SICOM3172 Industrial Ethernet Switch Web Operation Manual
Contents
1. L l L L NoAuthNoPriv v NoduthNoPriv v NoduthNoPriv v NoduthNoPriv NoAuthNoPriv v NoduthNoPriv v NoduthNoPriv v NoduthNoPriv v L H NoduthNoPriv v Figure 95 SNMPv3 Access Table Group Name Range 4 16 characters Function Configure the name of the group table Description Currently each group can contain only one user Therefore the group name must be identical with the user name in the user table Context Name Range 4 16 characters Function Configure the context name Security Model Options SNMPv3 Description SNMPv3 indicates that USM is adopted 100 Device Advanced Configuration Security Level Options NoAuthNoPriv AuthNoPriv Default NoAuthNoPriv Function Select whether authentication and encryption are required Description NoAuthNoPriv indicates no authentication or encryption AuthNoPriv indicates authentication without encryption 3 Configure the context table as shown in Figure 96 CONTEXT TABLE aaaa bbbb 4 2 3 4 5 6 7 8 9 ch CH wech _ eech N gt to sch e b om ch On Figure 96 SNMPv3 Context Table Configuration Context Name Range 4 16 characters Function Define the objects that can be accessed by SNMP The configura2. Figure 100 RMON History Table Index Range 1 65535 Function Configure the number of the history entry Data Source Options iflndex portid 106 Device Advanced Configuration Function Select the port whose information is to be sampled Owner Range 1 32 characters Function Configure the name of the history entry Sampling Number Range 1 65535 Function Configure the sampling times of the port Sampling Space Range 1 3600s Function Configure the sampling period of the port 3 Configure the event table as shown in Figure 101 3 ae LogandTrap na Figure 101 RMON Event Table Index Range 1 65535 Function Configure the index number of the event entry Owner Range 1 32 characters Function Configure the name of the event entry Event Type Options NONE LOG Snmp Trap Log and Trap Default NONE Function Configure the event type for alarms that is the processing mode 107 Device Advanced Configuration towards alarms Event Description Range 1 127 characters Function Describe the event Event Community Range 1 127 characters Function Configure the community name for sending a trap event The value shall be identical with that in SNMP 4 Configure the alarm table as shown in Figure 102 and Figure 103 fla Slo Lal ths es he WT ilo te he Figure 103 108 Device Advanced Configuration ishh Vg FG inen en We ll Figure 103 RMON
3. 6 24 3 Typical Configuration Example As shown in Figure 127 the TACACS server authenticates and authorizes users through the switch The IP address of the server is 192 168 0 23 The key for packet exchange between the switch and the server is aaa TACACS Server 192 168 0 23 192 168 0 2 User Switch Figure 127 TACACS Authentication Example 1 Enable TACACS as shown in Figure 124 2 Set the IP address of the server to 192 168 0 23 enable packet encryption and set the key value to aaa as shown in Figure 125 Adopt local authentication for Web login and TACACS authentication for Telnet login as shown in Figure 121 and Figure 130 Device Advanced Configuration TACAC S Authentication Service Configuration e telnet 122 3 Figure 122 4 Configure user name and password bbb on the TACACS server 5 For Web login enter user name admin and password 123 to access the switch through local authentication 6 For Telnet login enter user name and password bbb to access the switch through TACACS authentication 6 25 VDSL Configuration 6 25 1 Overview The Very high speed Digital Subscriber Line VDSL is a digital subscriber line DSL technology providing high speed data transmission over telephone lines The device provides a VDSL port You can configure the port as a Central Office CO or Customer Premise Equipment CPE CO and CPE can communicate with each other via a telephone
4. Bits per second Data bits Parity Stop bits Flow control Figure 4 Setting Port Parameters 6 Click lt OK gt The switch CLI is displayed Press lt Enter gt to enter the user view as shown in Figure 5 Switch HyperTerminal File Edit View Call Transfer Help De 283 De SWITCH gt Connected 0 00 03 Auto detect Auto detect SCROLL CAPS NUM Capture Figure 5 CLI 10 Switch Access 2 3 Switch Access by Telnet The precondition for accessing a switch by Telnet is the normal communication between the PC and the switch 1 Enter telnet P address in the Run dialog box as shown in Figure 6 Type the name of a program folder document or Internet resource and Windows will open it For you telnet 192 168 0 2 v Figure 6 Telnet Access Note e To confirm the switch IP address please refer to 5 1 IP Address to learn how NOTE to obtain the IP address 2 In the Telnet interface input admin in User and 123 in Password Click lt Enter gt to log in to the switch as shown in Figure 7 Switch Access of Telnet 192 168 0 2 Serial number S3G2UKKR System name SWITCH Location Chongxin Mansion Building Kijing Road 3 Shijingshan District Beijing Contact 86 16 88798888 User admin Password aas Welcome To Telnet Press RETURN to get started is WITCH gt Figure 7 Telnet Interfac
5. 6 23 1 Overview Authentication Authorization Accounting AAA is a management mechanism for network security providing authentication authorization and accounting functions Authentication authenticates the identity of the remote accessing user and check the legitimacy of the user Authorization grants different rights to users and limits services available to users Accounting records all operations performed by users when they use network services including service type start time and data flow It is not only an accounting method but also the supervision of network security 6 23 2 Implementation First authentication usually uses user name and password to verify user rights The principle of authentication is that each user has a unique standard for obtaining rights The AAA server checks the standard with user standards in the database one by one If a match is found the user passes the authentication if not the server refuses the network connection request Then a user obtains operation rights through authorization For example a user may execute certain commands for operations after logging into system In this case the authorization process will detect whether the user has rights to execute these commands Simply the authorization process checks the activity type or quality and resources or services allocated to the user Authorization is performed along with authentication Once a user passes authentication th
6. Figure 87 Relationship among NMS Agent and MIB MIB defines a tree structure The tree nodes are managed objects Each node has a unique Object Identifier OID which indicates the location of the node in the MIB structure As shown in Figure 88 the OID of object A is 1 2 1 1 Root Notat Node 2 Node 1 Node 2 Object 1 Node 1 Object 2 ObjectA 1 Figure 88 MIB Structure 6 19 5 Web Configuration 1 Enable SNMP as shown in Figure 89 SNMP Enable v H Pe 93 Device Advanced Configuration Figure 89 Enabling SNMP and Selecting SNMP Version SNMP State Options Enable Disable Default Enable Function Enable or disable SNMP V2 State Options Enable Disable Default Disable Description SNMPv2 is compatible with SNMPv1 2 Configure access rights as shown in Figure 90 public 3 16 private 3 16 161 1 65535 Figure 90 Access Rights Configuration Read Only Community Range 3 16 characters Default public Function Configure the name of read only community Description The MIB information of the switch can be read only if the community name carried by an SNMP packet is identical with that configured on the switch Read Write Community Range 3 16 characters Default private Function Configure the name of read write community Description The MIB information of the switch can be read and written only if the community name c
7. local authentication is used only after local authentication fails 2 Configure the login mode for TACACS authentication as shown in Figure 122 TACAC S Authentication Service Configuration telnet web Figure 122 Configuring TACACS Authentication Service TACACS Authenticated Services Options telnet web Function Select the login mode for TACACS authentication 6 24 TACACS Configuration 6 24 1 Overview Terminal Access Controller Access Control System TACACS is a TCP based application It adopts the client server mode to implement the communication between Network Access Server NAS and TACACS server The client runs on the NAS and user information is managed centrally on the server The NAS is the server for users but client for the server Figure 123 shows the structure 127 Device Advanced Configuration TACACS Server Figure 123 TACACS Network Structure The protocol authenticates authorizes and charges terminal users that need to log in to the device for operations The device serves as the TACACS client and sends the user name and password to the TACACS server for authentication The server receives TCP connection requests from users responds to authentication requests and checks the legitimacy of users A user can log into the device for operations once passing authentication 6 24 2 Web Configuration 1 Enable TACACS as shown in Figure 124 mate Figure 124 Enabling T
8. Fi vlan 2 Figure 29 Viewing VLAN List PVLAN List Options Select Deselect Function Enable or disable the PVLAN function For details see the next chapter 3 View the PVIDs of ports Click lt Untagged Port VLAN List gt in the preceding figure The following page is displayed 35 Device Advanced Configuration Figure 30 Port PVID List Caution Each port must have an Untag attribute If it is not set the Untag port is default CAUTION in VLAN 1 4 Modify Delete VLAN Click a VLAN in Untagged Port VLAN List default 1 vlan 2 Figure 29Figure 29 to enter the corresponding screen in which the VLAN can be deleted or modified Click lt Delete gt to delete the selected VLAN as shown in Figure 31 36 Device Advanced Configuration VLAN Name lan VLAN ID 2 Disable v NOTE If there is only one portin this VLAN the port can not be Untag Figure 31 Modifying Deleting a VLAN 6 2 5 Typical Configuration Example As shown in Figure 32 the entire LAN is divided into 2 VLANs VLAN2 and VLAN100 It is required that the devices in a same VLAN can communicate to each other but different VLANs are isolated The terminal PCs cannot distinguish Tag packets so the ports on connecting Switch A and Switch B with PCs are set to Untag port VLAN2 and VLAN100 packets need to be transmitted
9. The series devices support statistics group history group event group and alarm group in public MIB Each group supports up to 32 entries gt Statistics group With the statistics group the system collects statistics on all types of traffic on ports and stores the statistics in the Ethernet statistics table for further query by the management device The statistics includes the number of network collisions CRC error packets undersized or oversized packets broadcast and multicast packets received bytes and received packets After creating a statistics entry on a specified port successfully the statistics group counts the number of packets on the port and the statistics is a continuously accumulated 104 Device Advanced Configuration value gt History group History group requires the system to periodically sample all kinds of traffic on ports and saves the sampling values in the history record table for further query by the management device The history group counts the statistics values of all kinds of data in the sampling interval gt Alarm group RMON alarm management can monitor the specified alarm variables After alarm entries are defined the system will acquire the values of monitored alarm variables in the defined period When the value of an alarm variable is larger than or equal to the upper limit a rising alarm event is triggered When the value of an alarm variable is smaller than or equal to the lower limit a
10. To enable network devices to distinguish packets from different VLANs fields for identifying VLANs need to be added to packets At present the most commonly used protocol for VLAN identification is IEEE802 1Q Table 3 shows the structure of an 802 1Q frame Table 3 802 1Q Frame Structure 802 1Q header DA SA Length Type Data FCS Type PRI CFI VID 31 Device Advanced Configuration A 4 byte 802 1Q header as the VLAN tag is added to the traditional Ethernet data frame Type 16 bits It is used to identify a data frame carrying a VLAN tag The value is 0x8100 PRI three bits identifying the 802 1p priority of a packet CFI one bit 0 indicates Ethernet and 1 indicates token ring VID 12 bits indicating the VLAN number The value ranges from 1 to 4093 0 4094 and 4095 are reserved values Note s i gt VLAN 1 is the default VLAN and cannot be manually created and or deleted gt Reserved VLANs are reserved to realize specific functions by the system and cannot be manually created and or deleted The packet containing 802 1Q header is a Tag packet if not it is an Untag packet The packets in switch all carry an 802 1Q tag 6 2 3 Port based VLAN VLAN partition can be either port based or MAC address based This series switches support port based VLAN partition VLAN members can be defined based on switch ports After a port is added to a specified VLAN the port can forward the packets
11. falling alarm event is triggered Alarms will be handled according to the event definition Caution If a sampled value of alarm variable exceeds the threshold multiple times in a CAUTION same direction then the alarm event is only triggered the first time Therefore the rising alarm and falling alarm are generated alternately gt Event group Event group is used to define event indexes and event handing methods Events defined in the event group is used in the configuration item of alarm group An event is triggered when the monitored device meets the alarm condition Events are addressed in the following ways Log logs the event and related information in the event log table Trap sends a Trap message to the NMS and inform the NMS of the event Log Trap logs the event and sends a Trap message to the NMS None indicates no action 105 Device Advanced Configuration 6 21 3 Web Configuration 1 Configure the statistics table as shown in Figure 99 Set Statistics Information eis Figure 99 RMON Statistics Table Index Range 1 65535 Function Configure the number of the statistics entry Owner Range 1 32 characters Function Configure the name of the statistics entry Data Source Options iflndex portid Function Select the port whose statistics are to be collected 2 Configure the history table as shown in Figure 100 aaa opge b 10 ifIndex 1
12. 3 to the group as shown in Figure 42 2 Add trunk group 1 on Switch B and add port 1 port 2 and port 3 to the group as shown in Figure 42 6 6 Link Check 6 6 1 Overview Link Check detects the data transmission of redundancy protocol enabled ports Link check helps to detect the anomaly for timely processing when a fault occurs 6 6 2 Web Configuration Figure 45 shows the link check configuration Link Check Normal Link FE2 Receive Fault FE3 Send Fault FE4 Disable Disable Figure 45 Link Check Configuration Administration Status Options Enable Disable Default Disable Description only the redundancy protocol enabled port can enable this function Run Status Options Normal Link Receive Fault Disable Send Fault 48 Device Advanced Configuration Description If Link Check is enabled on a ring port and the port sends and receives data normally Normal Link is displayed If the peer end does not receive the detection packets from the device Send Fault is displayed If the device does not receive detection packets from the peer end Receive Fault is displayed If Link Check is not enabled on a port Disable is displayed A Caution CAUTION If the peer device does not support the Link Check function the function shall be disabled on the connected port of the local device 6 7 Static Multicast Address Table 6 7 1 Overview You can co
13. Get Request Get Next Request and Set Request packets to agents to query configure and manage variables After receiving these requests agents reply with Get Response packets When an alarm occurs an agent proactively reports it to the NMS with a trap message 6 19 3 Description This series switches support SNMPv2 and SNMPv3 SNMPv2_ is compatible with SNMPv1 SNMPv1 uses community name for authentication A community name acts as a password limiting NMS s access to agents If the switch does not acknowledge the community name carried by an SNMP packets the packet is discarded SNMPv2 also uses community name for authentication It is compatible with SNMPv1 and extends the functions of SNMPv1 To enabled the communication between the NMS and agent their SNMP versions must match Different SNMP version can be configured on an agent so that it can use different versions to communicate with different NMSs 6 19 4 MIB Any managed resource is called managed object The Management Information Base MIB stores managed objects It defines the hierarchical 92 Device Advanced Configuration relationships of managed objects and attributes of objects such as names access permissions and data types Each agent has its own MIB The NMS can read write MIBs based on permissions Figure 87 shows the relationships among the NMS agent and MIB Get Set requests MIB e e Get responses and Traps NMS Agent
14. address will take effect only after the device is restarted 5 2 Device Information Configuration Device information includes the project name system name location and contact as shown in Figure 16 PRINAME SWITCH Chongxin Mansion Buil 86 10 88798888 Figure 16 Device Information Project Name Range 1 64 characters System Name Range 1 32 characters Location Options character Chinese character Range 1 255 characters One Chinese character occupies two characters Contact Options character Chinese character Range 1 32 characters One Chinese character occupies two characters 20 Basic Configuration 5 3 Port Configuration In port configuration you can configure port status port speed flow control and other information as shown in Figure 17 Enable v Enable v Enable v Enable v Enable v Enable v Disable v Figure 17 Port Configuration Administration Status Options Enable Disable Default Enable Function Enable means that the port is open and permits data transmission Disable means that the port is blocked without data transmission This option can directly affect the hardware status of the port and trigger port alarms Operation Status Options Enable Disable Default Enable Function Configure the port operation state Description The port can be disabled or enabled by certain protocols If it
15. alarm is generated and the rising event index is triggered Falling Threshold Range 0 65535 Function Configure the falling edge threshold When the sampling value is lower than the threshold and the alarm type is set to FallingAlarm or RisOrFallAlarm an alarm is generated and the falling event index is triggered Rising Event Index Range 0 65535 Function Configure the index of the rising event that is processing mode for rising edge alarms Falling Event Index Range 0 65535 Function Configure the index of the falling event that is processing mode for falling edge alarms 6 22 SSH 6 22 1 Overview Secure Shell SSH is a network protocol for secure remote login SSH encrypts transmitted data to prevent information disclosure In this case you can configure the switch through the CLI The switch supports the SSH server function and allows the connection of multiple SSH users that log in to the switch remotely through SSH but only one user can connect to the switch at a time 6 22 2 Key Unencrypted packet is called plain text while encrypted packet is called cipher 111 Device Advanced Configuration text Both encryption and decryption require the key A key is a specific string and is the only parameter for transformation between plain text and cipher text Encryption changes plain text to cipher text while decryption changes cipher text to plain text Key based security authentication needs keys and each end
16. and Figure 106 2 Configure the SSH client as shown in Figure 107 Run PuTTYGen exe on the client Click lt Generate gt to generate a key pair as shown in Figure 115 119 Device Advanced Configuration g PuTTY Key Generator File Key Conversions Help Key No key Actions Generate a public private key pair Load an existing private key file Save the generated key Parameters Type of key to generate SSH 1 RSA SSH 2 RSA SSH 2 DSA Number of bits in a generated key 1 024 Figure 115 Generating a Key Pair 3 During the process of generating a key pair move your mouse in the window as shown in Figure 116 Otherwise the progress bar does not continue and the generation is stopped 120 Device Advanced Configuration g PuTTY Key Generator File Key Conversions Help Key Please generate some randomness by moving the mouse over the blank area Actions Generate a public private key pair Load an existing private key file Save the generated key Parameters Type of key to generate SSH 1 RSA Number of bits in a generated key Figure 116 Generation Process 4 As shown in Figure 117 the key is created Click lt Save private key gt Copy the public key to the key value in SSH key configuration and enter the key name as shown in Figure 107 121 Device Advanced Configuration g Putt Key Generator File Key Conversions Help Key Public key for pasting into OpenSSH authorize
17. between Switch A and Switch B so the ports connecting Switch A and Switch B should be set to Tag ports permitting the packets of VLAN 2 and VLAN 100 to pass through Table 5 shows specific configuration Table 5 VLAN Configuration en Configuration VLAN2 Set Switch A and B s port 1 and port 2 to Untag ports VDSL 1 to Tag port VLAN100_ Set Switch A and B s port 3 and port 4 to Untag ports VDSL 1 to Tag port 37 Device Advanced Configuration R VLAN100 Q WAN SSC wW K BM RQ sel M eg Part 3 yy el orta PISS ys Switch A VDSL 1 VDSL 1 E Switch B m Poti A Fot2 Fon e e al VLAN100 EP TA Sg wa EE ei Workstation Workstguon Figure 32 VLAN Application Configurations on Switch A and Switch B 1 Create VLAN 2 add port 1 and port 2 into VLAN 2 as Untag ports and add VDSL 1 into VLAN 2 as Tag port as shown in Figure 28 2 Create VLAN 100 add port 3 and port 4 into VLAN 100 as Untag ports and add VDSL 1 into VLAN 100 as Tag port as shown in Figure 28 6 3 PVLAN Configuration 6 3 1 Overview PVLAN Private VLAN uses two layers isolation technologies to realize the complex port traffic isolation function achieving network security and broadcast domain isolation The upper VLAN is a shared domain VLAN in which ports are uplink ports The lower VLANs are isolation domains in which ports are downlink ports Downlink ports can be assigned to different isolation domains and t
18. link status of ports Up The port is in LinkUp state and can communicate normally Down The port is in LinkDown state and cannot communicate normally Speed Display the communication speed of LinkUp ports Duplex Display the duplex mode of LinkUp ports Full duplex The port can receive and transmit data at the same time Half duplex The port only receives or transmits data at the same time Flow Control Display the flow control status of LinkUp ports WW k For details about duplex and flow control refer to 5 3 Port Configuration NOTE 4 3 Port Statistics The Port Statistics interface displays the number of bytes and packets that each port sends and the number of bytes and packets that each port receives CRC errors and the number of packets whose lengths are less than 64 bytes Device Status as shown in Figure 12 FEI Enable Up 15789 44 41942 428 0 0 FE2 Enable Down 0 H H 0 0 0 FE3 Enable Down 0 0 0 0 0 H FE4 Enable Down 0 0 0 0 0 0 VDSL 1 Enable Up 35674 389 0 0 0 H VDSL 2 Enable Up 35674 389 0 H 0 0 Figure 12 Port Statistics You can click lt Reset gt to restart statistics collection 4 4 System Operating Information The device operating time and CPU usage can be automatically displayed as shown in Figure 13 Device Operating Time ODays 21H 1M 6S CPU 0 short term 4 long term Figure 13 System Op
19. mirroring LLDP link check gt Alarming port alarm ring alarm gt Network management management by CLI Telnet Web and Kyvision network management software and SNMP network monitoring an 2 Switch Access You can access the switch by gt Console port gt Telnet gt Web browser gt Kyvision management software Switch Access Kyvision network management software is designed by Kyland For details refer to its user manual 2 1 View Types When logging into the Command Line Interface CLI by the console port or Telnet you can enter different views or switch between views by using the following commands as listed in Table 1 Table 1 View Switching Command for View View Prompt View Type View Function S Va Switching SWITCH gt User view gt View recently used Input enable to enter commands the management view gt View software version gt View response information for ping operation SWITCH Management gt Upload Download gt Input configure view configuration file terminal to enter gt Restore default the configuration configuration view from the gt View response information for ping operation gt Restart the switch gt Save current configuration gt Display current configuration management view gt Input exit to return to the user view Switch Access gt Update software SWITCH config Configuration Configure switch I
20. multicast data is also forwarded to PC 2 6 9 ARP Configuration 6 9 1 Overview The Address Resolution Protocol resolves the mapping between IP addresses and MAC addresses by the address request and response mechanism The switch can learn the mapping between IP addresses and MAC addresses of other hosts on the same network segment It also supports static ARP entries for specifying mapping between IP addresses and MAC addresses Dynamic ARP entries periodically age out ensuring consistency between ARP entries and actual applications The series switches provide not only Layer 2 switching function but also the ARP function for resolving the IP addresses of other hosts on the same network segment enabling the communication between the NMS and managed hosts 6 9 2 Description ARP entries fall into dynamic and static ones Dynamic entries are generated and maintained based on the exchange of ARP packets Dynamic entries can expire be updated by a new ARP packet or be overwritten by a static ARP entry Static entries are manually configured and maintained They never expire or are overwritten by dynamic ARP entries 55 Device Advanced Configuration The switch supports up to 512 ARP entries 256 static ones at most When the number of ARP entries is larger than 512 new entries automatically overwrite old dynamic entries 6 9 3 Web Configuration 1 Configure ARP aging time as shown in Figure 52 ARP Aging Time ARP agi
21. of the communication has a pair of keys private one and public one The public key is used to encrypt data and a legitimate user can use the private key to decrypt the data to guarantee confidentiality 6 22 3 Implementation To implement SSH connection during communication the server and the client go through the following phases gt Version negotiation phase SSH has two versions SSH1 and SSH2 Two communication parties negotiate the version to be used gt Key and algorithm negotiation phase SSH supports multiple encryption algorithms Two communication parties negotiate the algorithm to be used gt Authentication phase The SSH client initiates an authentication request to the server Then the server authenticates the client gt Session request phase After passing the authentication the client sends a session request to the server gt Session phase After the session request is accepted the server and the client start communication 6 22 4 Web Configuration gt Configuration steps of SSH server 1 Select Disable for SSH Sate 2 Click lt Destroy gt to delete the old key pair as shown in Figure 104 112 Device Advanced Configuration 8 Disable v DE Een SE Figure 104 Destroying the Old Key Pair 3 Click lt Create gt to generate the new key pair as shown in Figure 105 D I 80 300 s g mGKbu5WJu h2BXwaafK c1iRL6Sv0 WWLQcqjN6h1FSKFxcDnS5ZLt 1sRV Figure 105 Creating a
22. of the user If you select Password 116 Device Advanced Configuration enter 3 to 8 characters If you select Public Key select a key from the public key list 2 View the SSH user list You can delete a selected user as shown in Figure 110 SSH User List 01 ddd Password 13YPYic qiCtw D2 aaa Public Key 333 O32 bbb PublicKey 222 Os ccc PublicKey 111 Figure 110 SSH User List 6 22 5 Typical Configuration Example Establish an SSH connection between the host SSH client and the switch as shown in Figure 111 SSH client SSH server 192 168 0 23 192 168 0 2 Host Switch Figure 111 SSH Configuration Example gt An SSH user adopts password authentication 1 Destroy the old key pair create the new key pair and start the SSH server as shown in Figure 104 Figure 105 and Figure 106 2 Set the SSH user name to ddd select the password authentication mode and set password to 123 as shown in Figure 109 3 Establish the connection between the host and the SSH server Open PuTTY exe Enter the IP address of SSH server namely 192 168 0 2 and set port number to 22 as shown in Figure 112 117 Device Advanced Configuration it Pul TY Configuration Category Session Logging Terminal Keyboard Bell Features Window Appearance Behaviour Translation Selection Colours Connection Data Proxy Telnet Basic options for your PuTTY session Specify t
23. packet forwarding based on a certain scheduling algorithm achieving preferential forwarding for key services Congestion avoidance Excessive congestion may result in damage on network resources Congestion avoidance monitors the use of network resources When detecting increasing congestion the function adopts proactive packet discarding and tunes traffic volume to solve the overload 6 13 2 Principle Each port of the switch has four cache queues from 0 to 3 in priority ascending order You can configure the mapping between priority and queues When a frame reaches the port the switch determines the queue for the frame according to the information in the frame header The switch supports two queue mapping modes for priority identification TOS DIFF and 802 1p gt The TOS DIFF value depends on the TOS DSCP in packets You can configure the mapping between priority and queues gt When a packet is tagged the 802 1p value depends on the priority of 802 1Q in the packet When a packet is untagged the 802 1p value depends on the default priority of the port You can configure the mapping between the 802 1p priority and queues When forwarding data a port uses a scheduling mode to schedule the data of four queues and the bandwidth of each queue The switch supports two scheduling modes Weighted Round Robin WRR and STRICT Priority Scheduling STRICT 77 Device Advanced Configuration gt WRR schedules data flows based on
24. statuses of the slave port on the master station and all ring ports of slave stations change to forwarding gt The slave port of the master station fails The statuses of the master port on the master station and all ring ports of slave stations change to 69 Device Advanced Configuration forwarding gt Another port or link fails The statuses of the two ports of the master station and all up ports of slave stations change to forwarding DT Ring configurations should meet the following conditions gt All switches in the same ring must have the same domain number gt Each ring can only have one master station and multiple slave stations gt Only two ports can be configured on each switch for a ring gt For two connected rings backup ports can be configured only in one ring gt Multiple backup ports can be configured in one ring gt On a switch only one backup port can be configured for one ring As shown in Figure 61 the working process of Switch A B C and D is as follows Figure 61 DT Ring Topology 1 Configure Switch A as the master station and others as slave stations 2 Because Ring port 1 on the master station links up first it is in a Forwarding state and ring port 2 is in a Blocking state The two ring ports of each slave are in a Forwarding state 3 When link CD connecting Switch C to Switch D fails as shown in the following figure port 2 switches to a Forwarding state and port 6 an
25. the root port and BP2 is the designated port 6 11 RSTP Transparent Transmission 6 11 1 Overview RSTP is compliant with IEEE standard DT Ring is the private redundant protection protocol of Kyland but cannot coexist with RSTP on the same network To solve this problem Kyland developed the RSTP transparent transmission function The function enables the switch to keep other redundant protocols while transparently transmitting RSTP packets meeting industrial communication requirements Switches running other redundant protocols can receive and forward RSTP packets only if the RSTP transparent transmission function is enabled RSTP transparent transmission enabled switches can be regarded as a transparent link As shown in Figure 59 Switch A Switch B Switch C and Switch D form a DT Ring network The transparent transmission function is enabled on these four switches so that Switch E and Switch F can receive RSTP packets from each other 66 Device Advanced Configuration Figure 59 RSTP Transparent Transmission 6 11 2 Web Configuration Configure RSTP transparent transmission on ports as shown in Figure 60 Disable Disable Enable v Buble v sane Figure 60 RSTP Transparent Transmission Configuration RSTP Transparent Transmission Options Enable Disable Default Disable Function Enable or disable RSTP transparent transmission on ports Caution saunon RSTP transparent t
26. weight ratio Queues obtain their bandwidths based on their weight ratio WRR prioritizes high weight ratio queues More bandwidths are allocated to queues with higher weight ratio gt STRICT mode forwards high priority packets preferentially It is mainly used for transmitting sensitive signals If a frame enters the high priority queue the switch stops scheduling the low priority queues and starts to process the data of the high priority queue When the high priority queue contains no data the switch starts to process the data of the queue with lower priority 6 13 3 Web Configuration 1 Configure QoS Mode as shown in Figure 70 Qos Mode 802 1P Priority Gosmo RR ov DSCP Priority Figure 70 QoS Mode Options Disable WRR STRICT Default STRICT Function Configure the bandwidth allocation mode of a port Description If STRICT is selected the data of high priority queues is processed preferentially If WRR is adopted different queues have varied weight configurations The switch employs fixed weight ratio that is 8 4 2 1 for queues 3 2 1 and 0 2 Configure QoS port priority mapping mode as shown in Figure 71 78 Device Advanced Configuration Set the Port Priority FE1 FE3 Figure 71 Setting QoS Port Priority Mapping Mode Set the Port Priority Options TOS DIFF or 802 1p priority Default 802 1p priority Function Configure port priority mapping mode Description Only one priority mapping mode can be sel
27. with the tag for the VLAN 1 Port Type Ports fall into two types according to how they handle VLAN tags when they forward packets gt Untag port Packets forwarded by an Untag port do not have VLAN tags Untag ports are usually used to connect to terminals that do not support 802 1Q By default all switch ports are Untag ports and belong to VLAN1 32 Device Advanced Configuration gt Tag port All packets forwarded by a Tag port carry a VLAN tag Tag ports are usually used to connect network transmission devices 2 PVID Each port has a PVID When receiving an untagged packet a port adds a tag to the packet according to the PVID The port PVID is the VLAN ID of the Untag port By default all ports PVID is VLAN 1 Table 4 shows how the switch processes received and forwarded packets according to the port type and PVID Table 4 Different Processing Modes for Packets Processing Received Packets Processing Packets to Be Forwarded Untagged packets Tagged packets Port Type Packet Processing gt Ifthe VLAN IDina Forward the packet after Untag packet is in the list removing the tag of VLANs allowed through accept the Add PVID tags to packet untagged packets gt If the VLAN ID ina Keep the tag and forward Tag packet is not in the the packet list of VLANs allowed through discard the packet 6 2 4 Web Configuration 1 Create a VLAN Click lt Add gt to create a VLAN as show
28. 1 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Enable Backup port port 3 as shown in Figure 66 Configuration on Switch E Switch F and Switch G 4 Domain ID 2 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Disable do not set backup ports as shown in Figure 66 Configuration on Switch H 5 Domain ID 2 Domain name Ring Ring port port 1 and port2 Station type Master DT Ring Disable do not set backup ports as shown in Figure 66 6 13 QoS Configuration 6 13 1 Overview Quality of Service QoS enables differentiated services based on different requirements under limited bandwidths by means of traffic control and resource allocation on IP networks QoS tries to satisfy the transmission of different services to reduce network congestion and minimize congestion s impact on the services of high priority QoS mainly involves service identification congestion management and congestion avoidance Service identification Objects are identified based on certain match rules For example the objects can be priority tags carried by packets priority mapped 76 Device Advanced Configuration by ports and VLANs or priority information mapped by quintuples Service identification is the precondition for QoS Congestion management This is mandatory for solving resource competition Congestion management caches packets in queues and determines the sequence of
29. 1 context name to aaaa and security level to AuthNoPriv as shown in Figure 95 3 Configure the SNMPv3 context table Set the context name to aaaa as shown in Figure 96 4 Configure the SNMPv3 group table Set the security name to 1111 as shown in Figure 97 To monitor and manage the status of the Agent run the management software for example Kyvision on the NMS For operations on Kyvision refer to the Kyvision Operation Manual 103 Device Advanced Configuration 6 21 RMON 6 21 1 Overview Based on SNMP architecture Remote Network Monitoring RMON allows network management devices to proactively monitor and manage the managed devices An RMON network usually involves the Network Management Station and Agents The NMS manages Agents and Agents can collect statistics on various types of traffic on these ports RMON mainly provides statistics and alarm functions Statistics function is that Agents can periodically collect statistics on various traffic types of traffic on these ports such as the number of packets received from a certain network segment during a certain period Alarm function is that Agents can monitor the values of specified MIB variables When a value reaches the alarm threshold such as the number of packets reaches the specified value Agent can automatically record alarm events in RMON log or send a Trap message to the management device 6 21 2 RMON Group RMON RFC2819 defines multiple RMON groups
30. 3 14 29 35 Transfer finished G 0197 03 22 13 14 29 35 Got file DASICOM3172 VERSION os img successfully C 0197 03 22 13 14 29 42 Command QUIT received C 0197 03 22 13 14 29 42 QUIT or close user admin logged out For Help press F1 1 socket 0 users NUM Figure 22 Normal Communication Between FTP Server and Switch 26 Basic Configuration A Caution see To display update log information as shown in Figure 22 you need to click Logging Log Options in WFTPD and select Enable Logging and the log information to be displayed 6 When update completes as shown in Figure 23 please reboot the device and open the Basic Information to check if update succeeded Result The software is upgraded successfully Figure 23 Successful Software Update by FTP Warning A gt Inthe software update process keep the FTP server software running WARNING gt When update completes reboot the device to activate the new version gt If update fails do not reboot the device to avoid the loss of software file and the switch cannot be started normally 5 6 Configuration Upload amp Download Configuration backup function can save current switch configuration files on the server When the switch configuration is changed you can download the original configuration files from the server to switch by FTP protocol File uploading is to upload the switch configuration files to the server and save th
31. 35 PVLAN Member Configuration PVLAN List Options Select or Deselect Default Deselect Function Select members for PVLAN 40 Device Advanced Configuration Note Nore Both shared and isolation domains are member VLANs of PVLAN 6 3 3 Typical Configuration Example Figure 36 shows PVLAN application VLAN300 is a shared domain and port 1 and port 2 are uplink ports VLAN100 and VLAN200 are isolation domains and port 3 4 VDSL 1 and VDSL 2 are downlink ports VLAN 300 Figure 36 PVLAN Configuration Example Switch Configuration 1 Configure the shared domain VLAN 300 as shown in Figure 34 Port 1 and port 2 are set to Untagged and are assigned to the shared domain of VLAN 300 Port 3 and port 4 are set to Tagged and are assigned to the shared domain of VLAN 300 and enable PVLAN Port VDSL 1 and port VDSL 2 are set to Tagged and are assigned to the shared domain of VLAN 300 and enable PVLAN 41 Device Advanced Configuration 2 Configure VLAN 100 the isolation domain as shown in Figure 34 Port 1 and port 2 are set to Tagged and are assigned to the isolation domain of VLAN 100 and enable PVLAN Port 3 and port 4 are set to Untag ports and are assigned to the isolation domain of VLAN 100 3 Configure VLAN 200 the isolation domain as shown in Figure 34 Port 1 and port 2 are set to Tagged and are assigned to the isolation domain of VLAN 200 and enable PVLAN Port VDSL 1 and port VDSL 2 are set to Untag
32. 8 Cla 192 168 0 110 repose 8 Figure 84 SNTP Configuration Number Select the number of the server configuration to be deleted Server Status Options Active Repose Description The active server provides SNTP time for the client Only one server can be in active state at a time Synchronization To synchronize time manually click lt Synch gt 6 18 Alarm 6 18 1 Overview This series switches support the following types of alarms gt Port alarm If the function is enabled then an alarm will be generated for the port in link down state gt Ring alarm If the function is enabled then an alarm will be generated for an open ring A Caution CAUTION Only the master station of a DT ring supports the ring alarm function 89 Device Advanced Configuration 6 18 2 Web Configuration 1 Set alarm parameters as shown in Figure 85 Figure 85 Alarm Setting Port Alarm Options Enable Disable Default Disable Function Enable or disable port alarm DT RING Alarm Options Enable Disable Default Disable Function Enable or disable the DT Ring alarm function 2 Enable port alarm and ring alarm The alarm information includes both types of alarms as shown in Figure 86 Port Alarm Pret e FE2 UnkOown JE vosta vse CT II DT RING Alarm 90 Device Advanced Configuration Figure 86 Alarm Information Port Alarm Status Options Link Up Link Down Descr
33. ACACS Protocol status Options Enable Disable Default Disable Function Enable Disable TACACS 2 Set TACACS server parameters as shown in Figure 125 128 Device Advanced Configuration Server Configuration Prine 192 168 0 23 45 rable Figure 125 TACACS Server Configuration Server Attribute Options Primary Secondary Default Primary Function Select the server type Server Address Function Enter the IP address of the server TCP Port Range 1 65535 Default 49 Function Set the port for receiving NAS authentication requests Encrypt Options Enable Disable Default Enable Function Enable or disable packet encryption After encryption is enabled enter the key value Key Value Range 1 32 characters Function Configure the key value Description The key value is used to ensure the security of communication between the client and TACACS server The two parties use the shared key to verify the validity of packets They can respond to each other s packets only 129 Device Advanced Configuration if their keys are identical Therefore you must ensure the key configured on the device is identical with that on the TACACS 3 View TACACS server list as shown in Figure 126 Server List TT Primary 192 168 0 23 45 Enable C2 Secondary 192 168 0217 49 Disable Figure 126 Server List View TACACS server list You can delete or modify selected servers
34. Alarm Table RMON MIB Node Index Range 1 65535 Function Configure the number of the alarm entry OID Indicates the OID of the current MIB node 109 Device Advanced Configuration Owner Range 1 32 characters Function Configure the name of the alarm entry Data source Options iflndex portid Function Select the port whose information is to be monitored Stat Group Options Indexes of entries in the RMON statistics table Function Select the statistics entry whose port is to be monitored Sampling Type Options Absolute Delta Default Absolute Function Absolute indicates absolute value based sampling The value of the variable is directly extracted when the end of a sampling period approaches Delta indicates change value based sampling The change value of the variable in the sampling period is extracted when the end of the period approaches Alarm Type Options RisingAlarm FallingAlarm RisOrFallAlarm Default RisingAlarm Function Select the alarm type including the rising edge alarm falling edge alarm and both rising edge and falling edge alarms Sampling Space Range 1 65535 Function Configure the sampling period The value should be identical with that in the history table Rising Threshold Range 0 65535 110 Device Advanced Configuration Function Configure the rising edge threshold When the sampling value exceeds the threshold and the alarm type is set to RisingAlarm or RisOrFallAlarm an
35. Basic Information The switch basic information includes the MAC address SN IP address subnet mask gateway system name device model and software version as shown in MAC Address in E CD 18 30 40 SN S3G2VXX IP Address 192 168 0 123 Subnet Mask 255 255 255 0 GateWay 192 168 0 2 System Name WITCH Device Model ICOM3172_4T_28_2V Software Version 0003 2013 3 19 19 20 Figure 10 MAC Address 0 1E CD 18 30 40 SN S3G2VXX IP Address 192 168 0 123 Subnet Mask 255 255 255 0 GateWay 192 168 0 2 System Name SWITCH Device Model Oase Software Version 0003 2013 3 19 19 20 Figure 10 Switch Basic Information 4 2 Port Status Port status page displays the port number port type administration status link speed duplex and flow control as shown in Figure 11 FEI Enable Up 100 Full duplex Off FE2 Enable Down FE3 Enable Down FE4 Enable Down VDSL 1 Enable Up 100 Full duplex Off VDSL 2 Enable Up 100 Full duplex off Figure 11 Port Status Port ID Display port number printed on the switch front panel Device Status Port types FE 10 100Base TX RJ45 port VDSL EoVDSL port Administration Status Display the administration status of ports Enable The port is available and permits data transmission Disable The port is locked without data transmission Link Display the
36. D port priority port number Message age duration that a BPDU can be spread in a network Max age maximum duration that a BPDU can be saved on a device When Message age is larger than Max age the BPDU is discarded Hello time interval for sending BPDUs Forward delay status change delay discarding learning or learning forwarding 6 10 4 Implementation The process for all bridges calculating the spanning tree with BPDUs is as follows 1 In the initial phase each port of all devices generates the BPDU with itself as the root bridge both root bridge ID and designated bridge ID are the ID of the local device the root path cost is 0 the designated port is the local 59 Device Advanced Configuration port 2 Best BPDU selection All devices send their own BPDUs and receive BPDUs from other devices Upon receiving a BPDU each port compares the received BPDU with its own gt If the priority of its own BPDU is higher then the port does not perform any operation gt If the priority of the received BPDU is higher then the port replaces the local BPDU with the received one Devices compare the BPDUs of all ports and figure out the best BPDU Principles for comparing BPDUs are as follows gt The BPDU with a smaller root bridge ID has a higher priority gt If the root bridge IDs of two BPDUs are the same their root path costs are compared If the root path cost ina BPDU plus the path cost of the local port is smalle
37. New Key Pair 4 Enable SSH Set server parameters as shown in Figure 106 113 Device Advanced Configuration 10 ag 300 60 300 s Public key portion is ssh rsa AAAABSNZaClyc2EAAAADAQABAAAAg mnGKbubSWJ ug h2BkwaafKAc1iRL6Sv0 WWLQcqjN6h1FSKFxcDnS6ZLt 1sRW v Figure 106 SSH Server Configuration SSH State Options Enable Disable Default Disable Function Enable or disable SSH If SSH is enabled the device serves as the SSH server Authentication Retry Times Range 1 10 Default 10 Function Set the number of attempts to log in to the SSH server Time Out Options 60 300 Default 300 Description Set the SSH connection validity during no data transmission If the time expires then the client is disconnected automatically Local Key Pair Options Create Destroy Function Create or destroy the local key pair of the SSH server The local key pair must be generated before the SSH server is enabled and the old key pair must be destroyed before a new one is created 114 Device Advanced Configuration Local Key Value Display the local key value Click lt Create gt The key value is created automatically gt Configuration steps of SSH key 1 Configure the SSH key as shown in Figure 107 Key Configure umhdZ AI F 1XIwmxpb4USr9kJ9BGT ONBAFQv7 Slwy wing qk 9KVdNxz1HU EMBsxpqvWieg IV3KrHQor caEHwH wsCx3rN1 jnJ 8HzG1N70 DzPQ rsa
38. SH Serial Load save or delete a stored session Saved Sessions Default Settings Delete Close window on exit Odlways ONever Only on clean exit Figure 118 SSH Client Configuration Key Authentication 7 In the left column of Figure 118 click SSH Auth The following page is displayed Click lt Browse gt Select the private key saved in step 4 123 Device Advanced Configuration Tee PuTTY Configuration Category Terminal Options controlling SSH authentication Keyboard Bell C Bypass authentication entirely SSH 2 only Features Window Appearance Authentication methods Attempt authentication using Pageant REES C Attempt TIS or CryptoCard auth SSH 1 Translation Attempt keyboard interactive auth SSH 2 Selection Colours i m Ep C Allow agent forwarding Authentication parameters Data C Allow attempted changes of username in SSH 2 Proxy Private key file for authentication Telnet C Documents and Settings Administrate Browse Rlogin sl SSH Kex Auth Whi x11 Tunnels Bugs Figure 119 Selecting the Key File 8 Click lt Open gt Enter the user name The switch configuration interface is displayed as shown in Figure 120 192 168 0 2 PuITY login as bbb Authenticating with public key sWITCH gt 124 Device Advanced Configuration Figure 120 Login Interface SSH Key Authentication 6 23 AAA Configuration
39. SICOM3172 Industrial Ethernet Switch Web Operation Manual HKYLAND Kyland Technology Co Ltd Publication Date Mar 2013 Version V1 00 FAX 86 10 88796678 Website http www kyland com E mail support kyland com Disclaimer Kyland Technology Co Ltd tries to keep the content in this manual as accurate and as up to date as possible This document is not guaranteed to be error free and we reserve the right to amend it without notice Copyright 2013 Kyland Technology Co Ltd All rights reserved No part of this documentation may be excerpted reproduced translated annotated or duplicated in any form or by any means without the prior written permission of KYLAND Corporation Contents EE 1 1 v Geelen 5 ES WER e EE 5 12 SoftWare PE ALUNEG ss tec ceten tee tanta ct te clench cia haute eke 5 2 SWIC ACCESS AE ee Eeer 6 2 le EE 6 2 2 Switch Access by Console E ceweciveesueasee 7 2 3 Switch Access E EE 11 2 4 Switch Access by Web 12 3 Device Management 15 4 Device Stats EE 16 41 Basic e Weg e EEN 16 Ae Gu 16 e GEN EE 17 4 4 System Operating Information en 18 5 Basic Configuration EE 19 e ele 19 5 2 Device Information Configuration sssssssseeneeeessererrrnrrnnseeeernne 20 530 POM Contguration E 21 54 hee Password ee 23 5 5 Software Update boinc ciecttcsinchendi een didecdaditlendadeddendidectedadeilce 23 5 5 1 Software Update DEI 23 5 6 Configuration Upload am
40. Structure The manual contains the following contents Main Content Description 1 Product introduction gt Overview gt Software features 2 Switch access gt View types gt Switch access by console port gt Switch access by Telnet gt Switch access by Web 3 Device management gt Restart S Logout 4 Device status gt Basic information gt Port status gt Port statistics gt System running information 5 Device basic configuration gt IP address gt Device basic information configuration gt Port configuration gt Password change gt Software update FTP gt Configuration upload download 6 Device advanced configuration gt Port rate configuration gt VLAN configuration 1 Preface gt PVLAN configuration gt Port mirroring gt Port trunk configuration gt Link check gt Static multicast address list gt IGMP snooping gt ARP configuration gt RSTP STP configuration gt RSTP STP transparent transmission gt DT Ring configuration gt QoS configuration gt MAC aging time gt LLDP gt MOTD gt SNTP gt Alarm gt SNMPv2 gt SNMPv3 gt RMON gt SSH gt AAA configuration gt TACACS configuration gt VDSL configuration gt Serial card management Conventions in the manual 1 Text format conventions Format Explanation Preface The content in lt gt is a button name For example click
41. a backup port only after the DT Ring function is enabled After parameters are set the DT Ring List shows all created rings as shown in the following figure DT RING List a 1 master FE1 FE2 Enable FE3 0 Add Figure 67 DT Ring List 3 View and modify DT Ring configuration Click the DT Ring options in Figure 67 You can view and modify the 74 Device Advanced Configuration configurations of the ring as shown in Figure 68 DT RING Configuration DT RING Apply Figure 68 Viewing and Modifying DT Ring Configuration Click lt Apply gt for changes to take effect after modification Click lt Delete gt to delete the DT Ring configuration entry 4 View the status of DT Ring and ports as shown in Figure 69 DT RING State List DT RING RING OPEN Figure 69 Viewing DT Ring State 6 12 5 Typical Configuration Example As shown in Figure 63 A B C and D form Ring 1 E F G and H form Ring 2 CE and DF are the backup links of Ring 1 and Ring 2 75 Device Advanced Configuration Configuration on Switch A 1 Domain ID 1 Domain name Ring Ring port port 1 and port2 Station type Slave DT Ring Disable do not set backup ports as shown in Figure 66 Configuration on Switch B 2 Domain ID 1 Domain name Ring Ring port port 1 and port 2 Station type Master DT Ring Disable do not set backup ports as shown in Figure 66 Configuration on Switch C and Switch D 3 Domain ID
42. arried by an SNMP packet is identical with that configured on the switch 94 Device Advanced Configuration Request Port Range 1 65535 Default 161 Function Configure the number of the port for receiving SNMP requests 3 Set trap parameters as shown in Figure 91 Configure Trap mae CS 162 1 65535 192 168 0 23 IP Addr er tay IP Addr IP Addr lge Figure 91 Trap Configuration Trap on off Options Enable Disable Default Enable Function Enable or disable trap sending Trap Port ID Options 1 65535 Default 162 Function Configure the number of port for sending trap messages Server IP Address Format A B C D Function Configure the address of the server for receiving trap messages You can configure a maximum of five servers 4 View the IP address of the management server as shown in Figure 92 95 Device Advanced Configuration Management Station IP Addr IP Addr IP Addr Figure 92 IP Address of Management Server The IP address of the management server does not need to be configured manually The switch automatically displays it only if the NMS is running on the server and reads and writes the MIB node information of the device 6 19 6 Typical Configuration Example SNMP management server is connected to the switch through Ethernet The IP address of the management server is 192 168 0 23 and the
43. best port is the port with the smallest cost to the root bridge A non root bridge communicates with the root bridge through the root port A non root bridge has only one root port The root bridge has no root port gt Designated port indicates the port for forwarding BPDU to other devices or LANs All ports on the root bridge are designated ports gt Alternate port indicates the backup port of the root port If the root port fails the alternate port becomes the new root port gt Backup port indicates the backup port of the designated port When a designated port fails the backup port becomes the new designated port and forwards data 6 10 3 BPDU To prevent loops all the bridges of a LAN calculate a spanning tree The 58 Device Advanced Configuration calculation process involves transmitting BPDUs among devices to determine the network topology Table 6 shows the data structure of a BPDU Table 6 BPDU Root Root Designated Designated Message Max Hello Forward bridge path bridge ID port ID age age time delay ID cost 8 4 8 bytes 2 bytes 2 bytes 2 2 2 bytes bytes bytes bytes bytes Root bridge ID priority of the root bridge 2 bytes MAC address of the root bridge 6 bytes Root path cost cost of the path to the root bridge Designated bridge ID priority of the designated bridge 2 bytes MAC address of the designated bridge 6 bytes Designated port I
44. d port 7 are in a Blocking state 70 Device Advanced Configuration Figure 62 DT Ring Link Fault Caution Link status change affects the role and status of ring ports CAUTION 2 Implementation of DT Ring DT Ring can provide backup for two DT rings as shown in Figure 63 One backup port is configured respectively on Switch C and Switch D Which port is the master backup port depends on the MAC addresses of the two ports If the master backup port or its link fails the slave backup port will forward packets preventing loops and ensuring normal communication between redundant rings Master Master B D pet F Figure 63 DT Ring Topology 71 Device Advanced Configuration Caution The change in link status affects the status of backup ports k gd CAUTION 6 12 4 Web Configuration 1 Configure ring status detection as shown in Figure 64 Sais Figure 64 Configuring Ring Status Detection Check Loop Status Options Disable Enable Default Disable Function Enable or disable ring status detection Description After ring status detection is enabled the switch automatically detects ring status When a non ring port receives DT Ring packets the port will be locked Therefore use the function with caution 2 Create and configure a DT ring as shown in Figure 65 Click lt Add gt The DT RING configuration page is displayed as shown in Figure 66 DT RING List Domain ID Sta
45. d_keys file ssh tsa SASABSNzaC pc2ESASABIOSAAIEAvewwg oDS K4eSE OtE UW npel aL4cRGcln SCJ 4qsO0 zbodwKklR d18MS48bquSsvr7eKY v wWDZB 607 7LODitujow81 NmDSOwasp2 GNulQpmuNBKOmFsFiN gkLy48vizT cNKHbsS OB6kvS eb witO2R42540G v2i32rk Key fingerprint ssh tsa 1024 fd 93 b5 75 20 36 de 40 76 cfed 9e 1d 52 3c 1b Key comment rsa key 20110619 Key passphrase Confirm passphrase Actions Generate a public private key pair Load an existing private key file Save the generated key Save public key Save private key Parameters Type of key to generate SSH 1 RSA SSH 2 RSA SSH 2 DSA Number of bits in a generated key 1024 Figure 117 Key Value 5 Set the SSH user name to bbb and select key authentication and key name as shown in Figure 109 6 Establish the connection between the host and the SSH server Open PuTTY exe Enter the IP address of SSH server namely 192 168 0 2 and set port number to 22 as shown in Figure 118 122 Device Advanced Configuration it Pul TY Configuration Category Session Logging Terminal Keyboard Bell Features Window Appearance Behaviour Translation Selection Colours Connection Data Proxy Telnet Rlogin Serial Basic options for your PuTTY session Specify the destination you want to connect to Host Name or IP address Port 192 168 0 2 22 Connection type ORaw OTelnet ORiogin S
46. e 2 4 Switch Access by Web The precondition of accessing switch by Web is the normal communication of PC and switch L Note k IE8 0 or a later version is recommended for the best Web display results NOTE 1 Input IP address in the browser address bar The login interface is displayed as shown in Figure 8 Input the default user name admin and password 123 Click lt Sign in gt 12 Switch Access Layer 2 Switch px User Name admin Password eee Cl Save Password Serial Number S3G2VXX System Name SWITCH Location Chongxin Mansion Building Xijing Road 3 Shijingshan District Beijing Contact 86 10 88798888 KYLAND TECHNOLOGY CO LTD All Rights Reserved Figure 8 Web Login The English login interface is displayed by default Click lt X gt to change to the Chinese login interface Note To confirm the switch IP address please refer to 5 1 IP Address to learn how to obtain the IP address 2 After you log in successfully there is a navigation tree on the left of the interface as shown in Figure 9 13 Switch Access SICOM 3172 Web Management System thy About Help Exit O Collapse GExpand A SICOM 3172 Web Managem 4 Device Status 5 Basic Configuration H Advanced Configuration H Device Management Save Configuration Load Default The system comes with high powered CPU proce
47. e Aging time starts from when a dynamic MAC address is added to the MAC address table If no port receives a frame with the MAC address within one to two times the aging time then the switch deletes the entry of the MAC address from the dynamic forwarding address table Static MAC address table does not involve the concept of aging time 6 14 2 Web Configuration Configure MAC address aging time as shown in Figure 75 MAC Aging Time om O sec A multiple of 15 Figure 75 MAC Address Aging Time MAC Aging Time Range 15 3600 seconds Default 300 seconds Description The value must be a multiple of 15 You can adjust the aging time as required 82 Device Advanced Configuration 6 15 LLDP 6 15 1 Overview The Link Layer Discovery Protocol LLDP provides a standard link layer discovery mechanism It encapsulates device information such as the capability management address device identifier and interface identifier in a Link Layer Discovery Protocol Data Unit LLDPDU and advertises the LLDPDU to its directly connected neighbors Upon receiving the LLDPDU the neighbors save this information to MIB for query and link status check by the NMS 6 15 2 Web Configuration View LLDP connection information as shown in Figure 76 LLDP Information 4 2 192 168 0 6 00 00 aa bb cc 05 Figure 76 LLDP Information In LLDP information you can view the information about neighboring devices including port number of the nei
48. e STP RSTP as shown in Figure 55 Protocol Settings RSTP v Figure 55 Enabling RSTP STP Protocol Types Options Disable RSTP STP Default Disable Function Disable or enable RSTP or STP 2 Set the time parameters of the network bridge as shown in Figure 56 32768 0 655325 2 1 10Sec 20 6 40Sec 15 4 30Sec Default v Figure 56 Setting Time Parameters of the Network Bridge Apply Spanning Tree Priority 61 Device Advanced Configuration Range 0 65535 The step is 4096 Default 32768 Function Configure the priority of the network bridge Description The priority is used for selecting the root bridge The smaller the value the higher the priority Hello time Range 1 10s Default 2s Function Configure the interval for sending BPDU Max Age Time Range 6 40s Default 20s Description If the value of message age in the BPDU is larger than the specified value then the BPDU is discarded Forward Delay Time Range 4 30s Default 15s Function Configure status change time from Discarding to Learning or from Learning to Forwarding Message age Increment Options Compulsion Default Default Default Function Configure the value to be added to message age when a BPDU passes through a network bridge Description In compulsion mode the value is 1 In default mode the value is max max age time 16 1 Forward Delay Time Max Age Time and Hello Tim
49. e shall meet the following requirements 2 x Forward Delay Time 1 0 seconds gt Max Age Time 62 Device Advanced Configuration Max Age Time gt 2 x Hello Time 1 0 seconds 3 Enable RSTP on ports as shown in Figure 57 Port Settings FE2 VDSL 1 Disable w VDSL 2 Disable v 128 Figure 57 Port Settings Protocol Status Options Enable Disable Default Disable Function Enable or disable STP on ports Caution saunon gt An STP enabled port cannot be configured as a mirroring source or destination port STP cannot be enabled on a mirroring source or destination port gt An STP enabled port cannot be added to a trunk group STP cannot be enabled on a port added to a trunk group gt An STP enabled port cannot be configured as a ring port or backup port STP cannot be enabled on a ring port or a backup port Port Priority Range 0 255 The step is 16 Default 128 63 Device Advanced Configuration Function Configure the port priority which determines the roles of ports Path Cost Range 1 200000000 Default 2000000 10M port 200000 100M port Description The path cost of a port is used to calculate the best path The value of the parameter depends on the bandwidth The larger the value the lower the cost You can change the role of a port by changing the value of this parameter To configure the
50. e the same configuration to a logical port The member ports in a trunk group not only can share the flow 44 Device Advanced Configuration to but also can become a dynamic backup of each other to enhance the connection reliability 6 5 2 Implementation As shown in Figure 40 three ports in Switch A aggregate to a trunk group and the bandwidth of the trunk group is the total bandwidth of three ports Switch A Link aggregation Switch B Figure 40 Port Trunk If Switch A sends packets to Switch B by way of the aggregated link Switch A determines the member port for transmitting the traffic based on the calculation result of load sharing When one member port of the aggregated link fails the traffic transmitted through the port is taken over by another normal port based on traffic sharing algorithm 6 5 3 Explanation Port trunk and the following port operations are mutually exclusive gt Port trunk is mutually exlusive with port redundancy A port added to a trunk group cannot be configured as a redundant port while a redundant port cannot be added to a trunk group gt Port trunk is mutually exclusive with port mirroring A port added to a trunk 45 Device Advanced Configuration group cannot be configured as a mirroring destination source port In addition the following operations are not recommended gt Adda trunk member port to a unicast multicast entry gt Add a port in a static unicast multicast en
51. e user is granted corresponding rights Accounting calculates 125 Device Advanced Configuration the number of resources consumed in the user connection process These resources contain the connecting time or the transmitted and received data in the user connection process The accounting process can be executed according to statistics logs in the connection process and the user information and the authorization control bill and trend analysis resource utilization and capacity planning Currently the network connection server interface coordinating with AAA server is the TACACS protocol 6 23 3 Web Configuration 1 Configure authentication method order as shown in Figure 121 Authentication Method Order Configuration tacacs local Figure 121 Configuring Authentication Method Authentication Method Order Configuration Options local tacacs local tacacs tacacs local Default local Function Select the order of login authentication Description Local indicates local authentication in which the user name and password created on the device are used tacacs indicates tacacs authentication in which the user name and password configured on the tacacs server are used Local tacacs indicates that local authentication is first adopted and tacacs authentication is used only after local authentication fails tacacs local indicates that tacacs authentication is first adopted and 126 Device Advanced Configuration
52. e wants to leave a multicast group the device will send an IGMP leave packet destination IP address 224 0 0 2 6 8 4 Web Configuration 1 Enable IGMP Snooping and enable or disable auto query as shown in Figure 49 52 Device Advanced Configuration Figure 49 Enabling IGMP Snooping IGMP Snooping Status Options Enable Disable Default Disable Function Enable or disable IGMP Snooping IGMP Snooping and static multicast cannot be enabled at the same time Auto Query Status Options Enable Disable Default Disable Function Enable or disable auto query for querier election Description The auto query function can be enabled only if IGMP Snooping is enabled f i Caution V J The auto query function on a network shall be enabled on at least one switch CAUTION 2 View the multicast member list as shown in Figure 50 IGMP Member List 01 00 5E 00 01 01 01 00 5E 7F FF FE 01 00 5E 51 09 08 01 00 5E 7F FF FA 01 00 5E 0A 18 03 Figure 50 IGMP Snooping Member List IGMP Member List 53 Device Advanced Configuration Combination MAC address VLAN ID member port In the FDB multicast table dynamically learned through IGMP Snooping the VLAN ID is the VLAN ID of member ports 6 8 5 Typical Configuration Example As shown in Figure 51 IGMP Snooping is enabled on Switch 1 Switch 2 and Switch 3 Auto query is enabled on Switch 2 and Switch 3 The IP address of S
53. ected for each port 3 Configure 802 1p priority queue mapping Click lt 802 1P Priority gt in Figure 70 The following page is displayed 802 1P Priority 0 7 Queue 0 LOWEST 1 SECLOW 2 SECHIGH 3 HIGHEST Figure 72 802 1p Priority Queue Mapping 802 1p Priority Configuration 79 Device Advanced Configuration Combination Priority Queue Range 0 7 0 3 Default Priority 0 and 1 are mapped to queue 0 priority 2 and 3 are mapped to queue 1 Priority 4 and 5 are mapped to queue 2 priority 6 and 7 are mapped to queue 3 Function Configure the mapping between 802 1p priority and queue 4 Configure DSCP priority queue mapping Click lt DSCP Priority gt in Figure 70 The following page is displayed DSCP Priority 0 63 eer 0 sl oscr EECH o mosca e Joers E Figure 73 DSCP Priority Queue Mapping DSCP Priority Configuration Combination DSCP QoS Queue Range 0 63 0 3 Default Priority 0 to 63 is mapped to queue 0 80 Device Advanced Configuration Function Configure the mapping between DSCP priority and queue 6 13 4 Typical Configuration Example As shown in Figure 74 port 1 to port 4 forward packets to port VDSL 1 The DSCP priority carried by packets from port 1 is 6 which is mapped to queue 3 The 802 1p priority carried by packets from port 2 is 2 which is mapped to queue 1 The 802 1p priority carried by packets from port 3 is 4
54. em to doc and txt files File downloading is to download the saved configuration files from the server to switch as shown in Figure 24 and Figure 25 27 Basic Configuration Upload File E 192 168 0 23 eeng Figure 24 Configuration File Upload Download File EI 192 168 0 23 Figure 25 Configuration File Download Caution CAUTION After configuration is downloaded to the switch you need to restart the switch to make the configuration take effect 28 Device Advanced Configuration 6 Device Advanced Configuration 6 1 Port Rate Configuration 6 1 1 Overview Port rate configuration is to limit the number of port received transmitted packets and drop the data that is over the limitation Ingresses limit the rate of the selected packets while egresses limit the rate of all packets The rate of the following packets is limited at the ingress gt Multicast packets packets manually added or learned through IGMP Snooping gt Flooded unicast packets packets not added manually or learned from source MAC addresses gt Broadcast storm packets with the destination MAC address as FF FF FF FF FF FF 6 1 2 Web Configuration 1 Add port rate configuration as shown in Figure 26 29 Device Advanced Configuration The restricted speed is disabled when itis setto 0 Set Packet Type for Rate Control Kbps Kbps Kbps Kbps Kbps Kbps Kbps Kbps Kbps Kbps Figure 26 Port Ra
55. eport to the member port list If a router port exists it is also added to the member port 51 Device Advanced Configuration list Then the switch forwards the IGMP report to other devices through the router port so that the other devices establish the same multicast entry 6 8 3 Principles IGMP Snooping manages and maintains multicast group members by exchanging related packets among IGMP enabled devices The related packets are as follows gt General query packet The querier periodically sends general query packets destination IP address 224 0 0 1 to confirm whether or not the multicast group has member ports After receiving the query packet a non querier device forwards the packet to all its connected ports gt Specific query packet If a device wants to leave a multicast group it sends an IGMP leave packet After receiving the leave packet the querier sends a specific query packet destination IP address IP address of the multicast group to confirm whether the group contains other member ports gt Membership report packet If a device already joins in a multicast group the device will send an IGMP report packet upon receiving an IGMP query packet to tell others in the group that it is alive If the device wants to join in a group it will send an IGMP report packet to the IGMP querier proactively The destination IP address of the report packet is the IP address of the multicast group gt Leave packet If a devic
56. er 52 6 8 4 Web CGontouraton EE 52 6 8 5 Typical Configuration Example sessssssseeeereeeseserrrrrnnneeeeee 54 6 9 ARP Configuration EE 55 ECH EES aa 55 6 9 2 EE 55 6 9 3 Web CGontouraton 56 6 10 EE 57 610 1 a ei tes cals vada te ct tada ces A AE 57 CHE Basi Concepts isror EEN 58 610 3 BP DUE asina a a 58 6 10 4 Implementation ee 59 6 10 5 Web CGontouraton 61 6 10 6 Typical Configuration Example sssssssseeeeeeeeeeeererrrnrneeee 64 6 11 RSTP Transparent Transmission seeseessennnneeeeeeeenrnnrreeeeeernne 66 6 11 1 e E 66 6 11 2 Web Configuration EE 67 6 11 3 Typical Configuration Example eeeeeeeeeeeeeeeeeeeeees 68 6 12 DT Ring Re e LEE 68 6 121 e 68 6 122 Eelere 68 612 3 Implementation a EEEa 69 6 12 4 Web CGontouraton 72 6 12 5 Typical Configuration Example esssesssereenneessserrrrrnnnneesee 75 6 13 Ree EI en BE 76 6 13 1 Overview EE 76 613 2 PMNCIDIC ninaa a a ea ane eee 77 6 13 3 Web Configuration EE 78 6 13 4 Typical Configuration Example 2 ceeeeeeeeeeeeeeeeeeeees 81 6 14 MAG AGING TING EE 82 Gate raises eons Sassen dase etek inital istelteit ictal lt Siete 82 6 14 2 Web CGontouraton EE 82 Oro E 83 6 15 1 REENEN 83 6 15 2 Web Configuration ME 83 6 16 RTE edd A 83 GL e EE 83 LE De Le DEE 84 6 16 3 Typical Configuration Example ssssssssseeeneeeseeesrrrennnneesee 85 617 SNTP caai a aaee 87 6 171 e EE 87 6 17 2 Web CGontoura
57. erating Information 18 Basic Configuration 5 Basic Configuration 5 1 IP Address 1 Display switch IP address by using console port Use console port to log into switch command line interface Enter the show interface command in the user view to check the switch IP address As shown in Figure 14 the IP address is circled in red Switch HyperTerminal File Edit View Call Transfer Help De SZ 28 Serial number S3G2VXK System name SWITCH Location Chongxin Mansion Building Xijing Road 28 Shijingshan District eijing Contact 86 10 88798888 No password set SWITCH show interface eth unit number 0 Tape E 0x8063 L oont MULTICAST ARP RUNNING Not ER Ge Ge age Mac 0000 2153 9984 lo unit number 0 Flags x8869 UP GE MULTICAST ARP RUNNING Type SOFTWARE_LOOPBAC Internet address 127 d 0 1 Netmask Oxff00OOOA Subnetmask AxffOOQAQA Net Ox7f 00000 Subnet 8x7f000000 SWITCHH_ Connected 0 00 31 Auto detect 9600 8 H 1 Figure 14 Viewing IP Address 2 IP address configuration Switch IP address and gateway can be configured manually as shown in Figure 15 00 1E CD 18 30 40 192 168 0 123 255 255 255 0 192 168 0 2 Basic Configuration Figure 15 IP Address Caution gt IP address and gateway must be in the same network segment otherwise the IP address cannot be modified gt For the series switches the change in IP
58. figuration on switches 1 Enable MOTD as shown in Figure 77 2 Configure customized information Welcome as shown in Figure 78 3 Select SN and system name as shown in Figure 79 4 After configuration is completed the user login page will display the selected information as shown in Figure 80 and Figure 81 85 Device Advanced Configuration Layer 2 Switch IPX Welcome Welcome Serial number System name User Name Password C Save Password Serial Number S3GEMXX System Name SWITCH KYLAND TECHNOLOGY CO LTD All Rights Reserved Figure 80 Login Page of Web UI S3G2UXX SWITCH Figure 81 Login Page of Telnet Interface 86 Device Advanced Configuration 6 17 SNTP 6 17 1 Overview The Simple Network Time Protocol SNTP synchronizes time between server and client by means of requests and responses As a client the switch synchronizes time from the server according to packets of the server Multiple SNTP servers can be configured for one switch but only one can be active ata time The SNTP client sends a request to each server one by one through unicast The server that responds first is in an active state The other servers are in an inactive state Caution A gt The switch cannot serve as the SNTP server CAUTION gt To synchronize time by SNTP there must be an active SNTP server 6 17 2 Web Configuration 1 Enable SNTP Select the server and se
59. ftware version update requires an FTP server 5 5 1 Software Update by FTP Install an FTP server The following uses WFTPD software as an example to introduce FTP server configuration and software update 1 Click Security Users Rights The Users Rights Security Dialog dialog box is displayed Click lt New User gt to create a new FTP user as shown in 23 Basic Configuration Figure 19 Create a user name and password for example user name admin and password 123 Click lt OK gt Ho log file open WFIPD File Edit View Logging Messages Security Help User Name User New User Delete Change Pass Home Directory I Restricted to home Help Rights gt gt Change Password Verify Password Kl Ceci Help For Help press F1 1 socket 0 users NUM Figure 19 Creating a New FTP User 2 Input the storage path of the update file in Home Directory as shown in Figure 20 Click lt Done gt 24 Basic Configuration No log file open FIPD User Rights Security Dialog User Name admin e Usare New User Delete Change Pass Home Director F test version Restricted to home Help Rights gt gt For Help press F1 1 socket Ousers NUM Figure 20 File Storage Path 3 To update the BootROM software input the following command in the management view Switch update bootrom File_name Ftp_server_ip_address User_name Pas
60. ged and are assigned to the isolation domain of VLAN 200 4 Set VLAN300 VLAN100 and VLAN200 to PVLAN members as shown in Figure 35 6 4 Port Mirroring 6 4 1 Overview Port mirroring function is that the switch copies all received or transmitted data frames in a port mirroring source port to another port mirroring destination port and the mirroring destination port connects with a protocol analyzer or RMON monitor for network monitoring management and fault diagnosis 6 4 2 Explanation A switch supports only one mirroring destination port but there is no such restriction on mirroring source ports and it supports one or multiple source ports Multiple source ports can be in the same VLAN or in different VLANs Mirroring source port and destination port can be in the same VLAN or in different VLANs Source port and destination port cannot be the same port 42 Device Advanced Configuration Caution CAUTION gt Port mirroring and Port Trunk are mutually exclusive The mirroring source destination port cannot be added into a Trunk group while the ports added to a Trunk group cannot be set to a mirroring destination source port gt Port mirroring and port redundancy are mutually exclusive The mirroring destination source port cannot be set to a redundant port while the redundant port cannot be set to a mirroring source destination port 6 4 3 Web Configuration 1 Select the mirroring destinatio
61. ghboring device connected to the local switch IP address and MAC address of the neighboring device Caution saunen To display LLDP information LLDP must be enabled on the two connected devices LLDP is a link layer detection protocol and enabled by default 6 16 MOTD 6 16 1 Overview Message Of The Day MOTD is used to configure the login page information 83 Device Advanced Configuration such as the welcome message SN address and contact 6 16 2 Web Configuration 1 Enable MOTD as shown in Figure 77 O pe Figure 77 Enabling MOTD MOTD Status Options Enable Disable Default Enable Function Enable or disable MOTD 2 Configure customized information as shown in Figure 78 Welcome A A NOTE Message will show in the format which you input and if you dont input a ENTER all the message will be show in one line Figure 78 Configuring Customized Information MOTD Range 1 255 bytes Function Configure customized information The information will be displayed in the user login page 3 Select the information to be displayed as shown in Figure 79 Device Advanced Configuration Information Select Serial Number System Name C Location TT Contact Figure 79 Selecting the Information to be Displayed Select the information to be displayed on the user login page 6 16 3 Typical Configuration Example Configure user login information including Welcome SN and system name Con
62. he Serial Card VLAN ID Range 1 4093 Default 1 Function Configure the VLAN ID of the serial card system After the VLAN ID is configured the serial card system can only receive the packets of the specified VLAN 2 View the IP address MAC address and VLAN ID of the serial card system 192 168 03 00 11 22 33 44 55 Figure 130 Settings of the Serial Card 133 Appendix Acronyms Appendix Acronyms Acronym AAA ACL ARP BPDU CLI CRC DSCP FTP IGMP IGMP Snooping LLDP MAC MIB NMS OID QoS RMON RSTP SNMP SNTP STP SSH TACACS TCP ToS Full Spelling Authentication Authorization Accounting Access Control List Address Resolution Protocol Bridge Protocol Data Unit Command Line Interface Cyclic Redundancy Check Differentiated Services CodePoint File Transfer Protocol Internet Group Management Protocol Internet Group Management Protocol Snooping Link Layer Discovery Protocol Media Access Control Management Information Base Network Management Station Object Identifier Quality of Service Remote Network Monitoring Rapid Spanning Tree Protocol Simple Network Management Protocol Simple Network Time Protocol Spanning Tree Protocol Secure Shell Terminal Access Controller Access Control System Transmission Control Protocol Type of Service 134 Appendix Acronyms VDSL Very high speed Digital Subscriber Line VLAN Virtual Local Area Network WRR Weighted Round Robin 135
63. he destination you want to connect to Host Name for IP address Port 192 168 0 2 22 Connection type ORaw OTelnet ORlogin SSH Serial Load save or delete a stored session Saved Sessions Default Settings Rlogin SSH Serial Close window on exit Odlways ONever Only on clean exit Figure 112 SSH Client Configuration 4 Click lt Open gt The following page is displayed Click lt Yes gt PuTTY Security Alert The server s host key is not cached in the registry You have no quarantee that the server is the computer you think it is The server s rsaz key fingerprint is ssh rsa 1040 2 49 83 80 b7 a8 9c 7a 03 43 d8 3d 29 56 02 5d If you trust this host hit Yes to add the key to PuTTY s cache and carry on connecting If you want to carry on connecting just once without adding the key to the cache hit No TF you do not trust this host hit Cancel to abandon the connection Figure 113 Alarm Information 5 Enter user name ddd and password 123 The switch configuration page is displayed as shown in Figure 114 118 Device Advanced Configuration 192 168 0 2 PulTY login as ddd ddd 192 168 0 2 s password sWITCH gt Figure 114 SSH Login Interface Password Authentication gt An SSH user adopts key authentication 1 Destroy the old key pair create the new key pair and start the SSH server as shown in Figure 104 Figure 105
64. hey can 38 Device Advanced Configuration communicate with the uplink port at the same time Isolation domains cannot communicate to each other Figure 33 PVLAN Application As shown in Figure 33 the shared domain is VLAN 100 and the isolation domains are VLAN 10 and VLAN 30 the devices in the isolation domains can communicate with the device in the shared domain such as VLAN 10 can communicate with VLAN 100 VLAN 30 can also communicate with VLAN100 but the devices in different isolation domains cannot communicate with each other such as VLAN 10 cannot communicate with VLAN 30 Caution L When a PVLAN enabled Tag port forwards a frame carrying a VLAN tag the NOTE VLAN tag will be removed 6 3 2 Web Configuration 1 Enable PVLAN function on port as shown in Figure 34 39 Device Advanced Configuration VLAN Name wlan arm NOTE If there is only one portin this VLAN the port can not be Untag Figure 34 Enabling PVLAN In VLAN configuration interface Tag ports can enable PVLAN function If the VLAN is a shared domain the uplink port should be set to untagged and the downlink port should be set to tagged If the VLAN is an isolation domain the downlink port should be set to untagged and the uplink port should be set to tagged 2 Select VLAN members for PVLAN as shown in Figure 35 Untagged Port VLAN List vlan 100 vlan 200 vlan 300 Figure
65. ilure the status of the slave port changes to forwarding gt Slave station A ring can include multiple slave stations Slave stations 68 Device Advanced Configuration listen to and forward DT Ring packets and report fault information to the master station gt Backup port The port for communication between DT rings is called the backup port gt Master backup port When there are multiple backup ports in a ring the master backup port is the backup port corresponding to a larger device MAC address and it is in a Forwarding state Slave backup port When there are multiple backup ports in a ring all the other ports except the master backup port are slave backup ports and they are in a blocking state gt Forwarding state A port can forward and receive data gt Blocking state A port can receive and forward only DT Ring packets but cannot receive or forward any other data packets 6 12 3 Implementation 1 Implementation of DT Ring The master port on the master station periodically sends DT Ring packets to detect ring status If the slave port of the master station receives the packets the ring is closed otherwise the ring is open When a ring is closed the master port of the master station is in forwarding state the slave port in a blocking state and all ring ports of slave stations are in a forwarding state A ring may be open in the following cases gt The master port of the master station fails The
66. including static and dynamic entries Operation Select a static entry in the Number column Click lt Delete gt to delete the entry Caution A CAUTION You cannot delete dynamic ARP entries 6 10 RSTP Configuration 6 10 1 Overview Standardized in IEEE802 1D the Spanning Tree Protocol STP is a LAN protocol used for preventing broadcast storms caused by link loops and providing link backup STP enabled devices exchange packets and block certain ports to prune loops into trees preventing proliferation and endless 57 Device Advanced Configuration loops The drawback of STP is that a port must wait for twice the forwarding delay to move to the forwarding state To overcome the drawback IEEE creates 802 1w standard to supplement 802 1D IEEE802 1w defines the Rapid Spanning Tree Protocol RSTP Compared with STP RSTP achieves much more rapid convergence by adding alternate port and backup port for the root port and designated port respectively When the root port is invalid the alternate port can enter the forwarding state quickly 6 10 2 Basic Concepts gt Root bridge serves as the root for a tree A network has only one root bridge The root bridge changes with network topology The root bridge periodically sends BPDU to the other devices which forward the BPDU to ensure topology stability gt Root port indicates the best port for transmission from the non root bridges to the root bridge The
67. iption After port alarm is enabled Link Up is displayed for a port connected properly Link Down is displayed for a port disconnected or connected abnormally DT RING Alarm Status Options Ring Open Ring Close Description After ring alarm is enabled Ring Open is displayed for an open ring while Ring Close is displayed for a closed ring 6 19 SNMPv2 6 19 1 Overview The Simple Network Management Protocol SNMP is a framework using TCP IP to manage network devices With the SNMP function the administrator can query device information modify parameter settings monitor device status and discover network faults 6 19 2 Implementation SNMP adopts the management station agent mode Therefore SNMP involves two types of NEs NMS and agent gt The Network Management Station NMS is a station running SNMP enabled network management software client It is the core for the network management of an SNMP network gt Agent is a process in the managed network devices It receives and processes request packets from the NMS When an alarm occurs the agent proactively reports it to the NMS 91 Device Advanced Configuration The NMS is the manager of an SNMP network while the agent is the managed device of the SNMP network The NMS and agents exchange management packets through SNMP SNMP involves the following basic operations gt Get Request gt Get Response gt Get Next Request gt Set Request gt Trap The NMS sends
68. is disabled by a protocol you need to enable it manually to use the function If the Administration Status is Disable the Operation Status is Disable forcibly Auto Options Enable Disable Default Enable Function Configure the auto negotiation status of ports Description When Auto is enabled the port speed and duplex mode will be automatically negotiated according to port connection status when Auto is 21 Basic Configuration disabled the port speed and duplex mode can be configured Speed Options 10M 100M Function forced port speed Description When Auto is disabled the port speed can be configured Duplex Options Half Full Function Configure the duplex mode of ports Description When Auto is disabled the port duplex mode can be configured Caution A 10 100Base TX ports can be configured to auto negotiation 10M amp full duplex 10M amp half duplex 100M amp full duplex and 100M amp half duplex gt VDSL ports can be configured to auto negotiation 100M amp full duplex You are advised to enable auto negotiation for each port to avoid the connection problems caused by mismatched port configuration If you want to force port speed duplex mode please make sure the same speed configuration in the connected ports at both ends Flow Control Options Off On Default Off Function Enable Disable flow control function on the designated port Description Once the flow control function is enabled
69. key 20130327T Format of Key Value algo name pubkey keyinfo algo name ssh rsa ssh dsa pubkey base64 code less than 2048Byte keyinfo more info for this key Figure 107 SSH Key Configuration Key Name Range 3 20 characters Function Configure the key name A maximum of three keys can be configured Key Type Forcible configuration RSA Description The product supports only the RSA algorithm Key Value Format Algorithm name public key key information Algorithm name ssh rsa ssh dsa Public key 64 bit code based less than 2048 bytes Key information more information about the key 115 Device Advanced Configuration Function Configure the public key for the client Description The public key is usually generated by Puttygen and copied to the key value of the server The private key is saved in the client 2 View the public key list You can delete a selected key entry as shown in Figure 108 Public Key List C1 333 RSA Cla 111 RSA Fi3 222 RSA Figure 108 Public Key List gt Configuration steps of SSH user 1 Configure the SSH user as shown in Figure 109 SSH User Managerment ddd o me Figure 109 SSH User Configuration User Name Range 3 20 characters Function Create the user name You can configure a maximum of four users Authentication Type Options Public Key Password Default Password Function Configure the authentication type
70. line 6 25 2 Web Configuration VDSL 1 LinkUp Annex 30a v D v co VDSL 2 LinkUp annexA 30a vw s co Figure 128 VDSL Configuration 131 Device Advanced Configuration Output Power Options AnnexA 17a AnnexA 30a AnnexB 17a 997 AnnexB 30a 997 Default AnnexA 30a Function Configure the signal output power of the VDSL port SNR Options 6dB 9dB Default 9dB Function Configure the SNR of the VDSL port Running Role Options CO CPE Function Display the role of the VDSL port Description Two connected VDSL ports cannot have the same role They can communicate properly only if they are configured as CO and CPE respectively 6 26 Serial Card Management 6 26 1 Overview The series switches support dual systems that is switch system and programmable protocol converter serial card system The switch system mainly implements the exchange of Ethernet data For detailed operations see related chapters in this document The serial card system achieves conversion between Ethernet and serial protocol data For detailed operations refer to the S ICOM3172 Programmable Protocol Converter Web Operation Manual In the switch system you can view the IP and MAC addresses as well as configuring the VLAN ID of the serial card system 6 26 2 Web Configuration 1 Configure the VLAN ID of the serial card system 132 Device Advanced Configuration Dy Figure 129 VLAN Configuration of t
71. lt Apply gt The content in is a window name or a menu name For example click File The content in is a group For example IP address MAC address means that IP address and MAC address are a group and they can be configured and displayed together Multi level menus are separated by gt For example Start All Programs Accessories Click Start menu click the submenu All programs then click the submenu Accessories Select one from two or more options that are separated by For example Add Subtract means addition or subtraction It means a range For example 1 255 means a range from 1 to 255 2 CLI conventions Format Explanation Bold Commands and keywords for example show version appear in bold font Italic Parameters for which you supply values are in italic font For example in the show vlan vian id command you need to supply the actual value of vlan id 3 Symbol conventions Symbol Explanation The matters need attention during the operation and configuration a Caution and it is a supplement to the operation content L Not Necessary explanations to operation contents NOTE ote The matters that call for special attention Incorrect operation might Warning cause data loss or damage to devices Preface Product Documents The documents of SICOM3172 series industrial Ethernet switches inc
72. lude Name of Document Content Introduction Introduces hardware structure hardware SICOM3172 Industrial Ethernet Switch specifications mounting and dismounting Hardware Installation Manual methods of SICOM3172 Introduces the switch software functions SICOM3172 Industrial Ethernet Switch Web Web configuration methods and steps of Operation Manual all functions Document Obtainment Product documents can be obtained by gt CD or manual delivered with the device gt Kyland website bp www kand com Product Introduction 1 Product Introduction 1 1 Overview SICOM3172 includes a series of access and aggregation devices tailored specifically for the integrated cabinet of the intelligent transportation industry The devices support DT Ring securing reliable operation SICOM3172 supports long distance data transmission over telephone lines via the EoVDSL port simplifying network topology 1 2 Software Features This series switches provide abundant software features satisfying customers various requirements gt Redundancy protocols RSTP STP DT Ring gt Multicast protocols IGMP Snooping static multicast gt Switching attributes VLAN PVLAN QoS ARP gt Bandwidth management port trunk and port rate limiting gt Security TACACS SSH AAA gt Synchronization protocol SNTP gt Device management FTP software update configuration upload download gt Device diagnosis port
73. n in Figure 27 33 Device Advanced Configuration Select the ports to be added to the VLAN and set port parameters as shown in Figure 28 Untagged Port VLAN List o default 1 Figure 27 Creating a VLAN VLAN Name vlan wwo BE E FE2 Untagged v 1 v Dicable FE3 FE4 ees Disable 4 0 Disable Disable NOTE If there is only one portin this VLAN the port can not be Untag Figure 28 VLAN Configuration VLAN Name Range 1 31 characters Function set VLAN name VLAN ID Range a number in the range of 2 4093 Function Configure VLAN ID Description VLAN ID is used to distinguish different VLANs This series switches support max 256 VLANs VLAN Member Options Tagged Untagged Function select the port type in VLAN 34 Device Advanced Configuration Priority Range 0 7 Default 0 Function set the port default priority When adding an 802 1Q Tag into an untagged packet the PRI field is this priority value PVLAN Options Enable Disable Default Disable Function For Tag port enable PVLAN or not More information about PVLAN will be provided in a later section Caution CAUTION An Untag port can be added to only one VLAN and its VLAN ID is the port PVID By default itis VLAN 1 but a tag port can be added to multiple VLANs 2 Display VLAN list as shown in Figure 29 Untagged Port VLAN List TT default 1
74. n port as shown in Figure 37 zw Figure 37 Selecting a Mirroring Port Monitoring Port Options Disable A switch port Default Disable Function Select a port to be the mirroring destination port There is one and only one mirroring destination port 2 Select mirroring source ports and the mirroring mode as shown in Figure 38 Mirrored Port Mode M FE1 RX A TX v FE2 RX FE3 RX v FE4 TX v Cvps 1 RX Clos RX 43 Device Advanced Configuration Figure 38 Mirroring Source Port Mode Options RX TX RX amp TX Function Select the data to be mirrored TX mirrors only the transmitted packets of the source port RX mirrors only the received packets of the source port TX amp RX mirrors all packets of the source port 6 4 4 Typical Configuration Example As shown in Figure 39 the mirroring destination port is port 2 and the mirroring source port is port 1 All packets received and transmitted by port 1 are mirrored to port 2 Message prcocessingin device Source port Destination port PRS Mirrored port Mirroring port Data monitoring device Figure 39 Port Mirroring Example Configuration process 1 Set port 2 to the mirroring destination port as shown in Figure 37 2 Set port 1 to the mirroring source port and the port mirroring mode is set to RX amp TX as shown in Figure 38 6 5 Port Trunk 6 5 1 Overview Port trunk is to bind a group of physical ports that hav
75. nfigure the static multicast address table You can add an entry to the table in lt multicast MAC address VLAN multicast member port gt format When receiving multicast packets the switch searches the table for the corresponding member port to forward the packets The device supports up to 256 multicast entries 6 7 2 Web Configuration 1 Enable static multicast as shown in Figure 46 Figure 46 Enabling Static Multicast FDB Multicast Status Options Enable Disable Default Disable 49 Device Advanced Configuration Function Enable or disable static multicast Static multicast and IGMP Snooping cannot be enabled at the same time 2 Add a static multicast entry as shown in Figure 47 Static FDB Multicast List Configuration 010101010101 1 1 4093 Port List FEI FE2 Figure 47 Adding a Static Multicast Entry MAC Combination HHHHHHHHHHHH H is a hexadecimal number Function Configure the multicast group address The lowest bit of the highest byte is 1 VLAN ID Options All existing VLANs Function Set the VLAN ID of the entry Only the member ports of the VLAN can forward the multicast packets Member Port List Select member ports for the multicast address If hosts connected to a port need to receive the packets from a multicast address you can configure the port as the member port of the multicast address 3 View modify or delete a static multicast entr
76. ng Time 20 10 60min Figure 52 Configuring Aging Time ARP Aging Time Range 10 60 minutes Default 20 minutes Function Configure ARP aging time Description ARP aging time is the duration from when a dynamic ARP entry is added to the table to when the entry is deleted from the table 2 Add a static ARP entry as shown in Figure 53 ARP address 192 168 0 41 020000000223 Figure 53 Adding a Static ARP Entry ARP address Combination IP address MAC address Format A B C D HHHHHHHHHHHH H is a hexadecimal number Function Configure static ARP entry Caution CAUTION gt The IP address of a static ARP entry must be on the same network 56 Device Advanced Configuration segment with the IP address of the switch gt If the IP address of a static entry is the IP address of the switch the system automatically maps the IP address to the MAC address of the switch gt In general the switch automatically learns ARP entries Manual configuration is not required 3 View or delete an ARP entry as shown in Figure 54 ARP address oO 192 168 0 41 02 00 00 00 02 23 static 192 168 0 211 00 1E CD 00 00 02 dynamic 192 168 0 217 90 FB AS 3C CA 7E dynamic 192 168 0 233 00 00 E8 5E 20 12 dynamic Figure 54 ARP Address ARP Address Combination IP address MAC address Flags Function Display ARP entries
77. nput exit or end to view functions return to the management view When the switch is configured through the CLI can be used to get command help In the help information there are different parameter description formats for example lt 1 255 gt means a number range lt H H H H gt means an IP address lt H H H H H H gt means a MAC address word lt 1 31 gt means a string range In addition t and can be used to scroll through recently used commands 2 2 Switch Access by Console Port You can access a switch by its console port and the hyper terminal of Windows system or other software that supports serial port connection such as HTT3 3 The following example shows how to use the console port and Hyper Terminal to access the switch 1 Connect the serial port of a PC to the console port of the switch with a DB9 RJ45 cable 2 Run the Hyper Terminal in Windows desktop Click Start All Programs Accessories Communications Hyper Terminal as shown in Figure 1 Switch Access S HyperTerminal Entertainment Network Connections System Tools 2 Network Setup Wizard QJ Address Book a Administrator 17 Calculator 2 Wireless Network Setup Wizard BY Command Prompt eg lt e Internet Gi My Documents Notepad Internet Explorer Yy Paint o 3 My Recent Documents Rear 7 E mail Program Compatibility Wizard ke Outlook Express Set Program Access and Defaults Ge Remote Deskt
78. op Connection il Synchronize E Tour windows xP 8 Microsoft Update e Windows Media Play s G Windows Explorer cessorie A WordPad C Tour Windows XP len Games a d ei Startup Files and Settings Tr Wizard Internet Explorer MSN ES Command Prompt kd A Outlook Express New Connection Wizard W Windows Catalog x9 MSN windows Update s Remote Assistance Windows media Player All Programs ei WinRAR off fe Turn OFF Computer Figure 1 Starting the Hyper Terminal 3 Create a new connection Switch as shown in Figure 2 Connection Description K New Connection Enter a name and choose an icon for the connection Name Switch ia G EKEIER Figure 2 Creating a New Connection 4 Connect the communication port in use as shown in Figure 3 Switch Access Connect To wt D Switch Enter details for the phone number that you want to dial Country region Area code Phone number Connect using m v Figure 3 Selecting the Communication Port Note To confirm the communication port in use right click My Computer and click NOTE Property gt Hardware Device Manager Port to view the communication port 5 Set port parameters Bits per second 9600 Data bits 8 Parity None Stop bits 1 and Flow control None as shown in Figure 4 Switch Access COM1 Properties Port Settings
79. p Download 27 6 Device Advanced CGontguraton EE 29 6 1 Port Rate Configuration ccccececccceeneeeeeeeeeeeeeeeeeneeeeeeeeeeeeteee 29 G e LEE 29 6 1 2 Web Configuration BEE 29 6 1 3 Typical Configuration Example sessssssseeeneeeeesesrerrnnnneeee 31 6 2 VLAN Configuration cccccceceeeeeeeeeeeeceeeeeeeeeeeeeseeeeaeeeeeeeeeeeeeee 31 6 2 1l HOVEWIOW eege 31 0 2 2 PRINCI Esseni iisen eaii ii 31 6 2 3 ee 32 6 2 4 Web Configuration s 2 ccc ciecca ccesccncccestcenedecceecadentennndenasecececes 33 6 2 5 Typical Configuration Example ceeeeeeeeeeeeeeeeeeeees 37 6 3 PVLAN Config ratio msna cei caso eae alee as 38 6 3 1 e EE 38 6 3 2 Web Configuration DEE 39 6 3 3 Typical Configuration Example cceeeeeeeeeeeeeeeeeteees 41 BA POR OEING DE 42 6 4 1 Ovetrview EE 42 6 4 2 Explanation BEE 42 6 4 3 Web CGontouraton 43 6 4 4 Typical Configuration Example sessssssseeeneeeseseerrrnnnneeee 44 EN o a El 44 e EH 44 De IMpleMenallOnicsscaccs EE 45 GE SE el E Le DEE 45 6 5 4 Web Configuration EE 46 6 5 5 Typical Configuration Example seeceeeeeeeeeeeeeeeteees 47 6 6 LNK EE 48 EECH EE 48 6 6 2 Web CGontouraton 48 6 7 Static Multicast Address E EE 49 EH GEET 49 6 7 2 Web Configuration E 49 60 8 ole 51 6 8 1 Ovenvlew ese ceeccecccecceccaeccucceeeceececeaeecuccaeeceecuecaeeceecueeaeeseeeass 51 6 8 2 Basic Concepts 51 6 8 3 alt
80. r then the priority of the BPDU is higher gt If the root path costs of two BPDUs are also the same the designated bridge IDs designated port IDs and IDs of the port receiving the BPDUs are further compared in order The BPDU with a smaller ID has a higher priority 3 Selection of the root bridge The root bridge of the spanning tree is the bridge with the smallest bridge ID 4 Selection of the root bridge A non root bridge device select the port receiving the best BPDU as the root port 5 BPDU calculation of the designated port Based on the BPDU of the root port and the path cost of the root port a device calculated a designated port BPDU for each port as follows gt Replace the root bridge ID with the root bridge ID of the BPDU of the root port gt Replace the root path cost with the root path cost of the root port BPDU 60 Device Advanced Configuration plus the path cost of the root port gt Replace designated bridge ID with the ID of the local device gt Replace the designated port ID with the ID of the local port 6 Selection of the designated port If the calculated BPDU is better then the device selects the port as the designated port replaces the port BPDU with the calculated BPDU and sends the calculated BPDU If the port BPDU is better the device does not update the port BPDU and blocks the port Blocked ports can receive and forward only RSTP packets but not other packets 6 10 5 Web Configuration 1 Enabl
81. ransmission cannot be enabled on RSTP enabled ports 67 Device Advanced Configuration 6 11 3 Typical Configuration Example As shown in Figure 59 Switch A Switch B Switch C and Switch D form a DT ring and Switch E and Switch F form an RSTP ring In the RSTP ring the entire DT ring serves as a transparent link to forward RSTP packets of Switch E and Switch F gt Configure Switch A Switch B Switch C and Switch D as a DT ring For details see DT Ring Configuration gt Enable RSTP on the involved ports of Switch E and Switch F as shown in Figure 55 and Figure 57 gt Enable RSTP transparent transmission on ports A1 A2 A3 B1 B2 B3 C1 C2 D1 and D2 as shown in Figure 60 6 12 DT Ring Configuration 6 12 1 Overview DT Ring and DT Ring are Kyland proprietary redundancy protocols They enable a network to recover within 50ms when a link fails ensuring stable and reliable communication 6 12 2 Basic Concepts gt Master station One ring has only one master station The master station forwards DT Ring packets and detects the current status of the ring gt Master port On the master station the first port whose link status changes to up is called the master port It is in forwarding state gt Slave port On the master station the port whose link status changes to up later is called the slave port When the ring is closed the slave port is in blocking state When a ring is open due to a link or port fa
82. s Each table can contain 16 entries These tables determine whether specific users can access MIB information You can create multiple users in the user table Each user uses different security policies for authentication and encryption You can define MIB access rights in the access table by group name context name security model and security level The group table is the collection of multiple users In the group table access rights are defined based on user groups All the users of a group have the rights of the group The context table identifies the strings that can be read by users irrespective of security models 6 20 3 Web Configuration 1 Configure the user table as shown in Figure 97 Device Advanced Configuration Figure 94 98 Device Advanced Configuration USER TABLE Figure 94 SNMPv3 User Table Configuration User Name Range 4 16 characters Function Create the user name Authentication protocol Options NONE HMAC MD5 HMAC SHA Default NONE Function Select an authentication algorithm Authentication password Range 4 16 characters Function Create password for a user 2 Configure the access table as shown in Figure 95 99 Device Advanced Configuration ACCESS TABLE AuthNoPriv NoAuthNoPriv NoAuthNoPriv NoduthNoPriv v NoduthNoPriv NoAuthNoPriv NoduthNoPriv v i L
83. ssor Layer 2 switching of high performance dx Security design at the level of industry Offer four FE ports two VDSL ports and two serial channel Support VLAN IGMP Snooping Port Mirroring lt Port Trunk Port rate control lt DT RING DT RING RSTP redundancy protect mechanism SSL SSH Used widely in various industry fields KYLAND TECHNOLOGY CO LTD ALL RIGHTS RESERVED Figure 9 Web Interface You can expand or collapse the navigation tree by clicking lt Expand gt or lt Collapse gt on the top of the navigation tree Also you can perform corresponding operations by clicking Save Configuration or Load Default in the navigation tree In the upper right corner you can click lt P X gt to switch to the Chinese interface and lt Exit gt to exit the Web interface Caution After you have restored the default settings you need to restart the device to CAUTION make settings take effect 14 Device Management 3 Device Management Click Device Management Reboot Logout You can reboot the device or exit the Web interface Before rebooting the device you need to save the current settings as required If you have saved the settings the switch automatically configures itself with the saved settings after restart If you have not saved any settings the switch restores the factory default settings after restart 15 Device Status 4 Device Status 4 1
84. switch is 192 168 0 2 The NMS monitors and manages the Agent through SNMPv2 and reads and writes the MIB node information of the Agent When the Agent is faulty it proactively sends trap messages to the NMS as shown in Figure 93 192 168 0 23 Agent 192 168 0 2 NMS Figure 93 SNMPve2 Configuration Example Configuration on the Agent 1 Enable SNMP and v2 state as shown in Figure 89 2 Configure access rights Set read only community name to public read write community name to private and request port to 161 as shown in Figure 90 3 Enable trap sending set trap port number to 162 and IP address of server to 192 168 0 23 as shown in Figure 91 To monitor and manage the status of the Agent run the management software 96 Device Advanced Configuration for example Kyvision on the NMS For operations on Kyvision refer to the Kyvision Operation Manual 6 20 SNMPv3 6 20 1 Overview SNMPv3 provides a User Based Security Model USM authentication mechanism You can configure authentication and encryption functions Authentication is used for verifying the validity of packet sender preventing illegitimate users access Encryption is used for encrypt packets transmitted between the NMS and the Agent avoiding interception The authentication and encryption functions can improve the security of communication between the SNMP NMS and the SNMP Agent 6 20 2 Implementation SNMPVv3 provides four configuration table
85. sword Table 2 lists the parameter descriptions Table 2 Parameters for BootROM Update by FTP Parameter Description File_name Name of the BootROM version Ftp_server_ip_address IP address of the FTP server User_name Created FTP user name Password Created FTP password 4 Figure 21 shows the software update page Enter the IP address of the FTP 25 Basic Configuration server file name on the server FTP user name and password Click lt Apply gt 192 168 0 23 os img admin Figure 21 Software Update by FTP Warning The file name must contain an extension Otherwise the update may fail WARNING 5 Make sure the normal communication of FTP server and switch as shown in Figure 22 E Ho log file open FIPD File Edit View Logging Messages Security Help L 0197 03 22 13 14 26 08 Connection accepted from 192 168 0 123 C 0197 03 22 13 14 26 08 Command USER admin received C 0197 03 22 13 14 26 08 PASSword accepted L 0197 03 22713 14 26 08 User admin logged in C 0197 03 22 13 14 26 08 Command TYPE I received C 0197 03 22 13 14 26 08 TYPE set to I N C 0197 03 22 13 14 26 08 Command PASY received C 0197 03 22 13 14 26 08 Entering Passive Mode 192 168 0 23 15 95 C 0197 03 22 13 14 26 08 Command RETR os img received C 0197 03 22 13 14 26 08 RETRieve started on file os img C 0197 03 22 1
86. t other parameters as shown in Figure 82 Setz 192 168 0 23 16 16 16284Sec Figure 82 SNTP Configuration SNTP Status Options Enable Disable 87 Device Advanced Configuration Default Disable Function Enable Disable SNTP Server IP Format A B C D Function Set the IP address of the SNTP server The client synchronizes time from the server based on the packets sent by the server Interval Time Options 16 16284s Function Configure the interval for sending synchronization requests from the SNTP client to the server Time Zone Options 0 1 2 3 4 5 6 7 8 9 10 11 12 13 1 2 3 4 5 6 7 8 9 10 11 12 Default 0 Function Select the local time zone 2 Select the synchronization mode between the client and the server as shown in Figure 83 2012 07 13 11 25 18 2012 07 13 11 25 23 Pentin Sa Figure 83 Time Synchronization Mode Server Time Format yyyy mm dd hh mm ss Default 0000 00 00 00 00 00 Function Display the time obtained from the server Device Time Format yyyy mm dd hh mm ss Function Display the time of the device Update 88 Device Advanced Configuration Options Automatism Manual Default Automatism Function Select the time synchronization mode between the device and the server 3 View SNTP configuration as shown in Figure 84 192 168 0 23 active
87. te Configuration Packet Type Options Limit all frames Limit just multicast and flooded unicast frames Limit just multicast frames or Limit just broadcast frames Function Set packet type for ingress rate control InRate Range 62 100000Kbps Function limit the ingress rate of port received packets and the packets that exceed the limitation will be dropped Egress Rate Range 62 100000Kbps Function limit the egress rate of port transmitted packets Caution saunon Ifa rate value is set to 0 rate control is disabled on the port 30 Device Advanced Configuration 6 1 3 Typical Configuration Example Limit the ingress rate of multicast flooded unicast and broadcast packets received by port 1 to 70Kbps and set the egress rate of port 1 to 80Kbps Configuration steps select packet types multicast flooded unicast and broadcast packets set the ingress rate to 7OKbps and the egress rate to 80Kbps as shown in Figure 26 6 2 VLAN Configuration 6 2 1 Overview One LAN can be divided into multiple logical Virtual Local Area Networks VLANs A device can only communicate with the devices on the same VLAN As a result broadcast packets are restricted to a VLAN optimizing LAN security VLAN partition is not restricted by physical location Each VLAN is regarded as a logical network If a host in one VLAN needs to send data packets to a host in another VLAN a router or layer 3 device must be involved 6 2 2 Principle
88. the port will inform the sender to slow the transmitting speed to avoid packet loss by algorithm or protocol when the port received flow is bigger than the size of port cache If the devices work in different duplex modes half full their flow control is realized in different ways If the devices work in full duplex mode the receiving end will send a special frame Pause frame to inform the sending end to stop sending 22 Basic Configuration packets When the sender receives the Pause frame it will stop sending packets for a period of wait time carried in the Pause frame and continue sending packets once the wait time ends If the devices work in half duplex mode they support back pressure flow control The receiving end creates a conflict or a carrier signal When the sender detects the conflict or the carrier wave it will take Backoff to postpone the data transmission 5 4 Change Password You can change the password for user name admin as shown in Figure 18 admin Figure 18 Changing the Password 5 5 Software Update The switch provides better performance after software update For this series switches software updates include BootROM software version update and system software version update The BootROM software version should be updated before the system software version If the BootROM version is not changed you can update only the system software version The so
89. tion must be identical with that in the access table 101 Device Advanced Configuration 4 Configure the group table as shown in Figure 97 GROUP TABLE OO OPN OD on A v N sch CH _ Figure 97 SNMPv3 Group Table Configuration Security Name Range 4 16 characters Function Configure the name of the group name Currently each group can contain only one user Therefore the security name must be identical with the user name in the user table Security Model Options SNMPv3 SNMPv2 Default SNMPv3 Description SNMPv3 indicates USM is adopted Currently the value must be SNMPVvs 102 Device Advanced Configuration 6 20 4 Typical Configuration Example SNMP management server is connected to the switch through Ethernet The IP address of the management server is 192 168 0 23 and the switch is 192 168 0 2 User 1111 monitors and manages the Agent through SNMPv3 The authentication protocol is HMAC MD5 and the security level is AuthNoPriv as shown in Figure 98 192 168 0 23 Agent 192 168 0 2 NMS Figure 98 SNMPv3 Configuration Example Configuration on the Agent 1 Configure the SNMPv3 user table Set user name to 1111 authentication protocol to HMAC MD5 and authentication password to 1234 as shown in Figure 94 2 Configure the SNMPv3 access table Set group name to 111
90. ton EE 87 E E 89 6 18 1 Gelee 89 6 18 2 Web CGontouraton 90 Beko INA V2 coat oct soft 5225 oc sashospsasusaspsasusaspsasuaesusesuaesusesaespsasuneoaasmee 91 6 19 1 e EE 91 6 19 2 MEET 91 6 193 DI SSCIIDNOM eit cette het eed ee 92 6 194 KU 92 6 19 5 Web Configuration EE 93 6 19 6 Typical Configuration Example c cceeceeeeeeeeeeeeeeeteees 96 6 20 lt a NMP UG EE 97 BOM CEET Een 97 6 20 2 Implementation EE 97 6 20 39 Web CGonfig ration E 97 621 CHE eege A aa 104 6 2 Veil EE 104 GAEREN 104 6 21 3 Web Configuration EE 106 AANS KE 111 6 221 e 111 EE 111 6 22 3 Implementation nn 112 6 22 4 Web EE DESEN EE 112 6 22 5 Typical Configuration Example sssesssessseeeenneesesesrereeee 117 623 AAA CONIQUISION E 125 6 23 1 Overview EE 125 6 23 2 Implementation un 125 6 23 3 Web CGontouraton EE 126 6 24 TACACS Configuration te siiscces cc cccati vc dateds iaceua ti eceivda belated vacated ine 127 6 24 1 SOV TE 127 6 24 2 Web CGontouraton nn 128 6 24 3 Typical Configuration Example sseessessseeenneeseeersrreeen 130 6 25 VDSL Configuration RE 131 6 251 LEET 131 E Eu el Le E 131 6 26 Serial Card Management 132 6 26 1 EE 132 6 26 2 Web CGontouraton EE 132 Appendix ACrOnymsS 32 iaca2 uaa aa Aaa Aaa aude 134 Preface Preface This manual mainly introduces the access methods and software features of SICOM3172 industrial Ethernet switches and details Web configuration methods Content
91. ton TypeRing Port 2 DT RING SttusBackup PortChange times Figure 65 Creating a DT Ring 72 Device Advanced Configuration DT RING DT RING Enable EY EES Figure 66 DT Ring Configuration Redundancy Forcible configuration DT RING Domain ID Range 1 32 Function The domain ID is used to differentiate rings One switch supports a maximum of 16 port based rings Domain name Range 1 31 characters Function Configure the domain name Station Type Options Master Slave Default Master Function Select the role of the switch in the current ring Ring Port1 Ring Port2 Options All ports of the switch Function Select two ring ports 73 Device Advanced Configuration Caution saunon SA ring port or backup port cannot be added to a trunk group A port added to a trunk group cannot be configured as a ring port or backup port gt A ring port or backup port can be configured as a mirroring source or destination port A mirroring source or destination port cannot be configured as a ring port or backup port gt STP cannot be enabled on a ring port or a backup port An STP enabled port cannot be configured as a ring port or backup port DT Ring Options Enable Disable Default Disable Function Enable or disable the DT Ring function Backup Port Options All ports of the switch Function Select one port as the backup port Description You can configure
92. try to a trunk group Caution gt A port can be added to only one trunk group U CAUTION 6 5 4 Web Configuration 1 Add Port Trunk as shown in Figure 41 Click lt Add gt Figure 41 Configuring Port Trunk 2 Configure Port Trunk as shown in Figure 42 FEI FE2 Figure 42 Port Trunk Configuration Trunk ID Configuration range 1 to 16 Function Set the trunk group ID 46 Device Advanced Configuration Description The series switches support max 16 trunk groups and each trunk group supports max four member ports 3 View trunk group list as shown in Figure 43 trunk 1 trunk 2 Figure 43 Trunk Group List Click a trunk group in Figure 43 You can view the members of the group modify group settings or delete the group as shown in Figure 44 FEI FE3 FE2 FE4 Cancel Figure 44 Details about the Trunk Group After modifying group member settings add a new port to the group or delete a port member from the group click lt Apply gt to make the modification take effect If you click lt Delete gt you can delete the group 6 5 5 Typical Configuration Example As shown in Figure 40 port 1 port 2 and port 3 of Switch A are connected to ports of Switch B respectively forming trunk group 1 to achieve load balancing among ports Device Advanced Configuration Configuration on switches 1 Add trunk group 1 on Switch A and add port 1 port 2 and port
93. value manually select No for Cost Count Cost Count Range Yes No Default Yes Description Yes indicates the path cost of the port adopts the default value No indicates you can configure the path cost 6 10 6 Typical Configuration Example The priority of Switch A B and C are 0 4096 and 8192 Path costs of links are 4 5 and 10 as shown in Figure 58 64 Device Advanced Configuration Switch A Priority 0 Switch B Priority 4096 Switch C Priority 8192 Figure 58 RSTP Configuration Example Configuration on Switch A 1 Set priority to 0 and time parameters to default values as shown in Figure 56 2 Set the path cost of port 1 to 5 and that of port 2 to 10 as shown in Figure 57 Configuration on Switch B 1 Set priority to 4096 and time parameters to default values as shown in Figure 56 2 Set the path cost of port 1 to 5 and that of port 2 to 4 as shown in Figure 57 Configuration on Switch C 1 Set priority to 8192 and time parameters to default values as shown in Figure 56 2 Set the path cost of port 1 to 10 and that of port 2 to 4 as shown in Figure 65 Device Advanced Configuration 57 gt The priority of Switch A is O and the root ID is the smallest Therefore Switch A is the root bridge gt The path cost from AP1 to BP1 is 5 and that from AP2 to BP2 is 14 Therefore BP1 is the root port gt The path cost from AP1 to CP2 is 9 and that from AP2 to CP1 is 10 Therefore CP2 is
94. which is mapped to queue 2 The DSCP priority carried by packets from port 4 is 6 which is mapped to queue 3 Port VDSL 1 adopts the WRR scheduling mode Configuration steps 1 Select WRR for QoS mode as shown in Figure 70 2 Configure 802 1p on port 2 and port 3 and TOS DIFF on port 1 and port 4 as shown in Figure 71 3 Configure 802 1p priority 2 and 4 to map to queue 1 and 2 respectively as shown in Figure 72 4 Configure DSCP priority 6 to map to queue 3 as shown in Figure 73 DSCP 802 lp Switch Port 4 Figure 74 QoS Configuration Example Packets received through port 1 and port 4 are put into queue 3 packets received through port 2 are put into queue 1 packets received through port 3 are put into queue 2 According to the mapping between queues and weights the weight of queue 1 is 2 the weight of queue 2 is 4 and the weight of queue 81 Device Advanced Configuration 3 is 8 As a result the packets in queue 1 enjoy 2 2 4 8 bandwidth those in queue 2 enjoy 4 2 4 8 bandwidth and those in queue 3 enjoy 8 2 4 8 bandwidth Packets received through port 1 and port 4 are put into queue 3 and forwarded according to the FIFO mechanism The total bandwidth ratio of port 1 and port 4 is 8 2 4 8 6 14 MAC Aging Time 6 14 1 Overview Switch ports can learn addresses automatically The switch adds the source addresses source MAC address switch port number of received frames to the address tabl
95. witch 2 is 192 168 1 2 and that of Switch 3 is 192 168 0 2 Therefore Switch 3 is elected as the querier 1 Enable IGMP Snooping on Switch 1 2 Enable IGMP Snooping and auto query on Switch 2 3 Enable IGMP Snooping and auto query on Switch 3 switch port switch2 po Querier lt Multicast Server Figure 51 IGMP Snooping Configuration Example gt Switch 3 as the querier periodically sends general query packets Port 4 of Switch 2 receives the packets and is thus elected as the routing port Switch 2 forwards the packets through port 3 Then port 2 of Switch 1 receives the packets and is thus elected as the routing port gt When PC 1 is added to multicast group 225 1 1 1 and send IGMP report packets port 1 and port 2 routing port of Switch 1 are added to multicast group 225 1 1 1 IGMP report packets are forwarded to Switch 2 through port 2 Then port 3 and port 4 of Switch 2 are also added to multicast group 225 1 1 1 Switch 2 forwards the report packets to Switch 3 through port 4 54 Device Advanced Configuration As a result port 5 of Switch 3 is also added to multicast group 225 1 1 1 gt When receiving multicast data Switch 1 forwards the data to PC 1 through port 1 As port 2 is also a multicast group member it also forwards multicast data As the process proceeds multicast data finally reaches port 5 of Switch 3 because no further receiver is available If PC 2 is also added to multicast group 225 1 1 1
96. y as shown in Figure 48 50 Device Advanced Configuration Static FDB Multicast List O 03 01 01 01 01 01 1 FEI FE3 01 01 01 01 01 01 1 FE1FE2 Figure 48 Operations on a Static Multicast Entry The static multicast address list contains the MAC address VLAN ID and member port To delete an entry select the entry and click lt Delete gt To modify an entry select the entry and click lt Modify gt 6 8 IGMP Snooping 6 8 1 Overview Internet Group Management Protocol Snooping IGMP Snooping is a multicast protocol at the data link layer It is used for managing and controlling multicast groups IGMP Snooping enabled switches analyze received IGMP packets establish mapping between ports and MAC multicast addresses and forward multicast packets according to the mapping 6 8 2 Basic Concepts gt Querier periodically sends IGMP general query packets to query the status of the members in the multicast group maintaining the multicast group information When multiple queriers exist on a network they automatically elect the one with the smallest IP address to be the querier Only the elected querier periodically sends IGMP general query packets The other queriers only receive and forward IGMP query packets gt Router port receives general query packets on an IGMP enabled switch from the querier Upon receiving an IGMP report a switch establishes a multicast entry and adds the port that receives the IGMP r
Download Pdf Manuals
Related Search