VLAN WG EEN 2 2 26 E jil gll 22 V Member Not Member VLAN Name Use the default name or specify a VLAN name VLAN Members If you select V from the pull down menu it denotes that the port selected belongs to the specified VLAN 4 4 7 2 802 1Q VLAN Concept Port Based VLAN is simple to implement and use but it cannot be deployed cross switches VLAN The 802 1Q protocol was developed in order to provide the solution to this problem By tagging VLAN membership information to Ethernet frames the IEEE 802 1Q can help network administrators break large switched networks into smaller segments so that broadcast and multicast traffic will not occupy too much available bandwidth as well as provide a higher level security between segments of internal networks 124 Introduction to 802 1Q frame format
166. ith tag 10 arrives at port 24 the tag will be removed Then untagged traffic is sent to CPU When sending out management traffic out from port 24 it will be added a tag 10 217 IV Q in Q The IEEE 802 1Q double tagging VLAN is also referred to Q in Q or VLAN stacking IEEE 802 1ad Its purpose is to expand the 802 1q VLAN space by tagging the inner tagged packets In this way a double tagged frame is created so as to separate customer traffic within a service provider network As shown below the network diagram depicts the Switch A on the left carries a Customer tag 12 When tagged packets are received on the Managed Switch they should be tagged with an outer Service Provider tag 15 To set up the network as provided you can follow the steps described below T I i i 1 1 I i e e zm Switch A Managed Switch D 8 IS rig SEN pu Q E E WEE Se SE eee EE Ee LI r Carrier Ethernet W VLAN ID 15 I seg i i Un tag 1 Tag 12 i Q in Q Service tag 15 i Tag 12 1 Un tag H I I H i i i 1 I I H i I D i 1 I I I I I I ze C a EA SSES EA Port Port24 i I H I H Q in Q VLAN Network Diagram 1 Enter Global Configuration mode Commands SWH gt enable Password SWH config SWH config 2 Create a VLAN 15 3 Name VLAN 15 to S VLAN SWH config vlan dotlq vlan 15 OK SWH config vlan 15 name S VLAN OK 4 Assign Port 1 a
167. ity function Console Level Select the desired privilege for the console operation from the pull down menu Four operation privileges are available in the Managed Switch Administrator Full access right includes maintaining user account system information loading factory settings etc 95 Read amp Write Partial access right not able to modify user account system information and items under System Utility menu Read Only Allow to view only Access Denied Completely forbidden for access NOTE To prevent incautious operations users cannot delete their own account modify their own user name and change their own account state 4 2 1 RADIUS Configuration Click RADIUS Configuration in User Authentication and then the following screen page appears RADIUS Configuration RADIUS Authentication Disabled v RADIUS Port RADIUS Server Address 2nd RADIUS Server Address 0 0 0 0 When RADIUS Authentication is enabled User login will be according to those settings on the RADIUS server s NOTE For advanced RADIUS Server setup please refer to APPENDIX A or the free RADIUS readme txt file on the disc provided with this product Secret Key The word to encrypt data of being sent to RADIUS server RADIUS Port The RADIUS service port on RADIUS server Retry Time Times of trying to reconnect if the RADISU server is not reachable RADIUS Server Address IP address of the first RADIUS s
168. ity mycomm level admin Set mycomm community level to admin full access privilege 2 Set up a SNMP trap destination Trap destination command Parameter Switch config snmp server trap destination 1 10 1 10 Description Create a trap destination account Switch config trap Enable this SNMP trap destination community ACCOUNT active account Switch config trap community Enter the community name of network ACCOUNT community management system Switch config trap ACCOUNT destination A B C D No command Switch config no snmp server trap dest 1 10 A B C D 1 10 Enter the trap destination IP address for this trap destination account Delete the specified trap destination account Switch config trap Disable this SNMP trap destination Show command Switch config show snmp server trap destination ACCOUNT no active account Switch config trap Delete the configured community name ACCOUNT no community Switch config trap Delete the configured trap destination ACCOUNT no description description Show SNMP trap destination account information Switch config show snmp server trap destination 1 10 1 10 Show the specified SNMP trap destination account information Switch config trap ACCOUNT show Exit command Switch config trao ACCOUNT exit Trap destination example Switch config snmp server
169. l 1 option SWITCH server ip 192 168 0 251 D option SW ITCH server login name anonymous option SW ITCH server login name FAE option SWITCH server login password dept subclass vendor classes HS 0600 vendor option space SWITCH option SWITCH finmware file name HS 0600 provision_l bin option SWITCH firmware md5 ch 9e 06 b6 c9 72 e8 1 1 sa6 d2 94 32 24 50 0c bb option SW ITCH firmware file name HS 0600 provision_2 bin option SWITCH firmware md5 16 2 2e 4d 30 e5 71 5e oc fa 5a f0 d8 33 7d db option SWITCH configuration file name 3WO0503A3C4 bin option SWITCH configuration md5 ef 30 03 13 al d0 46 05 af c 28 6f 25 10 96 84 option SWITCH option 1 Se te te ate Restart DHCP service D dhcpd conf etc dhcp gedit File Edit View Search Tools Documents Help open v Zeus 6 Link to dhcpd conf 3 dhcpd conf X File Edit View Terminal Help root localhost dhcpd option space SWITCH Internet Systems Consortium DHCP Server 4 1 1 P1 protocol O tftp 1 ftp Copyright 2004 2010 Internet Systems Consortium option SW ITCH protocol code 1 unsigned integer 8 ALL rights reserved option SWITCH server ip code 2 ipaddress For info please visit https www isc org software dhcp option SWITCH server login name code 3 text WARNING Host declarations are global They are not limited to the scope vo Option SWITCH server login pass Word code 4 te
170. l link down 13 D day 00 00 28 Local port 10 fiber link down local link down 14 D day 00 00 28 Local port 11 fiber link down local link down 15 l D day 00 00 28 Local port 12 fiber link down local link down 16 D day 00 00 28 Local port 13 fiber link down local link down 17 D day 00 00 28 Local port 14 fiber link down local link down Click Clear to clear all Event log records 4 6 2 Upgrade The Managed Switch has both built in TFTP and FTP clients Users may save or restore their configuration and update their Firmware on line Select Update from the System Utility menu and then the following screen page appears Upgrade Configuration w 127 0 0 1 anonymous 0 config rom Protocol Select the preferred protocol either FTP or TFTP File Type Select the file to process either Firmware or Configuration 191 Server Address Enter the specific IP address of the File Server User Name Enter the specific username to access the File Server Password Enter the specific password to access the File Server File Location Enter the specific path and filename within the File Server Click OK to start the download process and receive files from the server A transmitting progress will be displayed during file transfer Once completed a process completed message will pop up to remind the user Click Put to start the upload process and tr
171. le time synchronization Time Server Address NTP time server address 2nd Time Server Address When the default time server is down the Managed Switch will automatically connect to the 2nd time server Synchronization Interval The time interval to synchronize from NTP time server Time Zone Select the appropriate time zone from the pull down menu Daylight Saving Time To enable or disable the daylight saving time function It is a way of getting more daytime hour s by setting the time to be hour s ahead in the morning 100 Daylight Saving Time Offset Click the pull down menu to select the time offset of daylight saving time NOTE SNTP is used to get the time from those NTP servers It is recommended that the time server is in the same LAN with the Managed Switch or at least not too far away In this way the time will be more accurate 4 3 5 Device Community Click the option Device Community from the Network Management menu and then the following screen page appears Device Community Community Up to 10 Device Communities can be set up Click New to add a new community and then the following screen page appears Click Edit to view the current community settings Click Delete to remove a registered community Device Community OEA EEEE DIEN 24 3 10 Account State Disabled x Community Description SNMP Level Access Denied el Current Total Max Agents Vie
172. le will directory user_name be backed up password directory Specify the file location within the FTP server to which a copy of configuration will be saved user_name Specify the username for FTP server password Specify the password for FTP server Switch config archive auto A B C D Specify the IP address of the TFTP server backup path tftp A B C D to which a copy of configuration file will directory be backed up directory Specify the file location within the TFTP server to which a copy of configuration will be saved Switch config archive auto 0 23 Specify the time that you would like the backup time 0 23 server to backup a configuration file automatically No command Switch config no archive auto backup Disable auto backup function Switch config no archive auto backup path Reset the backup protocol back to the default setting Switch config no archive auto backup time Reset the backup time back to the default setting Show command Switch config show archive auto backup Show or verify auto backup settings Switch config archive auto backup Enable auto backup function Switch config archive auto backup path ftp Backup a copy of configuration file 192 168 1 10 backupconfig mis1503 abcxyz automatically to FTP server Switch config archive auto backup path tftp Backup a copy of configuration file 192 168 1 10 backupconfig automatically to TFTP server
173. lename 14 Specify the MD5 for configuration file ODN NOTE 1 The text beginning with a pound sign will be ignored by the DHCP server For example in the figure shown above firmware file name HS 0600 provision_2 bin and firmware md5 line 5 amp 6 from the bottom will be ignored If you want DHCP server to process these two lines remove pound signs in the initial of each line NOTE 2 You can use either free software program or Linux default md5sum function to get MD5 checksum for firmware image and configuration file 201 Ki dhcpd conf etc dhcp gedit File Edit View Search Tools Documents Help 17 opn v save 7 7 Link to dhcpd conf 9 dhcpd conf 3 root localhost md5sum HS 0600 n opion space SWITCH 162 2e4d30e5715cccfdsateds33 ddb HS 0600 provision 2 bin protocol Oti L root localhost Je option SWITCH protocol oode 1 unsigned integer 8 option SW ITCH server ip code 2 ipaddress option SW ITCH server login name code 3 text option SW ITCH server login pass word code 4 text option SW ITCH firmware file name code 5 text option SWITCH firmware md5 code 6 string option SW ITCH configuration file name code 7 text option SW ITCH configuration md5 code 8 string 16 bits option bit 0 Urgency bit 1 15 Reserve option SWITCH option code 9 unsigned integer 16 class vendor classes match option vendor class identifier option SWITCH protoco
174. lowing screen page shows up User Authentication Up to 10 Users can be registered Click New to add a new user and then the following screen page appears Click Edit to view and edit a registered user setting Click Delete to remove a current registered user setting Click RADIUS Configuration for authentication setting via RADIUS 94 User Authentication Default Account Disabled v Administrator e Current Total Max Users View only field Current This shows the number of current registered users Total This shows the total number of users who have already registered Max This shows the maximum number available for registration The maximum number is 10 Account State Enable or disable this user account User Name Specify the authorized user login name up to 20 alphanumeric characters Password Enter the desired user password up to 20 alphanumeric characters Retype Password Enter the password again for double checking Description Enter a unique description up to 35 alphanumeric characters for the user This is mainly for reference only IP Security Enable or disable the IP security function If enabled the user can access the Managed Switch only through the management station which has exact IP address specified in IP address field below If disabled the user can access the Managed Switch through any station IP Address Specify the IP address for IP Secur
175. lq vlan mode trunk config if 24 exit Change Port 1 s PVID to 11 SW SW OK SW config interface 1 config if 1 vlan dotlq vlan access vlan 11 l config if 1 exit Show currently configured VLAN tag settings SW config show vlan interface 802 1q Tag VLAN Interface Port Mode PVID VLAN Member LA LA KA Ki N m Ww OO Jon 01 wu NH LO access access access access access access access access access access access access access ER PPP PPP e k j i aye FA es a pe aes EE 211 14 access I5 access 16 access 17 access 18 access 19 access 20 access 1 21 access 1 22 access 23 access 1 Web Management Configuration 1 QS VLAN Configuration AUQUICUAaUU H Rapid Spanning Tree DCH 802 1X Configuration Select Configure VLAN option in IEEE 802 1Q Tag VLAN menu Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN Configure IEEE 802 1q Tag VLAN Rapid Spanning Tree 802 1X Configuration 4 MAC Address Managemen V Member Not Member Port Based VLAN EXSIIEEE 802 1q Tag VLAN SR O Management VLAN amp 4 QoS Configuration Create a new Data VLAN 11 that includes Port 1 and Port 24 as members Switch Management gt VLAN Configuration gt IEEE 802 1q Tag VLAN gt Configure VLAN Configure IEEE 802 1q Tag VLAN H MAC A
176. m the pull down menu for IP Protocol filtering IP TTL Select 0 to indicate that the TTL filed in IPv4 header is 0 If the value in TTL field is not 0 use 1 to indicate that You can also select any to denote the value which is either 0 or not 0 IP Fragment Select 0 to indicate that the fragment filed in IPv4 header is 0 If the value in TTL field is not 0 use 1 to indicate that You can also select any to denote the value which is either 0 or not 0 166 IP Option Select 1 to indicate that the IPv4 header is bigger than 5 bytes 0 to indicate that the IPv4 is 5 bytes Select any to denote the value which is either O or not 0 SIP Filter Select Any Host or Network for source IP filtering If Host is selected you need to indicate a specific host IP address If Network is selected you need to indicate both network address and subnet mask SIP Address Specify a source IP address SIP Mask Specify a source subnet mask DIP Filter Select Any Host or Network for destination IP filtering If Host is selected you need to indicate a specific host IP address If Network is selected you need to indicate both network address and subnet mask DIP Address Specify a destination IP address DIP Mask Specify a destination subnet mask ICMP Parameters ICMP Type Filter This field is used to filter the ICMP type defined in
177. n SWITCH option 1 ete ae te C7 28 6 25 0 96 84 202 e dhcpd conf etc dhcp gedit File Edit View Search Tools Documents Help open v sae 7 Link to dhcpd conf dhcpd conf X j it HU Help rootetocthost ail TED d option space SWITCH UM DACP Server 4 1 1 P1 protocol O tftp 1 ftp Copyright 2084 2010 Internet Systems Consortium option SWITCH protocol code 1 unsigned integer 8 ALL rights reserved option SWITCH server ip code 2 ip address For info please visit https www isc org software dhcp option SW ITCH server login name code 3 text WARNING Host declarations are global They are not limited to the scope yol option SW ITCH server login password code 4 text clared them in option SWITCH firrnware file name code 5 text Not searching LDAP since ldap server ldap port and ldap base dn were not sp option SWITCH firmware md5 code 6 string ied in the config file option SW ITCH configuration file name ode 7 text Wrote class decls to leases file option SWITCH configuration rad5 code 8 string Wrote deleted host decls to leases file 16 bits option bit 0 Urgency bit 1 15 Reserve Wrote 8 new dynamic host decls to leases file option SWITCH option code 9 unsigned integer 16 Wrote 6 leases to leases file Listening on LPF eth0 00 0c 29 ef f8 4f 192 168 0 0 24 class vendor classes Sending on LPF eth0 00 0c 29 ef f8 4f 19
178. nd Port 24 to VLAN 15 SWH config vlan 15 exit SWH config interface 1 24 SWH config if 1 24 vlan dotlq vlan trunk vlan 15 OK SWH config if 1 24 exit 218 5 Show currently configured dotiq VLAN membership SWH config show vlan dotlq vlan CPU VLAN ID 1 VLAN Name VLAN 1 8 9 16 17 24 CPU Default VLAN 1 VVVVVVVV VVVVVVVV VVVVVVVV V S VLAN 15 V v NOTE By default all ports are member ports of the Default_VLAN Before removing the Default VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect your management PC to the Managed Switch immediately when you enter the command 6 Set Port 1 to tunnel mode SWH config interface 1 SWH config if 1 vlan dotlq vlan mode dotiq tunnel OK 7 Change Port 1 s PVID to 15 SWH OK config if 1 vlan dotlq vlan access vlan 15 8 Set Port 24 to trunk mode SWH config interface 24 SWH config if 24 vlan dotlq vlan mode trunk SWH config if 1 exit OK 9 Show currently configured VLAN tag settings SWH config show vlan interface IEEE 802 1q Tag VLAN Interface Port Mode PVID VLAN Member 2 access 1 1 3 access 1 1 4 access 1 1 5 access 1 1 6 access I 1 7 access 1 1 8 access di 1 9 access d 1 10 access 1 1 11 a
179. nfigure Queuing Weighted QoS Port Configuration No 4 A H OO H Click the pull down menu to select values of Queue weighted for each port 133 4 4 8 2 QoS Control List The following screen page appears if you choose QoS Priority Configuration and then select QoS Control List QoS Control List QCE Type Traffic Class QCL Select a QCL number 1 24 QCE Type View only filed that shows QCL s current QCE type Type Value View only field that shows QCL s current type value Traffic Class View only field that shows QCL s Traffic Class Click New to add a new QCL setting and then the following screen page appears Click Edit to view and edit registered QCL settings Click Delete to remove a current QCL setting QoS Control List Current Total Max List View only field 134 Current This shows the number of current registered QCL setting s Total This shows the number of total registered QCL setting s Max List This shows the number of maximum QCL settings that are available for registration The default number is 12 QCE Type Click the pull down menu to select the desired privilege for the QCE type operation Ethernet Type When you choose Ethernet Type as your preferred QCE Type you can further specify your Ethernet Type in this field such as 88A8 9100 9200 9300 VLAN ID When you choose VLAN ID as your pr
180. nging the port VLAN settings from one VLAN to another VLAN This allows VLAN to accommodate network moves changes and additions with the utmost flexibility The Managed Switch supports Port based VLAN implementation and IEEE 802 1Q standard tagging mechanism that enables the switch to differentiate frames based on a 12 bit VLAN ID VID field Besides the Managed Switch also provides double tagging function The IEEE 802 1Q double tagging VLAN is also referred to Q in Q or VLAN stacking IEEE 802 1ad Its purpose is to expand the 802 1Q VLAN space by tagging the inner tagged packets In this way a double tagged frame is created so as to separate customer traffic within a service provider network Moreover the addition of double tagged space increases the number of available VLAN tags which allow service providers to use a single SP VLAN Service Provider VLAN tag per customer over the Metro Ethernet network While this application note can not cover all of the real life applications that are possible on this Managed Switch it does provide the most common applications largely deployed in most situations In particular this application note provides a couple of network examples to help users implement Port Based VLAN Data VLAN Management VLAN and Double Tagged VLAN Step by step configuration instructions using CLI and Web Management on setting up these examples are also explained Examples described below include Examples Configuration
181. ngle active path between any two network nodes Multiple active paths between network nodes cause a bridge loop Bridge loops create several problems First the MAC address table used by the switch or bridge can fail since the same MAC addresses and hence the same network hosts are seen on multiple ports Second a broadcast storm occurs This is caused by broadcast packets being forwarded in an endless loop between switches A broadcast storm can consume all available CPU resources and bandwidth Spanning tree allows a network design to include spare redundant links to provide automatic backup paths if an active link fails without the danger of bridge loops or the need for manually enabling disabling these backup links To provide faster spanning tree convergence after a topology change an evolution of the Spanning Tree Protocol Rapid Spanning Tree Protocol RSTP introduced by IEEE with document 802 1w RSTP is a refinement of STP therefore it shares most of its basic operation characteristics This essentially creates a cascading effect away from the root bridge where each designated bridge proposes to its neighbors to determine if it can make a rapid transition This is one of the major elements which allow RSTP to achieve faster convergence times than STP Click the folder Rapid Spanning Tree from the Switch Management menu and then three options within this folder will be displayed as follows SJ Main Menu RSTP Switch Settin
182. nly provides users with basic functions to operate the Managed Switch If you would like to configure advanced features of the Managed Switch such as VLAN QoS Rate limit control you must enter the Configuration Mode The following table provides an overview of modes available in this Managed Switch Command Mode Access Method Prompt Displayed Exit Method Login username amp User Mode password Switch gt logout exit From user mode enter he enable command Switch disable exit logout Privileged Mode From the enable mode enter the config or Switch config exit Ctrl Z configure command Configuration Mode NOTE By default the model name will be used for the prompt display You can change the prompt display to the one that is ideal for your network environment using the hostname command However for convenience the prompt display Switch will be used throughout this user s manual 2 3 1 General Commands This section introduces you some general commands that you can use in User Enable and Configuration Mode including help exit history and logout Entering the command To do this Available Modes User Mode help Obtain a list of available Privileged Mode commands in the current mode Configuration Mode User Mode exit E EIERE Privileged Mode 9 Configuration Mode User Mode history N commands that have been Privil
183. not 0 0 Specify 0 to indicate that the IPv4 is 5 bytes 1 Specify 1 to indicate that the IPv4 header is bigger than 5 bytes Switch config acl RULE frame type ipv4 dest mac protocol_id source_ip Ip mask dest_ip Ip maskl Ip ttl Ip fragment Ip option dest mac Define destination MAC address type any Specify any to apply ACL rule to any destination MAC addresses uc Specify uc to apply ACL rule to unicast traffic mc Specify mc to apply ACL rule to multicast traffic be Specify bc to apply ACL rule to broadcast traffic 33 protocol_id This parameter is to show the protocol number defined in the protocol field of the IPv4 packet Specify any to denote any protocols specify 1 255 to denote different defined protocols source_ip This is sender IP filtering function Specify any to filter frames from any sender IP addresses Or specify either a host IP address or a network address X X X X Ip maekl Define source IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask dest_ip This is destiantion IP filtering function any Specify any to filter frames to any target IP addresses x x X X Specify a host IP ip_ mask Define destination IP mask any Specify any
184. nt Switch config Ildp tlv select port description Enable Port Description attribute to be sent Switch config lldp tlv select system description Enable System Description to be sent Switch config lldp tlv select system name Enable System Name to be sent Use Interface command to configure a group of ports LLDP settings LLDP amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas ora range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT Ildp No command Switch config if PORT PORT no Ildp Enable LLDP on the selected interfaces Disable LLDP on the selected interfaces 58 Show command Switch config show Ildp Show or verify LLDP configurations 2 6 12 MAC Command Set up MAC address table aging time Entries in the MAC address table containing source MAC addresses and their associated ports will be deleted if they are not accessed within aging time MAC Command Switch config mac address table aging time 0 4080 No command Switch config no mac address table aging time Show command Switch config show mac address table Parameter 0 4080 Description Enter the aging time for MAC addresses in seconds Set MAC address table aging time to the gem value 300 seconds
185. ntagged Switch config if 1 3 vlan dot1q vlan mode dotiq tunnel Enable Q in Q function in the selected interfaces Switch config if 1 3 vlan dot1q vlan mode trunk native Enable native VLAN for untagged traffic Switch config if 1 3 vlan port based mkipbvlan Set the selected ports to the specified port based VLAN mktpbvlan 2 6 26 Show interface statistics Command The command show interface statistics that can display port traffic statistics port packet error statistics and port analysis history can be used either in Privileged Mode and Global Configuration Mode config It is useful for network administrators to diagnose and analyze port traffic real time conditions Switch config show interface statistics analysis Command Parameters Description Display packets analysis events for each port Switch config show interface port_list statistics analysis port_list Display packets analysis for the selected ports Switch config show interface statistics analysis rate Display packets analysis rates for each port Switch config show interface port_list statistics analysis rate port_list Display packets analysis rates for the selected ports Switch config show interface statistics error Display error packets statistics events for each port Switch config show interface port_list statistics error por
186. nterval to 120 minutes Switch config loop detection vian id 100 Set the Loop Detection VLAN ID to 100 Use Interface command to configure a group of ports Loop Detection settings Dot1x amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT Enable Loop Detection function on the loop detection specific ports No command Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT no Disable Loop Detection function on loop detection the specific ports 46 2 6 9 Dot1x Command Command Switch config dot1x Parameter Description Enable dot1x function When enabled the Managed Switch acts as a proxy between the 802 1X enabled client and the authentication server In other words the Managed Switch requests identifying information from the client verifies that information with the authentication server and relays the response to the client Switch config dot1x reauth period 0 3600 0 3600 Specify a period of authentication time that a client authenticates with the authentication server The allowable value is b
187. nu and then the following screen page appears SJ Main Menu MYR Settings System Information User Authentication a Network Management 39 Switch Management Switch Configuration J Port Configuration Link Aggregation 0 Rapid Spanning Tree 802 1 Configuration S MAC Address Management a VLAN Configuration QoS Configuration 7 DSCP Remark 3 Part Mirroring 9 IGMP Snooping 3 Static Multicast Configuration 2a MYR Configuration MVR Settings MVR Group 1 MVR Port Settings To enable or disable MRV global settings and create MVR VLAN to indicate the Source and Receive port VLAN 147 MVR Group Create MVR Groups whose multicasting stream would belong to MVR 4 4 13 1 MVR Settings Select the option MVR Settings from the MVR Configuration menu and then the following screen page appears MYR Settings Disabled v Ei New Cone MVR To enable or disable MVR global settings VID View only field that shows the specified MVR VLAN ID for current configuration Click New to register anew MVR VLAN ID and then the following screen page appears Click Edit to edit MVR settings Use Delete to remove a current MVR VLAN ID MVR Settings BEE CON O s Je z fs Jo Eee Port Members 1 f a fe e af m E DEET Current Total Max VLAN View only field Current This shows the number of current register
188. o 0 Switch config if 1 3 spanning tree edge Set the selected ports to edge ports Switch config if 1 3 spanning tree p2p Set the selected ports to non P2P forced_false ports 75 2 6 20 Switch Command Switch command Parameter Description Switch config switch sfp 0 70 Specify the slide in SFP module s temperature 0 70 safety temperature range The allowable range is between 0 and 70 degrees Celsius Switch config switch sfp tx bias 400 Set up slide in SFP modules TX 400 bias value Switch config switch sfp tx power low_rx_power high_rx_power low_rx_power high_rx_power Set up the low and high TX power for slide in SFP modules The allowable range for low and high parameter is between 9999 and 99999 Switch config switch sfp rx power low_rx_power high_rx_power low_rx_power high_rx_power Set up the low and high RX power for slide in SFP modules The allowable range for low and high parameter is between 9999 and 99999 Switch config switch sfp voltage 8 3 6 Set up voltage value for slide in 3 3 6 SFP modules Switch config switch bpdu 00 permit Permit packets from the address OF permit ranging from 0180C2000000 to 0180C200000F Switch config switch bpdu 20 permit Permit packets from the address 2F permit ranging from 0180C2000020 to 0180C200002F Switch config switch bpdu 10 permit P
189. o Ethernet 0x6 and the Protocol Address Length field is equal to IPv4 0x4 Select Any to indicate a match and not a match IP Select 0 to indicate that Protocol Address Space field in ARP RARP frame is not equal to IP 0x800 Select 1 to indicate that Protocol Address Space is equal to IP 0x800 Select Any to indicate a match and not a match Ethernet Select 0 to indicate that Hardware Address Space field in ARP RARP frame is not equal to Ethernet 1 Select 1 to indicate that Hardware Address Space field is equal to Ethernet 1 Select Any to indicate a match and not a match 165 IPv4 Frame Type MAC Parameters VLAN Parameters VLAN ID Filter ae 2 IP Parameters n A SIP Address A J 0 0 U LU D I Cancel MAC Parameters DMAC Filter Select Any UC MC or BC for destination MAC filtering Select Any to filter any kind of traffic Select UC to filter unicast traffic Select MC to filter multicast traffic Select BC to filter broadcast traffic VLAN Parameters VLAN ID Filter Select Any or Specific for VLAN ID Filter If Specific is selected you need to further specify a VLAN ID VLAN ID Specify a VLAN ID Tag Priority Select a tag priority from the pull down menu IP Parameters IP Protocol Filter Select Any ICMP UDP TCP or Other protocol fro
190. o enable or disable the SNMP Management service Web Service To enable or disable the Web Management service 4 3 3 RS232 Telnet Console Configuration Click the option RS232 Telnet Console Configuration from the Network Management menu and then the following screen page appears RS232 TelnetiConsole Configuration Word Length Telnet Port System Time Out Baud Rate 9600 bps RS 232 setting view only field Stop Bits 1 RS 232 setting view only field 99 Parity Check None RS 232 setting view only field Word Length 8 RS 232 setting view only field Flow Control None RS 232 setting view only field Telnet Port Specify the desired TCP port number for the Telnet console The default TCP port number of the Telnet is 23 System Time Out Specify the desired time that the Managed Switch will wait before disconnecting an inactive console telnet Specifying 0 means an inactive connection will never be disconnected 4 3 4 Time Server Configuration Click the option Time Server Configuration from the Network Management menu and then the following screen page appears Time Server Configuration Time Synchronization Disabled v Time Server Address 0 0 0 0 2nd Time Sewer Address _ Time Server Address 0 0 0 0 E Synchronization Interval 1440 Mins TimeZone o Zone GMT 12 00 ES Saving Daylight Saving Time Disabled Time Synchronization To enable or disab
191. og server IP address When the default Log Server is down the Managed Switch will automatically contact the second or third Log server 104 4 4 Switch Management In order to manage the Managed switch and set up required switching functions click the folder icon Switch Management from the Main Menu and then several options and folders will be displayed for your selection Si Main Menu Switch Configuration D System Information User Authentication a Switch Management Switch Configuration MAC Address Aging Time Secs 0 4080 0 Never Aging Out D Port Configuration SFP Safety Te ture S Link Aggregation SE Rapid Spanning Tree 802 1 Configuration a MAC Address Management RSS Cm EAEE VLAN Configuration SE QoS Configuration SFP Normal TX Power range D DSCP Remark D Port Mirroring IGMP Snooping D Static Multicast Configuration Layer 2 Control Protocol SA MVR Configuration 0180C200000 Filter v Security Configuration Access Control List Manager EHS RRE Not Filter ze LLDP Configuration 3 Loop Detection Configuration GE Not Filter x a Switch Monitor aH System Utility Save Configuration D Reset System 1 Switch Configuration Set up frame size address learning etc 2 Port Configuration Enable or disable port speed flow control etc 3 Link Aggregation Set up port trunk and LACP port configuration 4 Rapid Spanning Tree Set up RSTP switch
192. ommand All unsaved configurations will be lost when you restart the Managed Switch Command Example Switch write 2 5 6 Configure Command The only place where you can enter Global Configuration Mode is in Privileged Mode You can type in configure or config for short to enter Global Configuration Mode The display prompt will change from Switch to Switch config once you successfully enter Global Configuration Mode Command Example Switch config Switch config Switch configure Switch config 22 2 6 Configuration Mode When you enter configure or config and press Enter in Privileged Mode you will be directed to Global Configuration Mode where you can set up advanced switching functions such as QoS VLAN and storm control security globally All commands entered will be applied to running configuration and the device s operation From this level you can also enter different sub configuration modes to set up specific configurations for VLAN QoS security or interfaces Command Description acl Set up access control entries and lists archive Backup a copy of configuration file to FTP or TFTP channel group Configure static link aggregation groups or enable LACP function loop detection Configure Loop Detection settings d Configure the Managed Switch to send information when 80
193. ority port number and operational key Upon receipt of an LACPDU the remote system compares the received information with the information received on other ports to determine the ports that can operate as selected ports This allows the two systems to reach an agreement on the states of the related ports when aggregating ports link aggregation control automatically assigns each port an operational key based on its rate duplex mode and other basic configurations In an LACP aggregation group all ports share the same operational key in a manual or static LACP aggregation the selected ports share the same operational key Partner Port The corresponding port numbers that connect to the partner switch in LACP mode 4 5 5 2 LACP Statistics In order to view the real time LACP statistics status of the Managed Switch select LACP Statistics from the LACP Monitor menu and then the following screen page appears LACP Statistics LACH Transmitted LACP Received Illegal Received Unknow Received Clear Counters Port LACH packets _LACPDU transmitted or received from current port LACP Transmitted Packets transmitted from current port LACP Received Packets received form current port Illegal Received Illegal packets received from current port Unknown Received Unknown packets received from current port Clear Counter Clear the statistics of the current port 177 4 5 6 RSTP
194. orized accesses Enable Mode Password Enable mode is password protected When you try to enter Enable Mode a password prompt will appear to request the user to provide the legitimate passwords Enable Mode password is the same as the one entered after login password prompt By default no password is required Therefore press Enter key in password prompt 18 Forgot Your Login Username amp Password If you forget your login username and password you can use the reset button on the front panel to set all configurations back to factory defaults Once you have performed system reset to defaults you can login with default username and password Please note that if you use this method to gain access to the Managed Switch all configurations saved in Flash will be lost It is strongly recommended that a copy of configurations is backed up in your local hard drive or file server from time to time so that previously configured settings can be reloaded to the Managed Switch for use when you gain access again to the device 2 4 User Mode In User Mode only a limited set of commands are provided Please note that in User Mode you have no authority to configure advanced settings You need to enter Enable Mode and Configuration Mode to set up advanced functions of the Switch For a list of commands available in User Mode enter the question mark or help command after the system prompt display Switch gt Command Description s
195. ort 2 that is marked as Opt82 port A If a DHCP request is with Opt82 Agent information and then the Managed Switch will drop it because it is not marked as a trust port B Ifa DHCP request is without Opt82 Agent information and then the Managed Switch will add Opt82 Agent information and then forward it 4 4 14 2 DHCP Port Settings Select the option DHCP Port Settings from the Security Configuration menu and then the following screen page appears DHCP Port Settings ial ee ee SS ee eS a eS Unlimited me Coma Comm DCH Unlimited sl Unlimited zs Unlimited v Source Guard To specify authorized access information for each port There are three options available Unlimited Non Limited Static IP or DHCP assigned IP DHCP DHCP assigned IP address only Fixed IP Only Static IP You must create Static IP table first Refer to Static IP Table Configuration for further information 153 4 4 14 3 Filter Configuration Select the option Filter Configuration from the Security Configuration menu and then the following screen page appears Filter Configuration DHCP Snooping Disabled 86400 Secs 180 259200 Port Isolation Disabled ze a SET Dal ed Disabled EI DHCP Snooping Enable or disable DHCP Snooping function NOTE The connection between the Managed Switch and DHCP server can only be made via uplink ports port 21 24 D
196. ort State Enable or disable the current port state Preferred Media Type Select copper or fiber as the preferred media type Port Type Select Auto Negotiation or Manual mode as the port type Port Speed When you select Manual port type you can further specify the transmission speed 10Mbps 100Mbps 1000Mbps of the port s Duplex When you select Manual port type you can further specify the current operation Duplex mode full or half duplex of the port s Flow Control Enable or disable the Flow Control function 4 4 3 Link Aggregation Link aggregation is an inexpensive way to set up a high speed backbone network that transfers much more data than any one single port or device can deliver without replacing everything and buying new hardware For most backbone installations it is common to install more cabling or fiber optic pairs than initially necessary even if there is no immediate need for the additional cabling This action is taken because labor costs are higher than the cost of the cable and running extra cable reduces future labor costs if networking needs changes Link aggregation can allow the use of these extra cables to increase backbone speeds with little or no extra cost if ports are available 108 This Managed switch supports 2 link aggregation modes static Port Trunk and dynamic Link Aggregation Control Protocol LACP using the IEEE 802 3ad standard These allow several devices to communicate simultaneously at
197. orward Delay Time in a specific VLAN Topology The state of the topology Root ID Display this Managed Switch s Root ID Root port Display this Managed Switch s Root Port Number 178 4 5 6 2 RSTP Port Status RSTP Port Status allows users to view a list of all RSTP ports information Select RSTP Port Status from the RSTP Monitor menu and then the following screen page appears RSTP Port Status 1 200000000 no yes RSTP Non STP Non STP 2 200000000 RSTP Non STP Non STP 3 200000000 Non STP 4 200000000 Non STP 5 200000000 Non STP 6 200000000 Non STP 7 200000000 Non STP 8 200000000 Non STP 9 200000000 Non STP 200000000 Non STP 200000000 Non STP 200000000 RSTP 200000000 RSTP Non STP Non STP 200000000 RSTP 200000000 Non STP Non STP In this page you can find the following information about RSTP status Port Number The number of the port Path Cost The Path Cost of the port Edge Port Yes is displayed if the port is the Edge port connecting to an end station and does not receive BPDU P2p Port Yes is displayed if the port link is connected to another STP device Protocol Display RSTP or STP Role Display the Role of the port non STP forwarding or blocked Port State Display the state of the port non STP forwarding or blocked 179 4 5 6 3 RSTP Statistics In order to view the real time RSTP statistics sta
198. outside communications will not be performed A subnet mask is a filtering system for IP addresses It allows you to further subdivide your network You must use the proper subnet mask for the proper operation of a network with subnets defined MIB for Network Management Systems Private MIB Management Information Bases is provided for managing the Managed Switch through the SNMP based network management system You must install the private MIB into your SNMP based network management system first The MIB file is shipped together with the Managed Switch The file name extension is mib that allows SNMP based compiler can read and compile 2 Command Line Interface CLI This chapter introduces you how to use Command Line Interface CLI specifically in Local Console Telnet Configuring the system Resetting the system The interface and options in Local Console and Telnet are the same The major difference is the type of connection and the port that is used to manage the Managed Switch 2 1 Using the Local Console Local Console is always done through the RS 232 DB 9 port and requires a direct connection between the switch and a PC This type of management is useful especially when the network is down and the switch cannot be reached by any other means You also need the Local Console Management to setup the Switch network configuration for the first time You can setup the IP address and change the default configuration to the d
199. ow VLAN Name Member ports Marketing 1 20 22 24 RD 2 21 22 24 206 CLI Configuration Steps Commands 1 Enter Global Configuration SWH gt enable mode Password SWH config SWH config 2 Create port based VLANs SWH config vlan port based Marketing Marketing and RD OK SWH config vlan port based RD OK 3 Select port 1 20 22 and 24 to SWH config interface 1 20 22 24 configure SWH config if 1 20 22 24 4 Assign the ports to the port SWH config if 1 20 22 24 vlan port based based VLAN Marketing GE 5 Return to Global Configuration SWH config if 1 20 22 24 exit mode and select port 2 oi SWH config interface 2 21 22 24 22 and 24 to configure RE ee 6 Assign the ports to the port SWH config if 2 21 22 24 vlan port based RD based VLAN RD Ok 7 Return to Global Configuration SWH config if 2 21 22 24 exit mode and show currently SWH config show vlan port based configured port based VLAN port Basea vun membership Index VLAN Name 1 89 1617 24 1 Default VLAN VVVVVVVV VVVVVVVV VVVVVVVV 2 Marketing Veshetes Sele Feipel V V V 3 RD V UM Note By default all ports are member ports of the Default_VLAN Before removing the Deafult_ VLAN from the VLAN table make sure you have correct management VLAN and PVID configurations otherwise incorrect configurations may disconnect
200. ows the number of current registered IPMC Segment Total This shows the total number of registered IPMC Segment Max This shows the maximum number available for IPMC Segment The maximum number is 400 Segment ID Specify a number from 1 400 for a new ID Segment Name Enter an identification name This field is limited to 20 characters IP Range Specify the multicast streams IP range for the registered segment The IP range is from 224 0 1 0 238 255 255 255 142 4 4 11 4 IPMC Profile Select the option IPMC Profile from the IGMP Snooping menu and then the following screen page with the ability information of IPMC Profile appears IPMC Profile Profile Name Segment ID D Not Use Profile Name View only field that shows the current registered profile name Segment ID View only field that shows the current registered segment ID Click New to register a new IPMC Profile and then the following screen page appears Click Edit to edit the IPMC Profile settings Click Delete to remove a current IPMC Profile registration IPMC Profile Current Total Max VLANs Profile Name Current Total Max VLANs View only field Current This shows the number of current registered IPMC Profile Total This shows the number of total IPMC Profiles that are registered Max This shows the maximum number available for IPMC Profile The maximum number is 60 Profile Name Enter an identification
201. port number is100 whereas the ending source port number is 2000 dest_port any Specify any to filter frames from any destination ports 0 65535 Specify a destination port between 0 and 65535 0 65535 0 65535 Specify a range of destination ports For example 1000 2000 means that port numbers from 1000 to 2000 are specified The starting destination port number is1000 whereas the ending destination port number is 2000 source_ip This is sender IP filtering function Specify any to filter frames from any sender IP addresses Or specify either a host IP address x x x X Ip maekl Define source IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask dest_ip This is destination IP filtering function any Specify any to filter frames to any target IP addresses X X X X Specify either a host IP address Ip maekl Define destination IP mask any Specify any to mean any IP mask 255 255 0 0 Specify a specific IP mask Ip ttl Specify IP TTL bit any Specify any to denote the value which is either zero or not zero 0 Specify 0 to indicate that the TTL filed in IPv4 header is 0 4 If the value in TTL field is not 0 use 1 to indicate that ip_ fragment Specify IP fragment
202. r COMMING DEE 82 2 6 24 Syslog Command EE 85 RK E 86 2 6 26 Show interface statistics Commande 88 2 6 27 EERSTEN 89 2 6 28 Show default setting running config and start up config Commande 89 3 SNMP NETWORK MANAGEMENT 2 ccceseeceeeeeeeeeeeeeeeneeeeeeneeneeeeeeneeeeeeeeseeneeeeeeneeeeeees 90 A WEB MANAGE MEN KEE EE EE 91 AAA System Mormaii ON eistes coke cous calor stende a E a E ies Cadeawentauce 93 BE ler 94 4 2 1 RADIUS Configuration siccc coc cccecccsceninee doctcnat covtnnva be cetethcewtanshdevseent ncenerh enue be bldeadeds 96 4 3 Network Management 97 4 3 1 Network Configuration EE 98 4 3 2 System Service CGontfguraton ENEE 99 4 3 3 RS232 Telnet Console Configuration cccecceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeneaaees 99 4 3 4 Time Server Configuration EE 100 4 3 5 Device Communi await EES 101 SEH HE ee 102 SE Enter EE 103 4 3 8 Mal attempt Log Contouraton n 104 4 4 Switch Management 105 4 4 1 Switch Configuration ccccccccceceeeceeeneeeeee eee eeeeeeeeaeeeeeeeeeeeeeeeceaaeeeeeeeeeeeeeeeeeaaees 106 4 4 2 Port Configuration sssssseeeeeeeeeeeeeeettrrteseerttrrnrntenesetttnnnnnnnssennttnnnn enesenn nne nnna 108 4 4 3 Link Aggregation EE 108 4 4 3 1 Trunk Mode Conftgouraton EEN 109 4 4 3 2 Port Trunk Configuration sssssseeeeeeeeeesennnnrnresseertnrnrnnnnserrrrnrnnnnnnnseerrrnnnnn n 110 4 4 3 3 LACP Port Configuratio E 111 4 4 4 Rapid Spanning Tree 113 4 4 4 1 RSTP Switch Settings n
203. r network management applications 4 Switch Management Set up switch port configuration VLAN configuration and other functions 5 Switch Monitor View the operation status and traffic statistics of the ports 6 System Utility Ping Firmware Upgrade Load Factory Settings etc 7 Save Configuration Save all changes to the system 8 Reset System Reset the Managed Switch 92 4 1 System Information Select System Information from the Main Menu and then the following screen shows up System Information pang Name Connection Technology Systems rome melee 1 3 6 1 4 1 9304 100 31242 System Contact info ctsystem com System Name Managed 24 Ports 1000M Switch ire 1OF 6 No 79 Sec 1 Xintai 5th Rd Xizhi Dist Taiwan Model Name FOS 3124 Fmmmmware version 1 00 00 ABBCDDEFOO00000 20110707 PHY 2 Temperature PHY3 Temperature VM CN Company Name Enter a company name up to 55 alphanumeric characters for this Managed Switch System Object ID View only field that shows the predefined System OID System Contact Enter contact information up to 55 alphanumeric characters for this Managed switch System Name Enter a unique name up to 55 alphanumeric characters for this Managed Switch Use a descriptive name to identify the Managed Switch in relation to your network for example Backbone 1 This name is mainly used for reference only System Location Enter a brief descrip
204. rd static ip to remove from IP source binding A B C D mask 255 X X X vlan table 1 4094 255 X X X Specify the subnet mask for this IP address 1 4094 Specify a VLAN ID Show command Switch config show ip igmp Show IGMP Filtering setting filter Switch config show ip igmp port_list Show the specified ports IGMP Filtering status Switch config show ip igmp profile Show IP multicast profile information Switch config show ip igmp profile profile_name profile_name Show the specified profile s setting Switch config show ip igmp Show IP multicast segment segment information Switch config show ip igmp 1 400 Show the specified segment s segment 1 400 setting Switch config show ip igmp static multicast ip Show static multicast IP table Switch config segment ID show Show the selected segment s setting Switch config profile ID show Show the selected profile s setting Switch config show ip sourceguard interface Show each interface s IP sourceguard type Switch config show ip sourceguard static ip Switch config interface 1 3 Show the IP source binding table for sourceguard function IGMP amp Interface example Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if 1 3 ip igmp filter Enable IGMP Filter on port 1 to port
205. rd untagged packets to member port 21 22 and 24 3 A tagged packet with any permissible VID arrives at Port 1 Tagged packets received on the Managed Switch will be forwarded out tagged Therefore in this example the Managed Switch will look at the Port Based forwarding table for Port 1 and forward tagged packets to member port 20 22 and 24 209 4 Atagged packet with any permissible VID arrives at Port 2 Tagged packets received on the Managed Switch will be forwarded out tagged Therefore in this example the Managed Switch will look at the Port Based forwarding table for Port 2 and forward tagged packets to member port 21 22 and 24 ll Data VLAN In networking environment VLANs can carry various types of network traffic The most common network traffic carried in a VLAN could be voice based traffic management traffic and data traffic In practice it is common to separate voice and management traffic from data traffic such as files emails Data traffic only carries user generated traffic which is sometimes referred to a user VLAN and usually untagged when received on the Managed Switch In the network diagram provided it depicts a data VLAN network where PC1 wants to ping PC2 in a remote network Thus it sends out untagged packets to the Managed Switch to be routed in Carrier Ethernet For this example IEEE 802 1Q tagging mechanism can be used to forward data from the Managed Switch to the destination PC Carrier Ethern
206. received RX Oversize Frames Oversize frames received RX Dropped Frames Drop frames received Collision Each port s Collision frames TX Dropped Frames Drop frames sent Clear All This will clear all port s counter values and be set back to zero 174 4 5 4 Port Packet Analysis Statistics Port Packet Analysis Statistics Mode Counters allow users to view the port analysis history of the Managed Switch Event mode counters are calculated since the last time that counter was reset or cleared Select Port Packet Analysis Statistics from the Switch Monitor menu and then the following screen page appears Port Packet Analysis Statistics Select Choose the Packet Error Statistics from the pull down menu Frames 64 Bytes 64 bytes frames received Frames 65 127 Bytes 65 127 bytes frames received Frames 128 255 Bytes 128 255 bytes frames received Frames 256 511 Bytes 256 511 bytes frames received Frames 512 1023 Bytes 512 1023 bytes frames received Frames 1024 1518 Bytes 1024 1518 bytes frames received Frames 1519 MAX Bytes Over 1519 bytes frames received Multicast Frames RX Good multicast frames received Broadcast Frames RX Good broadcast frames received Multicast frames TX Good multicast packets sent Broadcast Frames TX Good broadcast packets sent Clear all This will clear all port s counter values and be set back to zero 175 4 5 5 LACP Monitor
207. riod of time the Managed Switch will initiated delay 0 300 wait before the initial LLDP packet is sent The allowable initiated delay value is between 0 and 300 seconds Switch config Ildp interval 1 180 1 180 Specify the time interval for updated LLDP packets to be sent The allowable interval value is between 1 and 180 seconds Switch config Ildp packets 1 16 1 16 Specify the amount of packets that are sent in each discovery The allowable packet value is between 1 and 16 seconds Switch config Ildp tlv select capability Enable Capability attribute to be sent Switch config Ildp tlv select management address Enable Management Address attribute to be sent Switch config Ildp tlv select port description Enable Port Description attribute to be sent Switch config Ildp tlv select system description Enable System Description attribute to be sent Switch config Ildp tlv select system name No command Switch config no Ildp hold time Enable System Name attribute to be sent Reset the hold time value back to the default setting Switch config no Ildp initiated delay Reset the initiated delay value back to the default setting Switch config no Ildp interval Reset the interval value back to the default setting 57 Switch config no dp packets Reset the packets to be sent value back to the default settin
208. rname and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name admin H Password C Remember my password Enter the default username admin and password by default no password is required to login to the main screen page After a successful login the Main Menu screen shows up The rest of the menu functions in the Web Management are similar to those described at the Console Management and are also described below 91 Si Main Menu System Information D System Information D User Authentication Network Management vompany M Connection Technology Systems SE Switch M t l apie ad 1 3 6 1 4 1 9304 100 31242 System Utility EE EE info ctsystem com D Save Configuration D Reset System System Name Managed 24 Ports 1000M Switch ERRECHEN 1OF 6 No 79 Sec 1 Xintai 5th Rd Xizhi Dist Taiwan NICI 1 00 00 M B Version Serial Number ABBCDDEFOOO0000 Date Code 20110707 CPU Temperature PHY 1 Temperature PHY 2 Temperature PHY3 Temperature 1 System Information Name the Managed Switch specify the location and check the current version of information 2 User Authentication View the registered user list Add a new user or remove an existing user 3 Network Management Set up or view the IP address and related information of the Managed Switch required fo
209. roadcast address 192 168 0 255 option routers 192 168 0 2 dhcpd conf etc dhep ger Link to dhcpd conf 3 items Free space 2 9 GB default lease time 1209600 max lease time 31557600 group host elt com tw hardware ethernet 00 21 41 02 60 02 fixed address 192 168 1 225 filename zImage redwoods option root path root project vrg 21412 build mi host elf com tw hardware ethernet 00 21 41 20 10 01 fixed address 192 168 1 225 filename zImage redwoods option root path root project vrg 21412 build_mi D D H D D D D D D D D o D D D default lease time 10000 max lease time 10600 E root localhost gt dhcpd conf et D root localhost fg dhcp File Bro DR oota Double click dhcpd conf placed in etc dhcp directory to open it 199 Modify dhcpd conf File The following marked areas in dhcpd conf file can be modified with values that work with your networking environment default lease time 10000 4 Taax lease time 10000 ddns update style ad hoc ddns update style interim subnet 192 168 0 0 netmask 255 255 255 0 range 192 168 0 118 192 168 0 230 option subnetmask 255 255 255 0 option broadcast addyess 192 168 0 255 option routers 192 168 0 251 option domain name servers 168 95 1 1 168 95 192 1 host FAE hardware ethemet 00 06 19 03 A2 40 fixed address 192 168 0118 host HS 0600 hardware ethemet 00 06 19 65 1 8
210. rt isolation settings Security command Switch config security anti broadcast polling interval 3 300 3 300 Parameter Description Specify a time interval for the frequency of the Managed Switch checking or refreshing broadcast traffic The allowable time interval value is between 3 and 300 seconds Switch config security ipv6 filter Enable IPv6 filter function Switch config security isolation Enable port isolation function If port isolation is set to enable the customer port port 1 24 can t communicate to each other Switch config security upnp filter No command Switch config no security anti broadcast polling interval Enable UPnP filter function Set the anti broadcast polling interval back to the default setting Switch config no security ipv6 filter Disable IPv6 filter function Switch config no security isolation Disable port isolation function Switch config no security upnp filter Disable UPnP filter function Show command Switch config show security Show Port Isolation IPv6 filter and UPnP filter setting Switch config show security anti broadcast Show or verify anti broadcast polling interval setting Switch config show security anti broadcast interface Show each interface s anti broadcast settings including port state and threshold value Switch config show security anti broadcas
211. rwarding 4 4 13 MVR MVR stands for Multicast VLAN Registration that enables a media server to transmit multicast stream in a single multicast VLAN when clients receiving multicast VLAN stream can reside in different VLANs Clients in different VLANs intend to join or leave the multicast group simply by sending the IGMP Join or Leave message to a receiver port The receiver port that belongs to one of the multicast groups can receive multicast stream from the media server MVR Configuration Guidelines and Limitations Guidelines Enable IGMP global setting Enable MVR global setting Create MVR VLAN and indicate the Source port and Receive port 146 Create MVR Groups whose multicasting channels would belong to MVR VLAN Enable VLAN Aware in MVR Source Port In a normal condition Tag multicasting stream injects to Source port Optional Setting VLAN Port Egress mode in MVR Receive port In a normal condition Un tag multicasting stream forward to receive port Optional Limitation Receiver ports on a switch can be in different VLANs but they should not belong to the multicast VLAN Do not configure MVR on private VLAN ports MVR can coexist with IGMP snooping on a switch MVR data received on an MVR receiver port is not forwarded to MVR source ports MVR does not support IGMPv3 messages MVR on IPv6 multicast groups is not supported Click the folder MVR Configuration from the Switch Management me
212. ry time 0 2 times that the Managed Switch will try to reconnect if the RADIUS server is not reachable Switch config user radius secret Specify a secret up to 31 alphanumeric secret secret characters for RADIUS server This secret key is used to validate communications between RADIUS servers Switch config user radius A B C D Specify the primary RADIUS server IP Server A B C D address Switch config user radius A B C D Specify the secondary RADIUS server IP server2 A B C D address Disable RADIUS authentication Switch config no user radius radius port Set the radius port setting back to the factory default Switch config no user radius retry time Set the retry time setting back to the factory default Remove the configured secret value Switch config no user radius secret Switch config no user radius server Delete the specified IP address Switch config no user radius server2 Show command Switch config show user radius User command example Switch config user radius Delete the specified IP address Show current RADIUS settings Enable RADIUS authentication Switch config user radius radius port 1812 Set RADIUS server port number to 1812 Switch config user radius retry time 2 Set the retry value to 2 The Managed Switch will try to reconnect twice if the RADIUS server is not reachable Switch config user radius s
213. s Table S SFP Information DHCP Snooping RSTP Monitor 3 Save Configuration FX Forwarding Unlocked down Reset System FX Forwarding Unlocked down LU E FX Forwarding ocked FX Forwarding Unlocked F Forwarding Unlocked F Forwarding Unlocked H H x x F F F Forwarding Unlocked F Forwarding Unlocked TX Forwarding Un 1 Switch Port State View current port media type port state etc 2 Port Traffic Statistics View each port s frames and bytes received or sent utilization etc 3 Port Packet Error Statistics View each port s traffic condition of error packets e g CRC fragment Jabber etc 4 Port Packet Analysis Statistics View each port s traffic condition of error packets e g RX TX frames of Multicast and Broadcast etc 5 LACP Monitor View the LACP port status and statistics 6 RSTP Monitor View RSTP VLAN Bridge Port Status and Statistics 7 802 1X Monitor View port status and Statistics 8 IGMP Monitor View only field that shows IGMP status and Groups table 9 Mac Address Table List current MAC addresses learned by the Managed Switch 171 10 SFP Information View the current port s SFP information e g speed Vendor ID Vendor S N etc SFP port state shows current DMI Diagnostic monitoring interface temperature voltage TX Bias etc 11 DHCP Snooping View the DHCP learning
214. sabled D LLDP Status S D Loop Detection Status E Le a LACP Monitor D 802 1X Statistics 4 5 7 1 802 1X Port Status 802 1X Port Status allows users to view a list of all 802 1x ports information Select 802 1X port status from the 802 1x Monitor menu and then the following screen page appears 802 1 Port Status Disabled a See _ d Disabled e Disabled oe a beat 10 Disabled GE Kaes 13 Disabled Disabled In this page you can find the following information about 802 1 X ports Disabled Disabled Port The number of the port 181 State Display the number of the port 802 1x link state LinkDown or LinkUp Last Source Display the number of the port s Last Source Last ID Display the number of the port s Last ID 4 5 7 2 802 1X Statistics In order to view the real time 802 1X port statistics status of the Managed Switch select 802 1x Statistics from the 802 1x Monitor menu and then the following screen page shows up Select the port number from the pull down menu to view statistics 802 1X Statistics Rx Access Challenges Rx Other Requests Rx Auth Successes Rx Auth Failures Tx Total Tx Request ID Tx Responses 182 4 5 8 IGMP Monitor Click the IGMP Monitor folder and then the following screen page appears lt 3 Main Menu IGMP Snooping Status _ System Information _ User Authentication 3
215. sabled v Counter Port number Select a port number that you would like to configure 159 Policy ID Select a policy ID from the pull down menu A port can only use one policy ID however a policy ID can be applied to many ports Action Deny or permit the action Rate Limiter Disable or enable rate limiter When rater limiter is enabled you can further set up each Rate Limiter s rate Port Copy Send a copy of packets to the desired port Shutdown If enabled the Managed Switch will shutdown the interface Counter View only filed that shows the amount of packets that conform to the configured rules OK Click OK to save the port configurations Reflash Click Reflash to show the number of packets that conform to the default ACL rule Clear Click Clear to delete the number in the Counter field ACL Rate Limiter Configuration When Rate Limiter is enabled in ACL Ports Configuration rate of each Rate Limiter can be further specified ACL Rate Limiter Configuration Rate Limiter ID Rate pps i A 4 1 2 3 FE 7 1 1 4 A A JS SC o EC lt o s co e E z a s co o Ma o KC m co i 0 1 2 Rate pps Select the rate for each Rate Limiter ID 160 ACL Configuration ACL Configuration GC Poi fa Dew spots Je o0 New Edit Delete Reflash Clear Click New to add a new AC
216. ser description Enter the brief description for this user NAME description account description Switch config user password Enter the password up to 20 alphanumeric NAME password characters for this user account password Switch config user A B C D Enter the IP address for IP security function NAME ip address A B C D Switch config user Enable IP security function When enabled NAME ip security only the legitimate IP address can login to the Managed Switch Switch config user admin rw Specify this user s access level NAME level admin rw ro ro admin administrator Full access right includes maintaining user account amp system information loading factory settings etc rw read amp write Partial access right not able to modify user account amp system information and load factory settings ro read only Read Only access privilege No command Switch config no user username Delete the specified account name username Switch config user NAME no active Deactivate the selected user account Switch config user NAME no description Remove the configured description Switch config user Remove the configured password value Switch config user NAME no ip address Delete the specified IP address Switch config user NAME no ip security Disable IP security function NAME no password
217. settings aggregated port settings physical port settings etc 5 802 1X Configuration Set up the 802 1X system port Admin state port reauthenticate 6 MAC Address Management Set up MAC address enable or disable MAC security etc 7 VLAN Configuration Set up VLAN mode and VLAN configuration 8 QoS Configuration Set up the priority queuing rate limit and storm control 9 DSCP Remark Set up DSCP Remarking 802 1p remarking and queue remarking 10 Port Mirroring Set up target port mirrors source port to enable traffic monitoring 11 IGMP Snooping Enable or disable IGMP and set up IGMP VLAN ID configuration 12 Static Multicast Configuration Create edit or delete Static Multicast table 105 13 MVR Configuration Enable or disable MVR and create MVR VLAN setting 14 Security Configuration Set up DHCP option 82 agent relay port setting filtering and static IP table configuration 15 Access Control List Management Set up access control entries and lists 16 LLDP Configuration Enable or disable LLDP on ports and set up LLDP related attributes 17 Loop Detection Configuration Enable or disable Loop Detection function and set up Loop Detection configuration 4 4 1 Switch Configuration Click the option Switch Configuration from the Switch Management menu and then the following screen page appears Switch Configuration a SS See BR SFP Safety TX Bias SFP Normal TX Power range SFP Normal RX Po
218. snooping flooding forwarded to router ports only when disabled Switch config no ip igmp Disable IGMP immediate leave function snooping immediate leave Switch config no ip igmp Reset maximum response time back to the snooping max response time factory default Switch config no ip igmp port_list Remove the selected ports from the router snooping mcast router port_list port list Switch config no ip igmp Reset Query interval value back to the snooping query interval factory default Switch config no ip igmp 1 4094 Disable IGMP Snooping on the specified snooping vian 1 4094 VLAN Switch config no ip igmp 1 4094 Disable a querier on the specified VLAN snooping vian 1 4094 query Show command Switch config show ip igmp snooping Show current IGMP snooping status including immediate leave function Switch config show ip igmp snooping groups Show IGMP group table Switch config show ip igmp snooping status Show IGMP Snooping status 53 5 Configure IGMP Filtering policies IGMP Filtering command Parameter Description Switch config ip igmp filter Enable IGMP Filtering function Switch config ip igmp 1 400 Specify a segment ID segment 1 400 Switch config segment ID segment_name Specify a name for this segment name segment_name Switch config segment ID E F G H Specify a multica
219. ss loop between switches A broadcast storm can consume all available CPU resources and bandwidth Spanning tree allows a network design to include spare redundant links to provide automatic backup paths if an active link fails without the danger of bridge loops or the need for manually enabling disabling these backup links To provide faster spanning tree convergence after a topology change an evolution of the Spanning Tree Protocol Rapid Spanning Tree Protocol RSTP introduced by IEEE with document 802 1w RSTP is a refinement of STP therefore it shares most of its basic operation characteristics This essentially creates a cascading effect away from the root bridge where each designated bridge proposes to its neighbors to determine if it can make a rapid transition This is one of the major elements which allow RSTP to achieve faster convergence times than STP Spanning tree command Parameter Description Switch config spanning Enable Spanning Tree Protocl function tree aggregated port on aggregated ports Switch config spanning 1 200000000 Specify aggregated ports path cost tree aggregated port cost 1 200000000 Switch config spanning 0 240 Specify aggregated ports priority tree aggregated port priority 0 240 Switch config spanning Enable aggregated ports to shift to tree aggregated port edge forwarding state when the link is up If you know a port is directly connected to an end d
220. st IP range range E F G H E F G H E F G H Switch config ip igmp profile profile_name Specify a name for this profile profile name Switch config profile I D 1 400 Specify an existing segment ID segment 1 400 Switch config no ip igmp filter Disable IGMP Filtering function Switch config no ip igmp 1 400 Delete the specified segment Only segment 1 400 the segment that does not belong to any profiles can be deleted Switch config no ip igmp profile name Delete the specified profile profile profile_name Switch config show ip igmp Show IGMP Filtering setting filter Switch config show ip igmp port_list Show the specified ports IGMP filter interface port_list Filtering status Switch config show ip igmp Show IP multicast profile information profile Switch config show ip igmp profile name Show the specified profile s setting profile profile_name Switch config show ip igmp Show IP multicast segment segment information Switch config show ip igmp 1 400 Show the specified segment s setting segment 1 400 Switch config segment ID Show the selected segment s setting show Switch config profile ID show Show the selected profile s setting IGMP Filtering command example Switch config ip igmp filter Enable IGMP Filtering function Switch config ip igmp segment 50 Create a segment 50 Switch config segment 50 name Silver Specify a name Silver
221. stination MAC address Show or verify link aggregation settings Switch config show channel group trunking group_name Channel group command example Ioroup name Switch config channel group trunking corenetwork Show or verify a specific link aggregation group s settings including aggregated port numbers and load balancing status Create a link aggregation group called corenetwork Switch config channel group type destination mac Load balancing depending on destination MAC address Switch config channel group type source mac Load balancing depending on source MAC address 44 2 Use Interface command to configure link aggregation groups dynamically LACP Channel oroup amp Interface command Parameter Description Switch config interface port_list port_list Enter several discontinuous port numbers separated by commas ora range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT Enable LACP on the selected channel group lacp interfaces Switch config if PORT PORT 0 255 Specify a key to the selected channel group lacp key 0 255 interfaces Switch config if PORT PORT active Specify the selected interfaces to channel group lacp type active No command Switch config if PORT PORT no channel group lacp active LACP type Disable LACP on the selected interfaces Switch config if PORT
222. t Switch config if PORT PORT no gos qcl Remove the QCL rule from the selected interfaces 66 Switch config if PORT PORT no qos rate limit ingress Delete QoS ingress rate limit setting Switch config if PORT PORT no qos rate limit egress Delete QoS egress rate limit setting Switch config if PORT PORT no qos remarking dscp Remove DSCP remarking from the selected ports Switch config if PORT PORT no qos remarking 802 1p Remove 802 1p remarking from the selected ports Switch config if PORT PORT no qos user priority Set the user priority value setting back to the factory default Switch config if PORT PORT no qos queue Set the weight setting back to the weighted factory default Show command Switch config show qos Show or verify QoS configurations 2 6 18 Security Command When a device on the network is malfunctioning or application programs are not well designed or properly configured broadcast storms may occur network performance may be degraded or in the worst situation a complete halt may happen The Managed Switch allows users to set a threshold rate for broadcast traffic on a per switch basis so as to protect network from broadcast multicast unknown unicast storms Any broadcast multicast unknown unicast packets exceeding the specified value will then be dropped 1 Configure anti broadcast IPv 6 filter UPnP filter and po
223. t Configuration a Access Control List Management D LLDP Configuration Loop Detection Configuration Switch Monitor TEE Cument Pence 192 168 0 1 Save Configuration J Reset System J Cancel 1 DHCP Option 82 Settings To enable or disable DHCP Option 82 relay agent global setting and show each port s configuration 2 DHCP Port Settings Customer port Port 1 24 DHCP snooping setting 3 Filter Configuration Customer port Port 1 24 filtering setting 4 Static IP Table Configuration To create static IP table for DHCP snooping setting 5 Storm Control To prevent the Managed Switch from unicast broadcast and multicast storm 6 Anti bcast Configuration To set up anti broadcasting polling interval and threshold 150 4 4 14 1 DHCP Option 82 Settings The Managed Switch can add information about the source of client DHCP requests that relay to DHCP server by adding Relay Agent Information This helps provide authentication about the source of the requests The DHCP server can then provide an IP address based on this information The feature of DHCP Relay Agent Information adds Agent Information field to the Option 82 field that is in the DHCP headers of client DHCP request frames Configure Opt82 Port Setting Select the option DHCP Option 82 Settings from the Security Configuration menu and then the following screen page appears DHCP Opt82 Settings DHCP Opt 2 Relay Agent Opt82 Port
224. t Options Switch management options available are listed below e Local Console Management Telnet Management SNMP Management WEB Management SSH Management Local Console Management Local Console Management is done through the RS 232 DB 9 Console port located on the rear panel of the Managed Switch Direct RS 232 cable connection between the PC and the Managed switch is required for this type of management Telnet Management Telnet runs over TCP IP and allows you to establish a management session through the network Once the Managed switch is on the network with proper IP configurations you can use Telnet to login and monitor its status remotely SSH Management SSH Management supports encrypted data transfer to prevent the data from being stolen due to remote management You can use PuTTY a free and open source terminal emulator application which can act as a client for the SSH to gain access to the Managed Switch SNMP Management SNMP is also done over the network Apart from standard MIB Management Information Bases an additional private MIB is also provided for SNMP based network management system to compile and control Web Management Web Management is done over the network and can be accessed via a standard web browser such as Microsoft Internet Explorer Once the Managed switch is available on the network you can login and monitor the status of it through a web browser remotely or locally Local Console
225. t interface port_list Security command example Switch config security anti broadcast polling interval 60 Show the selected ports anti broadcast settings Set anti broadcast polling interval to 60 seconds Switch config security ipv6 filter Enable IPv6 filter function Switch config security isolation Enable port isolation function If port isolation is set to enable the customer ports port 1 24 can t communicate with each other Switch config security upnp filter Enable UPnP filter function 2 Enable or disable broadcast multicast unknown unicast storm control Security command Switch config security storm protection broadcast 1 1024k 1 1024k Parameter Description Specify the maximum broadcast packets per second pps Any broadcast packets exceeding the specified threshold will then be dropped The packet rates that can be specified are listed below 1 2 4 8 16 32 64 128 256 512 1k 2k 4k 8k 16k 32k 64k 128k 256k 512k 1024k NOTE To view a list of allowable values that can be specified you can press spacebar and then followed by For example Switch config security storm protection broadcast 68 Switch config security storm protection multicast 1 1024k 1 1024k Specify the maximum unknown multicast packets per second pps Any unknown multicast packets exceeding the spe
226. t is a popular industry format supported by several fiber optic component vendors SFP transceivers are available with a variety of different transmitter and receiver types allowing users to select the appropriate transceiver for each link to provide the required optical reach over the available optical fiber type SFP transceivers are also available with a copper cable interface allowing a host device designed primarily for optical fiber communications to also communicate over unshielded twisted pair networking cable SFP slot for 3 3V mini GBIC module supports hot swappable SFP fiber transceiver Before connecting the other switches workstation or Media Converter make sure both side of the SFP transfer are with the same media type for example 1000Base SX to 1000Base SX 1000Bas LX to 1000Base LX and check the fiber optic cable type matches the SFP transfer model To connect to 1000Base SX transceiver use the multi mode fiber cable with male duplex LC connector type for one side To connect to 1000Base LX transfer use the single mode fiber cable with male duplex LC connector type for one side 10 100 1000Base T RJ 45 Auto MDI MDIX Port 4 x 10 100 1000Base T RJ 45 Auto MDI MDIX ports are located at the front of the Managed Switch These RJ 45 ports allow users to connect their traditional copper based Ethernet Fast Ethernet devices to the network All these ports support auto negotiation and MDI MDIX auto crossover i e either crossov
227. t_list 64 Switch config qcl LIST no tos 0 0 7 tos_list Remove TOS value setting 7 tos_list Switch config qcl LIST no vian id 1 4094 Remove VLAN ID setting 1 4094 Switch config qcl LIST no 802 1p 0 7 802 1p_list Remove 802 1p tag priority 0 7 802 1p list setting Switch config show qos interface Show or verify each interface s QoS configurations Switch config show qos interface port_list Show or verify the selected port_list ports QoS configurations Switch config show qos qcl Show or verify each QCL rule Switch config show oos qcl 1 24 1 24 Show or verify the selected QCL rule Switch config qcl LIST show Show configurations of the selected QCL rule QCL example Switch config qos qcl 1 Create a QoS control list for traffic classification Switch config qcl 1 dscp 1 low Set a DSCP value 1 to low priority Switch config qcl 1 ether type 0x9100 high Specify high priority to the ether type 0x9100 Switch config qcl 1 tcpudp port 1 100 high Specify high priority to TCP UDP port from 1 to 100 Switch config qcl 1 tos 1 3 5 medium Map type of service values 1 3 5 to medium priority value Switch config qcl 1 vlan id 55 high Specify high priority to VLAN 55 Switch config qcl 1 802 1p 1 2 low Map 802 1p bit values 1 2 to low priority 2 Set up DSCP and 802 1p remarking
228. t_list Display error packets statistics events for the selected ports Switch config show interface statistics error rate Display error packets statistics rates for each port Switch config show interface port_list statistics error rate port_list Display error packets statistics rates for the selected ports Switch config show interface statistics traffic Display traffic statistics events for each port Switch config show interface port_list statistics traffic port_list Display traffic statistics events for the selected ports Switch config show interface statistics traffic rate Display traffic statistics rates for each port Switch config show interface port_list statistics traffic rate port_list Display traffic statistics rates for the selected ports Switch config show interface statistics clear Clear all statistics 88 2 6 27 Show sfp Command When you slide in a SFP transceiver detailed information about this module can be viewed by issuing this command Command Description Display SFP information including Switch config show sfp information temperature voltage TX Bias TX power and RX power Show the slide in SFP modules current Switch config show sfp state temperature safety Bias power TX power RX power and voltage 2 6 28 Show default setting running config and start up config
229. table etc 12 LLDP Status View the TLV information sent by the connected device with LLDP enabled 13 Loop Detection Status View the Loop Detection status of each port 4 5 1 Switch Port State In order to view the real time port status of the Managed Switch select Switch Port State from the Switch Monitor menu and then the following screen page appears Switch Port State Forwarding Unlocked down Kr Forwarding Unlocked down SS es Forwarding Unlocked up 100 half off Forwarding Unlocked down x Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Forwarding Unlocked down Mesia Tee TX TX TX TX TX lelel4 ajs jojn N o Port Number The number of the port Media Type The media type of the port either TX or Fiber Port State This shows each ports state which can be D Disabled B L Blocking Listening L Learning or F Forwarding Disabled A port in this state does not participate in frame relay or the operation of the Spanning Tree Algorithm and Protocol if any Blocking A Port in this state does not participate in frame relay thus it prevents frame duplication arising from multiple paths existing in the active topology of Bridged LAN Learning A port in t
230. tables and also decreases the workload at the end hosts since their network cards or operating system will not receive and filter all the multicast traffic generated in the network Select the folder IGMP Snooping from the Switch Management menu and then the following screen page appears amp Main Menu IGMP Configuration D System Information User Authentication S Network Management Sy Switch Management 3 Switch Configuration Port Configuration Link Aggregation 4 Rapid Spanning Tree 9 802 1 Configuration a MAC Address Management VLAN Configuration 2 QoS Configuration DSCP Remark 3 Port Mirroring 28 IGMP Snooping D IGMP Configuration D IGMP VLAN ID Configuration 3 IPMC Segment D IPMC Profile IGMP Filtering D Static Multicast Configuration E Disabled v Unregistered IPMC Flooding Disabled v Query Interval Query Response Interval Fete 125 1 6000 Second 100 1 6000 1 10 Sec Disabled ze Router Port iu fie Es fe fr e fie fo h e fo fas gibt 1 IGMP Configuration To enable or disable IGMP Unregistered IPMC Flooding and set up router ports VLAN IGMP VLANID Configuration To set up the ability of IGMP snooping and querying with 139 3 IPMC Segment To create edit or delete IPMC segment 4 IPMC Profile To create edit or delete IPMC profile 5 IGMP Filtering To enable or disable IGMP filter and configure each port s I
231. tem name for this Managed Switch Use switch info sys name sys name command to edit this field System Location Display a brief location description for this Managed Switch Use switch info sys location sys location command to edit this field Model Name Display the product s model name Firmware Version Display the firmware version used in this device M B Version Display the main board version Serial Number Display the serial number of this Managed Switch Date Code Display the Managed Switch Firmware date code Up Time Display how long the device has booted up Local Time Display the local time of the location where the device is CPU Temperature Display CPU s current temperature PHY1 2 3 Temperature Display the current temperature of each PHY Case Fan1 2 Display the status of the case fans Power A B Display whether the power module is installed on the device Type Display the type of the power module State Display the current status of the power module 2 Display or verify currently configured settings Refer to the following sub sections Interface command IP command MAC command QoS command Security command SNMP Server command User command VLAN command sections etc 3 Display interface information or statistics Refer to Show interface statistics command and Show sfp information command sections 25 4 Show default running and st
232. the ACK value in TCP header is one Select any to indicate either 1 or 0 TCP URG Select 0 to indicate that the URG value in TCP header is zero 1 to indicate the URG value in TCP header is one Select any to indicate either 1 or 0 168 4 4 16 LLDP Configuration LLDP stands for Link Layer Discovery Protocol and runs over data link layer which is used for network devices to send information about themselves to other directly connected devices on the network By using LLDP two devices running different network layer protocols can learn information about each other A set of attributes are used to discover neighbor devices These attributes contains type length and value descriptions and are referred to TLVs Details such as port description system name system description system capabilities management address can be sent and received on this Managed Switch Use Spacebar to select ON if you want to receive and send the TLV Select the option LLDP Configuration from the Switch Management menu and then the following screen page appears LLDP Configuration Port Number eee eae tee era Por Enable Ololotololo GOGpppCOn pooo Receiver Hold Time TTL Secs 1 3600 Sending LLDP Packet Interval Secs 1 180 Sending LLDP Packets Per Discover Packet 1 16 D
233. the option IGMP VLAN Configuration from the IGMP Snooping menu and then the following screen page with the ability information of IGMP Snooping and Querying in VLAN s appears IGMP LAN ID Configuration Select the current VLAN s and click Edit to view and edit the ability settings IGMP VLAN ID Configuration 1411024 Snooping When enabled the port in VLAN will monitor network traffic and determine which hosts to receive the multicast traffic Querying When enabled the port in VLAN can serve as the Querier which is responsible for asking hosts whether they want to receive multicast traffic 4 4 11 3 IPMC Segment Select the option IPMC Segment from the IGMP Snooping menu and then the following screen page with the ability information of IPMC Segment ID Name and IP Range appears IPMC Segment ID View only field that shows the current registered ID number 141 Segment Name View only field that shows the current registered Name IP Range View only field that shows the current registered IP Range Click New to register a new IPMC Segment and then the following screen page appears Click Edit to edit and view the IPMC Segment settings Click Delete to remove a current IPMC Segment registration IPMC Segment Mcneela EAA ER 1 1 400 o E Segment Name 224 0 1 0 239 255 255 255 Current Total Max VLANs View only field Current This sh
234. the received frame is tagged with VLAN information the switch checks its address table to see whether the destination port is a member of the same VLAN Assuming both ports are members of the tagged VLAN the frame will be forwarded Tagging Every port on an 802 1Q compliant switch can be configured as tagging or un tagging Ports with a tagging will put the VID number priority and other VLAN information into the header of all packets that flow into and out of it If a packet has been tagged previously the port will not alter the packet and keep the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions Un tagging Ports without a tagging will strip the 802 1Q tag from all packets that flow into and out of those ports If the packet does not have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an un tagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the switch Un tagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Simply put un tagging means that once you set up the port as U untagged all egress packets in the same VLAN group from the port will have no tags 4 4 7 3 Introduction to Q in Q The IEEE 802 1Q double tagging VLAN is also referred to Q in Q or VLAN stack
235. the same VLAN ID used Therefore in order to get the information from Headquarter to Branch 1 the easiest way for the carrier to ensure security to customers is to encapsulate the original VLAN with a second VLAN ID of 100 This second VLAN ID is known as SP VLAN Service Provider VLAN that is added as data enters the service provider s network and then removed as data exits Eventually with the help of SP Tag the information sent from Headquarter to Branch 1 can be delivered with customers VLANs intactly and securely C VLAN TAG 20 Customer A VLAN hemm BRANCH 1 MAN Service Provider MANEdgeSwitch m Q in Q Q in Q SP VLAN Tag 100 C VLAN Tag 20 N Edge Switch qa TAG 30 4 Customer AVLAN d Headquarter F SP VLAN Tag 100 C VLAN Tag 20 SPVLANT 100 C VLAN Tag 30 Backbone f i ag z ag Core Switch SP VLAN Tag 100 C VLAN Tag 30 C VLAN TAG 30 MAN Edge Switch Customer A VLAN BRANCH 2 Q in Q Example 127 4 4 7 4 802 1Q VLAN The following screen page appears when you choose IEEE 802 1q Tag VLAN A amp Main Menu Configure IEEE 802 1q Tag VLAN O System Information O User Authentication Network Management Ea Switch Management O Switch Configuration O Port Configuration vean name vio J2 3 4 5 e 7 s 9 10 14 12 13 14 15 16 17 18 19 20 21 22 2324 cP Link Aggregation IV Member Not Member G Rapid Spanning Tree a 802 1X Configuration
236. the type field of the ICMP header Select any to filter any type If Specific is selected you need to further specify an ICMP type value ICMP Type Value Specify an ICMP type value ICMP Code Filter This field is used to filter the ICMP code defined in the code field of the ICMP header Select any to filter any code If Specific is selected you need to further specify an ICMP code value ICMP Code Value Specify an ICMP code value UDP Parameters Source Port Filter Select Any to filter frames from any source port If Specific is selected you need to further specify a source port number If Range is selected you need to further specify a source port range Source Port NO Specify a source port number 0 65535 Source Port Range Specify a source port range The source port number is from 0 to 65535 Destination Port Filter Select Any to filter frames to any destination port If Specific is selected you need to further specify a destination port number If Range is selected you need to further specify a destination port range Destination Port NO Specify a destination port number 0 65535 167 Destination Port Range Specify a destination port range The source port number is from 0 to 65535 TCP Parameters Source Port Filter Select Any to filter frames from any source port If Specific is selected you need to further specify a source port numb
237. tic IP table first unlimited Non Limited Allows both static IP and DHCP assigned IP This is the default setting port_list Switch config if PORT PORT ip A B C D Add a static IP address to static IP sourceguard static ip A B C D address table mask 255 X X X vlan 1 4094 Specify an IP address 255 X X X Specify subnet mask for the specified IP address 1 4094 Specify a VLAN ID Switch config interface port_list Enter several discontinuous port numbers separated by commas or a range of ports with a hyphen For example 1 3 or 2 4 Switch config if PORT PORT no ip igmp filter Disable IGMP Filter on the selected interfaces Switch config if PORT PORT no ip igmp filter profile profile name profile_name Remove the selected ports from the specified profile 55 Switch config if PORT PORT no ip igmp max groups Set the maximum number of multicast streams back to the factory default 512 channels filter interface port_list Switch config if PORT PORT E F G H Remove this static multicast IP to no ip igmp static multicast ip VLAN entry E F G H vlan 1 4094 Specify static multicast IP address 1 4094 Specify a VLAN ID Switch config if PORT PORT Set the accepted IP source to the no ip sourceguard factory default unlimited Switch config if PORT PORT A B C D Specify an IP address that you want no ip sourcegua
238. tion up to 55 alphanumeric characters of the Managed Switch location Like the name the location is for reference only for example 13th Floor Model Name View only field that shows the product s model name Firmware Version View only field that shows the product s firmware version M B Version View only field that shows the main board version 93 Serial Number View only field that shows the serial number of this product Date Code View only field that shows the Managed Switch Firmware date code Up Time View only field that shows how long the device has booted up Local Time View only field that shows the local time of the location where the device is CPU Temperature View only field that shows the current CPU temperature PHY1 2 3 Temperature View only field that shows the current PHY temperature Case Fan1 2 View only field that shows the running status of case fan Power A B View only field that shows whether the power module is installed on the device Type View only field that shows the type of the power module State View only field that shows the current status of the power module 4 2 User Authentication To prevent any unauthorized operations only registered users are allowed to operate the Managed Switch Users who want to operate the Managed Switch need to register into the user list first To view or change current registered users select User Authentication from the Main Menu and then the fol
239. try registered in IPMC Profile option 4 4 12 Static Multicast Configuration Select the option Static Multicast Configuration from the Switch Management menu and then the following screen page appears Static Multicast Configuration IP Address View only field that shows the current source IP address of multicast stream VLAN View only field that shows the specified VLAN ID for current multicast stream Forwarding port View only field that shows the forwarding port for current multicast stream Click New to register a new Static Multicast configuration and then the following screen page appears 145 Click Edit to edit and view static multicast configuration settings Use Delete to remove a current Static Multicast configuration Static Multicast Configuration Cumrent Totalax Groupz 17 1 128 race Bi pases Address 224 0 1 0 239 255 255 255 wann o ID 1 4094 Ge Forwarding Pot Port 1 Current Total Max Groups View only field Current This shows the number of current registered static multicast configuration Total This shows the total number of registered static multicast configuration Max This shows the maximum number available for static multicast configuration The default maximum number is 128 IP Address Specify the multicast stream source IP address VLAN Specify a VLAN ID for multicast stream Forwarding port Select a port number for multicast stream fo
240. tus of the Managed Switch select RSTP Statistics from the RSTP Monitor menu and then the following screen page appears RSTP Statistics smitted STP Transmitted TCN Transmitted RSTP Recevied STP Recevied TCN Recevied Illegal Recevied Unknown Recevied RSTP Transmitted The total transmitted RSTP packets from current port STP Transmitted The total transmitted STP packets from current port TCN Transmitted The total transmitted TCN Topology Change Notification packets from current port RSTP Received The total received RSTP packets from current port STP Received The total received STP packets from current port TCN Received The total received TCN packets from current port Illegal Received The total received illegal packets from current port Unknown Received The total received unknown packets from current port 180 4 5 7 802 1X Monitor Click the 802 1X Monitor folder and then two options appear amp Main Menu 802 1X Port Status D System Information D User Authentication Network Management Port Sy Switch Monitor D Switch Port State Disabled a SE EE Disabled LI Disabled D Port Packet Error Statistics dca Pot se B e o S Jo D z fo e RSTP Monitor a4 802 1 Monitor a IGMP Monitor Disabled D MAC Address Table Disabled SFP Information Disabled a o D Port Packet Analysis Statistics Disabled D 802 1 Port Status D DHCP Snooping Di
241. type Web management especially for the first time use of the Managed Switch to set up the needed IP can be done through one of the 10 100Base TX 8 pin RJ 45 ports located at the front panel of the Managed Switch Direct RJ 45 LAN cable connection between a PC and the Managed Switch is required for Web Management 1 3 Management Software Following is a list of management software options provided by this Managed Switch e Managed Switch CLI interface e SNMP based Management Software e Web Browser Application Console Program The Managed Switch has a built in Command Line Interface called the CLI which you can use to e Configure the system e Monitor the status e Reset the system You can use CLI as the only management system However another network management option SNMP based management system is also available You can access the text mode Console Program locally by connecting a VT 100 terminal or a workstation running VT100 emulation software to the Managed Switch RS 232 DB 9 Console port directly Or you can use Telnet to login and access the CLI through network connection remotely SNMP Management System Standard SNMP based network management system is used to manage the Managed Switch through the network remotely When you use a SNMP based network management system the Managed Switch becomes one of the managed devices network elements in that system The Managed Switch management module contains an SNMP agent that w
242. ue yum install dhcp command to install DHCP server 197 Copy EE com to etc dhep File Edit View Go Bookmarks Tabs Help mBack v t cirectory d amp 100 Icon view Lei Location DES Placesv x dhclient d root Di Desktop J File System SS Network LO Floppy Drive Trash Documents ES Music E Pictures DI videos i Downloads Link to dhcpd conf 3 items Free space 2 9 GB allo pa dhcpd conf Ka zm fos dhcpd6 conf Copy dhcpd conf file provided by the vendor to etc dhcp directory Please note that each vendor has its own way to define auto provisioning Make sure to use the file provided by the vendor ENADE and run DHCP service Program Service Help a Remarks NetworkManager start and stop NetworkMarray LCE el abrtd start and stop abrt daemon lt 4 acpid start and stop acpid m 4 atd Starts stop the at daemon lt auditd m avahi daemon SI bluetooth Trigger bluetoothd start up btseed bttrack SEI cpuspeed processor frequency scaling support lt crond run cron daemon cups The CUPS scheduler cs dc client Start and stop the DHCP server dhcpd6 Start and stop the DHCPv6 server dhcrelay Start and stop the DHCP relay server dnsmasq firstboot Starts the firstboot configuration program lt 4 gpm Start and stop gpm daemon S i haldaemon httpd start and stop Apache HTTP Server
243. w only field Current This shows the number of currently registered communities 101 Total This shows the number of total registered community users Max Agents This shows the number of maximum number available for registration The default maximum number is 10 Account State Enable or disable this Community Account Community Specify the authorized SNMP community name up to 20 alphanumeric characters Description Enter a unique description for this community name up to 35 alphanumeric characters This is mainly for reference only IP Security Click the pull down menu to enable or disable the IP security function If enabled Community may access the Managed Switch only through the management station which has the exact IP address specified in IP address field below If disabled Community can access the Managed Switch through any management stations IP Address Specify the IP address used for IP Security function SNMP Level Click the pull down menu to select the desired privilege for the SNMP operation NOTE When the community browses the Managed Switch without proper access right the Managed Switch will not respond For example if a community only has Read amp Write privilege then it cannot browse the Managed Switch s user table 4 3 6 Trap Destination Click the option Trap Destination from the Network Management menu and then the following screen page appears Trap Destination Disab
244. wer range Layer 2 Control Protocol 0180C200000 o180c200002 Maximum Frame Size Specify the maximum frame size between 1518 and 9600 bytes The default maximum frame size is 9600bytes MAC Address Aging Time Specify MAC Address aging time between 0 and 4080 seconds 0 means that MAC addresses will never age out SFP Safety Temperature Enter the specific temperature for the Managed Switch to detect the SFP DMI safety range Default 0 70 C SFP Safety Voltage Enter the specific Voltage for the Managed Switch to detect the SFP DMI safety range Default 3 3 6V 106 SFP Safety TX Bias Enter the specific Bias for the Managed Switch to detect the SFP DMI safety range Default 400mA SFP Normal TX Porwer range Enter the TX power value The allowable range is between 9999 and 99999 SFP Normal RX Power range Enter the RX power value The allowable range is between 9999 and 99999 Layer 2 Control Protocol 0180C200000X Select either Not Filter or Filter When Filter is selected packets from the address ranging from 0180C2000000 to 0180C200000F will be dropped Multicast MAC addresses from 0180C2000000 to 0180C200000F are reserved for use by 802 1 802 3 protocols The purpose for each multicast address is described briefly below 0180C2000000 All bridges It is used for BPDUs and must be recognized by RBridges due to RBridge port participation in spanning tree as a leaf 0180C2
245. west priority will be selected as the root bridge The root bridge is the central bridge in the spanning tree Hello Time Periodically a hello packet is sent out by the Root Bridge and the Designated Bridges that are used to communicate information about the topology throughout the entire Bridged Local Area Network Max Age If another switch in the spanning tree does not send out a hello packet for a long period of time it is assumed to be disconnected This timeout is set to 20 seconds Forward Delay It is the time spent in each Listening and Learning state before the Forwarding state is entered This delay occurs when a new bridge comes onto a busy network Force Version Set and show the RSTP protocol to be used Normal use RSTP Compatible compatible with STP 114 4 4 4 2 RSTP Aggregated Port Settings Click the option RSTP Aggregated Port Settings from the Rapid Spanning Tree menu and then the following screen page appears RSTP Aggregated Port Settings Path Cost 0 200000000 jo EE State Enable or disable configured trunking groups in RSTP mode Cost This parameter is used by the RSTP to determine the best path between devices Therefore lower values should be assigned to ports attached to faster media and higher values assigned to ports with slower media 0 means auto generated path cost Priority Choose a value between 0 and 240 to set the priority for the port interface A higher
246. work service to different types of traffic such as multi media video protocol specific time critical and file backup traffic To set up the priority of packets in the Managed Switch click the folder QoS Priority Configuration from the Switch Configuration menu and then three options within this folder will be displayed 130 amp Main Menu A QoS Port Configuration D System Information D User Authentication Network Management a Switch Management D Switch Configuration D Port Configuration Link Aggregation Rapid Spanning Tree 802 1 Configuration a MAC Address Management 2 VLAN Configuration Port Based VLAN IEEE 802 19 Tag VLAN 29 G05 Configuration D QoS Port Configuration D QoS Control List D QoS Rate Limiters O DSCP Remark D Port Mirroring IGMP Snooping D Static Multicast Configuration 1 QoS Port Configuration To set up each port s QoS default class QCL Priority Queuing Mode and Queue Weighted 2 QoS Control List To create edit or delete QCL settings 3 QoS Rate Limiters To configure each port s Policer and Shaper Rate 4 4 8 1 QoS Port Configuration Select the option QoS Port configuration from the QoS Configuration menu and then the following screen page appears Configure Default Class QoS Port Configuration Click the pull down menu to choose the class level Low Normal
247. xceed 133920 within 9 seconds the port 1will be blocked temporarily until the next polling interval 158 4 4 15 Access Control List Management ACLM Creating an access control list allows users to define who has the authority to access information or perform tasks on the network In the Managed Switch users can establish rules applied to port numbers to permit or deny actions Select the folder Access Control List Management from the Switch Management menu and then the following screen page appears Main Menu D System Information D User Authentication SE Network Management Sy Switch Management D Switch Configuration D Part Configuration Link Aggregation Rapid Spanning Tree 802 1 Configuration E MAC Address Management VLAN Configuration QoS Configuration DSCP Remark D Port Mirroring a0 IGMP Snooping Static Multicast Configuration MYR Configuration Security Configuration a 2 8 gement D ACL Rate Limiter Configuration D ACL Configuration D LLDP Configuration D Loop Detection Configuration ACL Ports Configuration Disable v Disabled v Shutdown ACL Ports Configuration When information does not conform to ACL entries configured in ACL Configuration actions set in ACL Ports Configuration will be taken ACL Ports Configuration Port Number Port 1 E Permit EN EE CAMEE Disable Port Copy Shutdown Disable v Di
248. xt clared them in option SW ITCH firmware file name code 5 text Not searching LDAP since ldap server ldap port and ldap base dn were not spd option SW ITCH finmware md5 code 6 string ied in the config file option SWITCH configuration file name code text Wrote class decls to leases file option SWITCH configuration md5 code 8 string Wrote 8 deleted host decls to leases file 16 bits option bit 0 Urgency bit 1 15 Reserve Wrote 8 new dynamic host decls to leases file Option SWITCH option code 9 unsigned integer 16 Wrote 6 leases to leases file Listening on LPF eth0 00 0c 29 ef f8 4f 192 168 0 0 24 class vendor classes Sending on LPF eth0 00 ef 8 47 192 168 0 0 24 i match option vendor class identifier ponding on eSpace ow Ve root localhost Je KR option SWITCH protocol 1 option SW ITCH server ip 192 168 0 251 D option SWITCH server login name anonymous option SW ITCH server login name FAE option SW ITCH server login pass word deptl subclass vendor classes HS 0600 vendor option space SW ITCH option SW ITCH firmware file name HS 0600 provision_1 bin option SW ITCH firmware md5 cb 9e 66 b6 c9 72 e8 1 a6 d2 94 32 20 50 0c bb option SW ITCH firraware file name HS 0600 provision_2 bin option SWITCH firmware md5 16 2c 2e 4d 30 e5 71 5 00 fd 5a f0 d8 33 7d db option SW ITCH configuration file name 3WO503A3C4 option SW ITCH configuration md5 ef 30 03 13 al d0 d6 05 optio
249. y each port s outbound bandwidth The excess traffic will be dropped Specifying 0 is to disable this function 4 4 9 DSCP Remark To set up DSCP Remark select the option DSCP Remark from the Switch Management menu and then the following screen page appears amp Main Menu DSCP Remark D System Information D User Authentication Network Management 2a Switch Management D Switch Configuration Port DSCP Ee Ee DSCP Remark x a0 Link Aggregation eo tla Dech sech FE 802 1X Configuration a0 MAC Address Management mn mn In 1 VLAN Configuration 0 QoS Configuration D DSCP Remark 15 D Port Mirroring e o z oe o e D Static Multicast Configuration ES SS 4 20 MYR Configuration CE aa Security Configuration Disable Access Control List Management D LLDP Configuration D Loop Detection Configuration Disable Gm Gem i EI gema Disable Cn Disable geen Disable Iv E 136 Configure DSCP Remark Select DSCP Remark from the pull down menu of Select Setting DSCP Remark Disable zl Disable Disable x Disable ze DR ES ER HG DEER E Disable x Disable x Disable x i Disable Disable x 24 Disable x Disable zs This allows you to enable or disable DSCP remarking for each port The default setting is disa
250. y enter Enable Mode this mode is password protected the prompt will be changed to Switch the model name of your device together with a pound sign Enter the question mark or help command to view a list of commands available for use Command Description copy cfg Restore or backup configuration file via FTP or TFTP server disable Turn off privileged commands exit Exit Enable mode and return to User Mode firmware Allow users to update firmware via FTP or TFTP help Display a list of available commands in Enable mode history Show commands that have been used logout Logout from the Managed Switch ping Test whether a specified network device or host is reachable or not reload Restart the Managed Switch write Save your configurations to Flash configure Enter Global Configuration Mode show Show a list of commands or show the current setting of each listed command 2 5 1 Copy cfg Command Use copy cfg command to backup a configuration file via FTP or TFTP server and restore the Managed Switch back to the defaults or to the defaults but keep IP configurations 1 Restore a configuration file via FTP or TFTP server Command Parameter Description Switch copy cfg A B C D Enter the IP address of your FTP server oe file name Enter the configuration file name that you want to restore Username Enter the username for FTP server login password user
Download Pdf Manuals
Related Search