New Template User Manual - FTP Directory Listing
Contents
1. Configuring System Information 75 M4100 M7100 Web Management User Guide Table 9 Field Description Class The Class defines the range of power a PD is drawing from the system Class definitions 0 0 44 12 95 watts 1 0 44 3 83 watts 2 0 44 6 48 watts 3 0 44 12 95 watts 4 0 44 25 5 watts Output Voltage Current voltage being delivered to device in volts Output Current Current being delivered to device in mA Output Power Current power being delivered to device in Watts Status The status is the operational status of the port PD detection e Disabled indicates no power being delivered e DeliveringPower indicates power is being drawn by device e Fault indicates a problem with the port e Test indicates port is in test mode e otherFault indicates port is idle due to error condition e Searching indicates port is not in one of the above states Fault Status Describes the error description when the PSE port is in fault status No Error indicates that the PSE port is not in any error state MPS Absent indicates that the PSE port has detected an absence of main power supply Short indicates that the PSE port has detected a short circuit condition Overload indicates that the PD connected to the PSE port had tried to provide more power than it is permissible by the hardware Power Denied indicates that the PSE port has been denied power because of shortage of2. Field Description Inventory Information Specifies if inventory TLV is received in LLDP frames on this port Hardware Revision Specifies hardware version of the remote device Firmware Revision Specifies Firmware version of the remote device Software Revision Specifies Software version of the remote device Serial Number Specifies serial number of the remote device Manufacturer Name Specifies manufacturers name of the remote device Model Name Specifies model name of the remote device Asset ID Specifies asset id of the remote device Location Information Specifies if location TLV is received in LLDP frames on this port Sub Type Specifies type of location information Location Information Specifies the location information as a string for given type of location id Extended POE Specifies if remote device is a PoE device Device Type Specifies remote device s PoE device type connected to this port Extended POE PSE Specifies if extended PSE TLV is received in LLDP frame on this port Available Specifies the remote ports PSE power value in tenths of watts Source Specifies the remote ports PSE power source Priority Specifies the remote ports PSE power priority Extended POE PD Specifies if extended PD TLV is received in LLDP frame on this port Required Specifies the remote port s PD power requirement Source Specifies the remote port s PD power source Priority Spe
3. Packets Received 128 255 Octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets Monitoring the System 341 M4100 M7100 Web Management User Guide Field Description Packets Received 256 511 Octets The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets Packets Received 512 1023 Octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets Packets Received 1024 1518 Octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets Packets Received gt 1518 Octets The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise well formed Total Packets Received Without Errors The total number of packets received that were without errors Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of good packets received that were directed to
4. Field Description Timeouts Displays the number of accounting timeouts to this server Unknown Types Displays the number of RADIUS packets of unknown type that were received from this server on the accounting port Packets Dropped Displays the number of RADIUS packets that were received from this server on the accounting port and dropped for some other reason TACACS TACACS provides a centralized user management system while still retaining consistency with RADIUS and other authentication processes TACACS provides the following services e Authentication Provides authentication during login and via user names and user defined passwords e Authorization Performed at login When the authentication session is completed an authorization session starts using the authenticated user name The TACACS server checks the user privileges The TACACS protocol ensures network security through encrypted protocol exchanges between the device and TACACS server The TACACS link contains links to the following pages e TACACS Configuration on page 252 e TACACS Server Configuration on page 253 TACACS Configuration The TACACS Configuration page contains the TACACS settings for communication between the switch and the TACACS server you configure via the inband management port To display the TACACS Configuration page click Security gt Management Security gt TACACS gt TACACS Configuration TACACS Configuration
5. M4100 M7100 Web Management User Guide CST Port Status Use the Spanning Tree CST Port Status page to display the Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Status page click Switching gt STP gt Advanced gt CST Port Status CST Port Status CST Port Status 1 LAGS All Interface PN Designated Root sai e ol cea Edge to Point CST Regional Root State Acknowledge pua 0 1 80 01 Forwarding Root 80 00 00 01 09 03 06 02 20000 80 00 00 06 02 05 06 03 80 0f True Disabled True 80 00 00 06 02 05 06 03 0 0 2 80 02 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 3 80 03 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 4 80 04 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 5 80 05 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 6 80 06 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 7 80 07 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 8 80 08 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00
6. MVR Interface Configuration 1 All Go To Interface GO a M ll D ofa Disable none Disable ACTIVE InVLAN 0 2 Disable none Disable INACTIVE InVLAN C 0 3 Disable none Disable ACTIVE INVLAN 0 4 Disable none Disable INACTIVE InVLAN O o s Disable none Disable INACTIVE InVLAN O 0 6 Disable none Disable INACTIVE InVLAN CO o 7 Disable none Disable INACTIVE InVLAN o s Disable none Disable INACTIVE InVLAN O o s Disable none Disable ACTIVE InVLAN CL 0 10 Disable none Disable INACTIVE InVLAN O o 11 Disable none Disable INACTIVE INVLAN CL o 12 Disable none Disable INACTIVE InVLAN 1 All Go To Interface GO 1 Use Interface to specify the interface you want to configure 2 Use Admin Mode to Enable or Disable MVR on a port The factory default is Disable 3 Use Type to configure the port as an MVR receiver port or a source port The default port type is none 4 Use Immediate Leave to Enable or Disable the Immediate Leave feature of MVR on a port The factory default is Disable 5 Click REFRESH to refresh the web page to show the latest MVR interface configuration 6 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Field Definition Status Displays the status of the specific port Configuring Switching Inf
7. NETGEAR ProSafe M4100 M7100 Managed Switch Web Management User Manual M4100 M7100 Web Management User Guide 2012 NETGEAR Inc All rights reserved No part of this publication may be reproduced transmitted transcribed stored in a retrieval system or translated into any language in any form or by any means without the written permission of NETGEAR Inc Technical Support Thank you for choosing NETGEAR To register your product get the latest product updates get support online or for more information about the topics covered in this manual visit the Support website at http support netgear com Phone US amp Canada only 1 888 NETGEAR Phone Other Countries Check the list of phone numbers at http support netgear com app answers detail a_id 984 Trademarks NETGEAR the NETGEAR logo ReadyNAS ProSafe ProSecure Smart Wizard Auto Uplink X RAID2 and NeoTV are trademarks or registered trademarks of NETGEAR Inc Microsoft Windows Windows NT and Vista are registered trademarks of Microsoft Corporation Other brand and product names are registered trademarks or trademarks of their respective holders Statement of Conditions To improve internal design operational function and or reliability NETGEAR reserves the right to make changes to the products described in this document without notice NETGEAR does not assume any liability that may occur due to the use or application of the product s or cir
8. community mode that each member port can forward traffic to other members in the same group but not to members in other groups Managing Device Security 292 M4100 M7100 Web Management User Guide Protected Ports Configuration If a port is configured as protected it does not forward traffic to any other protected port on the switch but it will forward traffic to unprotected ports Use the Protected Ports Configuration page to configure the ports as protected or unprotected You need read write access privileges to modify the configuration To display the Protected Ports Configuration page click the Security gt Traffic Control gt Protected Ports Protected Ports Configuration Protected Ports Configuration Group ID Group Name M To configure protected ports 1 Use Group ID to identify a group of protected ports that can be combined into a logical group Traffic can flow between protected ports belonging to different groups but not within the same group The selection box lists all the possible protected port Group IDs supported for the current platform The valid range of the Group ID is 0 to 2 2 Use the optional Group Name field to associate a name with the protected ports group used for identification purposes It can be up to 32 alphanumeric characters long including blanks The default is blank This field is optional 3 Click the orange bar to display the available ports 4
9. 1 Use Administrative Mode to select one of the options for administrative mode enable or disable The default value is disable 2 Use VLAN Assignment Mode to select one of the options for VLAN Assignment mode enable or disable The default value is disable 3 Use EAPOL Flood Mode to select one of the options for the EAPOL Flood Mode enable or disable The default value is disable 4 Use Monitor Mode to select one of the options for Monitor mode enable or disable The default value is Disable The feature monitors the dot1x authentication process and helps in diagnosis of the authentication failure cases 5 Use Users to select the user name that will use the selected login list for 802 1x port security 6 Use Login to select the login list to apply to the specified user All configured login lists are displayed Field Description Authentication List Displays the authentication list which is used by 802 1X Port Authentication Use the Port Authentication page to enable and configure port access control on one or more ports To access the Port Authentication page click Security gt Port Authentication gt Advanced gt Port Authentication Note Use the horizontal scroll bar at the bottom of the browser to view all the fields on the Port Authentication page Port Authentication Port Authentication all 3 Quiet Transmit it Guest a Unauthenticated Supplicant Server see Gees Sond ea a MAM
10. Host Mask 0 0 0 0 Host Prefix Length 8 to 32 Lease Time Infinite Days o 0 to 59 Hours o E 0 to 23 Minutes 0 0 to 59 NetBIOS Node Type b node Broadcast Next Server Address 0 0 0 0 Domain Name 0 to 255 characters Bootfile O to 128 characters The following table describes the DHCP Pool Configuration fields Configuring System Information 57 M4100 M7100 Web Management User Guide Field Description Pool Name For a user with read write permission this field would show names of all the existing pools along with an additional option Create When the user selects Create another text box Pool Name appears where the user may enter name for the Pool to be created For a user with read only permission this field would show names of the existing pools only Pool Name This field appears when the user with read write permission has selected Create in the Drop Down list against Pool Name Specifies the Name of the Pool to be created Pool Name can be up to 31 characters in length Type of Binding Specifies the type of binding for the pool e Unallocated e Dynamic e Manual Network Address Specifies the subnet address for a DHCP address of a dynamic pool Network Mask Specifies the subnet number for a DHCP address of a dynamic pool Either Network Mask or Prefix Length can be configured to specify the subnet
11. Reset All Address Conflicts Specific Address Conflict DHCP Conflicts Information Search By Conflict IP Address Go IP Address Detection Method Detection Time 1 Choose e All Address Conflicts to specify all address conflicts to be deleted e Specific Address Conflict to specify a specific dynamic binding to be deleted The following table describes the DHCP Conflicts Information fields Field Description IP Address Specifies the IP Address of the host as recorded on the DHCP server Detection Method Specifies the manner in which the IP address of the hosts were found on the DHCP Server Detection Time Specifies the time when the conflict was detected in N days NNh NNm NNs format with respect to the system up time Configuring System Information 63 M4100 M7100 Web Management User Guide DHCP Relay To display the DHCP Relay page click System gt Services gt DHCP Relay A screen similar to the following is displayed DHCP Relay DHCP Relay Maximum Hop Count Admin Mode Disable Enable Minimum Wait Time secs 0 Circuit ID Option Mode Disable Enable DHCP Status Requests Received 0 Requests Relayed 0 Packets Discarded 0 DHCP Relay Configuration 1 2 Use Maximum Hop Count to enter the maximum number of hops a client request can take before being discarded The range is 1 to 16 The default value is 4 Use Admin Mode to
12. Switching gt Device View Routing gt Services gt Security gt LLDP gt Advanced gt PoE Configuration Monitoring gt ISDP gt PoE Port Configuration Maintenance gt Timer Schedule gt Help Index REFRESH Help Page Access Every page contains a link to the online help Help __ which contains information to assist in configuring and managing the switch The online help pages are context sensitive For example if the IP Addressing page is open the help topic for that page displays if you click Help Getting Started 13 M4100 M7100 Web Management User Guide User Defined Fields User defined fields can contain 1 to 159 characters unless otherwise noted on the configuration Web page All characters may be used except for the following unless specifically noted in for that feature Table 2 lt gt Using SNMP The ProSafe Managed Switches software supports the configuration of SNMP groups and users that can manage traps that the SNMP agent generates ProSafe Managed Switches use both standard public MIBs for standard functionality and private MIBs that support additional switch functionality All private MIBs begin with a prefix The main object for interface configuration is in SWITCHING MIB which is a private MIB Some interface configurations also involve objects in the public MIB IF MIB SNMP is enabled by default The System gt Management gt System Info
13. The values in each drop down menu represent the traffic class The traffic class is the hardware queue for a port Higher traffic class values indicate a higher queue position Before traffic in a lower queue is sent it must wait for traffic in higher queues to be sent Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you make changes to the page click APPLY to apply the changes to the system Configuring Quality of Service 220 M4100 M7100 Web Management User Guide IP DSCP to Queue Mapping Use the IP DSCP to Queue Mapping page to specify which internal traffic class to map the corresponding DSCP value To display the IP DSCP Queue Mapping page click QoS gt CoS gt Advanced gt IP DSCP to Queue Mapping IP DSCP to Queue Mapping IP DSCP to Queue Mapping IP IP IP IP DSCP DSCP DSCP DSCP 0 2 3 1 lv 17 Ov 33 2 v 49 3 4 2 1i v 18 Ow 34 2 v 50 3 v 3 ly 19 ov 35 2v 51 3 v 1 v 20 ow 36 2 v 52 3 v 5 lv 21 ov 37 2 v 53 3 v 6 lv 22 ov 38 2 v 54 3 v T ee 23 ov 39 2 oF 55 3 v 8 ov 24 1 v 40 r Ai 56 3 v 9 Ov 25 1v 41 2 v 57 3 v 10 Ov 26 1i v 42 2 58 3 v 11 ov 27 LF 43 27 59 3 v 12 Ov 28 1 v 44 2v 60 3 v 13 0 v 29 1 v 45 2 v 61 3 v 14 ov 30 1 v 46 2 v 62 3 v 15 ov 31 1v 47 2 v 63 3 v To map DSCP values to queues 1 The IP DSCP field displays an IP DSCP value from 0 to 63 2 For each DSCP value specify which internal traffic class to m
14. This field is used to configure end hours e Minutes This field is used to configure end minutes Offset This field is used to configure Recurring offset Zone This field is used to configure Zone The below fields will be visible only when Summer Time is Non Recurring Field Description Begins At The fields under this are used to configure the Start values of date and time e Week This field is used to configure start week e Day This field is used to configure start day e Month This field is used to configure start month e Hours This field is used to configure start hours e Minutes This field is used to configure start minutes Ends At The fields under this are used to configure the End values of date and time e Week This field is used to configure end week e Day This field is used to configure end day e Month This field is used to configure end month e Hours This field is used to configure end hours e Minutes This field is used to configure end minutes Configuring System Information 41 M4100 M7100 Web Management User Guide Field Description Offset This field is used to configure Recurring offset Zone This field is used to configure Zone 2 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3 Click Apply to update the configurat
15. This lists all the values for the class of service match criterion in the range 0 to 7 from which one can be selected Configuring Quality of Service 231 M4100 M7100 Web Management User Guide e VLAN This is a value in the range of 0 4095 e Ethernet Type This lists the keywords for the Ethertype from which one can be selected e Source MAC Address This is the source MAC address specified as six two digit hexadecimal numbers separated by colons e Source MAC Mask This is a bit mask in the same format as MAC Address indicating which part s of the source MAC Address to use for matching against packet content e Destination MAC Address This is the destination MAC address specified as six two digit hexadecimal numbers separated by colons e Destination MAC Mask This is a bit mask in the same format as MAC Address indicating which part s of the destination MAC Address to use for matching against packet content e Protocol Type This lists the keywords for the layer 4 protocols from which one can be selected The list includes other as an option for the remaining values e Source IP Address This is a valid source IP address in the dotted decimal format e Source Mask This is a bit mask in IP dotted decimal format indicating which part s of the source IP Address to use for matching against packet content e Source L4 Port This lists the keywords for the known source layer 4 ports from which one can be select
16. 1 Slot 0 Port 22 14 2 days 19 15 16 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 15 2days 19 15 15 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 16 2 days 19 15 14 Spanning Tree Topology Change 0 Unit 1 17 2days 19 15 14 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 18 2 days 19 10 49 Spanning Tree Topology Change 0 Unit 1 19 2days 19 10 49 Spanning Tree Topology Change Received MSTID O Unit 1 Slot 0 Port 22 20 2 days 19 10 48 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 21 2 days 19 10 47 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 a gt a i Pte m Ean i ani P E The following table describes the Trap Log information displayed on the screen The page also displays information about the traps that were sent Click Clear Counters to clear all the counters This resets all statistics for the trap logs to the default values Monitoring the System 354 M4100 M7100 Web Management User Guide Field Description Number of Traps Since Last Reset The number of traps that have occurred since the switch last reboot Trap Log Capacity The maximum number of traps stored in the log If the number of traps exceeds the capacity the entries will overwrite the oldest entries Number of Traps since log last viewed The number of traps that have occurred since the tra
17. Basic gt Route Configuration Route Configuration Page Number re Routes Route Network Next Hop IP Pref D ipti Type Address Address EJ ed escription Learned Routes Network Route Next Hop naa Protocol Hop IP Preference Address Type Interface Address Route Configuration 1 Use the Route Type field to specify default or static reject If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified Network Address displays the IP route prefix for the destination Subnet Mask indicates the portion of the IP interface address that identifies the attached network This is also referred to as the subnet network mask Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing
18. Configuring System Information 26 M4100 M7100 Web Management User Guide Field Description Device Status This field specifies the current status of device Active if the device is USB plugged in and recognized by the switch Inactive if the device is not mounted Invalid if the device is not present or invalid device is plugged in Manufacturer This field displays the USB Flash Drive device Manufacturer Serial Number USB Version Compliance This field displays the USB Flash Drive device Serial Number This field displays the USB Flash Drive device Version Class Code This field displays the USB Flash Drive device Class Subclass Code This field displays the USB Flash Drive device SubClass Protocol This field displays the USB Flash Drive device Protocol Vendor ID This field displays the USB Flash Drive device vendor ID Product ID This field displays the USB Flash Drive device Product ID Click REFRESH to refresh the page with the latest information USB Memory Statistics This screen displays the memory statistics of the USB flash device The following table describes USB Memory Statistics information Field Description Total Size This field displays the USB flash device storage size Bytes Used This field displays the size of memory used on the USB flash device Bytes Free This field displays the size of memory free on the USB flash
19. DHCP Snooping Interface Configuration 1 LAGS All Go To Interface F GO Logging Interface Trust Mode Invalid Rate Limit pps Burst Interval secs Packets W Va Disable Disable N A N N Disable Disable N A N A Disable Disable N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Disable Disable N A N A Go To Interface J JA JA j d f i oc O o O o 0 O o O oO 0 oO 0O 1 Interface Selects the interface for which data is to be configured 2 If Trust Mode is enabled DHCP snooping application considers the port as trusted The factory default is disabled 3 If Logging Invalid Packets is enabled DHCP snooping application logs invalid packets on this interface The factory default is disabled 4 Use Rate Limit pps to specify rate limit value for DHCP Snooping purpose If the incoming rate of DHCP packets exceeds the value of this object for consecutively burst interval seconds the port will be shutdown If this value is N A then burst interval has no meaning hence it is disabled The default value is N A It can be set to value 1 which means N A The range of Rate Limit is 0 to 300 5 Use Burst Interval secs to specify the burst interval value for rate limiting purpose on this interface If the rate limit is N A
20. Description IpReasmTimeout The maximum number of seconds which received fragments are held while they are awaiting reassembly at this entity IpReasmReqds The number of IP fragments received which needed to be reassembled at this entity IpReasmOKs The number of IP datagrams successfully IpReasmFails re assembled The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received lpFragOKs The number of IP datagrams that have been successfully fragmented at this entity IpFragFails The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be e g because their Don t Fragment flag was set lpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at this entity IpRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid One possible reason for discarding such an entry could be to free up buffer space for other routing entries IcmpInMsgs The total number of ICMP messages which the entity received Note that this counter includes all those counted by icmplInErrors IcmpInErrors The number of ICMP messages
21. O o4 Authenticator 0 o 0 oO 0 00 00 00 00 00 00 0 o o oO o 0 0 5 Authenticator 0 o o 0 Cy 00 00 00 00 00 00 0 o 0 o 0 o O o6 Authenticator 0 o 0 oO 0 00 00 00 00 00 00 0 oO 0 oO 0 0 0 7 Authenticator 0 0 o o 0 00 00 00 00 00 00 0 o 0 o o 0 oO os Authenticator 0 0 o oO oO 00 00 00 00 00 00 0 0 o oO 0 oO 0 9 Authenticator 0 0 0 0 oO 00 00 00 00 00 00 0 it 0 0 0 o CO 0 10 Authenticator 0 o 0 o o 00 00 00 00 00 00 0 o o o o o 0 11 Authenticator 0 0 0 0 0 00 00 00 00 00 00 0 o 0 0 0 0 O 0 12 Authenticator 0 0 0 oO 0 00 00 00 00 00 00 0 oO o oO 0 0 1 All Go To Interface so The following table describes the EAP statistics displayed on the screen Use the buttons at the bottom of the page to perform the following actions e To clear all the EAP counters for all ports on the switch select the check box in the row heading and click CLEAR The button resets all statistics for all ports to default values e Toclear the counters for a specific port select the check box associated with the port and click CLEAR e Click REFRESH to refresh the data on the screen and display the most current statistics Field Description Port Selects the port to be displayed When the selection is changed a screen refresh will occur causing all fields to be updated for the newly selected port All physical interfaces are valid PAE Capabilities This displays the PAE capabilities of the selected port EAPOL Frames Received This displays th
22. Ports 1 0 6 1 0 8 are connected across switches 1 2 and 3 Configuration Examples 404 M4100 M7100 Web Management User Guide Ports 1 0 1 1 0 5 Ports 1 0 1 1 0 5 y Connected to Hosts Coniected to Hosts S Ss Ports 1 0 6 1 0 8 Connected to Switch 2 and 3 Ports 1 0 6 1 0 8 1 0 1 1 0 5 Switch 1 Connected to Switch 1 and 3 Root Bridge Wp Switch 2 Ports 1 0 6 1 0 8 Connected to Switch 2 and Rw Switch 3 Ports 1 0 1 1 0 5 Connected to Hosts Perform the following procedures on each switch to configure MSTP 1 Use the VLAN Configuration screen to create VLANs 300 and 500 see VLAN Configuration on page 137 2 Use the VLAN Membership screen to include ports 1 0 1 1 0 8 as tagged T or untagged U members of VLAN 300 and VLAN 500 see VLAN Configuration on page 137 3 From the STP Configuration screen enable the Spanning Tree State option see STP Configuration on page 158 Use the default values for the rest of the STP configuration settings By default the STP Operation Mode is MSTP and the Configuration Name is the switch MAC address 4 From the CST Configuration screen set the Bridge Priority value for each of the three switches to force Switch 1 to be the root bridge e Switch 1 4096 e Switch 2 12288 e Switch 3 20480 Note Bridge priority values are multiples of 4096 If you do not specify a root bridge and all switches have the same Bridge Priority value the switch
23. Rec a MMMM o sema razbi enable tastic asa cce ame O o2 ermal asbiz Sesble fesbic Ate isis o Merwe 2as ic 2asbi 2 stis asz 2238 O cs nemal feeble Seale gastis mate as n o Neemal Srable Srasble Sretic ate 2928 O cjs ermal asbis zasbiz asbis asa 2m8 O a emsal 2esbi 2asbie Saati ate 338 O cos nemal erable Diaskble eestis Aia asi s fiO oe ermal razbi zazdi rasti asz ims s O cfse nermai asbie enable gastie Asa 29 8 30 iO ofss ermal gastis 2as i easi aia ims 23 O o 32 seemai erable Crasble enable Asa 3538 32 2 acs all To configure port settings Use Port to select the interface for which data is to be displayed or configured Use STP Mode to select the Spanning Tree Protocol Administrative Mode for the port or LAG The possible values are e Enable Select this to enable the Spanning Tree Protocol for this port e Disable Select this to disable the Spanning Tree Protocol for this port Use the Admin Mode drop down menu to select the Port control administration state You must select enable if you want the port to participate in the network The factory default is enabled Use LACP Mode to select the Link Aggregation Control Protocol administration state The mode must be enabled in order for the port to participate in Link Aggregation May be enabled or disabled by selecting the corresponding line on the drop down entry field The factory default is enabled Use the Physical Mode drop down menu to select the port s sp
24. Serial No The sequence number of the DNS server Preference Shows the preference of the DNS Server The preference is determined by the order they were entered Host Configuration Use this page to manually map host names to IP addresses or to view dynamic DNS mappings To access this page click System gt Management gt DNS gt Host Configuration DNS Host Configuration DNS Host Configuration E Host Name 1 to 255 characters IP Address Dynamic Host Mapping Host Total Elapsed Type Addresses To add a static entry to the local DNS table 1 Specify the static host name to add Its length can not exceed 255 characters and it is a mandatory field for the user 2 Specify the IP address in standard IPv4 dot notation to associate with the hostname Configuring System Information 44 M4100 M7100 Web Management User Guide 3 Click ADD The entry appears in the list below 4 Toremove an entry from the static DNS table select the check box next to the entry and click DELETE 5 To change the hostname or IP address in an entry select the check box next to the entry and enter the new information in the appropriate field and then click APPLY 6 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch The Dynamic Host Mapping table shows host name to IP address entries that the switch has learned The following table describes the dynamic
25. a VLAN you have configured Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove VLAN Status Use this page to display the status of all currently configured VLANs To display the VLAN Status page click Switching gt VLAN gt Advanced gt VLAN Status VLAN Status VLAN Status Routing rt default Default 2 Auto VoIP AUTO VoIP 0 1 0 12 lag 1 lag 12 O 1 0 12 lag 1 lag 12 Field Definition VLAN ID The VLAN Identifier VID of the VLAN The range of the VLAN ID is 1 to 4093 VLAN Name The name of the VLAN VLAN ID 1 is always named Default Configuring Switching Information 113 M4100 M7100 Web Management User Guide Field Definition VLAN Type The VLAN type e Default VLAN ID 1 always present e Static a VLAN you have configured e Dynamic a VLAN created by GVRP registration that you have not converted to static and that GVRP may therefore remove Routing Interface The interface associated with the VLAN in the case that VLAN routing is configured for this VLAN Member Ports The ports that are included in the VLAN Configuring Switching Information 114 M4100 M7100 Web Management User Guide Port PVID Configuration The Port PVID Configuration screen lets you assign a port VLAN ID PVID to an interface There are certain requirements for a PVID e All p
26. at every poll interval SNTP Global Configuration Use the SNTP Global Configuration page to view and adjust date and time settings To display the SNTP Global Configuration page click System gt Management gt Time gt SNTP Global Configuration SNTP Global Configuration SNTP Global Configuration Client Mode Disable Unicast Broadcast Port 123 1 to 65535 Default Unicast Poll Interval 6 6 Broadcast Poll Interval 6 6 Unicast Poll Timeout 5 Unicast Poll Retry 1 Time Zone Name Offset Hours Offset Minutes 0 D to 59 SNTP Global Status Version a Supported Mode Unicast and Broadcast Last Update Time JAN 01 00 00 00 1970 UTC 0 00 Last Attempt Time JAN 01 00 00 00 1970 UTC 0 00 Last Attempt Status Other Server IP Address Address Type Unknown Server Stratum 0 Reference Clock Id Server Mode Reserved Unicast Server Max Entries 3 Unicast Server Current Entries 0 Broadcast Count 0 Configuring System Information 35 M4100 M7100 Web Management User Guide SNTP Global Configuration SNTP stands for Simple Network Time Protocol As its name suggests it is a less complicated version of Network Time Protocol which is a system for synchronizing the clocks of networked computer systems primarily when data transfer is handled via the Internet 1 Use Client Mode to specify the mode of operation of SNTP Client An SNTP client may operate in one of the following modes e Disable SNTP is not operational No SNTP r
27. bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with a non integral number of octets Rx FCS Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had a bad Frame Check Sequence FCS with an integral number of octets Monitoring the System 342 M4100 M7100 Web Management User Guide Field Description Overruns The total number of frames discarded as this port was overloaded with incoming packets and could not keep up with the inflow Total Received Packets Not Forwarded 802 3x Pause Frames Received Unacceptable Frame Type A count of valid frames received which were discarded i e filtered by the forwarding process A count of MAC Control frames received on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode The number of frames discarded from this port due to being an unacceptable frame type Total Packets Transmitted Octets The total number of octets of data including those in bad packets transmitted on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objec
28. port 1 U port 2 U and port 3 T e For the VLAN with VLAN ID 20 specify the following members port 4 U port 5 T and port 6 U 3 In the Port PVID Configuration screen see Port PVID Configuration on page 3 115 specify the PVID for ports g1 and g4 so that packets entering these ports are tagged with the port VLAN ID e Port g1 PVID 10 e Port g4 PVID 20 4 With the VLAN configuration that you set up the following situations produce results as described e If an untagged packet enters port 1 the switch tags it with VLAN ID 10 The packet has access to port 2 and port 3 The outgoing packet is stripped of its tag to leave port 2 as an untagged packet For port 3 the outgoing packet leaves as a tagged packet with VLAN ID 10 e fatagged packet with VLAN ID 10 enters port 3 the packet has access to port 1 and port 2 If the packet leaves port 1 or port 2 it is stripped of its tag to leave the switch as an untagged packet e If an untagged packet enters port 4 the switch tags it with VLAN ID 20 The packet has access to port 5 and port 6 The outgoing packet is stripped of its tag to become an untagged packet as it leaves port 6 For port 5 the outgoing packet leaves as a tagged packet with VLAN ID 20 Access Control Lists ACLs ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide traffic flo
29. the specified interface and direction and hence the attached policy if any Highlighting a member class name displays the statistical information for the policy class instance for the specified interface and direction To display the Service Statistics page click QoS gt DiffServ gt Advanced gt Service Statistics Service Statistics Statistics Type Selection Counter Mode Selector Octets Packets Service Statistics Search By Interface GO Policy Operational Member Offered Discarded Sent Interface Direction Name Status Classes Packets Octets Packets Octets Packets Octets Counter Mode Selector specifies the format of the displayed counter values which must be either Octets or Packets The default is Octets The following table describes the information available on the Service Statistics page Field Description Interface List of all valid slot number and port number combinations in the system that have a DiffServ policy currently attached in In direction Direction List of the traffic direction of interface as In Only shows the direction s for which a DiffServ policy is currently attached Policy Name Name of the policy currently attached to the specified interface and direction Operational Status Operational status of the policy currently attached to the specified interface and direction The value is either Up or Down Member Classes List of all DiffServ classe
30. 0 8 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 9 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 10 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 11 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 12 Enable Percent 5 Disable Percent 5 Disable Percent 5 1 All GoTo Port lage Field Description Broadcast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the drop down entry field When you specify Enable for Broadcast Storm Recovery and the broadcast traffic on the specified Ethernet port exceeds the configured threshold the switch blocks discards the broadcast traffic The factory default is enable Broadcast Storm Recovery Level Type Specify the Broadcast Storm Recovery Level as a percentage of link speed or as packets per second Broadcast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Multicast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the drop down entry field When you specify Enable for Multicast Storm Recovery and the multicast traffic on the specified Ethernet port exceeds the configured threshold the switch blocks discards the multicast traffic The factory default is disabled Multicast Storm Recovery Level Type Specify the Multicast Storm Recovery Level as a percentage of link speed or as packets
31. 109 VLAN Configuration Use the VLAN Configuration page to define VLAN groups stored in the VLAN membership table Each switch in the ProSafe Managed Switches family supports up to 1024 VLANs Two VLANs are created by default VLAN 1 and VLAN 2 are created e VLAN 1 is the default VLAN of which all ports are members e VLAN 2 is the default Auto VoIP VLAN To display the VLAN Configuration page click Switching gt VLAN gt Basic gt VLAN Configuration VLAN Configuration Reset Reset Configuration g Internal VLAN Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Ascending Descending HET Configuration VLAN ID VLAN Name VLAN Type Make Static default Default Ca 1 Reset Configuration If you select this checkbox and click the APPLY button all VLAN configuration parameters will be reset to their factory default values Also all VLANs except for the default VLAN will be deleted The factory default values are e All ports are assigned to the default VLAN of 1 e All ports are configured with a PVID of 1 e All ports are configured to an Acceptable Frame Types value of Admit All Frames e All ports are configured with Ingress Filtering disabled e All ports are configured to transmit only untagged frames e GVRP is disabled on all ports and all dynamic entries are cleared Configuring Switching Information 109 M4100 M7100 Web Management User Guide Internal VL
32. 2 5 00 3 94 44409940 248496 aOus oRo aS Chapter 4 Routing MLAN 230204 soieereGuee taeda dee beer a een VLAN Routing Wizard 5 50250 need ees ea ands dite aed Sends deb weed VLAN Routing Configuration 0 00 c ee eee ARP c etadtceterdteneeteiaeede ates dobdeseade piaoed sage d Chapter 5 Configuring Quality of Service Class OP SEIVICE casi a acai aen aa SoG SR Baal es Baten Gaia He M4100 M7100 Web Management User Guide BASIC 65 o5 al ed 4 eke RSG PR hed ad SARA 217 AdVanCEd 5 5 cece 5 Ace eG ie e tei Gs A RRS RAGA REALE ae 219 Differentiated Services 0 0 0 ccc eee 224 DiffServ WIZE sca cid tara e asia daaegtaoaaacsld Ait Wiad aa 225 BaSe enera a N a a eof han a a ae Bee Ore 226 POVENCEG oinaren a a a e Cath aea 228 Chapter 6 Managing Device Security Management Security Settings n a auaa aaa 242 Loc USE 25200 drer anarie a a EEEN 242 Enable Password Configuration a asua auaa aeaa 245 Line Password Configuration 24 2 4 6 6246 oe aaae 245 RADIUS sroga areira EA AE A NR ea 246 TACACSicrdaw ads a nacete RERA EPIA AGRA Seam RTR aAA 252 Authentication List Configuration 0 000 e eee eee 254 LOGIN SESSIONS sie iren aa nda o Saute aun E a nai aiagd 259 Configuring Management Access auaa 0000 eee ee 259 PIE ga aidtetardgd on deae ie ae aes eather adden ada aed mca asa 260 HUMPS 2 iveteded eine Shine bbe E E E E dai onwhe dima 262 DO cl ncke chateau A terros bali
33. 30 0 29 169 osapiTimer 0 00 0 10 0 10 171 _interrupt_thread 0 00 0 00 0 01 System CPU Status The following table describes CPU Memory Status information Field Description Total System Memory The total memory of the switch in KBytes Available Memory The available memory space for the switch in KBytes Configuring System Information 24 M4100 M7100 Web Management User Guide CPU Utilization Information This page displays the CPU Utilization information which contains the memory information task related information and percentage of CPU utilization per task Configuring System Information 25 M4100 M7100 Web Management User Guide USB Device Information This page displays the USB device details such as manufacturer vendor product ID and status of the USB flash device To display the USB device information page click System gt Management gt USB Device Information A screen similar to the following is displayed USB Device Information USB Device Details Device Status Manufacturer Serial Number USB Version Compliance Class Code Subclass Code Protocol Vendor ID Product ID USB Memory Statistics Total Size Bytes Used Bytes Free USB Directory Details USB Device Details This screen displays the USB device details such as manufacturer vendor product ID status of the USB flash device The following table describes USB Device Details information
34. 5 Click APPLY to save any changes to the running configuration Managing Device Security 321 M4100 M7100 Web Management User Guide MAC Binding Table Use the MAC Binding Table page to view or delete the MAC ACL bindings To display the MAC Binding Table click Security gt ACL gt Basic gt Binding Table MAC Binding Table MAC Binding Table ACL Sequence m totertace apna ain cists _ maaa The following table describes the information displayed in the MAC Binding Table To delete a MAC ACL to interface binding select the check box next to the interface and click DELETE 324 Field Description Interface Displays the interface of the ACL assigned Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Displays the ACL Name identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction Advanced The Advanced link contains links to the following pages e IP ACL on page 323 e IP Rules on page 324 e IP Extended Rules on page 326 e Pv6 ACL on page 328 e Pv6 Rules on page 329 e IP Binding Configuration on page 331 e Binding Table on page 333 e VLAN Binding Table on page 334 Managing Device Security 322 M4100 M7100 Web M
35. 5 Use Transmit Type Length Values to specify which optional type length values TLVs in the LLDP MED will be transmitted in the LLDP PDUs frames for the selected interface Configuring System Information 92 M4100 M7100 Web Management User Guide e MED Capabilities To transmit the capabilities TLV in LLDP frames e Network Policy To transmit the network policy TLV in LLDP frames e Location Identification To transmit the location TLV in LLDP frames e Extended Power via MDI PSE To transmit the extended PSE TLV in LLDP frames e Extended Power via MDI PD To transmit the extended PD TLV in LLDP frames e Inventory Information To transmit the inventory TLV in LLDP frames The following table describes the LLDP MED Interface Configuration fields Field Description Link Status Specifies the link status of the ports whether it is Up Down Operational Status Specifies the LLDP MED TLVs are transmitted or not on this interface LLDP MED Local Device Information To display this page click System gt LLDP gt LLDP MED gt Local Device Information A screen similar to the following is displayed Configuring System Information 93 M4100 M7100 Web Management User Guide LLDP MED Local Device Information LLDP MED Interface Selection Interface Network Policies Information Media Application Priority Type Inventory Information Hardware Revision 0x0 Firmware Revision 1 Soft
36. 9 11 20 lt 14 gt JAN 03 22 50 43 10 27 34 52 t AUTO_INSTI 427012512 aute_install_centrel c 2026 1738 Autolnstall Waiting for retry timeout lt 14 gt JAN 03 22 50 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_contrel c 3523 1737 DHCP option resolved TFTP IP address 10 9 11 20 lt 14 gt JAN 03 22 40 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_control c 2026 1735 Autolnatall Waiting for retry tenenut lt 14 gt JAN 03 22 40 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_contrel c 3523 1735 DHCP option resolved TFTP IP address 10 9 11 20 lt 13 gt JAN 03 22136100 10 27 34 52 1 TRAPMGR 1948147584 traputil c 614 1734 Spanning Tree Topology Change Received MSTID 0 Unt 1 Slot O Port 22 lt 13 gt JAN 03 22 35 59 10 27 34 S2 1 TRAPMGR 1948147584 traputil c 614 1733 Spanning Tree Topology Change Received MSTID 0 Una 1 Stot 0 Port 22 Buffered Log Configuration This log stores messages in memory based upon the settings for message component and severity On stackable systems this log exists only on the top of stack platform Other platforms in the stack forward their messages to the top of stack log 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding radio button 2 Behavior Indicates the behavior of the log when it is full It can either wrap around or stop when the log s
37. Address This indicates Sender IP address match value for the DAI ARP ACL Source MAC Address This indicates Sender MAC address match value for the DAI ARP ACL DAI Statistics This screen shows the Statistics per VLAN To display the DAI Statistics page click Security gt Control gt Dynamic ARP Inspection gt DAI Statistics Dynamic ARP Inspection Statistics DAI Statistics Bad DHCP DHCP z Bad a VLAN Source Dest Forwarded Dropped Dro P it D P it P ps ermits rops ermits MAC MAC I Field Description VLAN The enabled VLAN ID for which statistics are to be displayed DHCP Drops Number of ARP packets that were dropped by DAI as there is no matching DHCP Snooping binding entry found DHCP Permits Number of ARP packets that were forwarded by DAI as there is a matching DHCP Snooping binding entry found ACL Drops Number of ARP packets that were dropped by DAI as there is no matching ARP ACL rule found for this VLAN and the static flag is set on this VLAN ACL Permits Number of ARP packets that were permitted by DAI as there is a matching ARP ACL rule found for this VLAN Bad Source MAC Number of ARP packets that were dropped by DAI as the sender MAC address in ARP packet didn t match the source MAC in ethernet header Managing Device Security 313 M4100 M7100 Web Management User Guide Field Description Bad Dest MAC Number of ARP packets th
38. Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s address is ANDed with the mask as is the Client Address and if the values are equal access is allowed For example if the Client Address and Client IP Mask parameters are 192 168 1 0 255 255 255 0 then any client whose IP address is 192 168 1 0 through 192 168 1 255 inclusive will be allowed access To allow access from only one station use a Client IP Mask value of 255 255 255 255 and use that machine s IP address for Client Address 4 Use Access Mode to specify the access level for this community by selecting Read Write or Read Only from the drop down menu 5 Use Status to specify the status of this community by selecting Enable or Disable from the drop down menu If you select enable the Community Name must be unique among all valid Community Names or the set request will be rejected If you select disable the Community Name will become invalid 6 Click ADD to add the currently selected community to the switch 7 Click DELETE to delete the currently selected Community Name Trap Configuration This page displays an entry for every active Trap Receiver To access this page click System gt SNMP gt SNMP V1 V2 gt Trap Configuration Trap Configuration Trap Configuration Community Version Protocol Address Status Name SNMP v1 v De 1 To add a host that will receive SNMP traps enter trap configurati
39. All Go To Port Logo ee Max Allowed Staticall Security Mode Dynamically Locked MAC dzz Violation Trap Learned MAC OM E O O 0 1 Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable 0 9 Disable Disable 0 10 Disable Disable 0 11 Disable Disable 0 12 Disable Disable LAGS All iD oO Li O 0O O O O o Disable Disable Li oO 0 oO Li 1 To configure port security settings 1 Port Selects the interface to be configured Managing Device Security 288 M4100 M7100 Web Management User Guide 2 Select the check box next to the port or LAG to configure Select multiple check boxes to apply the same setting to all selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 3 Specify the following settings e Security Mode Enables or disables the Port Security feature for the selected interface e Max Allowed Dynamically Learned MAC Sets the maximum number of dynamically learned MAC addresses on the selected interface e Max Allowed Statically Locked MAC Sets the maximum number of statically locked MAC addresses on the selected interface e Violation Traps Enables or disables the sending of new violation traps designating when a packet with a disallowed MAC address is received on a locked port Dynamic MAC Address Use the Dynamic MAC Address page to convert a dynamically lea
40. Based VLAN Group Membership To display the Protocol Based VLAN Group Membership page click Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Membership Protocol Based VLAN Group Membership Protocol Based VLAN Group Membership Group 10 None Group Name A CURRENT MEMBERS 1 Use Group ID to select the protocol based VLAN Group ID for which you want to display or configure data 2 Use Port List to add the ports you selected to this Protocol Based VLAN Group Note that a given interface can only belong to one group for a given protocol If you have already added a port to a group for IP you cannot add it to another group that also includes IP although you could add it to a new group for IPX Field Description Group Name This field identifies the name for the protocol based VLAN you selected It can be up to 32 alphanumeric characters long including blanks Current Members This button can be click to show the current numbers in the selected protocol based VLAN Group Configuring Switching Information 118 M4100 M7100 Web Management User Guide IP Subnet Based VLAN IP Subnet to VLAN mapping is defined by configuring an entry in the IP Subnet to VLAN table An entry is specified via a source IP address network mask and the desired VLAN ID The IP Subnet to VLAN configurations are shared across all ports of the device To display the MAC Based VLAN page click Switching gt VL
41. Basic gt Address Table j Address Table MAC Address Table Search By VLANID yw Gaga Total MAC Addresses 43 Paano T mac aiaee O ae a 1 00 06 02 05 06 05 0 12 Learned 1 00 07 03 05 05 05 5 1 Management 1 00 0F FE 00 8E 7 6 0 12 Learned 1 00 16 9C E1 D8 00 0 12 Learned 1 00 19 E7 D3 82 2D 0 12 Learned 1 00 14 A40 14 94 FA 0 12 Learned 1 00 C0 05 01 98 05 0 12 Learned 1 00 E0 0C BC E5 60 0 12 Learned 1 C8 0A 49 32 F3 63 0 12 Learned 1 Use Search By to search for MAC Addresses by MAC Address VLAN ID and port e Searched by MAC Address Select MAC Address from drop down menu enter the 6 byte hexadecimal MAC Address in two digit groups separated by colons for example 01 23 45 67 89 AB Then click on the Go button If the address exists that entry will be displayed as the first entry followed by the remaining greater mac addresses An exact match is required Configuring Switching Information 170 M4100 M7100 Web Management User Guide e Searched by VLAN ID Select VLAN ID from drop down menu enter the VLAN ID for example 100 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses e Searched by Port Select Port from drop down menu enter the port ID in Unit Slot Port for example 2 1 1 Then click on the Go button If the address exists the entry will be displayed as the first entry followed
42. CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Excluded Address Configuration 1 Use the IP Range From field to specify the low address if you want to exclude a range of addresses Specify the address to be excluded in case you want to exclude a single address Use the IP Range To field to specify the high address if you want to exclude a range of addresses To exclude a single address enter the same IP address as specified in IP range from or leave as 0 0 0 0 Click ADD to add the exclude addresses configured on the screen to the switch Click DELETE to delete the exclude address from the switch Configuring System Information 56 M4100 M7100 Web Management User Guide DHCP Pool Configuration To display the DHCP Pool Configuration page click System gt Services gt DHCP Server gt DHCP Pool Configuration A screen similar to the following is displayed DHCP Pool Configuration DHCP Pool Configuration Pool Name Create Pool Name 1 to 31 alphanumeric characters Type of Binding Unallocated m Network Address 0 0 0 0 Network Mask 0 0 0 0 Network Prefix Length 0 to 32 Client Name ai Hardware Address 00 00 00 00 00 00 Hardware Address Type Ethernet Client 1D Host Number 0 0 0 0
43. Click the box below each port to configure as a protected port The selection list consists of physical ports protected as well as unprotected The protected ports are tick marked to differentiate between them No traffic forwarding is possible between two protected ports If left unconfigured the default state is unprotected 5 Click REFRESH to refresh the page with the most current data from the switch 6 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 7 lf you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Managing Device Security 293 M4100 M7100 Web Management User Guide Private VLAN A private VLAN contains switch ports that cannot communicate with each other but can access another network These ports are called private ports Each private VLAN contains one or more private ports and a single uplink port or uplink aggregation group Note that all traffic between private ports is blocked at all layers not just Layer 2 traffic but also traffic such as FTP HTTP and Telnet The Private VLAN link contains links to the following pages e Private VLAN Type Configuration on page 294 e Private VLAN Association Configuration on page 294 e Private Vlan Port Mode Configuration on page 295 e Private VLAN Host Interface Configuration on page 296 e Private VLAN Promiscuous Interface
44. Configuration A screen similar to the following is displayed UDP Relay Interface Configuration UDP Relay Interface Configuration Server UDP Port Hit D d Address Other Value came Count ppa A e e 1 Use Interface to select an Interface to be enabled for the UDP Relay 2 Use Server Address to specify the UDP Relay Server Address in x x x x format 3 Use UDP Port to specify UDP Destination Port The following ports are supported DefaultSet Relay UDP port 0 packets This is specified if no UDP port is selected when creating a Relay server dhcp Relay DHCP UDP port 67 packets domain Relay DNS UDP port 53 packets isakmp Relay ISAKMP UDP port 500 packets mobile ip Relay Mobile IP UDP port 434 packets nameserver Relay IEN 116 Name Service UDP port 42 packets netbios dgm Relay NetBIOS Datagram Server UDP port 138 packets netbios ns Relay NetBIOS Name Server UDP port 137 packets ntp Relay network time protocol UDP port 123 packets pim auto rp Relay PIM auto RP UDP port 496 packets rip Relay RIP UDP port 520 packets tacacs Relay TACACS UDP port 49 packet tftp Relay TFTP UDP port 69 packets time Relay time service UDP port 37 packets Other If this option is selected the UDP Port Other Value is enabled This option permits the user to enter their own UDP port in UDP Port Other Value Configuring System Information 69 M4100 M7100 Web Management User
45. Control setting is Authorized the port is unconditionally put in a force Authorized state and does not require any authentication When the Port Control setting is Auto the authenticator PAE sets the controlled port mode 3 In the Guest VLAN field for ports 1 0 5 1 0 8 enter 150 to assign these ports to the guest VLAN You can configure additional settings to control access to the network through the ports See Port Security Interface Configuration on page 6 496 for information about the settings 4 Click APPLY 5 From the 802 1X Configuration screen set the Port Based Authentication State and Guest VLAN Mode to Enable and then click APPLY See Port Security Configuration on page 287 This example uses the default values for the port authentication settings but there are several additional settings that you can configure For example the EAPOL Flood Mode field allows you to enable the forwarding of EAPoL frames when 802 1X is disabled on the device 6 From the RADIUS Server Configuration screen configure a RADIUS server with the following settings e Server Address 192 168 10 23 e Secret Configured Yes e Secret secret123 e Active Primary For more information see RADIUS on page 443 7 Click ADD From the Authentication List screen configure the default List to use RADIUS as the first authentication method See Authentication List Configuration on page 453 This example enables 802 1X based port secu
46. DELETE to delete a existing static route entry from the switch Routing 187 Learned Routes M4100 M7100 Web Management User Guide Field Description Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol created the specified route The possibilities are one of the following e Local e Static Route Type This field can be either default or static If creating a default route all that needs to be specified is the next hop IP address otherwise each field needs to be specified Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Preference The preference is an integer value from 0 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference
47. Displays the address of the neighbor Capability Displays the capability of the neighbor These are supported e Router e Trans Bridge e Source Route e Switch e Host IGMP e Repeater Platform Display the model type of the neighbor 0 to 32 Port ID Display the port ID on the neighbor Hold Time Displays the hold time for ISDP packets that the neighbor transmits Advertisement Version Displays the ISDP version sending from the neighbor Entry Last Changed Time Software Version Displays the time since last entry is changed Displays the software version on the neighbor ISDP Statistics To display this page click System gt ISDP gt Advanced gt Statistics A screen similar to the following is displayed Configuring System Information 103 M4100 M7100 Web Management User Guide ISDP Statistics ISDP Statistics ISDP Packets Received ISDP Packets Transmitted ISDPvi Packets Received ISDPvi Packets Transmitted ISDPv2 Packets Received ISDPv2 Packets Transmitted ISDP Bad Header ISDP Checksum Error ISDP Transmission Failure ISDP Invalid Format ISDP Table Full ISDP IP Address Table Full 60333 13196 60333 13196 O O O O O Q The following table describes the ISDP Statistics fields Field Description ISDP Packets Received Displays the ISDP packets received including ISDPv1 and ISDPv2 packets ISDP Packets Transmitted Displays the ISDP packets transmitte
48. Field Description Rx_dll_ready Data Link Layer ready This variable indicates that the rx system initialization is complete and is ready to update receive LLDPDU containing EEE TLV Time Since Counters Last Cleared Time Since Counters Last Cleared since the time of power up or after eee counters are cleared 5 Click Clear to clear the configuration resetting all statistics for the selected interface to default values 6 Click Apply to update the configuration on the switch 7 Click REFRESH to refresh the page with the most current data from the switch Configuring System Information 50 M4100 M7100 Web Management User Guide Green Mode Statistics Summary Use this page to view the Port Green Mode Statistics settings To access this page click System gt Management gt Green Ethernet gt Green Ethernet Summary Green Mode Statistics Summary Current Power Consumption by all ports in Stack mWatts Estimated Percentage Power Saving per stack 1000 Cumulative Energy Saving per Stack Watts Hours Green Features supported Unit Riedel this unit pan ae A 20 a T Mode jaen a E Status w i a ll Ha Enable Active 0 3 Enable Iada 0 4 Enable Active 0 5 Enable peee Enable Active 0 7 Enable ene Enable Active 0 9 Enable Aie 0 10 Enable Aae 0 11 Enable Active 0 12 Enable pee Configuring System Information 51 M4100 M7100 Web Management User Guide T
49. Guide 4 Use UDP Port Other Value to specify UDP Destination Port that lies between 0 and 65535 5 Use Discard to enable disable dropping of matched packets Enable can be chosen only when a user enters 0 0 0 0 IP address Discard mode can be set to Disable when user adds a new entry with a non zero IP address 6 Click ADD to create an entry in UDP Relay Table with the specified configuration 7 Click DELETE to remove all entries or a specified one from UDP Relay Interface Configuration Table The following table describes the UDP Relay Interface Configuration fields Field Description Hit Count Show the number of UDP packets hitting the UDP port PoE From PoE link under the System tab you can configure the PoE settings From the PoE link you can access the following pages e Basic on page 70 e Advanced on page 72 Basic Use the Basic page to configure the basic PoE settings To display the Basic PoE Configuration page click System gt PoE gt Basic gt PoE Configuration A screen similar to the following is displayed Configuring System Information 70 M4100 M7100 Web Management User Guide PoE Configuration Unit Selection Unit 1 im PoE Configuration Firmware Version 1 1 0 2 Power Status On Total Power Main AC 150 Watt Total Power RPS 0 Watt Power Source Main AC Threshold Power 135000 mw Consumed Power 14200 mw System Usage Threshold 90 1 to 99 Pow
50. IDs associated with each of them VID ID Table consisting of the VLAN IDs and the corresponding FID associated with each of them FID ID Table consisting of the FIDs and the corresponding VLAN IDs associated with each of them Configuring Switching Information 130 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages STP Configuration on page 131 CST Configuration on page 133 CST Port Configuration on page 135 CST Port Status on page 137 MST Configuration on page 138 MST Port Status on page 141 STP Statistics on page 143 STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching gt STP gt Advanced gt STP Configuration STP Configuration STP Configuration Spanning Tree Admin Mode Disable Enable Force Protocol Version IEEE 802 1d IEEE 802 1w IEEE 802 15 Configuration Name 00 04 06 02 04 07 Configuration Revision Level 0 0 to 65535 Forward BPDU while STP Disabled Disable Enable BPDU Guard Disable Enable BPDU Filter Disable Enable Configuration Digest Key 0xac36177f50283ced4b83821d8ab26de62 Configuration Format Selector 0 STP Status MST ID VID FID 0 1 1 Use Spanning Tree Admin Mode to specify whether spanning tree operation is enabled on the switch Value is enabled or disabl
51. IP destination IP address TCP UDP ports are used Use Link Trap to specify whether you want to have a trap sent when link status changes The factory default is enable which will cause the trap to be sent Use Admin Mode to select enable or disable from the drop down menu When the LAG is disabled no traffic will flow and LACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable Use STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are e Disable Spanning tree is disabled for this LAG e Enable Spanning tree is enabled for this LAG Use Static Mode to select enable or disable from the drop down menu When the LAG is enabled it does not transmit or process received LACPDUs i e the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped The factory default is disable 7 Click DELETE to remove the currently selected configured LAG All ports that were members of this LAG are removed from the LAG and included in the default VLAN Field Description LAG Description Enter the Description string to be attached to a LAG It can be up to 64 characters in length LAG ID Identification of the LAG LAG State Indicates whether the Link is up or down Configured Ports Active Ports Indicate the ports that are members of this port channel Indicat
52. IP address This type of ACL provides more granularity and filtering capabilities than the standard IP ACL e IP ACL Name Create a Named IP ACL which provides alternate to configure the IP Extended ACL IP ACL Name string must have alphanumeric characters only and must start with an alphabetic character Each configured ACL displays the following information Managing Device Security 323 M4100 M7100 Web Management User Guide e Rules Displays the number of rules currently configured for the IP ACL e Type Identifies the ACL as a basic IP ACL extended IP ACL or named IP ACL 4 To delete an IP ACL select the check box next to the IP ACL ID field then click DELETE 5 Click ADD to add a new IP ACL to the switch configuration IP Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen What is shown on this screen varies depending on the current step in the rule configuration process Note There is an implicit deny all rule at the end of an ACL list This means that if an ACL is applied to a packet and if none of the explicit rules match then the final implicit deny all rule applies and the packet is dropped To display the IP Rules page click Security gt ACL gt Advanced gt IP Rules IP Rules IP Rules ACL ID NAME 2 Basic ACL Rule Table A Rule p 3 T Match Mirror Redirect Source IP ID ee a Eve I
53. IPv4 and IPv6 e IPv4 routing Default IPv4 Data Center SDM Template Identifies the Template The possible values are e Dual IPv4 and IPv6 e IPv4 routing Default e IPv4 Data Center ARP Entries The maximum number of entries in the IPv4 Address Resolution Protocol ARP cache for routing interfaces IPv4 Unicast Routes The maximum number of IPv4 unicast forwarding table entries IPv6 NDP Entries The maximum number of IPv6 Neighbor Discovery Protocol NDP cache entries IPv6 Unicast Routes The maximum number of IPv6 unicast forwarding table entries ECMP Next Hops The maximum number of next hops that can be installed in the IPv4 and IPv6 unicast forwarding tables IPv4 Multicast Routes The maximum number of IPv4 multicast forwarding table entries IPv6 Multicast Routes The maximum number of IPv6 multicast forwarding table entries Green Ethernet Configuration You can use this page to configure the Green Ethernet settings for the switch To access this page click System gt Management gt Green Ethernet Green Ethernet Configuration Green Ethernet Configuration Auto Power Down Mode To configure the Green Ethernet settings Disable Enable Configuring System Information 46 M4100 M7100 Web Management User Guide 1 Use the Auto Power Down Mode radio buttons to enable or disable this option The factory default is enable When the port l
54. Inc d clare que l appareil Radiolan est conforme aux exigences essentielles et aux autres dispositions pertinentes de la directive 1999 5 CE Italiano Italian Con la presente NETGEAR Inc dichiara che questo Radiolan conforme ai requisiti essenziali ed alle altre disposizioni pertinenti stabilite dalla direttiva 1999 5 CE Latviski Latvian Ar o NETGEAR Inc deklar ka Radiolan atbilst Direkt vas 1999 5 EK b tiskaj m prasibam un citiem ar to saistitajiem noteikumiem Lietuviy Lithuanian Siuo NETGEAR Inc deklaruoja kad Sis Radiolan atitinka esminius reikalavimus ir kitas 1999 5 EB Direktyvos nuostatas Nederlands Dutch Hierbij verklaart NETGEAR Inc dat het toestel Radiolan in overeenstemming is met de essenti le eisen en de andere relevante bepalingen van richtlijn 1999 5 EG Malti Maltese Hawnhekk NETGEAR Inc jiddikjara li dan Radiolan jikkonforma mal htigijiet essenzjali u ma provvedimenti ohrajn relevanti li hemm fid Dirrettiva 1999 5 EC Magyar Hungarian Alul rott NETGEAR Inc nyilatkozom hogy a Radiolan megfelel a vonatkoz alapvet k vetelm nyeknek s az 1999 5 EC ir nyelv egy b eldirasainak Polski Polish Niniejszym NETGEAR Inc o wiadcza e Radiolan jest zgodny z zasadniczymi wymogami oraz pozosta ymi stosownymi postanowieniami Dyrektywy 1999 5 EC Portugu s NETGEAR Inc declara que este Radiolan est conforme com os requisitos essencia
55. Initialize 0 Not Assigned FALSE o Default N A Port Based 0 9 Auto Auto FALSE Both Versioni Authenticator Initialize Initialize o Not Assigned FALSE 0 Default Authorized Port Based 0 10 Auto N A FALSE Both Version Authenticator Initialize Initialize 0 Not Assigned FALSE o Default N A Port Based 0 11 Auto N A FALSE Both Versioni Authenticator Initialize Initialize oO Not Assigned FALSE tt Default N A Port Based 0 12 Auto Auto FALSE Both Versioni Authenticator Initialize Initialize 0 Not Assigned FALSE o Default Authorized Port Based 1 Al L Field Description Port Specifies the port whose settings are displayed in the current table row Control Mode This field indicates the configured control mode for the port Possible values are e Force Unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized e Force Authorized The authenticator PAE unconditionally sets the controlled port to authorized e Auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server e MAC Based The authenticator PAE sets the controlled port mode to reflect the outcome of authentication exchanges between a supplicant an authenticator and an authentication server on a per supplicant basis Managing Device Security 280 M4100 M7100 Web Management User Guide Field
56. Interface Interface Every Prefix Prefix Length Port e No rulas have been configured for this ACL Testi v a7 a Flow pd Rate Limit Conform Rate Limit Time Rule Label Data Rate Burst Size Range Status Port Service Managing Device Security 329 10 11 M4100 M7100 Web Management User Guide Use Rule ID to enter a whole number in the range of 1 to 511 that will be used to identify the rule An IP ACL may have up to 511 rules Use Action to specify what action should be taken if a packet matches the rule s criteria The choices are permit or deny Use Logging to enable logging for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action Use Assign Queue ID to specify the hardware egress queue identifier used to handle all packets matching this IPv6 ACL rule Valid range of Queue Ids is 0 to 7 This field is visible for a Permit Action Use Mirror Interface to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field cannot be set if a
57. MAC ACL rules Managing Device Security 317 10 M4100 M7100 Web Management User Guide Use ID to enter a whole number in the range of 1 to 511 that will be used to identify the rule Use Action to specify what action should be taken if a packet matches the rule s criteria The choices are permit or deny Use Assign Queue ID to specify the hardware egress queue identifier used to handle all packets matching this ACL rule Valid range of Queue Ids is 0 to 7 Mirror Interface to specify the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field cannot be set if a Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action Use Redirect Interface to specify the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule Use Match Every to specify an indication to match every Layer 2 MAC packet Valid values are e True Signifies that every packet is considered to match the selected ACL Rule e False Signifies that it is not mandatory for every packet to match the selected ACL Rule Use CoS to specifies the 802 1p user priority to compare against an Ethernet frame Valid range of values is 0 to 7 Use Destination MAC to specify the de
58. MAC Filter Summary on page 286 Managing Device Security 284 M4100 M7100 Web Management User Guide MAC Filter Configuration Use the MAC Filter Configuration page to create MAC filters that limit the traffic allowed into and out of specified ports on the system To display the MAC Filter Configuration page click Security gt Traffic Control gt MAC Filter gt MAC Filter Configuration MAC Filter Configuration MAC Filter Config ic MAC Filter Create Fiter v VLAN ID MAC Address Source Port Members Destination Port Members To configure MAC filter settings 1 Select Create Filter from the MAC Filter drop down menu a This is the list of MAC address and VLAN ID pairings for all configured filters To change the port mask s for an existing filter select the entry you want to change To add a new filter select Create Filter from the top of the list From the VLAN ID drop down menu select the VLAN to use with the MAC address to fully identify packets you want filtered You can change this field only when the Create Filter option is selected from the MAC Filter drop down menu In the MAC Address field specify the MAC address of the filter in the format 00 01 1A B2 53 4D You can change this field when you have selected the Create Filter option You cannot define filters for the following MAC addresses e 00 00 00 00 00 00 e 01 80 C2 00 00 00 to 01 80 C2 00 00 0F e 01 80 C2 00 00 20 to 01 80 C
59. Maintenance gt Reset gt Device Reboot Device Reboot Device Reboot Save prior to reboot Don t save prior to reboot To reboot the switch 1 Select the Save prior to reboot radio button and click the APPLY button to reboot the switch Prior to reboot the unit the current configuration will be saved first 2 Select the Don t save prior to reboot radio button and click the APPLY button to reboot the switch This option permits the user to reboot the unit without saving the current configuration Factory Default Use the Factory Default page to reset the system configuration to the factory default values Note lf you reset the switch to the default configuration the IP address is reset to 169 254 100 100 and the DHCP client is enabled If you lose network connectivity after you reset the switch to the factory defaults see Web Access on page 11 To access the Factory Defaults page click Maintenance gt Reset gt Factory Default Factory Default Factory Default Check this box and click APPLY below to return all configuration settings to default values ia To reset the switch to the factory default settings 1 Select the check box and click the APPLY button to have all configuration parameters reset to their factory default values All changes you have made will be lost even if you have issued a save You will be shown a confirmation screen after you select the button Maintenance 366 M4100 M71
60. Mode to choose the GARP Multicast Registration Protocol administrative mode for the port by selecting enable or disable from the drop down list If you select disable the protocol will not be active and Join Time Leave Time and Leave All Time have no effect The factory default is disable 4 Use Join Time centiseconds to specify the time between the transmission of GARP PDUs registering or re registering membership for a VLAN or multicast group in centiseconds Enter a number between 10 and 100 0 1 to 1 0 seconds The factory default is 20 centiseconds 0 2 seconds An instance of this timer exists for each GARP participant for each port 5 Use Leave Time centiseconds to specify the time to wait after receiving an unregister request for a VLAN or multicast group before deleting the associated entry in centiseconds This allows time for another station to assert registration for the same attribute in order to maintain uninterrupted service Enter a number between 20 and 600 0 2 to 6 0 seconds The factory default is 60 centiseconds 0 6 seconds An instance of this timer exists for each GARP participant for each port Configuring Switching Information 123 M4100 M7100 Web Management User Guide 6 Use Leave All Time centiseconds to control how frequently LeaveAll PDUs are generated A LeaveAll PDU indicates that all registrations will shortly be deregistered Participants will need to rejoin in order to maintain registration
61. Multicast gt MFDB gt MFDB Statistics MFDB Statistics MFDB Statistics Max MFDB Table Entries 1024 Most MFDB Entries Since Last Reset 0 Current Entries 0 Field Description Max MFDB Table Entries The maximum number of entries that the Multicast Forwarding Database table can hold Most MFDB Entries Since Last Reset The largest number of entries that have been present in the Multicast Forwarding Database table since last reset This value is also known as the MFDB high water mark Current Entries The current number of entries in the Multicast Forwarding Database table IGMP Snooping Internet Group Management Protocol IGMP Snooping is a feature that allows a switch to forward multicast traffic intelligently on the switch Multicast IP traffic is traffic that is destined to a host group Host groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 Based on the IGMP query and report messages the switch forwards traffic only to the ports that request the multicast traffic This prevents the switch from broadcasting the traffic to all ports and possibly affecting network performance A traditional Ethernet network may be separated into different network segments to prevent placing too many devices onto the same shared media Bridges and switches connect these segments When a packet with a broadcast or multicast destination address is received the switch will forward a
62. OR EE A 64 DACP LA Relays 4 2 064 54 404 9 4 94 4004 e Pee da oe oe eee 65 WDP REY a eid EET ETE aes eae Asatesle ace EE 67 POE pa dheidadeerid boas hl Seed Ca deN ahd NEA 70 BASIS 5 25 aaee dbus a a a DAS rah odie Bede ages DUS ek aes 70 AAVANCEG 5 nsee iid aeons Reda he Poa he e aire a ees 72 SNMP oi gins png itede nk EERE Giada dope Bibi a ded nhs ES 76 SNMP VINZ 2 nse oars So bo ote Raed E e E eA 76 SNMP VSic d 2 520 i dt dao a b dee en ei BU e ea 82 LDP acid twrtedwda tn theta erie tee tends coger dee a 83 EDP sch ass d 088 9 O49 2 RED PRBEGERLEGE OES TERE P CROSS EEEERS 84 LED PSMED ssa dias host n Rt Aaa ch kiaat Radars ere ai Sk hun Roe ah 91 SDP oyge ren ert ceased aoe e RAN haha Rea ee eats Waa ed hed 99 BaS ereas renra ech aaa Gae ae Re wae RAR OS Os nes ES aS 99 PAV ANC 2512 bg ub 5 9 RHR HOH BET ARe AG OS Fea ALONE Gog BOHEME GG 100 Timer SCHEGUIS errada Gi aac d a ahah gia E dal aus E sun Seat anata ea 105 Timer Global Configuration 22 00 2050 42 440 eee dd ede eee eee 105 Contents 3 M4100 M7100 Web Management User Guide Timer Schedule Configuration 00 c eee eee Chapter 3 Configuring Switching Information Pon COMfQUrauOns cian 2 2 dea 5 Same betes iE abode apa bho A ee kia ka POR DESCHDUON saaie tanpri tara aa damages otauia age age Link Aggregation GroupSi s 0 0 5 4282suexggangsad Bedot eeae nate LAG COniQuUranons cxcarcaigsn Daina DADA AERA GAO ERRIN ALARA LAG Memberships 5 24552
63. Preferences Route Preferences Local Static 1 1 to 255 1 Use Static to specify the static route preference value in the router The default value is 1 The range is 1 to 255 Field Description Local This field displays the local route preference value IP The IP folder contains links to the following web pages that configure and display IP routing data e Basic on page 189 e Advanced on page 197 Basic From the Basic link you can access the following pages e IP Configuration on page 189 e Statistics on page 192 IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface Routing 189 M4100 M7100 Web Management User Guide To display the IP Configuration page click Routing gt IP gt Basic gt IP Configuration IP Configuration IP Configuration Default Time to Live 64 Routing Mode Enable Disable ICMP Echo Replies Enable Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1000 0 to 2147483647 ms ICMP Rate Limit Burst Size 100 1 to 200 Maximum Next Hops 1 Maximum Routes 64 Select to configure Global Default Gateway O Global Default Gateway 1 Use Routing Mode to select enable or disable You must enable routing for the switch before you can route through any of the interfaces The default value is disable 2 Use ICMP Echo Replies to select enable or disable If it
64. Recovery mode on all ports by clicking the corresponding radio button When you specify Enable for Multicast Storm Recovery and the multicast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the multicast traffic The factory default is disabled e Unknown Unicast Storm Control All Enable or disable the Unicast Storm Recovery mode on all ports by clicking the corresponding radio button When you specify Enable Managing Device Security 299 M4100 M7100 Web Management User Guide for Unicast Storm Recovery and the Unicast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the unicast traffic The factory default is disabled Storm Control Interface Configuration To display the Storm Control Interface Configuration page click Security gt Traffic Control gt Storm Control gt Storm Control Interface Configuration Port Configuration Port Configuration 1 All Go To Port Ll aa Enable Percent 5 3 Percent 5 Disable Percent La 0 2 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 3 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 4 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 5 Enable Percent 5 Disable Percent 5 Disable Percent 5 1 o 6 Enable Percent 5 Disable Percent 5 Disable Percent 5 0 7 Enable Percent 5 Disable Percent 5 Disable Percent 5
65. Size The factory default is disabled Managing Device Security 272 10 11 12 13 14 15 16 17 M4100 M7100 Web Management User Guide Use Denial of Service Max ICMPv6 Packet Size to specify the Max IPv6 ICMP Pkt Size allowed If ICMPv6 DoS prevention is enabled the switch will drop IPv6 ICMP ping packets that have a size greater than this configured Max ICMPv6 Pkt Size Its range is 0 to 16376 The default value is 512 Use Denial of Service First Fragment to enable First Fragment DoS prevention which causes the switch to check DoS options on first fragment IP packets when switch are receiving fragmented IP packets Otherwise switch ignores the first fragment IP packages The factory default is disabled Use Denial of Service ICMP Fragment to enabling ICMP Fragment DoS prevention which causes the switch to drop ICMP Fragmented packets The factory default is disabled Use Denial of Service SIP DIP to enable SIP DIP DoS prevention which causes the switch to drop packets that have a source IP address equal to the destination IP address The factory default is disabled Use Denial of Service SMAC DMAC to enable SMAC DMAC DoS prevention which causes the switch to drop packets that have a source MAC address equal to the destination MAC address The factory default is disabled Use Denial of Service TCP FIN amp URG amp PSH to enable TCP FIN amp URG amp PSH DoS prevention which causes the switch to drop p
66. Specify configuration in text mode when you want to retrieve the stored configuration e Script File Specify script file when you want to retrieve the stored configuration e Error Log Specify error log to retrieve the system error persistent log sometimes referred to as the event log e Trap Log Specify trap log to retrieve the system trap records e Buffered Log Specify buffered log to retrieve the system buffered in memory log e Tech Support Specify Tech Support to retrieve the switch information needed for troubleshooting Maintenance 369 M4100 M7100 Web Management User Guide The factory default is Archive 2 Use Local File Name to specify the local script file name you want to upload USB File Upload Use this menu to upload a file from the switch to USB device To display the HTTP File Upload page click Maintenance gt Upload gt USB File Upload Upload File To USB Upload File To USB File Type Archive iv Image Name imagel USB File j 1 Use File Type to specify what type of file you want to upload e Archive Specify archive STK code when you want to retrieve from the operational flash e Text Configuration to specify configuration in text mode when you want to retrieve the stored configuration The factory default is Archive 2 Use Image Name to select one of the images from the list e Image Specify the code image1 when you want to retrieve e Image2 Specify th
67. Supported Capabilities Specifies supported capabilities that was received in MED TLV on this port Enabled Capabilities Specifies enabled capabilities that was received in MED TLV on this port Device Class Specifies device class as advertised by the device remotely connected to the port Network Policy Information Specifies if network policy TLV is received in the LLDP frames on this port Media Application Type Specifies the application type Types of application types are unknown voicesignaling guestvoice guestvoicesignalling softphonevoice videoconferencing streammingvideo vidoesignalling Each application type that is received has the VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such application types If a network policy TLV has been received on this port only then would this information be displayed VLAN Id Specifies the VLAN id associated with a particular policy type Priority Specifies the priority associated with a particular policy type DSCP Specifies the DSCP associated with a particular Unknown Bit Status policy type Specifies the unknown bit associated with a particular policy type Tagged Bit Status Specifies the tagged bit associated with a particular policy type Configuring System Information 97 M4100 M7100 Web Management User Guide
68. Switch To access the Trap Logs page click Monitoring gt Logs gt Trap Logs Monitoring the System 353 M4100 M7100 Web Management User Guide Trap Logs Trap Logs Number of Traps Since Last Reset 376 Trap Log Capacity 256 Number of Traps Since Log Last Viewed 376 Trap Logs Log System Up Time Trap 0 2 days 23 19 51 Spanning Tree Topology Change 0 Unit 1 T 2 days 23 19 51 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 2 2 days 23 19 50 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 3 2 days 23 19 49 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 4 2 days 23 19 48 Spanning Tree Topology Change 0 Unit 1 5 2 days 23 19 48 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 6 2 days 22 35 50 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 z 2 days 22 35 49 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 8 2 days 22 35 48 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 9 2 days 22 35 47 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 10 2 days 22 35 47 Spanning Tree Topology Change 0 Unit 1 11 2 days 22 35 47 Spanning Tree Topology Change Received MSTID 0 Unit 1 Slot 0 Port 22 12 2 days 19 15 17 Spanning Tree Topology Change 0 Unit 1 13 2days 19 15 17 Spanning Tree Topology Change Received MSTID 0 Unit
69. Switches allow ACLs to be bound to physical ports and LAGs The switch software supports MAC ACLs and IP ACLs MAC ACL Example Configuration The following example shows how to create a MAC based ACL that permits Ethernet traffic from the Sales department on specified ports and denies all other traffic on those ports f From the MAC ACL screen create an ACL with the name Sales _ACL for the Sales department of your network See MAC ACL on page 534 By default this ACL will be bound on the inbound direction which means the switch will examine traffic as it enters the port From the MAC Rules screen create a rule for the Sales _ACL with the following settings e ID 1 e Action Permit e Assign Queue ID 0 e Match Every False e Cos 0 e Destination MAC 01 02 1A BC DE EF e Destination MAC Mask 00 00 00 00 FF FF e EtherType User Value e Source MAC 02 02 1A BC DE EF e Source MAC Mask 00 00 00 00 FF FF e VLAN ID 2 For more information about MAC ACL rules see MAC Rules on page 536 From the MAC Binding Configuration screen assign the Sales_ACL to the interface gigabit ports 6 7 and 8 and then click APPLY See MAC Binding Configuration on page 538 You can assign an optional sequence number to indicate the order of this access list relative to other access lists if any are already assigned to this interface and direction The MAC Binding Table displays the interface and MAC ACL binding information See MAC Bindi
70. TACACS Configuration Key String Connection Timeout 5 To configure global TACACS settings Managing Device Security 252 M4100 M7100 Web Management User Guide 1 In the Key String field specify the authentication and encryption key for TACACS communications between the switch and the TACACS server The valid range is 0 128 characters The key must match the key configured on the TACACS server 2 In the Connection Timeout field specify the maximum number of seconds allowed to establish a TCP connection between the Managed Switch and the TACACS server 3 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 If you make any changes to the page click APPLY to apply the new settings to the system TACACS Server Configuration Use the TACACS Server Configuration page to configure up to five TACACS servers with which the switch can communicate To display the TACACS Server Configuration page click Security gt Management Security gt TACACS gt TACACS Server Configuration TACACS Server Configuration TACACS Server Configuration Timeout 1 30 OL E a O c ti uj TACACS Server Priority 0 to 65535 Port 0 to 65535 Key String KA To configure TACACS server settings 1 Use TACACS Server to configure the TACACS server IP address 2 Use Priority to specify the order in which the TACACS servers should be used It should b
71. Table specifies list of all available valid interfaces for ACL mapping All non routing physical interfaces and interfaces participating in LAGs are listed e To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that an X appears in the box e Toremove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An X in the box indicates that the ACL is applied to the interface Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Click APPLY to save any changes to the running configuration Field Description Interface Displays selected interface Direction Displays selected packet filtering direction for ACL Managing Device Security 332 M4100 M7100 Web Management User Guide Field Description ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Name Displays the ACL Number in the case of IP ACL or ACL Name in the case of named IP ACL and IPv6 ACL identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction Binding Table Use the IP Binding Table page to view or delete the IP ACL bindings To display the IP Binding T
72. The Leave All Period Timer is set to a random value in the range of LeaveAllTime to 1 5 LeaveAllTime The timer is specified in centiseconds Enter a number between 200 and 6000 2 to 60 seconds The factory default is 1000 centiseconds 10 seconds An instance of this timer exists for each GARP participant for each port Auto VolP The Auto VoIP feature enables manual and auto assignment of VoIP phone traffic to a special VLAN e g Voice VLAN allowing the assignment of special QoS parameters to that traffic giving it high priority services From the Auto VoIP link you can access the following pages e Protocol based on page 124 e Advanced on page 131 Protocol based From the Protocol based link you can access the following pages e Port Settings on page 124 Port Settings To display the Port Setting page click Switching gt Auto VoIP gt Protocol based gt Port Settings Configuring Switching Information 124 M4100 M7100 Web Management User Guide Protocol Based Port Settings Protocol Based Global Settings Prioritization Type Traffic Class Class Value 7 Protocol Based Port Settings 1 LAGS All Go To Interface eo Auto VoIP Mode Operational Status 0 1 Enable UP of2 Enable uP 0 3 Enable UP C 0 4 Enable UP m o s Enable UP C 0 6 Enable uP rm 0 7 Enable UP E o s Enable uP 0 9 Enable UP C 0 10 Enable UP 0 11 Enable
73. UP O 0 12 Enable UP 1 LAGS All Go To Interface GO 1 Use Prioritization Type to specify the type of prioritization It can be Traffic Class or Remark 2 Use Class Value to specify the CoS tag value to be reassigned for packets received on the voice VLAN when Remark CoS is enabled 3 Click CANCEL to cancel the configuration on the screen Reset the data on the screen to the latest value of the switch 4 Click APPLY to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save OUlI based From the OUI based link you can access the following pages e Properties on page 126 e Port Settings on page 126 e OUI Table on page 127 Configuring Switching Information 125 M4100 M7100 Web Management User Guide Properties To display the OUI Properties page click Switching gt Auto VoIP gt OUI based gt Properties OUI Based Properties OUI Based Properties VoIP VLAN Id 2 OUI based priority 7 i 1 Use VoIP VLAN Id to configure VoIP VLAN id on the switch Default value is 2 2 Use OUl based priority to configure OUI based priority on the switch Default value is 7 3 Click CANCEL to cancel the configuration on the screen Reset the data on the screen to the latest value of the switch 4 Click APPLY to update the switch with the values you entered If you want the switch to retain the new values across a power cy
74. Web Management User Guide e Click CLEAR to clear the messages out of the Event Log e Click REFRESH to refresh the data on the screen and display the most current information Field Description Entry The sequence number of the event Type The type of the event File Name The file in which the event originated Line The line number of the event Task Id The task ID of the event Code The event code Time The time this event occurred Persistent Logs A persistent log is a log that is stored in persistent storage Persistent storage survives across platform reboots The first log type is the system startup log The system startup log stores the first N messages received after system reboot The second log type is the system operation log The system operation log stores the last N messages received during system operation To access the Persistent Logs page click Monitoring gt Logs gt Persistent Logs Persistent Logs Persistent Logs Admin Mode Disable Enable Behavior Alert EA Message Log Total number of Messages 0 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding line on the drop down entry field 2 Behavior A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the drop down entry fie
75. a combination of both in sequence separated by You can specify individual VLAN ID Eg 10 You can specify the VLAN range values separated by a E g 10 13 You can specify the combination of both separated by Eg 12 15 40 43 1000 1005 2000 The range of the VLAN ID is 2 4093 Note The VLAN ID List given in this control will replace the configured Secondary VLAN list in the association 3 Click DELETE to delete the IP subnet based VLAN from the switch 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 If you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Field Description Interface Select the physical or LAG interface for which you want to display or configure data Operational VLAN s Displays the operational vlan s Managing Device Security 298 M4100 M7100 Web Management User Guide Storm Control A broadcast storm is the result of an excessive number of broadcast messages simultaneously transmitted across a network by a single port Forwarded message responses can overload network resources and or cause the network to time out The switch measures the incoming broadcast multicast unknown unicast packet rate per port and discards packets when the rate exceeds the defined value Storm control is enabled per interface by defining the packet
76. a media MAC address defined by a local area network LAN such as Ethernet A station needing to send an IP packet must learn the MAC address of the IP destination or of the next hop router if the destination is not on the same subnet This is achieved by broadcasting an ARP request packet to which the intended recipient responds by unicasting an ARP reply containing its MAC address Once learned the MAC address is used in the destination address field of the layer 2 header prepended to the IP packet The ARP cache is a table maintained locally in each station on a network ARP cache entries are learned by examining the source information in the ARP packet payload fields regardless of whether it is an ARP request or response Thus when an ARP request is broadcast to all stations on a LAN segment or virtual LAN VLAN every recipient has the opportunity to store the sender s IP and MAC address in their respective ARP cache The ARP response being unicast is normally seen only by the requestor who stores the sender information in its ARP cache Newer information always replaces existing content in the ARP cache The number of supported ARP entries is platform dependent Devices can be moved in a network which means the IP address that was at one time associated with a certain MAC address is now found using a different MAC or may have disappeared from the network altogether i e it has been reconfigured disconnected or powered off Th
77. accuracy We d also like to incorporate your feedback into future product development NETGEAR will never sell or rent your email address and you may opt out of communications at any time 1 To register with NETGEAR click REGISTER NOW Online Help The Online Help includes the following pages e Support on page 384 e User Guide on page 386 Support Use the Support page to connect to the Online Support site at netgear com To access the Support page click Help gt Online Help gt Support 384 M4100 M7100 Web Management User Guide Support Support Please click APPLY below to be taken to the Online Support site at netgear com To connect to the NETGEAR support site for ProSafe Managed Switches click APPLY Help 385 M4100 M7100 Web Management User Guide User Guide Use the User Guide page to access the ProSafe M4100 M7100 Managed Switch the guide you are now reading that is available on the NETGEAR Website To access the User Guide page click Help gt Online Help gt User Guide User Guide User Guide Please click APPLY button below to view the PDF User Guide s You will need Adobe Acrobat Reader to view a Guide To access to the User Guide that is available online click APPLY Help 386 Detault Settings This appendix describes the default settings for many of the NETGEAR 7000 series Managed Switch software features Table 11 Default Settings Feature D
78. and 2 16 1 it will be set to 16 and so on 3 Use Admin Edge Port to specify if the specified port is an Edge Port within the CIST It takes a value of TRUE or FALSE where the default value is FALSE 4 Use Port Path Cost to set the Path Cost to a new value for the specified port in the common and internal spanning tree It takes a value in the range of 1 to 200000000 5 Use External Port Path Cost to set the External Path Cost to a new value for the specified port in the spanning tree It takes a value in the range of 1 to 200000000 6 Use BPDU Filter to configure the BPDU Filter which filters the BPDU traffic on this port when STP is enabled on this port The possible values are Enable or Disable 7 Use BPDU Flood to configure the BPDU Flood which floods the BPDU traffic arriving on this port when STP is disabled on this port The possible values are Enable or Disable 8 Use Auto Edge to configure the auto edge mode of a port which allows the port to become an edge port if it does not see BPDUs for some duration The possible values are Enable or Disable Configuring Switching Information 135 M4100 M7100 Web Management User Guide 9 Use Root Guard to configure the root guard mode which sets a port to discard any superior information received by the port and thus protect against root of the device from changing The port gets put into discarding state and does not forward any packets The possible
79. and set security parameters for the default accounts and to add and delete accounts other than admin up to a maximum of six Only a user with Read Write privileges may modify data on this screen and only one account may be created with Read Write privileges To display the User Management page click Security gt Management Security gt Local User gt User Management User Management Manage Users Password User Name Edit Password Password Confirm Sones Lockout Expiration Password Mode Status Date M E C E A O J admin Doade lo ee j See READ_WRITE FALSE CJ guest Disable pes arses READ_ONLY FALSE 1 Use User Name to enter the name you want to give to the new account You can only enter data in this field when you are creating a new account User names are up to eight characters in length and are not case sensitive Valid characters include all the alphanumeric characters as well as the dash and underscore _ characters User name default is not valid User names once created cannot be changed modified 2 Set the Edit Password field to Enable only when you want to change the password The default value is Disable 3 Use Password to enter the optional new or changed password for the account It will not display as it is typed only asterisks will show Passwords are up to eight alpha numeric characters in length and are case sensitive 4 Use Confirm Password to enter the pass
80. b node Broadcast p node Peer to Peer m node Mixed e h node Hybrid Next Server Address Specifies the Next Server Address for the pool Domain Name Bootfile Specifies the domain name for a DHCP client Domain Name can be up to 255 characters in length Specifies the name of the default boot image for a DHCP client File Name can be up to 128 characters in length 1 Use ADD to create the Pool Configuration Configuring System Information 59 M4100 M7100 Web Management User Guide 2 Use APPLY to change the Pool Configuration Sends the updated configuration to the switch Configuration changes take effect immediately 3 Use DELETE to delete the Pool This field is not visible to a user with read only permission DHCP Pool Options To display the DHCP Pool Options page click System gt Services gt DHCP Server gt DHCP Pool Options A screen similar to the following is displayed DHCP Pool Options DHCP Pool Options No Pool Exists 1 Use Pool Name to select the Pool Name 2 Option Code specifies the Option Code configured for the selected Pool 3 Use Option Type to specify the Option Type against the Option Code configured for the selected pool e ASCII e Hex e IP Address 4 Option Value specifies the Value against the Option Code configured for the selected pool 5 Click ADD to add a new Option Code for the selected pool 6 Click DELETE to delete the Option Code for the
81. by a network manager to identify system topology and detect bad configurations on the LAN From the LLDP link you can access the following pages e LLDP on page 84 e LLDP MED on page 91 LLDP is a one way protocol there are no request response sequences Information is advertised by stations implementing the transmit function and is received and processed by stations implementing the receive function The transmit and receive functions can be enabled disabled separately per port By default both transmit and receive are disabled on all ports The application is responsible for starting each transmit and receive state machine appropriately based on the configured status and operational state of the port The Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an enhancement to LLDP with the following features e Auto discovery of LAN policies such as VLAN Layer 2 Priority and DiffServ settings enabling plug and play networking e Device location discovery for creation of location databases e Extended and automated power management of Power over Ethernet endpoints e Inventory management enabling network administrators to track their network devices and determine their characteristics manufacturer software and hardware versions serial asset number Configuring System Information 83 M4100 M7100 Web Management User Guide LLDP From the LLDP link you can access the following pages e LLDP Global Con
82. by creating a traffic class adding the traffic class to a policy and then adding the policy to the ports selected on DiffServ Wizard page The DiffServ Wizard will e Create a DiffServ Class and define match criteria used as a filter to determine if incoming traffic meets the requirements to be a member of the class e Set the DiffServ Class match criteria based on Traffic Type selection as below e VOIP sets match criteria to UDP protocol e HTTP sets match criteria to HTTP destination port e FTP sets match criteria to FTP destination port e Telnet sets match criteria to Telnet destination port e Every sets match criteria all traffic e Create a Diffserv Policy and add it to the DiffServ Class created e f Policing is set to YES then DiffServ Policy style is set to Simple Traffic which conforms to the Class Match criteria will be processed according to the Outbound Priority selection Outbound Priority configures the handling of conforming traffic as below e High sets policing action to markdscp ef e Med sets policing action to markdscp af31 e Low sets policing action to send e If Policing is set to NO then all traffic will be marked as specified below e High sets policy mark ipdscp ef e Med sets policy mark ipdscp af31 e Low sets policy mark ipdscp be e Each port selected will be added to the policy created To display the DiffServ Wizard page click QoS gt DiffServ gt DiffServ Wizard Configurin
83. by the remaining greater mac addresses Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a 6 byte MAC Address that is separated by colons for example 01 23 45 67 89 AB VLAN ID The VLAN ID associated with the MAC Address Port The port upon which this address was learned Status The status of this entry The meanings of the values are Static the value of the corresponding instance was added by the system or a user and cannot be relearned e Learned the value of the corresponding instance was learned and is being used e Management the value of the corresponding instance is also the value of an existing instance of dotidStaticAddress Configuring Switching Information 171 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages e Dynamic Addresses on page 172 e Address Table on page 173 e Static MAC Address on page 175 Dynamic Addresses This page allows the user to set the Address Aging Interval for the specified forwarding database To display the Address Table page click Switching gt Address Table gt Advanced gt Dynamic Addresses Dynamic Address Table Dynamic Address Table Address Aging Timeout seconds 300 1 Use Address Aging Timeou
84. class e Protocol Type This lists the keywords for the layer 4 protocols from which one can be selected The list includes other as an option for the remaining values e Source Prefix Length This is a valid Source IPv6 Prefix to compare against an IPv6 Packet Prefix is always specified with the Prefix Length Prefix can be entered in the range of 0 to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF and Prefix Length can be entered in the range of 0 to 128 Configuring Quality of Service 234 M4100 M7100 Web Management User Guide e Source L4 Port This lists the keywords for the known source layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports e Destination Prefix Length This is a valid Destination IPv6 Prefix to compare against an IPv6 Packet Prefix is always specified with the Prefix Length Prefix can be entered in the range of 0 to FFFF FFFF FFFF FFFF FFFF FFFF FFFF FFFF and Prefix Length can be entered in the range of 0 to 128 e Destination L4 Port This lists the keywords for the known destination layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports e Flow Label This is a 20 bit number that is unique to an IPv6 Packet used by end stations to signify Quality of Service handling in routers Flow Label can be specified in the range of 0 to 1048575 e IP DSCP This lists the keywords for the known DSCP val
85. copy into each of the remaining network segments in accordance with the IEEE MAC Bridge standard Eventually the packet is made accessible to all nodes connected to the network This approach works well for broadcast packets that are intended to be seen or processed by all connected nodes In the case of multicast packets however this approach could lead to less efficient use of network bandwidth particularly when the packet is intended for only a small number of nodes Packets will be flooded into network segments where no node has any interest in receiving the packet While nodes will rarely incur any processing overhead to filter packets addressed to unrequested group addresses they are unable to transmit new packets onto the shared media for the period of time that the multicast packet is flooded The Configuring Switching Information 147 M4100 M7100 Web Management User Guide problem of wasting bandwidth is even worse when the LAN segment is not shared for example in full duplex links Allowing switches to snoop IGMP packets is a creative effort to solve this problem The switch uses the information in the IGMP packets as they are being forwarded throughout the network to determine which segments should receive packets directed to the group address From the IGMP Snooping link you can access the following pages e IGMP Snooping Configuration on page 148 e IGMP Snooping Interface Configuration on page 149 e IGMP VLAN Configuratio
86. download files of various types to the switch using an HTTP session for example via your Web browser To display this page click Maintenance gt Download gt HTTP File Download Maintenance 373 M4100 M7100 Web Management User Guide HTTP File Download HTTP File Download File Type Archive Image Name imagel Select File Browse To download a file to the switch by using HTTP 1 Use File Type to specify what type of file you want to transfer Archive Specify archive STK code when you want to upgrade the operational flash e Image Specify the code image1 you want to download e Image2 Specify the code image2 you want to download CLI Banner Specify CLI Banner when you want a banner to be displayed before the login prompt Text Configuration Specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded Use SSH 2 DSA Key PEM File to specify SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded Use SSL Trusted Root Certificate PEM File to specify SSL Trusted Root Certificate File PEM Encoded Use SSL Server Certificate PEM File to specify SSL Server Certificate File PEM Encoded Use S
87. e ARP Table Configuration on page 212 Static ARP Cache To display the Static ARP Cache page click Routing gt ARP gt Advanced gt ARP Create Static ARP Cache ARP Static Configuration E IP Address MAC Address ARP Cache Port IP Address MAC Address Type Age ARP Static Configuration Use this screen to add an entry to the Address Resolution Protocol table Routing 210 M4100 M7100 Web Management User Guide 1 Use IP Address to enter the IP address you want to add It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 2 Use MAC Address to specify the unicast MAC address of the device Enter the address as six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 3 Click ADD to add a new static ARP entry to the switch 4 Click DELETE to delete an existing static ARP entry from the switch 5 Click APPLY to change the MAC Address mapping to the IP Configuration changes take effect immediately ARP Cache Use this screen to show ARP entries in the ARP Cache Field Description Port The associated Unit Slot Port of the connection IP Address Displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces MAC Address The unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 2
88. e DAI Interface Configuration on page 311 e DAI ACL Configuration on page 312 e DAI ACL Rule Configuration on page 312 e DAI Statistics on page 313 DAI Configuration To display the DAI Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI Configuration Dynamic ARP Inspection Configuration Dynamic ARP Inspection Global Configuration Validate Source MAC Disable Enable Validate Destination MAC Disable Enable Validate IP Disable Enable 1 Use Validate Source MAC to choose the DAI Source MAC Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable Sender MAC validation for the ARP packets will be enabled The factory default is disable 2 Use Validate Destination MAC to choose the DAI Destination MAC Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable Destination MAC validation for the ARP Response packets will be enabled The factory default is disable 3 Use Validate IP to choose the DAI IP Validation Mode for the switch by selecting Enable or Disable radio button If you select Enable IP Address validation for the ARP packets will be enabled The factory default is disable DAI VLAN Configuration To display the DAI VLAN Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI VLAN Configuration Managing Device Security 309 M4100 M7100 Web Management User Guid
89. effects on applications with strict timing requirements such as voice or multimedia Defining DiffServ To use DiffServ for QoS the Web pages accessible from the Differentiated Services menu page must first be used to define the following categories and their criteria 1 Class Create classes and define class criteria 2 Policy Create policies associate classes with policies and define policy statements 3 Service Add a policy to an inbound interface Packets are classified and processed based on defined criteria The classification criteria is defined by a class The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs A policy can contain multiples classes When the policy is active the actions taken depend on which class matches the packet Configuring Quality of Service 224 M4100 M7100 Web Management User Guide Packet processing begins by testing the class match criteria for a packet A policy is applied to a packet when a class match within that policy is found The Differentiated Services menu page contains links to the various Diffserv configuration and display features From the DiffServ link under the QoS tab you can access the following pages e DiffServ Wizard on page 225 e Basic on page 226 e Advanced on page 228 DiffServ Wizard The DiffServ Wizard enables DiffServ on the switch
90. election and operates as the querier in that VLAN The other querier moves to non querier state 3 Use Querier VLAN Address to specify the Snooping Querier Address to be used as source address in periodic MLD queries sent on the specified VLAN Field Description Operational State Operational Version Specifies the operational state of the MLD Snooping Querier on a VLAN It can be in any of the following states Querier Snooping switch is the Querier in the VLAN The Snooping switch will send out periodic queries with a time interval equal to the configured querier query interval If the snooping switch sees a better querier in the VLAN it moves to non querier mode e Non Querier Snooping switch is in Non Querier mode in the VLAN If the querier expiry interval timer is expired the snooping switch will move into querier mode e Disabled Snooping Querier is not operational on the VLAN The Snooping Querier moves to disabled mode when MLD Snooping is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Displays the operational MLD protocol version of the querier Last Querier Address Displays the IP address of the last querier from which a query was snooped on the VLAN Configuring Switching Information 162 M4100 M7100 Web Management User Guide Field Description Last Querier Version Display
91. enabled 2 Use Multicast Router to enable or disable Multicast Router on the selected interfaces Multicast Router VLAN Configuration This page configures the interface to only forward the snooped IGMP packets that come from VLAN ID lt vlanld gt to the multicast router attached to this interface The configuration is not needed most of the time since the switch will automatically detect the presence of a multicast router and forward IGMP packets accordingly It is only needed when you want to make sure that the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router VLAN Configuration page click Switching gt Multicast gt IGMP Snooping gt Multicast Router VLAN Configuration Configuring Switching Information 152 M4100 M7100 Web Management User Guide Multicast Router VLAN Configuration Multicast Router VLAN Configuration Interface Multicast Router VLAN Configuration Bi VLAN ID Multicast Router 1 Use Interface to select the interface for which you want Multicast Router to be enabled or to be displayed 2 Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is to be Enabled or Disabled 3 Use Multicast Router to enable or disable multicast router for the Vian ID IGMP Snooping Querier IGMP snooping requires that one central switch or router periodically query all end devices on the network to announce their multicast membership
92. features in the QoS tab to configure Quality of Service QoS settings on the switch The QoS tab contains links to the following features e Class of Service on page 217 e Differentiated Services on page 224 In a typical switch each physical port consists of one or more queues for transmitting packets on the attached network Multiple queues per port are often provided to give preference to certain packets over others based on user defined criteria When a packet is queued for transmission in a port the rate at which it is serviced depends on how the queue is configured and possibly the amount of traffic present in the other queues of the port If a delay is necessary packets get held in the queue until the scheduler authorizes the queue for transmission As queues become full packets have no place to be held for transmission and get dropped by the switch QoS is a means of providing consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable The presence of at least one node which is not QoS capable creates a deficiency in the network path and the performance of the entire packet flow is compromised 216 M4100 M7100 Web Management User Guide Class of Service The Class of Serv
93. host fields Field Description Host Lists the host name you assign to the specified IP address Total Amount of time since the dynamic entry was first added to the table Elapsed Amount of time since the dynamic entry was last updated Type The type of the dynamic entry Addresses Lists the IP address associated with the host name SDM Template Preference You can use this page to configure SDM template preferences for the switch To access this page click System gt Management gt DNS gt SDM Template Preference SDM Template Preference SOM Templete Preference SDM Current Templete 10 wal 1Pv and Pv SOM Next Template ID Dual IPw4 and IPS ow SOM Template ARP Entries IPv4 Unicast Routes IPv6 NDP Entries IPw6 Unicast Routes ECHP Next Hops IPv4 Multicast Routes IPv Multicast Routes To configure the SDM Template Preference settings 1 Use SDM Next Template ID to configure the next active template It will be active only after the next reboot To revert to the default template after the next reboot use the Default option Possible values are e Default e Dual IPv4 and IPv6 e Pv4 routing Default e IPv4 Data Center Configuring System Information 45 M4100 M7100 Web Management User Guide The following table displays Summary information Field Description SDM Current Template ID Displays the current active SDM Template Possible values are Dual
94. if a Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action e Redirect Interface Specifies the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the Managing Device Security 326 M4100 M7100 Web Management User Guide device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is enabled for a Permit Action Match Every Select true or false from the drop down menu True signifies that all packets will match the selected IP ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible Protocol Type Specify that a packet s IP protocol is a match condition for the selected IP ACL rule The possible values are ICMP IGMP IP TCP and UDP TCP Flag Specify that a packet s TCP flag is a match condition for the selected IP ACL rule The TCP flag values are URG ACK PSH RST SYN FIN Each TCP flag has these possible values below and can be set separately e Ignore A packet matches this ACL rule whatever the TCP flag in this packet is set or not e Set A packet matches this ACL rule if the T
95. inability of IP to route the resultant datagram In some implementations there may be no types of error which contribute to this counter s value IcmpOutDestUnreachs The number of ICMP Destination Unreachable messages sent IcmpOutTimeExcds The number of ICMP Time Exceeded messages sent IcmpOutParmProbs The number of ICMP Parameter Problem messages sent IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutEchoReps The number of ICMP Echo Reply messages sent IcmpOutTimestamps The number of ICMP Timestamp request messages IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent Routing 202 M4100 M7100 Web Management User Guide Field Description IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent IcmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent IP Interface Configuration Use the IP Interface Configuration page to update IP interface data for this switch To display the IP Interface Configuration page click Routing gt IP gt Advanced gt IP Interface Configuration IP Interface Configuration IP Interface Configuration 1 VLANS All IP A
96. mask but not both Network Prefix Length Specifies the subnet number for a DHCP address of a dynamic pool Either Network Mask or Prefix Length can be configured to specify the subnet mask but not both Valid Range is 0 to 32 Client Name Specifies the Client Name for DHCP manual Pool Hardware Address Specifies the MAC address of the hardware platform of the DHCP client Hardware Address Type Specifies the protocol of the hardware platform of the DHCP client Valid types are ethernet and ieee802 Default value is ethernet Client ID Specifies the Client Identifier for DHCP manual Pool Host Number Specifies the IP address for a manual binding to a DHCP client The host can be set only if at least one among of Client Identifier or Hardware Address is specified Deleting Host would delete Client Name Client ID Hardware Address for the Manual Pool and set the Pool Type to Unallocated Host Mask Specifies the subnet mask for a manual binding to a DHCP client Either Host Mask or Prefix Length can be configured to specify the subnet mask but not both Configuring System Information 58 M4100 M7100 Web Management User Guide Field Description Host Prefix Length Specifies the subnet mask for a manual binding to a DHCP client Either Host Mask or Prefix Length can be configured to specify the subnet mask but not both Valid Range is 0 to 32 Lease Time D
97. match condition for the extended IP ACL rule from the drop down menu The possible values are IP DSCP IP precedence and IP TOS which are alternative ways of specifying a match criterion for the same Service Type field in the IP header however each uses a different user notation After a selection is made the appropriate value can be specified e IP DSCP Specify the IP DiffServ Code Point DSCP field The DSCP is defined as the high order six bits of the Service Type octet in the IP header This is an Managing Device Security 327 M4100 M7100 Web Management User Guide optional configuration Enter an integer from 0 to 63 The IP DSCP is selected by possibly selection one of the DSCP keyword from a drop down box If a value is to be selected by specifying its numeric value then select the Other option in the drop down box and a text box will appear where the numeric value of the DSCP can be entered e IP Precedence The IP Precedence field in a packet is defined as the high order three bits of the Service Type octet in the IP header This is an optional configuration Enter an integer from 0 to 7 e IP TOS The IP TOS field in a packet is defined as all eight bits of the Service Type octet in the IP header The TOS Bits value is a hexadecimal number from 00 to FF The TOS Mask value is a hexadecimal number from 00 to FF The TOS Mask denotes the bit positions in the TOS Bits value that are used for comparison against the IP TOS f
98. next to the interface and click DELETE 1 Use ACL Type to specify the type of ACL Valid ACL Types include IP ACL MAC ACL and IPv6 ACL 2 Use ACL ID to display all the ACLs configured depending on the ACL Type selected Table 10 Field Description Direction Specifies the packet filtering direction for ACL VLAN ID Specifies VLAN ID for ACL mapping Sequence Number An optional sequence number may be specified to indicate the order of this access list relative to other access lists already assigned to this VLAN and direction A lower number indicates higher precedence order If a sequence number is already in use for this VLAN and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is not specified by the user i e the value is 0 a sequence number that is one greater than the highest sequence number currently in use for this VLAN and direction will be used Valid range is 1 to 4294967295 Managing Device Security 334 M4100 M7100 Web Management User Guide Managing Device Security 335 Monitoring the System Use the features available from the Monitoring tab to view a variety of information about the switch and its ports and to configure how the switch monitors events The Monitoring tab contains links to the following features e Ports on page 336 e Logs on page 348 e Port Mirroring on page 358 e sFlo
99. no new outbound telnet sessions are established An established session remains active until the session is ended or an abnormal network error ends the session 1 Use Allow New Telnet Sessions to specify whether the new Outbound Telnet Session is Enabled or Disabled Default value is Enabled 2 Use Maximum Number of Sessions to specify the maximum number of Outbound Telnet Sessions allowed Default value is 5 Valid Range is 0 to 5 3 Use Session Timeout to specify the Outbound Telnet login inactivity time out Default value is 5 Valid Range is 1 to 160 4 Current Number of Sessions Displays the number of current sessions Console Port To display the Console Port page click Security gt Access gt Console Port Console Port Console Port Serial Port Login Timeout minutes 5 Baud Rate bps 9600 m Character Size bits 8 Flow Control Disable Stop Bits 1 Parity None Login Authentication List defaultList v Enable Authentication List enableList 1 Use Serial Port Login Timeout minutes to specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 160 the factory default is 5 Entering 0 disables the time out Managing Device Security 270 M4100 M7100 Web Management User Guide 2 Use Baud Rate bps to select the default baud rate for the serial port connection from the drop down menu You may cho
100. not change the configuration until the APPLY button is pressed e Reauthentication Period This input field allows the user to enter the reauthentication period for the selected port The reauthentication period is the value in seconds of the timer used by the authenticator state machine on this port to determine when reauthentication of the supplicant takes place The reauthentication period must be a value in the range of 1 and 65535 The default value is 3600 Changing the value will not change the configuration until the APPLY button is pressed e User Privileges This select field allows the user to add the specified user to the list of users with access to the specified port or all ports e Max Users This field allows the user to enter the limit to the number of supplicants on the specified interface Click INITIALIZE to begin the initialization sequence on the selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once this button is pressed the action is immediate It is not required to press the APPLY button for the action to occur Click REAUTHENTICATE to begin the reauthentication sequence on the selected port This button is only selectable if the control mode is auto If the button is not selectable it will be grayed out Once this button is pressed the action is immediate It is not required to press the APPLY button for the action to oc
101. number of packets including bad packets received or transmitted that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 1519 and 2047 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 2048 and 4095 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 4096 and 9216 octets in length inclusive excluding framing bits but including FCS octets The total number of octets of data including those in bad packets received on the network excluding framing bits but including FCS octets This object can be used as a reasonable estimate of ethernet utilization If greater precision is desired the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval Packets Received 64 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets Packets Received 65 127 Octets The total number of packets including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets
102. of DHCP message with option82 received from an untrusted server UntrustedClientMsgsWithOpt82 TrustedServerMsgsWithoutOpt82 Shows the number of DHCP message with option82 received from an untrusted client Shows the number of DHCP message without option82 received from a trusted server TrustedClientMsgsWithoutOpt82 Shows the number of DHCP message without option82 received from a trusted client UDP Relay From the UDP Relay link you can access the following pages e UDP Relay Global Configuration on page 68 e UDP Relay Interface Configuration on page 69 Configuring System Information 67 M4100 M7100 Web Management User Guide UDP Relay Global Configuration To display the UDP Relay Global Configuration page click System gt Services gt UDP Relay gt UDP Relay Global Configuration A screen similar to the following is displayed UDP Relay UDP Relay Configuration Admin Mode Disable Enable UDP Relay Global Configuration Server UDP Port Address nTDE KORS Other Value E 1 Use Admin Mode to enable or disable the UDP Relay on the switch The default value is disable 2 Use Server Address to specify the UDP Relay Server Address in x x x x format 3 Use UDP Port to specify the UDP Destination Port These ports are supported DefaultSet Relay UDP port 0 packets This is specified if no UDP port is selected when creating the Relay server dhcp Relay DHCP UDP p
103. of the same type can be nested class nesting does not allow for the negation i e exclude option of the referenced class To configure DiffServ you must define service levels namely the forwarding classes PHBs identified by a given DSCP value on the egress interface These service levels are defined by configuring BA classes for each Creating Policies Use DiffServ policies to associate a collection of classes that you configure with one or more QoS policy statements The result of this association is referred to as a policy From a DiffServ perspective there are two types of policies e Traffic Conditioning Policy a policy applied to a DiffServ traffic class e Service Provisioning Policy a policy applied to a DiffServ service level You must manually configure the various statements and rules used in the traffic conditioning and service provisioning policies to achieve the desired Traffic Conditioning Specification TCS and the Service Level Specification SLS operation respectively Traffic Conditioning Policy Traffic conditioning pertains to actions performed on incoming traffic There are several distinct QoS actions associated with traffic conditioning Configuration Examples 397 M4100 M7100 Web Management User Guide e Dropping Drop a packet upon arrival This is useful for emulating access control list operation using DiffServ especially when DiffServ and ACL cannot co exist on the same interface e Ma
104. on page 164 e Address Table on page 170 e Ports on page 176 e Link Aggregation Groups on page 179 VLANs Adding Virtual LAN VLAN support to a Layer 2 switch offers some of the benefits of both bridging and routing Like a bridge a VLAN switch forwards traffic based on the Layer 2 header which is fast and like a router it partitions the network into logical segments which provides better administration security and management of multicast traffic By default all ports on the switch are in the same broadcast domain VLANs electronically separate ports on the same switch into separate broadcast domains so that broadcast packets are not sent to all the ports on a single switch When you use a VLAN users can be grouped by logical function instead of physical location Each VLAN in a network has an associated VLAN ID which appears in the IEEE 802 1Q tag in the Layer 2 header of packets transmitted on a VLAN An end station may omit the tag or the VLAN portion of the tag in which case the first switch port to receive the packet may either reject it or insert a tag using its default VLAN ID A given port may handle traffic for more than one VLAN but it can only support one default VLAN ID From the VLAN link you can access the following pages e Basic on page 109 e Advanced on page 111 108 M4100 M7100 Web Management User Guide Basic From the Basic link you can access the following pages e VLAN Configuration on page
105. one switch port is configured as a destination port You have the ability to configure how traffic is mirrored on a source port Packets that are received on the source port that are transmitted on a port or are both received and transmitted can be mirrored to the destination port The packet that is copied to the destination port is in the same format as the original packet on the wire This means that if the mirror is copying a received packet the copied packet is VLAN tagged or untagged as it was received on the source port If the mirror is copying a transmitted packet the copied packet is VLAN tagged or untagged as it is being transmitted on the source port Use the Multiple Port Mirroring page to define port mirroring sessions To access the Multiple Port Mirroring page click Monitoring gt Mirroring gt Multiple Port Mirroring Monitoring the System 358 M4100 M7100 Web Management User Guide Multiple Port Mirroring Mirroring Global Configuration Destination Interface None x Session Mode Disable Enable Status Table 1 CPU LAGS All Go To Interface GO source Port Direction Stats 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 O a Ga 1 CPU LAGS All Go Te Interface so To configure Port Mirroring 1 In the Destination Port field specify the port to which port traffic is to be copied You can configure only one d
106. per second Managing Device Security 300 M4100 M7100 Web Management User Guide Field Description Multicast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Unicast Storm Recovery Mode Enable or disable this option by selecting the corresponding line on the drop down entry field When you specify Enable for Unicast Storm Recovery and the unicast traffic on the specified Ethernet port exceeds the configured threshold the switch blocks discards the unicast traffic The factory default is disabled Unicast Storm Recovery Level Type Specify the Unicast Storm Recovery Level as a percentage of link speed or as packets per second Unicast Storm Recovery Level Specify the threshold at which storm control activates The factory default is 5 percent of port speed for pps type Control To display the page click the Security gt Control tab The Control tab contains links to the following features e DHCP Snooping on page 301 e IP Source Guard on page 307 e Dynamic ARP Inspection on page 309 DHCP Snooping The DHCP Snooping link contains links to the following pages e DHCP Snooping Global Configuration on page 301 e DHCP Snooping Interface Configuration on page 303 e DHCP Snooping Binding Configuration on page 304 e DHCP Snooping Persistent Configuration on page 304 e DHCP Snooping Statistics o
107. ports and configure them e Untag All Select all the ports on which all frames transmitted for this VLAN will be untagged All the ports will be included in the VLAN e Tag All Select the ports on which all frames transmitted for this VLAN will be tagged All the ports will be included in the VLAN e Remove All All the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding all ports from the selected VLAN 3 Use Port List to add the ports you selected to this VLAN Each port has three modes Configuring Switching Information 112 M4100 M7100 Web Management User Guide e Tagged Select the ports on which all frames transmitted for this VLAN will be tagged The ports that are selected will be included in the VLAN e U Untagged Select the ports on which all frames transmitted for this VLAN will be untagged The ports that are selected will be included in the VLAN e BLANK Autodetect Select the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding a port from the selected VLAN Field Definition VLAN Name This field identifies the name for the VLAN you selected It can be up to 32 alphanumeric characters long including blanks VLAN ID 1 always has a name of Default VLAN Type This field identifies the type of the VLAN you selected The VLAN type Default VLAN ID 1 always present Static
108. protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Use Description to specify the description of this route that identifies the route Description must consist of alpha numeric dash or underscore characters and have length in the range from 0 to 31 Click ADD to add a new static route entry to the switch Click DELETE to delete a existing static route entry from the switch Routing 185 Learned Routes M4100 M7100 Web Management User Guide Field Description Network Address The IP route prefix for the destination Subnet Mask Also referred to as the subnet network mask this indicates the portion of the IP interface address that identifies the attached network Protocol This field tells which protocol created the specified route The possibilities are one of the following e Local e Static Route Type This field can be Connected or Static or Dynamic based on the protocol Next Hop Interface The outgoing router interface to use when forwarding traffic to the destination Next Hop IP Address The outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network Preference The preference is an integer valu
109. quaeceee al sofia nbd LAA as cw eE 265 TONG yc ese Soest tote de eE eee e hers a wa heade 268 Console Poll erreser territ ob conse yd oR E NE 270 Denial of Service Configuration 2 0 0 0 00 ce eee 272 POrmAUHeRUCAlOM dc c ccmkaddal scene ddeg ki ukia eiiie CAE ENEE 273 PIS eaa RIERA ERROA BERIAIN O EETA kaa EREA 275 ANONO aiw a a E E Se eet 276 Tane OMO grasan anA Bind esos oa de nia dete eRe aia gees 283 MAC Pilt fn t c2cec penec aeena4e4 00Ge sp ERr Ere eau drnaaes 284 POM SEGUINY sonic i btid ds wriclauia iad o Rau ated e paaiawd 286 Private GOUD Geo ana e ers dea td ae AGU Ache Boca Bias Beata Rant as eek 291 Protected Ports Configurationins s44 252 0044066 6 5 oes Shdons ete 293 Private VLAN d e 2 it icine det aidan at k weeded eA 294 SLOMM COMUON PEE E E aaa a E aie beet Seal Bel hotel T 299 CONUG oc 2eekse ag awd eee women ney PECAN BEE ES Seed 301 DHCP SHOOPING es drr reis ede Saeed bee k e 301 IP Source GUAM oi 622558 0h a E E E 307 Dynamic ARP Inspection o 14 2400407010440 0040 ogee aonnegeaa 309 Configuring Access Control Lists 2 cinco cast bia iem em aaaielen alm a5 aoanataid 314 ACL WIZAIG lt td teehee Lo ehhe eae oad Bede Sea eh eae 314 BASIC ats Wiad sagen E DEEE ainda Se AGA ae ORES dda 316 AQGVAENCEO ereere ironte taot EEEIEE p deer baka EIDER EENS 322 POMS lt o e 5 4 n do o atage gud 2 Ghia aee Ad TEETE E OEE a 336 Port Statis UCS n 4 sce sis cin atoce avai ia ae gk ain eine ee So a eae a al 337 Port Detai
110. server 3 2 Use the drop down menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 3 Use the drop down menu to select the method if any that should appear third in the selected authentication login list If you select a method that does not time out as the third method the fourth method will not be tried 5 4 Use the drop down menu to select the method if any that should appear fourth in the selected authentication login list If you select a method that does not time out as the fourth method the fifth method will not be tried 6 5 Use the drop down menu to select the method if any that should appear fifth in the selected authentication login list If you select a method that does not time out as the fifth method the sixth method will not be tried 7 6 Use the drop down menu to select the method if any that should appear sixth in the selected authentication login list 8 Click ADD to add a new login list to the switch 9 Click DELETE to remove the selected authentication login list from the configuration The delete will fail if the selected login list is assigned to any user including the default user for system
111. stops sampling A management entity wanting to maintain control of the sampler is responsible for setting a new value before the old one expires Valid range is 0 to 2147483647 A value of zero sets the selected receiver configuration to its default values Use No Timeout to select True or False from the pull down menu to set the no timeout sampling for the receiver Sampling will not be stopped until No Timeout selected entry is True The default value is False Maximum Datagram Size The maximum number of data bytes that can be sent in a single sample datagram The manager should set this value to avoid fragmentation of the sFlow datagrams Default Value 1400 Allowed range is 200 to 9116 Receiver Address The IP address of the sFlow collector If set to 0 0 0 0 no sFlow datagrams will be sent Receiver Port The destination port for sFlow datagrams Allowed range is 1 to 65535 Field Description Receiver Datagram Version The version of sFlow datagrams that should be sent Monitoring the System 362 M4100 M7100 Web Management User Guide sFlow Interface Configuration sFlow agent collects statistical packet based sampling of switched flows and sends them to the configured receivers A data source configured to collect flow samples is called a sampler sFlow agent also collects time based sampling of network interface statistics and sends them to the configured sFlow receivers A data source configured
112. that were received from this server Access Challenges The number of RADIUS Access Challenge packets including both valid and invalid packets that were received from this server Malformed Access Responses The number of malformed RADIUS Access Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators or signature attributes or unknown types are not included in malformed access responses Bad Authenticators The number of RADIUS Access Response packets containing invalid authenticators or signature attributes received from this server Pending Requests The number of RADIUS Access Request packets destined for this server that have not yet timed out or received a response Timeouts The number of authentication timeouts to this server Unknown Types The number of RADIUS packets of unknown type which were received from this server on the authentication port Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason Accounting Server Configuration Use the RADIUS Accounting Server Configuration page to view and configure various settings for one or more RADIUS accounting servers on the network To access the RADIUS Accounting Server Configuration page click Security gt Management Security gt RADIUS gt Accounting Server Configuration Accounting Server Conf
113. the local date and time UTC the SNTP client last updated the system clock Last Attempt Time Specifies the local date and time UTC of the last SNTP request or receipt of an unsolicited message Last Attempt Status Specifies the status of the last SNTP request or Server IP Address Address Type unsolicited message for both unicast and broadcast modes If no message has been received from a server a status of Other is displayed These values are appropriate for all operational modes e Other None of the following enumeration values e Success The SNTP operation was successful and the system time was updated e Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server e Bad Date Encoded The time provided by the SNTP server is not valid e Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client e Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field on the SNTP message e Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stratum field equal to 0 in a message received from a server Specifies the IP address of the server for the last received valid packet If no message has been received from any server an empty string is shown Specifies the address t
114. the start and end of the port range Flow Label Flow label is 20 bit number that is unique to an IPv6 packet used by end stations to signify quality of service handling in routers Flow label can specified within the range 0 to 1048575 Use IPv6 DSCP Service to specify the IP DiffServ Code Point DSCP field The DSCP is defined as the high order six bits of the Service Type octet in the IPv6 header This is an optional configuration Enter an integer from 0 to 63 The IPv6 DSCP is selected by possibly selection one of the DSCP keyword from a drop down box If a value is to be selected by specifying its numeric value then select the Other option in the drop down box and a text box will appear where the numeric value of the DSCP can be entered Rate Limit Conform Data Rate Value of Rate Limit Conform Data Rate specifies the conforming data rate of IPv6 ACL Rule Valid values are 1 to 4294967295 in Kbps Rate Limit Burst Size Value of Rate Limit Burst Size specifies burst size of IPv6 ACL Rule Valid values are 1 to 128 in Kbytes Time Range Name of time range associated with the IPv6 ACL Rule Rule Status Displays if the ACL rule is active or inactive Blank means that no timer schedules are assigned to the rule Click ADD to add an IPv6 rule Use DELETE to select the checkbox of the rule you want to delete and click DELETE IP Binding Configuration When an ACL is bound to an interface all the rules that have bee
115. to DNS server This number ranges from 0 to 100 The default value is 2 Use Response Timeout secs to specify the amount of time in seconds to wait for a response to a DNS query This timeout ranges from 0 to 3600 The default value is 3 To specify the DNS server to which the switch sends DNS queries enter an IP address in standard IPv4 dot notation in the DNS Server Address and click ADD The server appears in the list below You can specify up to eight DNS servers The precedence is set in the order created Configuring System Information 43 M4100 M7100 Web Management User Guide 6 To remove a DNS server from the list select the check box next to the server you want to remove and click DELETE If no DNS server is specified the check box is global and will delete all the DNS servers listed 7 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 8 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately 9 Click ADD to add the specified DNS Server to the List of DNS Servers Configuration changes take effect immediately 10 Click DELETE to delete the specified DNS Server from the list of DNS Servers If no DNS Server is specified then it will delete all the DNS Servers DNS Server Configuration The following table displays DNS Server Configuration information Field Description
116. to collect counter samples is called a poller To display the sFlow Interface Configuration page click Monitoring gt sFlow gt Advanced gt sFlow Interface Configuration sFlow Interface Configuration sFlow Interface Configuration 1 All Go To Interface Geo Intes fac Receiver Poller Receiver Sampling Maximum Index Interval Index Rate Header Size 128 0 1 o o o o 0 2 o o o o 128 E 0 3 o o o o 128 C 0 4 o o o o 128 0 5 o o o o 128 0 6 o o o o 128 E 0 7 o fa o o 128 C o s o o o o 128 F 0 9 o o o o 128 O 0 10 o o o o 128 E 0 11 o o fe o 128 O 0 12 o o o o 128 1 All Go To Interface GO 1 Interface displays the interface for this flow poller and sampler This Agent will support Physical ports only 2 Use Poller Receiver Index to specify the allowed range for the sFlowReceiver associated with this counter poller Allowed range is 1 to 8 3 Use Poller Interval to specify the maximum number of seconds between successive samples of the counters associated with this data source A sampling interval of 0 disables counter sampling Allowed range is 0 to 86400 secs 4 Use Sampler Receiver Index to specify the sFlow Receiver for this flow sampler If set to 0 the sampler configuration is set to default and the sampler is deleted Only active receivers can be set If a receiver expires then all samplers associated with the receiver will also expire Allowed range is 1 t
117. up or down Monitoring the System 340 M4100 M7100 Web Management User Guide Field Description Link Trap Packets RX and TX 64 Octets Packets RX and TX 65 127 Octets Packets RX and TX 128 255 Octets Packets RX and TX 256 511 Octets Packets RX and TX 512 1023 Octets Packets RX and TX 1024 1518 Octets Packets RX and TX 1519 2047 Octets Packets RX and TX 2048 4095 Octets Packets RX and TX 4096 9216 Octets Octets Received Indicates whether or not the port will send a trap when link status changes The total number of packets including bad packets received or transmitted that were 64 octets in length excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received or transmitted that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets The total
118. value inserted into the Time To Live field of the IP header of datagrams originated by the switch if a TTL value is not supplied by the transport layer protocol Maximum Next Hops The maximum number of hops supported by the switch This is a compile time constant Maximum Routes The maximum number of routes routing table size supported by the switch This is a compile time constant Routing 191 M4100 M7100 Web Management User Guide Statistics The statistics reported on this screen are as specified in RFC 1213 To display the Statistics page click Routing gt IP gt Basic gt Statistics IP Statistics IP Statistics IpInReceives 9835 IpInHdrErrors 0 IpInAddrErrors 0 IpForwDatagrams 0 IpInUnknownProtos 0 IpInDiscards 0 IpInDelivers 9017 IpOutRequests 7956 IpOutDiscards 0 IpOutNoRoutes 0 IpReasmTimeout 60 IpReasmReqds IpReasmOKs IpReasmFails IpFragOKs IpFragFails IpFragCreates IpRoutingDiscards IcmpInMsgs IcmpInErrors IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IcmpInSrcQuenchs IcmpInRedirects IcmpInEchos IcmpInEchoReps IcmpInTimestamps IcmpInTimestampReps IcmpInAddrMasks IcmpInAddrMaskReps IcmpOutMsgs IcmpOutErrors IcmpOutDestUnreachs oo crcocecdscecoccereecogoe oedoecsocreacesosocorgos d cesdssoeOos S amp S IcmpOutTimeExcds Routing 192 M4100 M7100 Web Management User Guide Field Description IpInReceives The total number of input datagrams received fro
119. value is restarted whenever the ARP table Cache Size value is changed Active Static Entries Total number of Active Static Entries in the ARP table Configured Static Entries Total number of Configured Static Entries in the ARP table Maximum Static Entries Maximum number of Static Entries that can be defined Router Discovery To display the Router Discovery page click Routing gt Router Discovery Router Discovery Router Discovery Configuration 1 VLANS All 0 1 Disable 0 2 Disable 0 3 Disable 0 4 Disable o s Disable O of6 Disable 0 7 Disable O os Disable O os Disable O o 70 Disable C 0 11 Disable O onz Disable 1 VLANS All Ny oa 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 224 0 0 1 600 600 600 600 600 600 600 600 600 600 600 600 Go To Interface Sous Advertise Maximum Minimum pena rf A A A rti fi f _ itertace verte sence Advertise Interval Advertise Interval F 450 1800 0 450 1800 0 450 1800 0 450 1800 0 450 1800 it 450 1800 0 450 1800 0 450 1800 0 450 1800 0 450 1800 o 450 1800 it 450 1800 0 Go To Interface Go Use Interface to select the router interface for which data is to be configured Use Advertise Mode to select enable or disable from the drop down menu If you select en
120. when you want to retrieve Use Transfer Mode to specify what protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy Use Server Address Type to specify either IPv4 IPv6 or DNS to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 Use Remote File Path to enter the path of the file which you want to download The file path cannot include the following symbols lt gt Up to 32 characters can be entered The factory default is blank Use Remote File Name to enter the name of the file you want to download from the server You may enter up to 32 characters The factory default is blank Use User Name to enter the username for remote login to SFTP SCP server where the file resides This field is visible only when SFTP or SCP transfer modes are selected Use Password to enter the password for remote login to SFTP SCP server where the file resides This field is visible only when SFTP or SCP transfer modes are selected The last row of the table is used to display information about the progress of the file transfer The screen will refresh automatically until the file transfer completes HTTP File Download Use the HTTP File Download page to
121. with the filter Source Port Members A list of ports to be used for filtering inbound packets Destination Port Members A list of ports to be used for filtering outbound packets Port Security The Port Security link contains links to the following pages e Port Security Configuration on page 287 e Port Security Interface Configuration on page 288 e Dynamic MAC Address on page 289 e Static MAC Address on page 290 Managing Device Security 286 M4100 M7100 Web Management User Guide Port Security Configuration Use the Port Security feature to lock one or more ports on the system When a port is locked only packets with an allowable source MAC addresses can be forwarded All other packets are discarded To display the Port Security Configuration page click Security gt Traffic Control gt Port Security gt Port Administration Port Security Configuration Port Security Settings Port Security Mode Disable Enable Port Security Violations Port Last Violation MAC VLAN ID To configure the global port security mode 1 Inthe Port Security Mode field select the appropriate radio button to enable or disable port security on the switch The Port Security violations table shows information about violations that occurred on ports that are enabled for port security The following table describes the fields in the Port Security violations table Field Description Port Displays the physi
122. 0 Configuration 802 1X 275 276 Access Control Lists 314 Class 229 233 Community 77 CoS 217 Differentiated Services 224 DNS 43 Dual Image 379 Dynamic Host 45 Global 148 IGMP Snooping 147 LAG 180 MAC Filter 285 Management Access 259 Policy 235 Port Security 287 Port VLAN ID 115 RADIUS Global 247 Secure HTTP 262 SNTP Server 38 Standard IP ACL Example 397 STP 128 TACACS 252 Trap 78 VLAN 109 VLAN example 394 CoS 217 D defaults CoS 396 DES 14 Device View 12 DiffServ 224 DNS 43 download from a remote system 373 EAP 345 F file management 378 firmware download 373 G guest VLAN configuration 403 H help HTML based 11 HTTP 260 management interface access 8 secure 259 using to download files 375 HTTPS 262 M4100 M7100 Web Management User Guide IEEE 802 11x 402 IEEE 802 1AB 83 IEEE 802 1D 128 IEEE 802 1Q 108 128 IEEE 802 1s 128 IEEE 802 1w 128 IEEE 802 1X 246 IGMP 147 interface LAG 179 logical 15 naming convention 14 physical 15 queue configuration 223 IP DSCP 217 Mapping 221 L LAG VLAN 179 LAGPDUs 179 LAGs 179 Membership 181 Static 179 LLDP 83 LLDP MED 83 M MAC 147 filter summary 286 rules 317 MD5 34 MIBs 14 N navigation 10 P port authentication 273 summary 280 Q QoS 216 802 1p to Queue Mapping 220 R RADIUS 242 server 246 reboot 367 reset configuration to defaults 368 switch 367 RSTP 128 S Simple Networ
123. 0 0 0 0 0 0 0 3 0 0 0 o 0 0 0 0 0 0 0 4 0 0 0 0 0 0 0 0 0 0 0 5 0 0 0 0 0 0 0 0 0 0 0 6 fe 0 0 0 0 0 0 0 0 0 0 7 0 o 0 0 0 0 0 0 0 0 0 8 0 0 0 0 0 fe 0 0 fe 0 0 9 0 0 0 0 0 0 0 0 o 0 0 10 o 0 0 0 0 0 0 o fa 0 0 11 0 o 0 0 0 0 0 0 0 0 0 12 fe 0 0 0 0 0 0 0 fe 0 The following table describes the LLDP Statistics fields Field Description Last Update Specifies the time when an entry was created modified or deleted in the tables associated with the remote system Total Inserts Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been inserted into tables associated with the remote systems Total Deletes Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote systems Total Drops Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP could not be entered into tables associated with the remote systems because of insufficient resources Configuring System Information 86 M4100 M7100 Web Management User Guide Field Description Total Age outs Specifies the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote system
124. 0 Web Management User Guide Field Description Last Attempt Status Specifies the status of the last SNTP request to this server If no packet has been received from this server a status of Other is displayed e Other None of the following enumeration values e Success The SNTP operation was successful and the system time was updated e Request Timed Out A directed SNTP request timed out without receiving a response from the SNTP server Bad Date Encoded The time provided by the SNTP server is not valid e Version Not Supported The SNTP version supported by the server is not compatible with the version supported by the client e Server Unsynchronized The SNTP server is not synchronized with its peers This is indicated via the leap indicator field on the SNTP message Server Kiss Of Death The SNTP server indicated that no further queries were to be sent to this server This is indicated by a stratum field equal to 0 in a message received from a server Requests Specifies the number of SNTP requests made to this server since last agent reboot Failed Requests Specifies the number of failed SNTP requests made to this server since last reboot Summer Time Configuration Use this page to configure Summer Time Configuration information To access this page click System gt Management gt Time gt Summer Time Configuration Time Configuration Summer Time Configuration Sum
125. 00 Web Management User Guide Password Reset Use the Password Reset page to reset all user passwords to defaults To access the Password Reset page click Maintenance gt Reset gt Password Reset Password Reset Password Reset Check this box and click APPLY below to reset all user passwords F 1 Select the check box and click the APPLY button to have all user passwords reset to their factory default values All changes you have made will be lost even if you have issued a save Upload File From Switch Use the File Upload page to upload configuration ASCII log ASCII and image binary files from the switch to the TFTP server The Upload menu contains links to the following options e File Upload on page 368 e HTTP File Upload on page 369 e USB File Upload on page 370 Maintenance 367 M4100 M7100 Web Management User Guide File Upload To display the File Upload page click Maintenance gt Upload gt File Upload File Upload File Upload File Type Archive Image Name imagel Transfer Mode TFTP xv Server Address Type IPv4 Server Address 0 0 0 0 Remote File Path Remote File Name To upload a file from the switch to the TFTP server 1 Use File Type to specify what type of file you want to upload e Archive Specify archive STK code when you want to retrieve from the operational flash e Image Name Select one of the images from the list e image Select image1 to
126. 000 0 to 2147483647 ms ICMP Rate Limit Burst Size 100 1 to 200 Maximum Next Hops 1 Maximum Routes 64 Select to configure Global Default Gateway F Global Default Gateway 1 Use Routing Mode to select enable or disable You must enable routing for the switch before you can route through any of the interfaces The default value is disable 2 Use ICMP Echo Replies to select enable or disable If it is enable then only the router can send ECHO replies By default ICMP Echo Replies are sent for echo requests 3 Use ICMP Redirects to select enable or disable If it is enabled globally and on interface level then only the router can send ICMP Redirects 4 Use ICMP Rate Limit Interval to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By Default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Ratelimiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By Default burst size is 100 packets When burst interval is 0 then configuring this field is not a valid operation Valid Burst Size must be in the range 1 to 200 6 Use Select to configure Global Default Gateway to edit the Global Default Gateway field Routing 197 M4100 M7100 Web Managem
127. 1 Configuring Switching Information 111 M4100 M7100 Web Management User Guide e All ports are configured to an Acceptable Frame Types value of Admit All Frames e All ports are configured with Ingress Filtering disabled e All ports are configured to transmit only untagged frames e GVRP is disabled on all ports and all dynamic entries are cleared Internal VLAN Configuration This page displays the allocation base and the allocation mode of internal VLAN The internal VLAN is reserved by port based routing interface and invisible to the end user Once these internal VLANs are allocated by port based routing interface they cannot be assigned to a routing VLAN interface 1 Use Internal VLAN Allocation Base to specify the VLAN Allocation Base for the routing interface The default base of the internal VLAN is 1 to 4093 2 Use the optional Internal VLAN Allocation Policy field to specify a policy for the internal VLAN allocation There are two policies supported ascending and descending VLAN Membership To display the VLAN Membership page click Switching gt VLAN gt Advanced gt VLAN Membership VLAN Membership VLAN Membership VLAN ID Group Operation Untag All v VLANName default UNTAGGED PORT MEMBERS Hoe VLAN Type Default TAGGED PORT MEMBERS To configure VLAN membership 1 Use VLAN ID to select the VLAN ID for which you want to display or configure data 2 Use Group Operation to select all the
128. 100 Web Management User Guide 1 From the QoS Class Configuration screen create a new class with the following settings e Class Name Class1 e Class Type All For more information about this screen see Class Configuration on page 425 2 Click the Class1 hyperlink to view the DiffServ Class Configuration screen for this class 3 Configure the following settings for Class1 e Protocol Type UDP e Source IP Address 192 12 1 0 e Source Mask 255 255 255 0 e Source L4 Port Other and enter 4567 as the source port value e Destination IP Address 192 12 2 0 e Destination Mask 255 255 255 0 e Destination L4 Port Other and enter 4568 as the destination port value For more information about this screen see Class Configuration on page 425 4 Click APPLY 5 From the Policy Configuration screen create a new policy with the following settings e Policy Selector Policy1 e Member Class Class1 For more information about this screen see Policy Configuration on page 429 6 Click ADD to add the new policy 7 Click the Policy1 hyperlink to view the Policy Class Configuration screen for this policy Configure the Policy attributes as follows e Assign Queue 3 e Policy Attribute Simple Policy e Color Mode Color Blind e Committed Rate 1000000 Kbps e Committed Burst Size 128 KB e Confirm Action Send e Violate Action Drop For more information about this screen see Policy Configuration on page 429 9 From the Servic
129. 128 M4100 M7100 Web Management User Guide Basic From the Basic link you can access the following pages e STP Configuration on page 129 STP Configuration The Spanning Tree Configuration Status page contains fields for enabling STP on the switch To display the Spanning Tree Configuration Status page click Switching gt STP gt Basic gt STP Configuration STP Configuration STP Configuration Spanning Tree Admin Mode Disable Enable Force Protocol Version IEEE 802 1d IEEE 802 1w IEEE 802 1s Configuration Name 00 04 06 02 04 07 Configuration Revision Level 0 0 to 65535 Forward BPDU while STP Disabled Disable Enable BPDU Guard Disable Enable BPDU Filter Disable Enable Configuration Digest Key 0xac36177f50283cd4b83821d8ab26de62 Configuration Format Selector 0 STP Status MST ID VID FID 0 1 1 1 Use Spanning Tree Admin Mode to specify whether spanning tree operation is enabled on the switch Value is enabled or disabled 2 Use Force Protocol Version to specify the Force Protocol Version parameter for the switch The options are IEEE 802 1d IEEE 802 1w and IEEE 802 1s 3 Use Configuration Name to specify an identifier used to identify the configuration currently being used It may be up to 32 alphanumeric characters 4 Use Configuration Revision Level to specify an identifier used to identify the configuration currently being used The values allowed are between 0 and 65535 The de
130. 2 00 00 21 e FF FF FF FF FF FF Use Source Port Members to list the ports you want included in the inbound filter If a packet with the MAC address and VLAN ID you selected is received on a port that is not in the list it will be dropped Use Destination Port Members to list the ports you want to be included in the outbound filter Packets with the MAC address and VLAN ID you selected will only Managing Device Security 285 M4100 M7100 Web Management User Guide be transmitted out of ports that are in the list Destination ports can be included only in the Multicast filter 2 To delete a configured MAC Filter select it from the drop down menu and then click DELETE 3 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 If you make changes to the page click APPLY to apply the changes to the system MAC Filter Summary Use the MAC Filter Summary page to view the MAC filters that are configured on the system To display the MAC Filter Summary page click Security gt Traffic Control gt MAC Filter gt MAC Filter Summary MAC Filter Summary MAC Filter Summary MAC Address VLAN ID Source Port Members Destination Port Members The following table describes the information displayed on the page Field Description MAC Address The MAC address of the filter in the format 00 01 1A B2 53 4D VLAN ID The VLAN ID associated
131. 2 3 Specifies the total number of LLDP TLVs received on the local ports which are of type 802 3 LLDP Local Device Information To display this page click System gt LLDP gt Local Device Information A screen similar to the following is displayed Configuring System Information 87 M4100 M7100 Web Management User Guide LLDP Local Device Information LLDP Interface Selection Interface o 1 Local Device Information Chassis ID Subtype MAC Address Chassis ID 20 4E 7F 58 8A 6C Port ID Subtype Local Port ID 0 1 System Name System Description M4100 12GF ProSafe 12 port Gigabit Fiber L2 Managed Switch with PoE 10 15 17 33 B1 0 0 6 Port Description System Capabilities Supported bridge router System Capabilities Enabled bridge Management Address Type I Pv4 Management Address 10 130 181 160 1 Use Interface to specify the list of all the ports on which LLDP 802 1AB frames can be transmitted The following table describes the LLDP Local Device Information fields Field Description Chassis ID Subtype Specifies the string that describes the source of the chassis identifier Chassis ID Specifies the string value used to identify the chassis component associated with the local system Port ID Subtype Specifies the string describes the source of the port identifier Port ID Specifies the string that describes the source of the port identifier System Name Specifies the syst
132. 3 Disable Disable 0 4 Disable Disable Disable Disable 0 6 Disable Disable 0 7 Disable Disable 0 8 Disable Disable 0 9 Disable Disable Disable Disable Disable Disable Disable Disable Go To Interface Ece O O O 0 O 0 o O o O O O 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the selected interface Default is disable 2 Use 82 Option Trust Mode to enable or disable an interface to be trusted for DHCP L2 Relay Option 82 received DHCP L2 Relay Interface Statistics To display the DHCP L2 Relay Interface Statistics page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Statistics A screen similar to the following is displayed Configuring System Information 66 M4100 M7100 Web Management User Guide DHCP L2 Relay Interface Statistics DHCP L2 Relay Interface Statistics 1 LAGS All Interface Untrusted Server Untrusted Client Trusted Server Trusted Client Messages With Opt82 Messages With Opt82 Messages Without Opt82 Messages Without Opt82 0 1 0 0 0 0 0 2 0 0 3 0 0 4 0 0 5 0 0 6 0 0 7 0 0 8 0 0 9 0 0 10 0 0 11 0 0 12 0 1 LAGS All Sio Gi o Soc Bic Glo amp o E o io ic C n SS o Si o Si o Si o Si o S The following table describes the DHCP L2 Relay Interface Statistics fields Field Description Interface Shows the interface from which the DHCP message is received UntrustedServerMsgsWithOpt82 Shows the number
133. 9 11 20 lt 13 gt JAN 03 23 20 01 10 27 34 S2 1 TRAPMGR 1948147584 traputil c 614 1748 Spanning Tree Topology Change O Uret 1 lt 13 gt JAN 03 23 20 01 10 27 34 52 1 TRAPMGR 1948147584 traputil c 614 1747 Spanning Tree Topology Change Received MSTID 0 Unt 1 Stot O Port 22 lt 13 gt JAN O3 23 20 00 10 27 34 52 1 TRAPMGR 1948147584 traputil c 614 1746 Spanning Tree Topology Change Recewved MSTID 0 Ung 1 Slot O Port 22 lt 13 gt JAN O3 23 19 99 10 27 34 52 1 TRAPMGR 1948147584 traputil lt 614 1745 Spanning Tree Topology Change Received MSTIO 0 Unt 1 Slot O Port 22 lt 13 gt JAN O3 23 19 8 10 27 34 2 1 TRAPMGR 1940147584 traputil c 614 1744 Spanning Tree Topology Change 0 Unit 1 lt 13 gt JAN 03 23 19 58 10 27 34 52 1 TRAPMGR 1940147584 traputil c 614 1743 Spanning Tree Topology Change Received MSTIO 0 Unt 1 Siet O Port 22 lt 14 gt JAN O3 23 10 43 10 27 34 2 1 AUTO_INST 427012512 auto_instell_cortrol c 2026 1742 5 Autoinstall Waring for retry Smet lt 14 gt JAN O3 23 10 43 10 27 34 2 3 AUTO_INST 427012512 auto_install_control c 3523 1741 tet ONCE option resolved TFTP IP address 10 9 21 20 lt 14 gt JAN O3 23 00 43 10 27 34 52 3 AUTO_INST 427012512 auto_instell_contrel c 2026 1740 e Autolnatall Waring for retry tment lt 14 gt JAN O3 23 00 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_comtrel c 3523 1739 s OHCP option resolved TFTP IP address 10
134. 9 32 81 40 Click REFRESH to show the latest IP information Routing 211 M4100 M7100 Web Management User Guide ARP Table Configuration You can use this screen to change the configuration parameters for the Address Resolution Protocol Table You can also use this screen to display the contents of the table To display the ARP Table Configuration page click Routing gt ARP gt Advanced gt ARP Table Configuration ARP Table Configuration ARP Table Configuration Age Time secs 1200 15 to 216 Response Time secs 10 1 to 1 Retries 10 0 to 10 Cache Size 512 160 to 512 Dynamic Renew Disable Enable Total Entry Count 0 Peak Total Entries 0 Active Static Entries 0 Configured Static Entries 0 Maximum Static Entries 16 Remove From Table None _ v 1 Use Age Time to enter the value for the switch to use for the ARP entry ageout time You must enter a valid integer which represents the number of seconds it will take for an ARP entry to age out The range for this field is 15 to 21600 seconds The default value for Age Time is 1200 seconds 2 Use Response Time to enter the value for the switch to use for the ARP response time out You must enter a valid integer which represents the number of seconds the switch will wait for a response to an ARP request The range for this field is 1 to 10 seconds The default value for Response Time is 1 second 3 Use Retries to enter an inte
135. ACL page displays the number of ACLs currently configured in the switch and the maximum number of ACLs that can be configured The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs To configure a MAC ACL 1 To add a MAC ACL specify a name for the MAC ACL in the Name field and click ADD The name string may include alphabetic numeric dash underscore or space characters only The name must start with an alphabetic character Each configured ACL displays the following information e Rules Displays the number of rules currently configured for the MAC ACL e Direction Displays the direction of packet traffic affected by the MAC ACL which can be Inbound or blank 2 To delete a MAC ACL select the check box next to the Name field then click DELETE 3 To change the name of a MAC ACL select the check box next to the Name field update the name then click APPLY 4 Click ADD to add a new MAC ACL to the switch configuration MAC Rules Use the MAC Rules page to define rules for MAC based ACLs The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded A default deny all rule is the last rule of every list To display the MAC Rules page click Security gt ACL gt Basic gt MAC Rules MAC Rules Rules ACL ame nm v e a a e e nimeten Jema a e eA S A ee ee ee SS To configure
136. AN and thus classify traffic based on the source MAC address of the packet A MAC to VLAN mapping is defined by configuring an entry in the MAC to VLAN table An entry is specified via a source MAC address and the desired VLAN ID The MAC to VLAN configurations are shared across all ports of the device i e there is a system wide table that has MAC address to VLAN ID mappings When untagged or priority tagged packets arrive at the switch and entries exist in the MAC to VLAN table the source MAC address of the packet is looked up If an entry is found the corresponding VLAN ID is assigned to the packet If the packet is already priority tagged it will maintain this value otherwise the priority will be set to zero The assigned VLAN ID is verified against the VLAN table if the VLAN is valid ingress processing on the packet continues otherwise the packet is dropped This implies that the user is allowed to configure a MAC address mapping to a VLAN that has not been created on the system To display the MAC Based VLAN page click Switching gt VLAN gt Advanced gt MAC Based VLAN Mac Based VLAN Group Configuration MAC Based VLAN Configuration E MAC Address VLAN ID Cico MN OO Configuring Switching Information 116 M4100 M7100 Web Management User Guide 1 MAC Address Valid MAC Address which is to be bound to a VLAN ID This field is configurable only when a MAC Based VLAN is created 2 Use VLAN ID to specify a VLAN ID in
137. AN gt Advanced gt IP Subnet Based VLAN IP Subnet Based VLAN Configuration IP Subnet Based VLAN Configuration IP Address Subnet Mask VLAN ID LE 1 Use IP Address to specify a valid IP Address bound to VLAN ID Enter the IP Address in dotted decimal notation 2 Use Subnet Mask to specify a valid Subnet Mask of the IP Address Enter the Subnet mask in dotted decimal notation 3 Use VLAN ID to specify a VLAN ID in the range of 1 to 4093 4 Click ADD to add a new IP subnet based VLAN 5 Click DELETE to delete the IP subnet based VLAN selected Configuring Switching Information 119 M4100 M7100 Web Management User Guide Port DVLAN Configuration To display the Port DVLAN Configuration page click Switching gt VLAN gt Advanced gt Port DVLAN Configuration Port DVLAN Configuration Global Configuration Global EtherType 802 19 Tag v DVLAN Configuration 1 LAGS All Go To Interface GO Interface Admin Mode ee 0 1 Disable 0 2 Disable 0 3 Disable 0 4 Disable 0 5 Disable 0 6 Disable 0 7 Disable 0 8 Disable 0 9 Disable Disable Disable Disable z oO C oO E Fi CI oO CI oO O F O 1 Use Interface to select the physical interface for which you want to display or configure data Select All to set the parameters for all ports to same values 2 Use Admin Mode to specify the administrative mode via which Double VLAN Tagging can be enabled or disable
138. AN Configuration This section displays the allocation base and the allocation mode of internal VLAN The internal VLAN is reserved by port based routing interface and invisible to the end user Once these internal VLANs are allocated by port based routing interface they cannot be assigned to a routing VLAN interface 1 Use Internal VLAN Allocation Base to specify the VLAN Allocation Base for the routing interface The default base of the internal VLAN is 1 to 4093 2 Use the optional Internal VLAN Allocation Policy field to specify a policy for the internal VLAN allocation There are two policies supported ascending and descending VLAN Configuration 1 Use VLAN ID to specify the VLAN Identifier for the new VLAN The range of the VLAN ID is 1 to 4093 2 Use the optional VLAN Name field to specify a name for the VLAN It can be up to 32 alphanumeric characters long including blanks The default is blank VLAN ID 1 always has a name of Default 3 Click ADD to add a new VLAN to the switch 4 Click DELETE to delete a selected VLAN from the switch Field Description VLAN Type This field identifies the type of the VLAN you are configuring You cannot change the type of the default VLAN VLAN ID 1 it is always type Default When you create a VLAN using this screen its type will always be Static A VLAN that is created by GVRP registration initially has a type of Dynamic When configuring a Dynamic VLAN
139. ATH Flex QOS OffServ Private MiGs defintions draft ietf magma mgmd mib O3 MGMO MIB includes IGMPv3 and MLOv2 RFC 240 PIM BSR MIB Bootstrap Router mechanism for PIM routers LANA RTPROTO MIB IANA IP Route Protocol and IP MRoute Protocol Textual Conventions Configuring System Information 81 M4100 M7100 Web Management User Guide The following table describes the SNMP Supported MIBs Status fields Field Description Name The RFC number if applicable and the name of the MIB Description The RFC title or MIB description This page provides the configuration information for SNMP v3 From the SNMP V3 link you can access the following pages e User Configuration on page 82 User Configuration To access this page click System gt SNMP gt SNMP V3 gt User Configuration A screen similar to the following is displayed User Configuration User Names User Name admin x User Configuration SNMP v3 Access Mode Read Write x Authentication Protocol None MDS SHA Encryption Protocol None DES To configure SNMPv3 settings for the user account 1 Use User Name to specify the user account to be configured 2 SNMP v3 Access Mode Indicates the SNMPv3 access privileges for the user account The admin account always has Read Write access and all other accounts have Read Only access 3 Use Authentication Protocol to specify the SNMPv3 Authentication Protocol setting for the
140. CP flag in this packet is set e Clear A packet matches this ACL rule if the TCP flag in this packet is not set Source IP Address Enter an IP address using dotted decimal notation to be compared to a packet s source IP Address as a match criteria for the selected IP ACL rule Source IP Mask Specify the IP Mask in dotted decimal notation to be used with the Source IP Address value Source L4 Port Specify a packet s source layer 4 port as a match condition for the selected extended IP ACL rule This is an optional configuration The possible values are DOMAIN ECHO FTP FTPDATA WWW HTTP SMTP SNMP TELNET and TFTP Each of these values translates into its equivalent port number which is used as both the start and end of the port range Destination IP Address Enter an IP address using dotted decimal notation to be compared to a packet s destination IP Address as a match criteria for the selected extended IP ACL rule Destination IP Mask Specify the IP Mask in dotted decimal notation to be used with the Destination IP Address value Destination L4 Port Specify the destination layer 4 port match conditions for the selected extended IP ACL rule The possible values are DOMAIN ECHO FTP FTPDATA WWW HTTP SMTP SNMP TELNET and TFTP Each of these values translates into its equivalent port number which is used as both the start and end of the port range This is an optional configuration Service Type Select a Service Type
141. Configuration on page 297 Private VLAN Type Configuration To display the Private VLAN Type Configuration page click Security gt Traffic Control gt Private VLAN gt Private VLAN Type Configuration Private VLAN Type Configuration Private VLAN Type Configuration BD VLAN ID Private VLAN Type F Unconfigured rr Unconfigured a m 1 Use Private VLAN Type to specify the type of Private VLAN The factory default is Unconfigured 2 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3 If you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Field Description VLAN ID Specifies the VLAN ID for which Private VLAN type is being set The factory default is Unconfigured Private VLAN Association Configuration To display the Private VLAN Association Configuration page click Security gt Traffic Control gt Private VLAN gt Private VLAN Association Configuration Managing Device Security 294 M4100 M7100 Web Management User Guide Private VLAN Association Configuration Private VLAN Association E Primary VLAN Secondary VLAN s Isolated VLAN Community VLAN s 1 Use Primary VLAN to select the primary VLAN ID of the domain This is used to associate Secondary VLANs to the domain 2 Use Secondary VLAN s to display all the statically create
142. Configuration page click Security gt Port Authentication gt Basic gt 802 1X Configuration 802 1X Configuration 802 1X Configuration Administrative Mode Disable Enable VLAN Assignment Mode Disable Enable EAPOL Flood Mode Disable Enable Dynamic VLAN Creation Mode Disable x Monitor Mode Disable Users admin e Login defaultList Authentication List dotixList To configure global 802 1X settings 1 Select the appropriate radio button in the Port Based Authentication State field to enable or disable 802 1X administrative mode on the switch e Enable Port based authentication is permitted on the switch Note If 802 1X is enabled authentication is performed by a RADIUS server This means the primary authentication method must be RADIUS To set the method go to Security gt Management Security gt Authentication List and select RADIUS as method 1 for defaultList For more information see Authentication List Configuration on page 6 254 e Disable The switch does not check for 802 1X authentication before allowing traffic on any ports even if the ports are configured to allow only authenticated users Default value 2 Use VLAN Assignment Mode to select one of the options for VLAN Assignment mode enable and disable The default value is disable Managing Device Security 275 M4100 M7100 Web Management User Guide 3 Use EAPOL Flood Mode to sel
143. D Specify the ID of the MST to create Valid values for this are between 1 and 4094 This is only visible when the select option of the MST ID select box is selected Priority Specifies the bridge priority value for the MST When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 The valid range is O 61440 VLAN ID This gives a combo box of each VLAN on the switch These can be selected or unselected for re configuring the association of VLANs to MST instances To delete an MST instance select the check box next to the instance and click DELETE To modify an MST instance select the check box next to the instance to configure update the values and click APPLY You can select multiple check boxes to apply the same setting to all selected ports Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch For each configured instance the information described in the following table displays on the page Field Description Bri
144. DHCP S M Interface MAC Verify Failures Client Ifc Mismatch i Pi Received 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 1 LAGS All G o ISi o BEC Gi o Ei o Gi o s o i o Ei o Reo Ei o ie o ES o Ei o Ei o eC Ei o ie o Field Description Interface The untrusted and snooping enabled interface for which statistics are to be displayed MAC Verify Failures Number of packets that were dropped by DHCP Snooping as there is no matching DHCP Snooping binding entry found Client Ifc Mismatch The number of DHCP messages that are dropped based on source MAC address and client HW address verification DHCP Server Msgs Received The number of Server messages that are dropped on an untrusted port Click CLEAR to clear all interfaces statistics Click REFRESH to refresh the data on the screen with the latest statistics Managing Device Security 306 M4100 M7100 Web Management User Guide IP Source Guard The IP Source Guard link contains links to the following pages e IP Source Guard Interface Configuration on page 307 e IP Source Guard Binding Configuration on page 308 IP Source Guard Interface Configuration To display the IP Source Guard Interface Configuration page click Security gt Control gt IP Source Guard gt Interface Configuration IP Source Guard Interface Configuration IP Source Guard Interface Configuration LAGS All Go To Interface GO IPSG Mode IPSG Por
145. Description Operating Control Mode This field indicates the control mode under which the port is actually operating Possible values are e ForceUnauthorized e ForceAuthorized e Auto e MAC Based e N A If the port is in detached state it cannot participate in port access control Reauthentication Enabled This field shows whether reauthentication of the supplicant for the specified port is allowed The possible values are true and false If the value is true reauthentication will occur Otherwise reauthentication will not be allowed Control Direction This displays the control direction for the specified port The control direction dictates the degree to which protocol exchanges take place between Supplicant and Authenticator This affects whether the unauthorized controlled port exerts control over communication in both directions disabling both incoming and outgoing frames or just in the incoming direction disabling only the reception of incoming frames This field is not configurable on some platforms Protocol Version This field displays the protocol version associated with the selected port The only possible value is 1 corresponding to the first version of the 802 1x specification This field is not configurable PAE Capabilities This field displays the port access entity PAE functionality of the selected port Possible values are Authenticator or Supplicant This field is
146. Drop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Weighted TailDrop Go To Interface Go C O 5 o 7 Oo z 7 Oo 5 o 5 oe s o EE o ie o ie o ie OC HO To configure CoS queue settings for an interface 1 Select the check box next to the port or LAG to configure You can select multiple ports and LAGs to apply the same setting to the selected interfaces Select the check box in the heading row to apply a trust mode or rate to all interfaces 2 Configure any of the following settings e Queue ID Use the menu to select the queue to be configured platform based e Use Minimum Bandwidth to specify the minimum guaranteed bandwidth allotted to this queue Setting this value higher than its corresponding Maximum Bandwidth Configuring Quality of Service 223 M4100 M7100 Web Management User Guide automatically increases the maximum to the same value Default value is 0 Valid Range is 0 to 100 in increments of 1 The value 0 means no guaranteed minimum Sum of individual Minimum Bandwidth values for all queues in the selected interface cannot exceed defined maximum 100 e Use Scheduler Type to specify the type of scheduling used for this queue Options are Weighted and Strict Defining on a per queue basis allows the user to create the desired service characteristics for d
147. EE 802 1D The MSTP algorithm and protocol provides simple and full connectivity for frames assigned to any given VLAN throughout a Bridged LAN comprising arbitrarily interconnected networking devices each operating MSTP STP or RSTP MSTP allows frames assigned to different VLANs to follow separate paths each based on an independent Multiple Spanning Tree Instance MSTI within Multiple Spanning Tree MST Regions composed of LANs and or MSTP Bridges These Regions and the other Bridges and LANs are connected into a single Common Spanning Tree CST IEEE DRAFT P802 1s D13 MSTP connects all Bridges and LANs with a single Common and Internal Spanning Tree CIST The CIST supports the automatic determination of each MST region choosing its maximum possible extent The connectivity calculated for the CIST provides the CST for interconnecting these Regions and an Internal Spanning Tree IST within each Region MSTP ensures that frames with a given VLAN ID are assigned to one and only one of the MSTIs or the IST within the Region that the assignment is consistent among all the networking devices in the Region and that the stable connectivity of each MSTI and IST at the boundary of the Region matches that of the CST The stable active topology of the Bridged LAN with respect to frames consistently classified as belonging to any given VLAN thus simply and fully connects all LANs and networking devices throughout the network though frames belonging t
148. False Disabled False 80 00 00 09 02 07 09 09 0 0 9 80 09 Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 10 80 0a Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 11 80 0b Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 0 12 80 0c Disabled Disabled 80 00 00 09 02 07 09 09 0 80 00 00 09 02 07 09 09 00 00 False Disabled False 80 00 00 09 02 07 09 09 0 1 LAGS All Port Up Time Transitions Transitions i Loop Since Into Loop Out Of Loop Inconsistent z Counters State Inconsistent Inconsistent Last State State Cleared oO 28 day 2 hr 24 min 39 sec False 0 0 o 28 day 2 hr 25 min 14 sec False 0 o oO 21 day 4 hr 31 min 43 sec False 0 0 o 28 day 2 hr 25 min 14 sec False o o 0 28 day 2 hr 25 min 14 sec False 0 0 o 28 day 2 hr 25 min 14 sec False o o 0 28 day 2 hr 25 min 14 sec False 0 0 o 28 day 2 hr 25 min 14 sec False oO o 0 28 day 2 hr 25 min 14 sec False 0 0 o 28 day 2 hr 25 min 14 sec False oO o oO 28 day 2 hr 25 min 14 sec False 0 0 i 28 day 2 hr 25 min 14sec False 0 0 The following table describes the CST Status information displayed on the screen Field Description Interface Identify the physical or port channel interfaces associated with VLANs associated with the CST Port ID The port identi
149. Guide SGCoooceooege ecreoeoeo7sd8 Go So amp Field Description IpInReceives The total number of input datagrams received from interfaces including those received in error lpInHdrErrors The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options etc Routing 199 M4100 M7100 Web Management User Guide Field Description IpInAddrErrors The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 0 0 0 and addresses of unsupported Classes e g Class E For entities which are not IP Gateways and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address IpForwDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful IplnUnknownProtos The number of locally addressed datagrams recei
150. I Table 00 01 E3 00 03 68 00 12 43 00 0F E2 00 60 B9 00 DO0 1E 00 E0 75 00 E0 BB 00 04 0D 00 1B 4F __ Telephony our s SIEMENS CISCO1 CISCO2 H3C NITSUKO PINTEL VERILINK 3COM AVAYAL AVAYA2 1 Use Telephony OUl s to select the VolP OUI prefix to be added in the format AA BB CC Up to 128 OUls can be configured 2 Use Description to enter the description for the OUI The maximum length of description is 32 characters 3 The following OUls are present in the configuration by default e 00 01 E3 SIEMENS e 00 03 6B CISCO1 e 00 12 43 CISCO2 Configuring Switching Information 127 M4100 M7100 Web Management User Guide e 00 0F E2 H3C e 00 60 B9 NITSUKO e 00 D0 1E PINTEL e 00 E0 75 VERILINK e 00 E0 BB 3COM e 00 04 0D AVAYA1 e 00 1B 4F AVAYA2 4 Click ADD to add a new telephony OUI entry 5 Click DELETE to delete a created entry 6 Click CANCEL to cancel the configuration on the screen Reset the data on the screen to the latest value of the switch Spanning Tree Protocol The Spanning Tree Protocol STP provides a tree topology for any arrangement of bridges STP also provides one path between end stations on a network eliminating loops Spanning tree versions supported include Common STP Multiple STP and Rapid STP Classic STP provides a single path between end stations avoiding and eliminating loops For inform
151. IP ACL rules see P Rules on page 543 3 Click ADD 4 From the IP Rules screen create a second rule for IP ACL 1 with the following settings e Rule ID 2 e Action Permit e Match Every True 5 Click ADD 6 From the IP Binding Configuration page assign ACL ID 1 to the interface gigabit ports 2 3 and 4 and assign a sequence number of 1 See P Binding Configuration on page 552 By default this IP ACL is bound on the inbound direction so it examines traffic as it enters the switch 7 Click APPLY 8 Use the IP Binding Table screen to view the interfaces and IP ACL binding information See IP Binding Table on page 554 The IP ACL in this example matches all packets with the source IP address and subnet mask of the Finance department s network and deny it on the Ethernet interfaces 2 3 and 4 of the switch The second rule permits all non Finance traffic on the ports The second rule is required because there is an explicit deny all rule as the lowest priority rule Configuration Examples 395 M4100 M7100 Web Management User Guide Differentiated Services DiffServ Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network deliver the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as e mail and file t
152. If a packet is received from a VLAN with a multicast destination address and no ports in the VLAN are registered to receive multicast packets for that address then the packet is flooded to all ports in the VLAN The responsibility for accepting or dropping the packets belongs to the hosts If a multicast packet is received and there are ports registered to receive it the packet is sent only to the registered ports Forward All All multicast packets received from a VLAN are flooded to all ports in the VLAN regardless of port registrations to multicast addresses Filter Unregistered If a packet is received from a VLAN for a multicast destination address and no ports in the VLAN are registered to receive multicast packets for that address then the packets are dropped Default Value is Forward Unregistered 3 Click REFRESH to update the web page to show the latest information 4 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Configuring Switching Information 145 M4100 M7100 Web Management User Guide MFDB Table The Multicast Forwarding Database holds the port membership information for all active multicast address entries The key for an entry consists of a VLAN ID and MAC address pair Entries may contain data for more than one protocol To display the MFDB Table page click Switching gt Multicast gt MFDB gt MFDB Table MFDB Table MFDB Table Sea
153. If the value is false key transmission will not occur Otherwise Key transmission is supported on the selected port Session Timeout This field displays Session Timeout set by the Radius Server for the selected port This field is displayed only when the port control mode of the selected port is not mac based Session Termination Action This field displays Termination Action set by the Radius Server for the selected port This field is displayed only when the port control mode of the selected port is not mac based Possible values are e Default e Reauthenticate If the termination action is default then at the end of the session the client details are initialized Otherwise re authentication is attempted Port Status This field shows the authorization status of the specified port The possible values are Authorized Unauthorized and N A If the port is in detached state the value will be N A since the port cannot participate in port access control Managing Device Security 282 M4100 M7100 Web Management User Guide Client Summary To access the Client Summary page click Security gt Port Authentication gt Advanced gt Client Summary Client Summary Client Summary 1 All User Supplicant Session MAC Name A Time Session Termination Assigned Timeout Action Field Description Port The port to be displayed User Name This
154. Inventory A screen similar to the following is displayed LLDP Remote Device Inventory LLDP Remote Device Inventory Search By Interface Remote Device ID Management Address MAC Address System Name Remote Port ID O t 10 27 34 158 th 4 00 06 02 05 06 03 1 0 16 The following table describes the LLDP Remote Device Inventory fields Configuring System Information 90 M4100 M7100 Web Management User Guide Field Description Port Specifies the list of all the ports on which LLDP frame is enabled Remote Device ID Specifies the Remote device ID Management Address Specifies the advertised management address of the remote system MAC Address Specifies the MAC Address associated with the remote system System Name Specifies model name of the remote device Remote Port ID Specifies the port component associated with the remote system LLDP MED From the LLDP MED link you can access the following pages e LLDP MED Global Configuration on page 91 e LLDP MED Interface Configuration on page 92 e LLDP MED Local Device Information on page 93 e LLDP MED Remote Device Information on page 96 e LLDP MED Remote Device Inventory on page 98 LLDP MED Global Configuration Use the LLDP MED Global Configuration page to specify LLDP MED parameters that are applied to the switch To display this page click System gt LLDP gt LLDP MED gt Global Configuration A screen simi
155. Its MAC Destination Address MAC DA and VLAN ID are used to search the MAC address table If routing is enabled for the VLAN and the MAC DA of an inbound unicast packet is that of the internal bridge router interface the packet is routed An inbound multicast packet is forwarded to all ports in the VLAN plus the internal bridge router interface if it was received on a routed VLAN Since a port can be configured to belong to more than one VLAN VLAN routing might be enabled for all of the VLANs on the port or for a subset VLAN Routing can be used to allow more than one physical port to reside on the same subnet It could also be used when a VLAN spans multiple physical networks or when additional segmentation or security is required This section shows how to configure the NETGEAR switch to support VLAN routing A port can be either a VLAN port or a router port but not both However a VLAN port may be part of a VLAN that is itself a router port From the VLAN link you can access the following pages e VLAN Routing Wizard on page 206 e VLAN Routing Configuration on page 207 VLAN Routing Wizard The VLAN Routing Wizard creates a VLAN adds selected ports to the VLAN The VLAN Wizard gives the user the option to add the selected ports as a Link Aggregation LAG The Wizard will e Create a VLAN and generate a unique name for VLAN e Add selected ports to the newly created VLAN and remove selected ports from the default VLAN e Crea
156. N interface 5 Use Network Mask to define the subnet mask of the VLAN interface VLAN Routing Configuration Use the VLAN Routing Configuration page to configure VLAN Routing interfaces on the system To display the VLAN Routing Configuration page click Routing gt VLAN gt VLAN Routing VLAN Routing Configuration VLAN Routing Configuration O E VLAN ID Port MAC Address IP Address Subnet Mask te 1 Use IP Address to enter the IP Address to be configured for the VLAN Routing Interface 2 Use Subnet Mask to enter the Subnet Mask to be configured for the VLAN Routing Interface Routing 207 M4100 M7100 Web Management User Guide 3 Click ADD to add the VLAN Routing Interface specified in the VLAN ID field to the switch configuration 4 Click DELETE to remove the VLAN Routing Interface specified in the VLAN ID field from the switch configuration Field Description Port The interface assigned to the VLAN for routing MAC Address The MAC Address assigned to the VLAN Routing Interface Routing 208 M4100 M7100 Web Management User Guide ARP The ARP protocol associates a layer 2 MAC address with a layer 3 IPv4 address ProSafe Managed Switches software features both dynamic and manual ARP configuration With manual ARP configuration you can statically add entries into the ARP table ARP is a necessary part of the internet protocol IP and is used to translate an IP address to
157. Policy e Service i e the assignment of a policy to a directional interface Class You can classify incoming packets at layers 2 3 and 4 by inspecting the following information for a packet e Source destination MAC address e EtherType e Class of Service 802 1p priority value first only VLAN tag e VLAN ID range first only VLAN tag e Secondary 802 1p priority value second inner VLAN tag e Secondary VLAN ID range second inner VLAN tag Configuration Examples 396 M4100 M7100 Web Management User Guide e IP Service Type octet also known as ToS bits Precedence value DSCP value e Layer 4 protocol TCP UDP etc e Layer 4 source destination ports e Source destination IP address From a DiffServ point of view there are two types of classes e DiffServ traffic classes e DiffServ service levels forwarding classes DiffServ Traffic Classes With DiffServ you define which traffic classes to track on an ingress interface You can define simple BA classifiers DSCP and a wide variety of multi field MF classifiers e Layer 2 Layers 3 4 IP only e Protocol based e Address based You can combine these classifiers with logical AND or OR operations to build complex MF classifiers by specifying a class type of all or any respectively That is within a single class multiple match criteria are grouped together as an AND expression or a sequential OR expression depending on the defined class type Only classes
158. Protocol Level 2 for SSH The currently configured value is shown when the web page is displayed The default value is Enable 4 Use SSH Session Timeout to configure the inactivity time out value for incoming SSH sessions to the switch The acceptable range for this field is 1 5 minutes 5 Use Maximum Number of SSH Sessions to configure the maximum number of inbound SSH sessions allowed on the switch The currently configured value is shown when the web page is displayed The acceptable range for this field is 0 5 6 Use Login Authentication List to select an authentication list from the drop down menu This list is used to authenticate users who try to login to the switch 7 Use Enable Authentication List to select an authentication list from the drop down menu This list is used to authenticate users who try to get enable level privilege 8 Click REFRESH to refresh the web page and to show the latest SSH Sessions privileges Field Description Current Number of SSH Sessions Displays the number of SSH connections currently in use in the system Keys Present Displays which keys RSA DSA or both are present if any Host Keys Management Use this menu to generate or delete RSA and DSA keys To display the Host Keys Management page click Security gt Access gt SSH gt Host Keys Management Managing Device Security 266 M4100 M7100 Web Management User Guide Host Keys Management RSA K
159. R 210 d Industrie Canada applicable aux appareils radio exempts de licence Son fonctionnement est sujet aux deux conditions suivantes 1 le dispositif ne doit pas produire de brouillage pr judiciable et 2 ce dispositif doit accepter tout brouillage regu y compris un brouillage susceptible de provoquer un fonctionnement ind sirable NOTE IMPORTANTE D claration d exposition aux radiations Cet quipement est conforme aux limites d exposition aux rayonnements IC tablies pour un environnement non contr l Cet quipement doit tre install et utilis avec un minimum de 20 cm de distance entre la source de rayonnement et votre corps Avertissement Le dispositif fonctionnant dans la bande 5150 5250 MHz est r serv uniquement pour une utili sation a l int rieur afin de r duire les risques de brouillage pr judiciable aux syst mes de satellites mobiles utilisant les m mes canaux Les utilisateurs de radars de haute puissance sont d sign s utilisateurs principaux c a d qu ils ont la priorit pour les bandes 5250 5350 MHz et 5650 5850 MHz et que ces radars pourraient causer du brouillage et ou des dommages aux dispositifs LAN EL Voluntary Control Council for Interference VCCI Statement This equipment is in the Class B category information equipment to be used in a residential area or an adjacent area thereto and conforms to the standards set by the Voluntary Control Council for Interference by Data Processing Equipm
160. Redirect Interface is already configured for the ACL rule This field is visible for a Permit Action Use Redirect Interface to specify the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is visible for a Permit Action Use Match Every to select true or false from the pull down menu True signifies that all packets will match the selected IPv6 ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible Protocol There are two ways to configure IPv6 protocol a Specify an integer ranging from 1 to 255 after selecting protocol keyword other This number represents the IP protocol b Select name of a protocol from the existing list of Internet Protocol IPv6 Transmission Control Protocol TCP User Datagram Protocol UDP and Internet Control Message Protocol ICMPv6 Use Source Prefix Prefix Length to specify IPv6 Prefix combined with IPv6 Prefix length of the network or host from which the packet is being sent Prefix length can be in the range 0 to 128 Use S
161. SL DH Weak Encryption Parameter PEM File to specify SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded Use SSL DH Strong Encryption Parameter PEM File to specify SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded The factory default is Archive 2 Use Image Name to select one of the images from the list Image Specify the code image1 when you want to retrieve Image2 Specify the code image2 when you want to retrieve 3 If you are downloading an image Archive select the image on the switch to overwrite This field is only visible when Archive is selected as the File Type Maintenance 374 M4100 M7100 Web Management User Guide Note It is recommended that you not overwrite the active image The system will display a warning that you are trying to overwrite the active image 4 Click BROWSE to open a file upload window to locate the file you want to download 5 Click CANCEL to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 6 Click the APPLY button to initiate the file download Note After a file transfer is started please wait until the page refreshes When the page refreshes the Select File option will be blanked out This indicates that the file transfer is done Note To download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Note To download SSL PEM files SSL must be administr
162. ST Regional Root CST Path Cost Port Triggered TC To configure CST settings 32768 D to 61440 20 6 to 40 2 15 20 6 80 00 00 04 06 02 04 07 0 day 0 hr 30 min 22 sec 3 False 80 00 00 00 00 01 03 58 60000 80 16 20 15 6 80 00 00 04 06 02 04 07 0 1 0 13 1 Specify values for CST in the appropriate fields e Bridge Priority When switches or bridges are running STP each is assigned a priority After exchanging BPDUs the switch with the lowest priority value becomes the root bridge Specifies the bridge priority value for the Common and Internal Spanning Tree CST The valid range is 0 61440 The bridge priority is a multiple of 4096 If you specify a priority that is not a multiple of 4096 the priority is automatically set to the next lowest priority that is a multiple of 4096 For example if the priority is attempted to be set to any value between 0 and 4095 it will be set to 0 The default priority is 32768 Configuring Switching Information 133 M4100 M7100 Web Management User Guide Bridge Max Age secs Specifies the bridge maximum age time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a bridge waits before implementing a topological change The valid range is 6 40 and the value must be less than or equal to 2 Bridge Forward Delay 1 and greater than or equal to 2 Bridge Hello Time 1 The default value is 20 Bridge Hello Time se
163. STP Mode to enable or disable the Spanning Tree Protocol Administrative Mode associated with the LAG The possible values are e Disable Spanning tree is disabled for this LAG e Enable Spanning tree is enabled for this LAG Use Static Mode to select enable or disable from the drop down menu When the LAG is enabled it does not transmit or process received LACPDUs i e the member ports do not transmit LACPDUs and all the LACPDUs it may receive are dropped The factory default is disable Use Hash Mode to select the load balancing mode used on a port channel LAG Traffic is balanced on a port channel LAG by selecting one of the links in the channel over which to transmit specific packets The link is selected by creating a binary pattern from selected fields in a packet and associating that pattern with a particular link e Src MAC VLAN EType incoming port Source MAC VLAN EtherType and incoming port associated with the packet e Dest MAC VLAN EType incoming port Destination MAC VLAN EtherType and incoming port associated with the packet e Src Dest MAC VLAN EType incoming port Source Destination MAC VLAN EtherType and incoming port associated with the packet Configuring Switching Information 182 M4100 M7100 Web Management User Guide e Src IP and Src TCP UDP Port fields Source IP and Source TCP UDP fields of the packet e DestIP and Dest TCP UDP Port fields Destination IP and Destination TCP UDP Port fie
164. The page also allows you to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to prioritize packets You can have multiple match criteria in a class The logic is a Boolean logical and for this criteria After creating a Class click the class link to the Class page To display the page click QoS gt DiffServ gt Advanced gt IPv6 Class Configuration IPv6 Class Name IPv6 Class Name A Class Name Class Type To configure a DiffServ class 1 To create a new class enter a class name select the class type and click ADD This field also lists all the existing DiffServ class names from which one can be selected The switch supports only the Class Type value All which means all the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the match criteria Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type 2 To rename an existing class select the check box next to the configured class update the name and click APPLY 3 To remove a class click the check box beside the Class Name then click DELETE 4 Click REFRESH to refresh the page with the most current data from the switch 5 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of th
165. Timer 30 Hold Time 180 Version 2 Advertisements Disable Enable Neighbors table last time changed 2 Days 01 15 07 Device ID 2ER1084000005 Device ID Format Capability Serial Number Host Name Device ID Format Serial Number 1 Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled The default value is Enabled 2 Use Timer to specify the period of time between sending new ISDP packets The range is 5 to 254 seconds Default value is 30 seconds 3 Use Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it The range 10 to 255 seconds Default value is 180 seconds 4 Use Version 2 Advertisements to enable or disable the sending of ISDP version 2 packets from the device The default value is Enabled The following table describes the ISDP Basic Global Configuration fields Field Description Neighbors table last time changed Specifies if Device ID Displays the device ID of this switch Device ID format capability Displays the device ID format capability Device ID format Displays the device ID format Advanced From the Advanced link you can access the following pages e Global Configuration on page 101 e Interface Configuration on page 102 e SDP Neighbor on page 102 e ISDP Statistics on page 103 Configuring System Inform
166. Use the MVR Running to Enable or Disable the MVR feature The factory default is Disable Use the MVR Multicast Vlan to specify the VLAN on which MVR multicast data will be received All source ports belong to this VLAN The value can be set in a range of 1 to 4094 The default value is 1 Use the MVR Global query response time to set the maximum time to wait for the IGMP reports membership on a receiver port This time applies only to receiver port leave processing When an IGMP query is sent from a receiver port the switch waits for the default or configured MVR query time for an IGMP group membership report before removing the port from the multicast group membership The value is equal to the tenths of second The range is from 1 to 100 tenths The factory default is 5 tenths or one half Use the MVR Mode to specify the MVR mode of operation The factory default is compatible Configuring Switching Information 165 M4100 M7100 Web Management User Guide Click REFRESH to update the web page to show the latest MVR configuration 6 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Field Definition MVR Max Multicast Groups Displays the maximum number of multicast groups that MVR supports MVR Current Multicast Groups D
167. VLAN Entries The maximum number of Virtual LANs VLANs allowed on this switch Most VLAN Entries Ever Used The largest number of VLANs that have been active on this switch since the last reboot Static VLAN Entries The number of presently active VLAN entries on this switch that have been created statically Dynamic VLAN Entries The number of presently active VLAN entries on this switch that have been created by GVRP registration VLAN Deletes The number of VLANs on this switch that have been created and then deleted since the last reboot Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this switch were last cleared Click CLEAR to clear all the counters resetting all switch summary and detailed statistics to default values The discarded packets count cannot be cleared Configuring System Information 23 M4100 M7100 Web Management User Guide System CPU Status Use this page to display the system resources To display the System Resource page click System gt Management gt System CPU Status A screen similar to the following is displayed System CPU Status CPU Memory Status Total System Memory 126416 KBytes Available Memory 26780 KBytes CPU Utilization Memory Utilization Report a status bytes free 27422720 alloc 102027264 m CPU Utilization PID Name 5 Secs 60 Secs 300 Secs 165 hardwareMonitorTask 0 38 0
168. Web Management User Guide Once you have established in band connectivity you can change the IP information using any of the following e Terminal interface via the EIA 232 port e Terminal interface via telnet e SNMP based management e Web based management 1 Use IP Address to specify the IP address of the interface The factory default value is 169 254 100 100 2 Use Subnet Mask to enter the IP subnet mask for the interface The factory default value is 255 255 0 0 3 Use Default Gateway to specify the default gateway for the IP interface The factory default value is 0 0 0 0 4 Use Locally Administered MAC Address to configure a locally administered MAC address for in band connectivity instead of using the burned in universally administered MAC address In addition to entering an address in this field you must also set the MAC address type to locally administered Enter the address as twelve hexadecimal digits 6 bytes with a colon between each byte Bit 1 of byte 0 must be set to a 1 and bit 0 to a 0 in other words byte 0 must have a value between x 40 and x 7F 5 Use MAC Address type to specify whether the burned in or the locally administered MAC address should be used for in band connectivity The factory default is to use the burned in MAC address 6 Use Current Network Configuration Protocol to specify what the switch should do following power up transmit a BOOTP request transmit a DHCP request or do not
169. a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of good packets received that were directed to the broadcast address Note that this does not include multicast packets Total Packets Received with MAC Errors The total number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Jabbers Received The total number of packets received that were longer than 1518 octets excluding framing bits but including FCS octets and had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error Note that this definition of jabber is different than the definition in IEEE 802 3 section 8 2 1 5 10BASE5 and section 10 3 1 4 10BASE2 These documents define jabber as the condition where any packet exceeds 20 ms The allowed range to detect jabber is between 20 ms and 150 ms Fragments Received The total number of packets received that were less than 64 octets in length with ERROR CRC excluding framing bits but including FCS octets Undersize Received The total number of packets received that were less than 64 octets in length with GOOD CRC excluding framing bits but including FCS octets Alignment Errors The total number of packets received that had a length excluding framing
170. able Router Advertisements will be transmitted from the selected interface 3 Use Advertise Address to select enable or disable from the drop down menu If you select enable Router Advertisements will be transmitted from the selected interface Routing 213 M4100 M7100 Web Management User Guide Use Maximum Advertise Interval to enter the maximum time in seconds allowed between router advertisements sent from the interface Use Minimum Advertise Interval to enter the minimum time in seconds allowed between router advertisements sent from the interface The value must be in the range of 3 to 1800 Default value is 450 000000 Use Advertise Lifetime to enter the value in seconds to be used as the lifetime field in router advertisements sent from the interface This is the maximum length of time that the advertised addresses are to be considered as valid router addresses by hosts Use Preference Level to specify the preference level of the router as a default router relative to other routers on the same subnet Higher numbered addresses are preferred You must enter an integer Use CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Use APPLY to send the updated configuration to the switch Configuration changes take effect immediately Routing 214 M4100 M7100 Web Management User Guide Routing 215 Contiguring Quality of Service Use the
171. able click Security gt ACL gt Advanced gt Binding Table IP ACL Binding Table IP ACL Binding Table ACL Sequence Interf Directio ACLT fm tnterice mi a Baek hn aan The following table describes the information displayed in the IP ACL Binding Table To delete an IP ACL to interface binding select the check box next to the interface and click DELETE Field Description Interface Displays selected interface Direction Displays selected packet filtering direction for ACL ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Name Displays the ACL Number in the case of IP ACL or ACL Name in the case of Named IP ACL and IPv6 ACL identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction Managing Device Security 333 M4100 M7100 Web Management User Guide VLAN Binding Table Use the VLAN Binding Table page to view or delete the VLAN ACL bindings To display the VLAN Binding Table click Security gt ACL gt Advanced gt VLAN Binding Table ACL Vlan Binding Table VLAN Binding Configuration a VLAN ID Sequence Number ACL Type ACL ID The following table describes the information displayed in the ACL VLAN Binding Table To delete a VLAN ACL to interface binding select the check box
172. ackets that have TCP Flags FIN URG and PSH set and TCP Sequence Number 0 The factory default is disabled Use Denial of Service TCP Flag amp Sequence to enable TCP Flag DoS prevention which causes the switch to drop packets that have TCP control flags set to 0 and TCP sequence number set to 0 The factory default is disabled Use Denial of Service TCP Fragment to enable TCP Fragment DoS prevention which causes the switch to drop packets e First TCP fragments that has a TCP payload IP_Payload_Length IP_Header_Size lt Min_TCP_Header_Size e The factory default is disabled Use Denial of Service TCP Offset to enable TCP Offset DoS prevention which causes the switch to drop packets that have a TCP header Offset 1 The factory default is disabled Use Denial of Service TCP Port to enable TCP Port DoS prevention which causes the switch to drop packets that have TCP source port equal to TCP destination port The factory default is disabled Use Denial of Service TCP SYN to enable TCP SYN DoS prevention which causes the switch to drop packets that have TCP Flags SYN set The factory default is disabled Use Denial of Service TCP SYN amp FIN to enable TCP SYN amp FIN DoS prevention which causes the switch to drop packets that have TCP Flags SYN and FIN set The factory default is disabled Use Denial of Service UDP Port to enable UDP Port DoS prevention which causes the switch to drop packets that have UDP source port equal to UDP des
173. ame Timer Schedule Type Absolute Timer Schedule Entry new Timer Schedule Configuration Time Start I hh mm Time End hh mm Date Start T Date End Ea 1 Use the Timer Schedule Name to select the timer schedule name for which data is to be displayed 2 Use the Timer Schedule Type to select the type of the timer schedule entry to be configured It can be selected as Absolute or Periodic 3 Use the Timer Schedule Entry to select the number of the timer schedule entries to be configured or added Option new has to be selected to add new entry 4 Use the Time Start to set the time of the day in format HH MM when the schedule operation is started This field is the required field If no time is specified the schedule does not start running 5 Use the Time End to set the time of the day in format HH MM when the schedule operation is terminated 6 Use the Date Start to set the schedule start date If no date is specified the schedule starts running immediately 7 Use the Date Stop to set the schedule termination date If No End Date selected the schedule operates indefinitely Configuring System Information 106 M4100 M7100 Web Management User Guide 8 Use the Recurrence Pattern to show with what period the event will repeat If recurrence is not needed a timer schedule should be triggered just once then set Date Stop as equal to Date Start There are the following possible values of r
174. ameter will not appear when you first create a new login list 4 3 Use the drop down menu to select the method if any that should appear third in the selected authentication login list This is the method that will be used if all previous methods time out If you select a method that does not time out as the third method the fourth method will not be tried Note that this parameter will not appear when you first create a new login list Managing Device Security 258 M4100 M7100 Web Management User Guide 5 4 Use the drop down menu to select the method if any that should appear fourth in the selected authentication login list This is the method that will be used if all previous methods time out Note that this parameter will not appear when you first create a new login list Login Sessions To display the Login Sessions page click Security gt Management Security gt Login Sessions Login Sessions Login Sessions eee a e e e e 11 admin 10 12 17 158 00 00 00 00 59 31 HTTP Field Description ID Identifies the ID of this row User Name Shows the user s name whose session is open Connection From Shows from which machine the user is connected Idle Time Shows the idle session time Session Time Shows the total session time Session Type Shows the type of session telnet serial or SSH Configuring Management Access From the Access tab you can configure HTTP and Secure HTTP access to t
175. anagement User Guide IP ACL An IP ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match Rules for the IP ACL are specified created using the IP ACL Rule Configuration page To display the IP ACL page click Security gt ACL gt Advanced gt IP ACL IP ACL IP Configuration Current Number of ACL 5 Maximum ACL 100 IP ACL Table i IP ACL Rules Type O 2 2 Basic IP ACL C 102 1 Extended IP ACL F 1p Act 3 1 Named IP ACL The IP ACL page shows the current size of the ACL table and the maximum size of the ACL table The current size is equal to the number of configured IPv4 and IPv6 ACLs plus the number of configured MAC ACLs The maximum size is 100 To configure an IP ACL 1 The Current Number of ACL displays the current number of the all ACLs configured on the switch 2 The Maximum ACL displays the maximum number of IP ACL can be configured on the switch it depends on the hardware 3 Inthe IP ACL field specify the ACL ID or IP ACL name The ID is an integer in the following range e 1 99 Creates an IP Basic ACL which allows you to permit or deny traffic from a source IP address e 100 199 Creates an IP Extended ACL which allows you to permit or deny specific types of layer 3 or layer 4 traffic from a source IP address to a destination
176. anagement algorithm used by the PSE to deliver power to the requesting PDs Select Static to indicate that the power allocated for each port depends on the type of power threshold configured on the port Select Dynamic to indicate that the power consumption on each port is measured and calculated in real time 4 To set the traps select Enable to activate the PoE traps Select Disable to deactivate the PoE traps The default setting is enabled 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Advanced Use the Advanced page to configure the advanced PoE settings From the Advanced link you can access the following pages e PoE Configuration on page 72 e PoE Port Configuration on page 74 PoE Configuration To display the Advanced PoE Configuration page click System gt PoE gt Advanced gt PoE Configuration A screen similar to the following is displayed Configuring System Information 72 M4100 M7100 Web Management User Guide PoE Configuration Unit Selection Unit PoE Configuration Firmware Version Power Status Total Power Main AC Total Power RPS Power Source Threshold Power Consumed Power System Usage Threshold Power Management Mode Traps 1 1 0 2 On 150 Watt 0 Watt Main AC 135000 mw 12900 mw 90 1 to 99 _ Dynamic Enable Disable 1 The Unit Selection field displays the current PoE unit To change the PoE unit sele
177. ap the corresponding IP DSCP value The queue number depends on specific hardware 3 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 4 If you make changes to the page click APPLY to apply the changes to the system CoS Interface Configuration Use the CoS Interface Configuration page to apply an interface shaping rate to all interfaces or to a specific interface Configuring Quality of Service 221 M4100 M7100 Web Management User Guide To display the CoS Interface Configuration page click QoS gt CoS gt Advanced gt CoS Interface Configuration CoS Interface Configuration S CoS Interface Configuration 1 LAGS All Go To Interface Interface Shaping Rate ae o 802 1p 0 2 802 1p 0 3 802 1p 0 4 802 1p 0 5 802 1p 0 6 802 1p 0 7 802 1p o s 8021p 802 1p 8021p 8021p 8021p z oO 0O oO 0 oO 0 o O o O oO O HI 5 7 w 2 To configure CoS settings for an interface 1 Use Interface to specify all CoS configurable interfaces 2 Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is trust dot1p e untrusted e trust dotip e trust ip dscp 3 Use Interface Shaping Rate to specify the maximum bandwidth allowed typically used to shape the outbound transmission rate This value is controlled ind
178. ared 1 day 5 hr 41 min 4 sec The following table describes Switch Statistics information Field Description ifIndex This object indicates the ifIndex of the interface table entry associated with the Processor of this switch Octets Received The total number of octets of data received by the processor excluding framing bits but including FCS octets Configuring System Information 21 M4100 M7100 Web Management User Guide Field Description Packets Received Without Errors The total number of packets including broadcast packets and multicast packets received by the processor Unicast Packets Received The number of subnetwork unicast packets delivered to a higher layer protocol Multicast Packets Received The total number of packets received that were directed to a multicast address Note that this number does not include packets directed to the broadcast address Broadcast Packets Received The total number of packets received that were directed to the broadcast address Note that this does not include multicast packets Receive Packets Discarded The number of inbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Octets Transmitted The total number of octets transmitted out of the in
179. at were dropped by DAI as the target MAC address in ARP reply packet didn t match the destination MAC in ethernet header Invalid IP Number of ARP packets that were dropped by DAI as the sender IP address in ARP packet or target IP address in ARP reply packet is invalid Invalid addresses include 0 0 0 0 255 255 255 255 IP multicast addresses class E addresses 240 0 0 0 4 loopback addresses 127 0 0 0 8 Forwarded Number of valid ARP packets forwarded by DAI Dropped Number of invalid ARP packets dropped by DAI Click CLEAR to clear the DAI statistics Click REFRESH to refresh the data on the screen with the latest DAI statistics Configuring Access Control Lists Access Control Lists ACLs ensure that only authorized users have access to specific resources while blocking off any unwarranted attempts to reach network resources ACLs are used to provide traffic flow control restrict contents of routing updates decide which types of traffic are forwarded or blocked and above all provide security for the network ProSafe Managed switch s software supports IPv4 IPv6 and MAC ACLs You first create an IPv4 based or IPv6 based or MAC based ACL ID Then you create a rule and assign it to a unique ACL ID Next you define the rules which can identify protocols source and destination IP and MAC addresses and other packet matching criteria Finally use the ID number to assign the ACL to a port or to a LAG T
180. atic Binding Configuration a Interface MAC Address VLAN ID IP Address Filter Type OL M _ _ _ _ _ M TE Dynamic Binding Configuration Interface MAC Address VLAN ID IP Address Filter Type Static Binding Configuration Interface Selects the interface to add a binding into the IPSG database Use MAC Address to specify the MAC address for the binding Use VLAN ID to select the VLAN from the list for the binding rule Use IP Address to specify valid IP Address for the binding rule Click ADD to add IPSG static binding entry into the database Click DELETE to delete selected static entries from the database OPAAwWN A Dynamic Binding Configuration Field Description Interface Displays the interface to add a binding into the IPSG database MAC Address Displays the MAC address for the binding entry VLAN ID Displays the VLAN from the list for the binding entry IP Address Displays valid IP Address for the binding entry Filter Type Filter Type used on the interface One is source IP address filter type the other is source IP address and MAC address filter type Click CLEAR to clear all the dynamic binding entries Managing Device Security 308 M4100 M7100 Web Management User Guide Dynamic ARP Inspection The Dynamic ARP Inspection DAI link contains links to the following pages e DAI Configuration on page 309 e DAI VLAN Configuration on page 309
181. ation 100 M4100 M7100 Web Management User Guide Global Configuration To display this page click System gt ISDP gt Advanced gt Global Configuration A screen similar to the following is displayed Global Configuration Global Configuration Admin Mode Disable Enable Timer 30 Hold Time 180 Version 2 Advertisements Disable Enable Neighbors table last time changed 2 Days 01 15 37 Device ID 2ER1084000005 Device ID Format Capability Serial Number Host Name Device ID Format Serial Number 1 Use Admin Mode to specify whether the ISDP Service is to be Enabled or Disabled The default value is Enabled 2 Use Timer to specify the period of time between sending new ISDP packets The range is 5 to 254 seconds Default value is 30 seconds 3 Use Hold Time to specify the hold time for ISDP packets that the switch transmits The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it The range 10 to 255 seconds Default value is 180 seconds 4 Use Version 2 Advertisements to enable or disable the sending of ISDP version 2 packets from the device The default value is Enabled The following table describes the ISDP Advanced Global Configuration fields Field Description Neighbors table last time changed Displays when the Neighbors table last changed Device ID Displays the device ID of this switch Device ID format capability Dis
182. ation on configuring Common STP see CST Port Configuration on page 3 135 Multiple Spanning Tree Protocol MSTP supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces Each instance of the Spanning Tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree RSTP with slight modifications in the working but not the end effect chief among the effects is the rapid transitioning of the port to Forwarding The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports which are connected to end stations resulting in rapid transitioning of the port to Forwarding state and the suppression of Topology Change Notification These features are represented by the parameters pointtopoint and edgeport MSTP is compatible to both RSTP and STP It behaves appropriately to STP and RSTP bridges A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge Note For two bridges to be in the same region the force version should be 802 1s and their configuration name digest key and revision level should match For additional information about regions and their effect on network topology refer to the IEEE 802 1Q standard From the VLAN link you can access the following pages e Basic on page 129 e Advanced on page 131 Configuring Switching Information
183. atively disabled and there can be no active SSH sessions 7 Use Select File to browse give name along with path for the file you want to download You may enter up to 80 characters The factory default is blank 8 Download Status Displays the status during transfer file to the switch USB File Download Use this menu to download a file from the switch to USB device To display the HTTP File Upload page click Maintenance gt Download gt USB File Upload Download File From USB Download File From USB File Type Archive v Image Name imagel w USB File Maintenance 375 M4100 M7100 Web Management User Guide 1 Use File Type to specify what type of file you want to upload e Archive Specify archive STK code when you want to retrieve from the operational flash e Text Configuration to specify configuration in text mode when you want to retrieve the stored configuration The factory default is Archive 2 Use Image Name to select one of the images from the list e Image Specify the code image1 when you want to retrieve e Image2 Specify the code image2 when you want to retrieve 3 Use USB File to give a name along with path for the file you want to upload You may enter up to 32 characters The factory default is blank 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Click APPLY to send the updated configurati
184. ax Samples is the number of samples to keep This is a global setting and is applied to all interfaces The Range is 1 to 168 The Default value is 168 The following table describes the Port GreenMode EEE History non configurable fields Table 6 Field Description Time spent in LPI mode per stack since EEE counters are last cleared Percentage LPI time per Stack Sample No Sample Index Time Since The Sample Was Recorded Time Since The Sample Was Recorded Each time the page is refreshed it shows a different time as it reflects the difference in current time and time at which the sample was recorded Configuring System Information 53 M4100 M7100 Web Management User Guide Table 6 Field Description Percentage Time spent in LPI mode since last Percentage of time spent in LPI mode during the sample current measurement interval Percentage Time spent in LPI mode since last reset Percentage of time spent in LPI mode since EEE LPI statistics are reset 4 Click Apply to update the configuration on the switch 5 Click REFRESH to refresh the page with the most current data from the switch Configuring System Information 54 M4100 M7100 Web Management User Guide Services From the Services link you can access the following pages e DHCP Server on page 55 e DHCP Relay on page 64 e DHCP L2 Relay on page 65 e UDP Relay on page 67 DHCP Server From the DHCP Server
185. ay Interface Configuration on page 66 e DHCP L2 Relay Interface Statistics on page 66 DHCP L2 Relay Global Configuration To display the DHCP L2 Relay Global Configuration page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Global Configuration A screen similar to the following is displayed DHCP L2 Relay Configuration DHCP L2 Relay Global Configuration Admin Mode Disable Enable DHCP L2 Relay VLAN Configuration Admin Circuit ID Remote ID i E TE 2 Disable Disable DHCP L2 Relay Global Configuration 1 Use Admin Mode to enable or disable the DHCP L2 Relay on the switch The default is Disable DHCP L2 Relay VLAN Configuration VLAN ID shows the VLAN ID configured on the switch Use Admin Mode to enable or disable the DHCP L2 Relay on the selected VLAN Use Circuit ID Mode to enable or disable the Circuit ID suboption of DHCP Option 82 Use Remote ID String to specify the Remote ID when Remote ID mode is enabled R WN Configuring System Information 65 M4100 M7100 Web Management User Guide DHCP L2 Relay Interface Configuration To display the DHCP L2 Relay Interface Configuration page click System gt Services gt DHCP L2 Relay gt DHCP L2 Relay Interface Configuration A screen similar to the following is displayed DHCP L2 Relay Configuration DHCP L2 Relay Configuration 1 LAGS All Go To Interface EP Ee 0 1 Disable Disable 0 2 Disable Disable 0
186. ays Can be selected as Infinite to specify lease time as Infinite or Specified Duration to enter a specific lease period In case of dynamic binding infinite implies a lease period of 60 days and In case of manual binding infinite implies indefinite lease period Default Value is Specified Duration Specifies the Number of Days of Lease Period This field appears only if the user has specified Specified Duration as the Lease time Default Value is 1 Valid Range is 0 to 59 Hours Specifies the Number of Hours of Lease Period This field appears only if the user has specified Specified Duration as the Lease time Valid Range is 0 to 22 Minutes Specifies the Number of Minutes of Lease Period This field appears only if the user has specified Specified Duration as the Lease time Valid Range is 0 to 86399 Default Router Addresses Specifies the list of Default Router Addresses for the pool The user may specify up to 8 Default Router Addresses in order of preference DNS Server Addresses Specifies the list of DNS Server Addresses for the pool The user may specify up to 8 DNS Server Addresses in order of preference NetBIOS Name Server Addresses Specifies the list of NetBIOS Name Server Addresses for the pool The user may specify up to 8 NetBIOS Name Server Addresses in order of preference NetBIOS Node Type Specifies the NetBIOS node type for DHCP clients
187. bal Configuration Timer Schedule Admin Mode Disable Enable Timer Schedule Name __ Timer Schedule Name a 1 Use Admin Mode to Enable or Disable the Timer Control service The default value is Disable 2 Use the Timer Schedule Name to specify the name of a timer schedule The following table describes the Timer Schedule non configurable fields Field Description ID Identification of the timer Schedule Maximum number of schedules that can be created is 100 3 Click ADD to add the new timer schedule with a specified name The configuration changes take effect immediately 4 Click DELETE to delete the selected timer schedules The configuration changes take effect immediately 5 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest values Configuring System Information 105 M4100 M7100 Web Management User Guide 6 Click APPLY to send the updated configuration to the switch The configuration changes take effect immediately Timer Schedule Configuration Use the Timer Schedule Configuration page to configure the Timer Schedule Configuration settings To display the Timer Schedule Configuration page click System gt Services gt Timer Schedule gt Advanced gt Schedule Configuration A screen similar to the following is displayed Timer Schedule Configuration Timer Schedule Selection Timer Schedule N
188. burst interval has no meaning and it is N A The default value is N A It can be set to value 1 which means N A The range of Burst Interval is 1 to 15 Managing Device Security 303 M4100 M7100 Web Management User Guide DHCP Snooping Binding Configuration To display the DHCP Snooping Binding Configuration page click Security gt Control gt DHCP Snooping gt Binding Configuration DHCP Snooping Binding Configuration Static Binding Configuration Dynamic Binding Configuration Interface MAC Address VLAN ID IP Address Lease Time Static Binding Configuration Interface Selects the interface to add a binding into the DHCP snooping database Use MAC Address to specify the MAC address for the binding entry to be added This is the Key to the binding database Use VLAN ID to select the VLAN from the list for the binding rule The range of the VLAN ID is 1 to 4093 Use IP Address to specify valid IP Address for the binding rule Click ADD to add DHCP snooping binding entry into the database Click DELETE to delete selected static entries from the database Dynamic Binding Configuration 1 2 3 4 5 6 Interface Displays the interface to which a binding entry is associated in the DHCP snooping database Use MAC Address to display the MAC address for the binding in the binding database Use VLAN ID to display the VLAN for the binding entry in the binding database The range of the VLAN ID i
189. butes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs The configuration process begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that Configuring Quality of Service 226 M4100 M7100 Web Management User Guide class The any class type option defines that at least one match criteria must evaluate to true for a packet to match that class Classes are tested in the order in which they were added to the policy A policy is applied to a packet when a class match within that policy is found To display the DiffServ Configuration page click QoS gt DiffServ gt Basic gt DiffServ Configuration DiffServ Configuration DiffServ Configuration DiffServ Admin Mode Disable Enable Status MIB Table Current Size Max size Class Table 0 32 Class Rule table 0 192 Policy table 0 64 Policy Instance table 0 768 Policy Attributes table 0 2304 Service table 0 36 Field Description DiffServ Admin Mode The options mode for DiffServ The default value is enable While disabled the DiffServ configuration is retained when saved and can be changed but
190. by this authenticator EAP Request ID Frames Transmitted This displays the number of EAP request identity frames that have been transmitted by this authenticator EAP Request Frames Transmitted This displays the number of EAP request frames other than request identity frames that have been transmitted by this authenticator Monitoring the System 346 Cable Test M4100 M7100 Web Management User Guide To display the Cable Test page click Monitoring gt Ports gt Cable Test Cable Test Cable Test 1 All 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 All E EjE Eja E E E E E E E Go To Port OC Cable Status Cable Length Failure Location untested untested untested untested untested untested untested untested Invalid cable type Invalid cable type Invalid cable type Invalid cable type Go ToPort Lea 1 Port Indicates the interface to which the cable to be tested is connected 2 Click APPLY to perform a cable test on the selected interface The cable test may take up to 2 seconds to complete If the port has an active link the cable status is always Normal The command returns a cable length estimate if this feature is supported by the PHY for the current link speed Note that if the link is down and a cable is attached to a 10 100 Ethernet adapter then the cable status may be Open or Short because some Ethernet adapters leave unused wire
191. cal interface for which you want to display data Last Violation MAC Displays the source MAC address of the last packet that was discarded at a locked port VLAN ID Displays the VLAN ID corresponding to the Last Violation MAC address Managing Device Security 287 M4100 M7100 Web Management User Guide Port Security Interface Configuration A MAC address can be defined as allowable by one of two methods dynamically or statically Both methods are used concurrently when a port is locked Dynamic locking implements a first arrival mechanism for Port Security You specify how many addresses can be learned on the locked port If the limit has not been reached then a packet with an unknown source MAC address is learned and forwarded normally When the limit is reached no more addresses are learned on the port Any packets with source MAC addresses that were not already learned are discarded You can effectively disable dynamic locking by setting the number of allowable dynamic entries to zero Static locking allows you to specify a list of MAC addresses that are allowed on a port The behavior of packets is the same as for dynamic locking only packets with an allowable source MAC address can be forwarded To display the Port Security Interface Configuration page click Security gt Traffic Control gt Port Security gt Interface Configuration Port Security Interface Configuration Interface Configuration 1 LAGS
192. ce Security 246 M4100 M7100 Web Management User Guide RADIUS Configuration Use the Radius Configuration page to add information about one or more RADIUS servers on the network To access the Radius Configuration page click Security gt Management Security gt RADIUS gt Radius Configuration Radius Configuration Radius Configuration Current Server Address Number of Configured Authentication Servers 0 Number of Configured Accounting Servers 0 Number of Named Authentication Server Groups 0 Number of Named Accounting Server Groups 0 Max Number of Retransmits 4 Timeout Duration secs 5 Accounting Mode Disable Enable Radius Attribute 4 Mode Disable Enable The Current Server IP Address field is blank if no servers are configured see RADIUS Server Configuration on page 6 248 The switch supports up to three configured RADIUS servers If more than one RADIUS servers are configured the current server is the server configured as the primary server If no servers are configured as the primary server the current server is the most recently added RADIUS server To configure global RADIUS server settings 1 In the Max Number of Retransmits field specify the value of the maximum number of times a request packet is retransmitted to the RADIUS server The valid range is 1 15 The default value is 4 Consideration to maximum delay time should be given when configuring RADIUS max retransmit and RADIUS tim
193. ce complies with Part 15 of the FCC Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation e For product available in the USA market only channel 1 11 can be operated Selection of other channels is not possible e This device and its antenna s must not be co located or operation in conjunction with any other antenna or transmitter Industry Canada This device complies with RSS 210 of the Industry Canada Rules Operation is subject to the following two conditions 1 This device may not cause harmful interference and 2 this device must accept any interference received including interference that may cause undesired operation IMPORTANT NOTE Radiation Exposure Statement This equipment complies with IC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance 20cm between the radiator amp your body Caution The device for the band 5150 5250 MHz is only for indoor usage to reduce po tential for harmful interference to co channel mobile satellite systems High power radars are allocated as primary users meaning they have priority of 5250 5350 MHz and 5650 5850 MHz and these radars could cause interference and or damage to LE LAN devices Ce dispositif est conforme a la norme CN
194. cess begins with defining one or more match criteria for a class Then one or more classes are added to a policy Policies are then added to interfaces Packet processing begins by testing the match criteria for a packet The all class type option defines that each match criteria within a class must evaluate to true for a packet to match that class The any class type option defines that at least one match criteria must evaluate to true for a packet to match that class Classes are tested in the order in which they were added to the policy A policy is applied to a packet when a class match within that policy is found To display the DiffServ Configuration page click QoS gt DiffServ gt Advanced gt Diffserv Configuration DiffServ Configuration DiffServ Configuration DiffServ Admin Mode Disable Enable Status peuptable Current Size MaxSize o Class Table 0 32 Class Rule table 0 192 Policy table 0 64 Policy Instance table 0 768 Policy Attributes table 0 2304 Service table 0 36 To configure the global DiffServ mode 1 Select the administrative mode for DiffServ Configuring Quality of Service 228 M4100 M7100 Web Management User Guide e Enable Differentiated Services are active e Disable The DiffServ configuration is retained and can be changed but it is not active 2 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest valu
195. cifies the remote port s PD power priority LLDP MED Remote Device Inventory To display this page click System gt LLDP gt LLDP MED gt Remote Device Inventory A screen similar to the following is displayed Configuring System Information 98 M4100 M7100 Web Management User Guide LLDP MED Remote Device Inventory LLDP MED Remote Device Inventory Management Software MAC Address System Model Address Revision The following table describes the LLDP MED Remote Device Inventory fields Field Definition Port Specifies the list of all the ports on which LLDP MED is enabled Management Address Specifies the advertised management address of the remote system MAC Address Specifies the MAC Address associated with the remote system System Model Specifies model name of the remote device Software Revision Specifies Software version of the remote device ISDP From the ISDP link you can access the following pages e Basic on page 99 e Advanced on page 100 Basic From the Basic link you can access the following pages e Global Configuration on page 99 Global Configuration To display this page click System gt ISDP gt Basic gt Global Configuration A screen similar to the following is displayed Configuring System Information 99 M4100 M7100 Web Management User Guide Global Configuration Global Configuration Admin Mode Disable Enable
196. ck CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click Apply to update the configuration on the switch Configuring System Information 47 M4100 M7100 Web Management User Guide Port Green Mode Statistics Use this page to configure the Port Green Mode Statistics settings To access this page click System gt Management gt Green Ethernet gt Green Ethernet Detail Port Green Mode Statistics Local Device Information 0 1 e Interface Cumulative Energy Saved on this port due 0 to Green Mode s Watts Hours Energy Detect Admin Mode _ Enable i Operational Status Inactive Reason Link Up To configure the port green mode statistics 1 Select the Interface for which data is to be displayed or configured 2 Use the Energy Detect Admin Mode selection to enable or disable this option on the port With energy detect mode enabled when the port link is down the PHY will automatically go down for short period of time and then wakes up to check link pulses This will allow performing auto negotiation and saving power consumption when no link partner is present The Default value is Disabled 3 Use the Short Reach Admin Mode selection to enable or disable this option on the port With short reach mode enabled PHY is forced to operate in low power mode irrespective of the cable length The Default value is Disabled 4 Use the EEE Admin Mod
197. cket is dropped If the port is a member of the VLAN specified by the packet s VLAN ID the packet can be sent to other ports with the same VLAN ID Packets leaving the switch are either tagged or untagged depending on the setting for that port s VLAN membership properties A U for a given port means that packets leaving the switch from that port are untagged Inversely a T for a given port means that packets leaving the switch from that port are tagged with the VLAN ID that is associated with the port The example given in this section comprises numerous steps to illustrate a wide range of configurations to help provide an understanding of tagged VLANs VLAN Example Configuration This example demonstrates several scenarios of VLAN use and describes how the switch handles tagged and untagged traffic In this example you create two new VLANs change the port membership for default VLAN 1 and assign port members to the two new VLANs 1 In the Basic VLAN Configuration screen see VLAN Configuration on page 137 create the following VLANs e AVLAN with VLAN ID 10 e AVLAN with VLAN ID 20 In the VLAN Membership screen see VLAN Configuration on page 137 specify the VLAN membership as follows e For the default VLAN with VLAN ID 1 specify the following members port 7 U and port 8 U Configuration Examples 392 M4100 M7100 Web Management User Guide e For the VLAN with VLAN ID 10 specify the following members
198. cle you must perform a save Port Settings To display the OUI Port Settings page click Switching gt Auto VoIP gt OUI based gt Port Settings OUI Port Settings OUI Port Settings 1 LAGS All Go To Interface so interface Auto voIP Mode Operational Status CIE e 0 1 Enable UP o 2 Enable uP 0 3 Enable UP C 0 4 Enable uP o s Enable UP E 0 6 Enable uP 0 7 Enable UP E 0 8 Enable UP 0 9 Enable UP C 0 10 Enable UP 0 11 Enable UP C 0 12 Enable UP 1 LAGS All Cofolnteface Em uso Configuring Switching Information 126 M4100 M7100 Web Management User Guide 1 Use Interface to select the interface for which data is to be displayed or configured 2 Use Auto VoIP Mode to Enable or Disable AutoVoIP mode on the selected interface Default value is enabled 3 Use Go To Interface to select an interface by entering its number 4 Click CANCEL to cancel the configuration on the screen Reset the data on the screen to the latest value of the switch 5 Click APPLY to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Field Description Operational Status Displays the current operational status of the interface OUI Table To display the OUI Table page click Switching gt Auto VoIP gt OUI based gt OUI Table OUI Table OU
199. col MIB _ The Link Aggregation module for managing IEEE 802 388 RFC 1213 RFC1213 MIB Management Information Base for Network Management of TCP 1P based internets MIB II RFC 2674 P BRIDGE MIB The Bridge MIB Extension module for managing Priority and Multicast Filtering defined by IEEE 802 1D 1998 REC 2737 ENTITY MIS Entity MIS Version 2 The Interfaces Group MIB using SMiv2 RFC 3635 Exherlike MIS Oefinbons of Managed Objects for the Ethernet hive Interface Types FASTPATH SWITCHING MIB FASTPATH INVENTORY MIG Urt and SkR corfiguradon Port Security MIB TECE Orak 802 148 013 LOP dosc MIB Pont Access Entity module for managing IEEE 802 3X PASTPATH RADIUS AUTH CUENT MIG Broadcom FastPath Radus MI RADIVS AUTH CLIENT MIB RADMI MIB Fastpath Captive Portal MB FASTPATH MGMT SECURITY MIB The Broadcom Private MIB for FastPath Mgmt Security RFC 1724 RIPV2 MIB RIP Version 2 MIB Extension OSPF Version 2 Management Information Base RFC 1850 OSPF TRAP MIB The MIB module to describe traps for the OSPF Version 2 Protocol FASTPATH ROUTING MIS FASTPATH Routing Layer 3 PASTPATH Plex QOS Support FASTPATH QOS ACU MIB FASTPATH Flex QOS ACL FASTPATH Flex QOS COS FASTPATH QOS AUTOVOIP MIS FASTPATH Flex QOS VOIP _ Management Information Base for the Textual Conventions used in OIFFSERV MIB RFC 3289 OLFFSERV MIB Management Information Base for the Orferentiated Services Archtecture FASTPATH QOS OLPFSERV PRIVATE MIB FASTP
200. cs Specifies the bridge Hello time for the Common and Internal Spanning Tree CST which indicates the amount of time in seconds a root bridge waits between configuration messages The value is fixed at 2 seconds The value must be less than or equal to Bridge Max Age 2 1 The default hello time value is 2 Bridge Forward Delay secs Specifies the bridge forward delay time which indicates the amount of time in seconds a bridge remains in a listening and learning state before forwarding packets The value must be greater or equal to Bridge Max Age 2 1 The time range is from 4 seconds to 30 seconds The default value is 15 Spanning Tree Maximum Hops Specifies the maximum number of bridge hops the information for a particular CST instance can travel before being discarded The valid range is 1 127 Spanning Tree Tx Hold Count Configures the maximum number of bpdus the bridge is allowed to send within the hello time window The default value is 6 Field Description Bridge identifier The bridge identifier for the CST It is made up using the bridge priority and the base MAC address of the bridge Time since topology change The time in seconds since the topology of the CST last changed Topology change count Number of times topology has changed for the CST Topology change The value of the topology change parameter for the switch indicating if a topology change is in progress on any por
201. ct another unit from the drop down box The following table describes the PoE Configuration non configurable fields Table 8 Field Description Units Displays the Current PoE Unit You can change the PoE Unit by selecting another unit ID listed here Firmware Version Power Status Version of the PoE controller s FW image Indicates the power status Total Power Main AC Displays the total power provided by the MAIN AC power source Total Power RPS Total Power PD Power Source Displays the total power provided by the redundant power source Current source of system power Main AC or RPS Threshold Power Consumed Power System can power up one port if consumed power is less than this power i e Consumed power can be between Nominal and Threshold Power values The threshold power value is effected by changing System Usage Threshold Total amount of a power which is currently being delivered to all ports 2 Toset the System Usage Threshold enter a number from 1 to 99 This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power Configuring System Information 73 M4100 M7100 Web Management User Guide 3 The Power Management Mode describes or controls the power management algorithm used by the PSE to deliver power to the requesting PDs Select Static to indicate that the power allocated for each port depends on t
202. ct the check box associated with the rule and then click DELETE To update an IP ACL rule select the check box associated with the rule update the desired fields and then click APPLY You cannot modify the Rule ID of an existing IP rule Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you change any of the settings on the page click APPLY to send the updated configuration to the switch Configuration changes take effect immediately To modify an existing IP Extended ACL rule click the Rule ID The number is a hyperlink to the Extended ACL Rule Configuration page Managing Device Security 325 M4100 M7100 Web Management User Guide IP Extended Rules Use these screens to configure the rules for the IP Access Control Lists created using the IP Access Control List Configuration screen What is shown on this screen varies depending on the current step in the rule configuration process Note There is an implicit deny all rule at the end of an ACL list This means that if an ACL is applied to a packet and if none of the explicit rules match then the final implicit deny all rule applies and the packet is dropped To display the IP extended Rules page click Security gt ACL gt Advanced gt IP Extended Rules Extended ACL Rules IP Rules ACL ID NAME Extended ACL Rule Table Test v T So Se Destinati irre Redirect Matc
203. cuit layout s described herein Revision History Publication Part Number Version Publish Date Comments 202 11165 01 v1 0 November 16 2012 First publication Contents Chapter 1 Getting Started switch Management Interface s crc64 5 heen Se ataeede eee PS eens 8 Web ACC6SSi4 4208 i4 eee cede kenir bee eE hed en ea 8 Understanding the User Interfaces 0 5 0 044s eee e eee eee 9 Using the Web Interface 2 0210 eus need owe cued dw dee beds we 9 Using SNMP 2 0017 20 eee ee ee NEE 14 Interface Naming Convention 0 060 eee eee 14 Chapter 2 Configuring System Information MANAQGEMICIN esr asiarren ine stadia endageaaneacrnae gaa 16 System INfONnMNalON 223 2244 940042e4c0 rose boGds 2aoS neGeRDS 17 WITCH SlAUSUICS 3525 cn gcanaauich sams sae de RGrs Aaa gael E 21 system CPU Status 2250 dcch2d dosh eee ended does easels 24 USB Device Information 0000 0c eee eee 26 Loopback IMtenace s 205 8 Acted de GAG adres oe ee ieee em 29 Network Interface assesi saipe aaa baad Adi 4 ww a iaa dos 30 WMG so eee hee hea eee iG ene heed es E 34 DNS erica scivtnks edt dibs Anda a a Seah de detec eee eta 43 SDM Template Preference 0000 cee eee eee eaee 45 Green Ethernet Configuration s 1 24 0 02ss0 es0504 2n4eesa04 asin 46 SONICO S oi Gsa gigas dacs hind aR aca a eater Owe aA Ta ma aenanaatie 55 DACP SENO nce gea aaa e a a a a a 55 DACP Relay 2 4 4 4c a again ade Ra Ay E A RGR g aa
204. cur Managing Device Security 279 M4100 M7100 Web Management User Guide Port Summary Use the Port Summary page to view information about the port access control settings on a specific port To access the Port Summary page click Security gt Port Authentication gt Advanced gt Port Summary Port Summary Port Summary 1 All Operating LAN Key Session aaa trol Reauthentication Control Protocol PAE Authenticator Backend VLAN A EEES Session Tona Port Mode eee Enabled Direction Version Capabilities PAE State State Assigned BAA Timeout Status Method Mode Reason Enabled Action 0 1 Auto FALSE Both Versioni Authenticator Initialize Initialize o Not Assigned FALSE o Default Port Based FALSE Versioni Authenticator Initialize Initialize 0 Not Assigned FALSE o Default Port Based 0 3 Auto Auto FALSE Both Versioni Authenticator Initialize Initialize o Not Assigned FALSE o Default Authorized Port Based 0 4 Auto N A FALSE Both Versioni Authenticator Initialize Initialize 0 Not Assigned FALSE o Default N A Port Based 0 5 Auto N A FALSE Both Versioni Authenticator Initialize Initialize 0 Not Assigned FALSE 0 Default N A Port Based 0 6 Auto N A FALSE Both Versioni Authenticator Initialize Initialize 0 Not Assigned FALSE o Default N A Port Based 0 7 Auto N A FALSE Both Versioni Authenticator Initialize Initialize oO Not Assigned FALSE 0 Default N A Port Based 0 8 Auto N A FALSE Both Versioni Authenticator Initialize
205. d The default value for this is Disabled 3 Use the 2 byte hex Global EtherType as the first 16 bits of the DVlan tag e 802 1Q Tag Commonly used tag representing 0x8100 e vMAN Tag Commonly used tag representing 0x88A8 e Custom Tag Configure the EtherType in any range from 0 to 65535 Voice VLAN Configuration Use this page to configure the parameters for Voice VLAN Configuration Note that only a user with Read Write access privileges may change the data on this screen Configuring Switching Information 120 M4100 M7100 Web Management User Guide To display the Voice VLAN Configuration page click Switching gt VLAN gt Advanced gt Voice VLAN Configuration Voice VLAN Configuration Voice VLAN Global Admin Admin Mode Disable Enable Voice VLAN Configuration 1 All Go To Interface GO CoS O d Oo ti l Interface Interface Mode Value nS Ovarmida DSCP Value A A a oO Disable _____ i C Disa BESEN d Disable 0 Disable 0 Disable Ol 0 3 Disable 0 Disable 0 Disable O 0 4 Disable 0 Disable 0 Disable O o s Disable 0 Disable 0 Disable O o6 Disable 0 Disable 0 Disable 0 7 Disable 0 Disable 0 Disable B ove Disable 0 Disable 0 Disable CO 0 9 Disable 0 Disable 0 Disable CL 0 10 Disable 0 Disable 0 Disable Ol of11 Disable 0 Disable 0 Disable Bj Disable 0 Disable 0 Disable 1 All Go To Interface GO 1 Use Admin Mode to select the administrative mode for Voice VLAN fo
206. d VLANs excluding the primary and default VLANs This control is used to associate VLANs to the selected primary VLAN 3 Click DELETE to delete the IP subnet based VLAN from the switch 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 If you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Field Description Isolated VLAN Displays the isolated VLAN associated with the selected primary VLAN Community VLAN s Displays the list of community VLAN s associated with the selected primary VLAN Private Vlan Port Mode Configuration To display the Private VLAN Port Mode Configuration page click Security gt Traffic Control gt Private VLAN gt Private VLAN Port Mode Configuration Managing Device Security 295 M4100 M7100 Web Management User Guide Private Vlan Port Mode Configuration Private Vlan Port Mode Configuration 1 LAGS All Go To Interface leso _ interface Port vian mode 0 1 General 0 2 General 0 3 General 0 4 General 0 5 General 0 6 General m 0 7 General 0 8 General F 0 9 General 0 10 General m 0 11 General ofi2 General 1 LAGS All Go To Interface GO 1 Use Switch Port Mode to select the Switch Port Mode The factory default is G
207. d including ISDPv1 and ISDPv2 packets ISDPv1 Packets Received Displays the ISDPv1 packets received ISDPv1 Packets Transmitted Displays the ISDPv1 packets transmitted ISDPv2 Packets Received Displays the ISDPv2 packets received ISDPv2 Packets Transmitted Displays the ISDPv2 packets transmitted ISDP Bad Header Displays the ISDP bad packets received ISDP Checksum Error Displays the number of the checksum error ISDP Transmission Failure Displays the number of the transmission failure ISDP Invalid Format Displays the number of the invalid format ISDP packets received ISDP Table Full Displays the table size of the ISDP table ISDP Ip Address Table Full Displays the table size of the ISDP IP address table Configuring System Information 104 M4100 M7100 Web Management User Guide Timer Schedule From Timer Schedule link under the System tab you can configure the Timer Schedule settings From the Timer Schedule link you can access the following pages e Timer Global Configuration on page 105 e Timer Schedule Configuration on page 106 Timer Global Configuration Use the Timer Global Configuration page to configure the Timer Global Configuration settings To display the Timer Global Configuration page click System gt Services gt Timer Schedule gt Basic gt Global Configuration A screen similar to the following is displayed Timer Glo
208. d on the VLAN on which query is being sent 3 Use IGMP Version to specify the IGMP protocol version used in periodic IGMP queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier The Query Interval must be a value in the range of 1 and 1800 The default value is 60 5 Use Querier Expiry Interval secs to specify the time interval in seconds after which the last querier information is removed The Querier Expiry Interval must be a value in the range of 60 and 300 The default value is 125 Field Description VLAN Ids Enabled For IGMP Snooping Querier Displays VLAN Ids enabled for IGMP snooping querier Configuring Switching Information 154 M4100 M7100 Web Management User Guide IGMP Snooping Querier VLAN Configuration Use this page to configure IGMP queriers for use with VLANs on the network To access this page click Switching gt Multicast gt IGMP Snooping gt Querier VLAN Configuration IGMP Snooping Querier VLAN Configuration IGMP Snooping Querier VLAN Configuration Querier Operational Last Last Election Querier VLAN Operational Operational Max z Querier Querier Participate Address Version Response Address Version To configure Querier VLAN settings 1 To create a new VLAN ID for IGMP Snooping select New Entry from the VLAN ID field and complete the following fields User can also set pre configurabl
209. ddress Subnet Mask Configuration Method 4 mS SEs O m None 0 0 0 0 0 0 0 0 Disanie Enable O oz None 00 0 0 00 0 9 Disable Ensoa O as None 0 2 0 0 0 0 0 0 Disada Enade O ae None 00 0 0 00 0 0 Disable Ena O as None 0 0 0 0 0 0 0 0 Disadie Enade O os None aoaaa aoao Disana Enana O a None 0 0 0 0 0 0 0 0 Disapie Enana O ows None 0 0 0 0 0 0 0 0 Disapie Enable O as None 0 0 0 0 00 0 0 Disada Easoe O ano None aooaa aaao Dianie Enade O vu None aaao aaoo Disable Ensoa O qz None 00 0 0 0 0 0 0 Disapie Enable 1 VLANS Al Routing 203 M4100 M7100 Web Management User Guide Encapsulation m Active State T Destination fs Unreachabies Disanie 00 07 03 05 05 07 Ethernet Enade Disadie 100000 Enapie Oisapie 1500 Disanie 00 07 03 05 05 07 Ethernet Enapie Dtsapie 100000 Enapie Oisanie 1500 Disadie 00 07 03 05 05 07 Ethernet Enapie Disanie 100000 Enapie Oisadie 1500 Disaie 00 07 03 05 05 07 Ethernet Enadie Oisadie 100000 Enadie Disadie 1500 Disanie 00 07 03 05 05 07 Ernernet Enadie Disadie 100000 Enapie Oisapie 1500 Disave 00 07 03 05 05 07 Ethernet Enade Disanie 100000 Enapie Disanie 1500 Disadie 00 07 03 05 05 07 Ernernet Enapie Disadie 100000 Enadie Disadie 1500 Disadie 00 07 03 05 05 07 Ethernet Enade Disadie 100000 Enable Disadie 1500 Disapie 00 07 03 05 05 07 Erneret Enadie Disadie 100000 Enapie Disable 1500 Disadie 00 07 03 05 05 07 Ethernet Enade Disadie 100000 Enapie Otsanie 1500 Disanie 00 07 03 05 05 07 Srnemet Enadie Disa
210. ddress for this interface in dotted decimal notation This option is visible when IPv4 loopback is selected 4 Use the Primary Mask field to input the primary IPv4 subnet mask for this interface in dotted decimal notation This option is visible when IPv4 loopback is selected 5 Use the Secondary IP Address field to input the secondary IP address for this interface in dotted decimal notation This input field is visible only when Add Secondary is selected This option is visible when IPv4 loopback is selected 6 Use the Secondary Subnet Mask field to input the secondary subnet mask for this interface in dotted decimal notation This input field is visible only when Add Secondary is selected This option is visible when IPv4 loopback is selected 7 Use the IPv6 Mode field to enable IPv6 on this interface using the IPv6 address This option is only configurable prior to specifying an explicit IPv6 address This option is visible when IPv6 loopback is selected 8 Use the IPv6 Address field to enter the IPv6 address in the format prefix length This option is visible when IPv6 loopback is selected 9 Use the EUI64 field to optionally specify the 64 bit extended unique identifier EUI 64 This option is visible when IPv6 loopback is selected Configuring System Information 29 M4100 M7100 Web Management User Guide Network Interface From the Network Interface link you can access the following pages e IPv4 Network Conf
211. device Click REFRESH to refresh the page with the latest information Configuring System Information 27 M4100 M7100 Web Management User Guide USB USB Directory Details This screen displays the directory information of the USB flash device The following table describes USB Memory Statistics information Field Description File Name This field displays the Name of the file stored in the USB flash drive File Size This field displays the Size of the file stored in the USB flash drive Modification Time This field displays the Last modification time of the file stored in the USB flash drive Click REFRESH to refresh the page with the latest information Configuring System Information 28 M4100 M7100 Web Management User Guide Loopback Interface Use this page to create configure and remove Loopback interfaces To display the Loopback Interface page click System gt Management gt Loopback Interface A screen similar to the following is displayed Loopback Interface Configuration IPv4 Loopback Interface Configuration Loopback Primary IP Primary IP Subnet Loopback Interface E r L a as 1 Use the Loopback Interface Type field to select IPv4 or IPv6 loopback interface to configure the corresponding attributes 2 Use the Loopback ID field to select list of currently configured loopback interfaces 3 Use the Primary Address field to input the primary IPv4 a
212. dge Identifier The bridge identifier for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Time Since Topology Change The time n seconds since the topology of the selected MST instance last changed Topology Change Count Number of times topology has changed for the selected MST instance Topology Change The value of the topology change parameter for the switch indicating if a topology change is in progress on any port assigned to the selected MST instance It takes a value if True or False Configuring Switching Information 139 M4100 M7100 Web Management User Guide Field Description Designated Root The bridge identifier of the root bridge It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path Cost to the Designated Root for this MST instance Root Portldentifier Port to access the Designated Root for this MST instance Configuring Switching Information 140 M4100 M7100 Web Management User Guide MST Port Status Use the Spanning Tree MST Port Status page to configure and display Multiple Spanning Tree MST settings on a specific port on the switch To display the Spanning Tree MST Port Status page click Switching gt STP gt Advanced gt MST Port Status MST Port Status MST ID Selection No MSTs Available Note If no MST instances have been configured on the switch the pa
213. die 100000 Enapie Disadie 1500 Disadie 00 07 03 05 05 07 Ethernet Enapie Otsadie 1000000 Enadie Disadie 1500 Go To Interfece Lge Link State Routing Interface Status 1500 Link Up Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1500 Link Down Down 1 Use Go To Interface to enter the Interface in slot port format and click Go The entry corresponding to the specified interface is selected 2 Use Port to select the interface for which data is to be displayed or configured w Use Description to enter the description for the interface 4 Use IP Address Configuration Method to enter the method by which an IP address is configured on the interface There are three methods None Manual and DHCP By default the method is None Method None should be used to reset the DHCP method Note When the configuration method is changed from DHCP to None there will be a minor delay before the page refreshes Routing 204 M4100 M7100 Web Management User Guide 5 Use IP Address to enter the IP address for the interface 6 Use Subnet Mask to enter the subnet mask for the interface This is also referred to as the subnet network mask and defines the portion of the interface s IP address that is used to identify the attached network 7 Use Rout
214. dius Server Name Current Access Access Access Access Access Requests Retransmissions Accepts Rejects Challenges Secret Primary Message Secret Configured Server Authenticator Malformed Bad Pending Unknown Packets Access Timeouts Authenticators Requests Types Dropped Responses To configure a RADIUS server 1 To add a RADIUS server specify the settings the following list describes and click ADD Managing Device Security 248 M4100 M7100 Web Management User Guide e Inthe Radius Server IP Address field specify the IP address of the RADIUS server to add e In the Radius Server Name field specify the Name of the server being added e Use Port to specify the UDP port used by this server The valid range is 0 65535 e Secret Configured The Secret will only be applied if this option is yes If the option is no anything entered in the Secret field will have no affect and will not be retained e Use Secret to specify the shared secret for this server e Use Primary Server to set the selected server as a Primary or Secondary server e Use Message Authenticator to enable or disable the message authenticator attribute for the selected server 2 Click ADD to add a new server to the switch This button is only available to READWRITE users These changes will not be retained across a power cycle unless a save is performed 3 Click DELETE to remove the selected server from the configuration This butto
215. download from the TFTP server is on the server in the appropriate directory e The file is in the correct format e The switch has a path to the TFTP server Certificate Download Certificate Download File Type SSL Trusted Root Certificate PEM File v Transfer Mode TFTP v Server Address Type IPv4 iv Server Address 0 0 0 0 Remote File Path Remote File Name To configure the certificate download settings for HTTPS sessions 1 Use File Type to specify the type of file you want to transfer e SSL Trusted Root Certificate PEM File SSL Trusted Root Certificate File PEM Encoded e SSL Server Certificate PEM File SSL Server Certificate File PEM Encoded e SSL DH Weak Encryption Parameter PEM File SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded Managing Device Security 264 M4100 M7100 Web Management User Guide e SSL DH Strong Encryption Parameter PEM File SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded 2 Use Transfer Mode to specify the protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy 3 Use Server Address Type to specify either IPv4 IPv6 or DNS to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address or DNS hostname of the server in accordance with the format indicated by the Server Address Type The fact
216. e Dynamic ARP Inspection Configuration VLAN Configuration Dynamic Logging i K Invalid ARP ACL Name Sem Packets Fii Disable Enable Disable VLAN ID Select the DAI Capable VLANs for which information has to be displayed or configured Use Dynamic ARP Inspection to indicate whether the Dynamic ARP Inspection is enabled on this VLAN If this object is set to Enable Dynamic ARP Inspection is enabled If this object is set to Disable Dynamic ARP Inspection is disabled Use Logging Invalid Packets to indicate whether the Dynamic ARP Inspection logging is enabled on this VLAN If this object is set to Enable it will log the Invalid ARP Packets information If this object is set to Disable Dynamic ARP Inspection logging is disabled Use ARP ACL Name to specify a name for the ARP Access list A vlan can be configured to use this ARP ACL containing rules as the filter for ARP packet validation The name can contain up to lt 1 31 gt alphanumeric characters Use Static Flag to determine whether the ARP packet needs validation using the DHCP snooping database in case ARP ACL rules don t match If the flag is enabled then the ARP Packet will be validated by the ARP ACL Rules only If the flag is disabled then the ARP Packet needs further validation by using the DHCP Snooping entries The factory default is disable Managing Device Security 310 M4100 M7100 Web Management User Guide DAI Interface C
217. e So f o z Max Response Presens Interface Membership Teses Expiration Interval secs Time secs Oi E 0 1 Disable 260 10 0 Disable B o 2 Disable 260 10 o Disable O 0 3 Disable 260 10 0 Disable 0 4 Disable 260 10 fy Disable O o s Disable 260 10 0 Disable 0 6 Disable 260 10 fy Disable E 0 7 Disable 260 10 0 Disable o s Disable 260 10 fi Disable O 0 9 Disable 260 10 0 Disable LI 0 10 Disable 260 10 o Disable O of11 Disable 260 10 0 Disable O 0 12 Disable 260 10 0 Disable 1 LAGS All Go To Interface oO t 1 Interface Displays all physical VLAN and LAG interfaces Select the interface you want to configure 2 Use Admin Mode to select the interface mode for the selected interface for MLD Snooping for the switch The default is disable 3 Use Group Membership Interval secs to specify the amount of time you want the switch to wait for a report for a particular group on a particular interface before it deletes that interface from the group The valid range is from 2 to 3600 seconds The configured value must be greater than Max Response Time The default is 260 seconds 4 Use Max Response Time secs to specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default is 10 seconds The configu
218. e Timeout Timeout 0 1 Auto Disable 60 30 o o O o2 Auto Disable 60 30 o o E 0 3 Auto Disable 60 30 o o O o4 Auto Disable 60 30 o o 0 5 Auto Disable 60 30 o o 0 6 Auto Disable 60 30 o o 0 7 Auto Disable 60 30 o 30 o 30 30 o o o o o o o o o o j 0 8 Auto Disable 60 30 E 0 9 Auto Disable 60 30 0 10 Auto Disable 50 30 0 11 Auto Disable 60 30 O 0 12 Auto Disable 60 30 1 w 6 w 6 NY NN NNN z 8 a 7 8 To configure 802 1X settings for the port Managing Device Security 277 M4100 M7100 Web Management User Guide Select the check box next to the port to configure You can also select multiple check boxes to apply the same settings to the selected ports or select the check box in the heading row to apply the same settings to all ports For the selected port s specify the following settings Control Mode This selector lists the options for control mode The control mode is only set if the link status of the port is link up The options are e force unauthorized The authenticator port access entity PAE unconditionally sets the controlled port to unauthorized e force authorized The authenticator PAE unconditionally sets the controlled port to authorized e auto The authenticator PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server e mac based The authenticat
219. e connected to hosts that typically drop BPDUs If an operational edge port receives a BPDU it immediately loses its operational status In that case if BPDU filtering is enabled on this port then it drops the BPDUs received on this port Field Description Configuration digest key Identifier used to identify the configuration currently being used MST ID Table consisting of the MST instances including the CST and the corresponding VLAN IDs associated with each of them VID ID Table consisting of the VLAN IDs and the corresponding FID associated with each of them FID ID Table consisting of the FIDs and the corresponding VLAN IDs associated with each of them Configuring Switching Information 132 M4100 M7100 Web Management User Guide CST Configuration Use the Spanning Tree CST Configuration page to configure Common Spanning Tree CST and Internal Spanning Tree on the switch To display the Spanning Tree CST Configuration page click Switching gt STP gt Advanced gt CST Configuration CST Configuration CST Configuration Bridge Priority Bridge Max Age secs Bridge Hello Time secs Bridge Forward Delay secs Spanning Tree Maximum Hops Spanning Tree Tx Hold Count CST Status Bridge Identifier Time Since Topology Change Topology Change Count Topology Change Designated Root Root Path Cost Root Port Identifier Max Age secs Forward Delay secs Hold Time secs C
220. e within the range 0 65535 3 Use Port to specify the authentication port It should be within the range 0 65535 4 Use Key String to specify the authentication and encryption key for TACACS communications between the device and the TACACS server The valid range is 0 128 characters The key must match the key used on the TACACS server 5 Use Connection Timeout to specify the amount of time that passes before the connection between the device and the TACACS server time out The range is between 1 30 6 Click ADD to add a new server to the switch This button is only available to READWRITE users These changes will not be retained across a power cycle unless a save is performed 7 Click DELETE to delete the selected server from the configuration Managing Device Security 253 M4100 M7100 Web Management User Guide Authentication List Configuration The Authentication List link contains links to the following pages e Login Authentication List on page 254 e Enable Authentication List on page 255 e Dot1x Authentication List on page 256 e HTTP Authentication List on page 257 e HTTPS Authentication List on page 258 Login Authentication List You use this page to configure login lists A login list specifies the authentication method s you want to be used to validate switch or port access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList wh
221. e ACL 7 Click DELETE to remove the currently selected Rule from the ACL 8 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 9 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Basic The Basic link contains links to the following pages e MAC ACL on page 316 e MAC Rules on page 317 e MAC Binding Configuration on page 319 e MAC Binding Table on page 322 MAC ACL AMAC ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match Rules for the MAC ACL are specified created using the MAC ACL Rule Configuration page There are multiple steps involved in defining a MAC ACL and applying it to the switch 1 Use the MAC ACL page to create the ACL Name 2 Use the MAC Rules page to create rules for the ACL 3 Use the MAC Binding Configuration page to assign the ACL by its name to a port 4 Optionally use the MAC Binding Table page to view the configurations To display the MAC ACL page click Security gt ACL gt Basic gt MAC ACL Managing Device Security 316 M4100 M7100 Web Management User Guide MAC ACL MAC ACL Current Number of ACL o Maximum ACL 100 MAC ACL Table al Name Rules Direction CE The MAC
222. e Configuration screen select the check box next to interfaces g7 and g8 to attach the policy to these interfaces and then click APPLY See Service Interface Configuration on page 433 All UDP packet flows destined to the 192 12 2 0 network with an IP source address from the 192 12 1 0 network that have a Layer 4 Source port of 4567 and Destination port of 4568 from this switch on ports 7 and 8 are assigned to hardware queue 3 Configuration Examples 399 M4100 M7100 Web Management User Guide On this network traffic from streaming applications uses UDP port 4567 as the source and 4568 as the destination This real time traffic is time sensitive so it is assigned to a high priority hardware queue By default data traffic uses hardware queue 0 which is designated as a best effort queue Also the confirmed action on this flow is to send the packets with a committed rate of 1000000 Kbps and burst size of 128 KB Packets that violate the committed rate and burst size are dropped 802 1X Local Area Networks LANs are often deployed in environments that permit unauthorized devices to be physically attached to the LAN infrastructure or permit unauthorized users to attempt to access the LAN through equipment already attached In such environments it may be desirable to restrict access to the services offered by the LAN to those users and devices that are permitted to use those services Port based network access control makes use of th
223. e Snooping Querier parameters e VLAN ID Specifies the VLAN ID for which the IGMP Snooping Querier is to be enabled e Querier Election Participate Mode Enable or disable Querier Participate Mode e Disabled Upon seeing another querier of the same version in the VLAN the snooping querier moves to the non querier state e Enabled The snooping querier participates in querier election in which the least IP address operates as the querier in that VLAN The other querier moves to non querier state e Snooping Querier VLAN Address Specify the Snooping Querier IP Address to be used as the source address in periodic IGMP queries sent on the specified VLAN 2 Click APPLY to apply the new settings to the switch Configuration changes take effect immediately 3 To disable Snooping Querier on a VLAN select the VLAN ID and click DELETE 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click REFRESH to update the page with the latest information from the switch Configuring Switching Information 155 M4100 M7100 Web Management User Guide Field Description Operational State Displays the operational state of the IGMP Snooping Querier on a VLAN It can be in any of the following states Querier Snooping switch is the Querier in the VLAN The Snooping switch will send out periodic queries with a time interval equal to the config
224. e code image2 when you want to retrieve 3 Use USB File to give a name along with path for the file you want to upload You may enter up to 32 characters The factory default is blank 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Maintenance 370 M4100 M7100 Web Management User Guide Download File To Switch The switch supports system file downloads from a remote system to the switch by using either TFTP or HTTP The Download menu contains links to the following options e File Download on page 372 e HTTP File Download on page 373 e USB File Download on page 375 Maintenance 371 M4100 M7100 Web Management User Guide File Download To display the File Download page click Maintenance gt Download gt File Download File Download File Download File Type Archive Image Name imagel Transfer Mode TFTP Server Address Type IPv4 Server Address 0 0 0 0 Remote File Path Remote File Name 1 Use File Type to specify what type of file you want to transfer Archive Specify archive STK code when you want to upgrade the operational flash e Image Specify the code image1 you want to download e Image2 Specify the code image2 you want to download CLI Banner Specify CLI Banner when you want a banne
225. e count of GMRP PDUs transmitted from the GARP layer GMRP Failed Registrations The number of times attempted GMRP registrations could not be completed EAPOL Frames Received The number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted The number of EAPOL frames of any type that have been transmitted by this authenticator Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Monitoring the System 344 M4100 M7100 Web Management User Guide EAP Statistics Use the EAP Statistics page to display information about EAP packets received on a specific port To display the EAP Statistics page click Monitoring gt Ports gt EAP Statistics EAP Statistics EAP Statistics 1 All Go To Interface _ GO EAPOL Length Start Logoff Last Last Invalid g Response ID Response Request ID Request PAE Frames Frames Error Capabilities Received Tai Frames Frames Frame Frame Frames Ei Frames Frames Frames Frames Received Received Version Source Received ni veq Received Received Transmitted Transmitted iv 0 1 Authenticator 0 0 o o o 00 00 00 00 00 00 0 tt 0 o o o Oo o2 Authenticator 0 i 0 oO 0 00 00 00 00 00 00 0 o o oO 0 o 0 3 Authenticator 0 0 o o o 00 00 00 00 00 00 0 o o o oO o
226. e default value is networkList 2 Use Enable Authentication List to specify which authentication list you are using when going into the privileged EXEC mode The default value is enableNetList Inbound Telnet This page regulates new telnet sessions If Allow New Telnet Sessions is enabled new inbound telnet sessions can be established until there are no more sessions available If Allow New Telnet Sessions is disabled no new inbound telnet sessions are established An established session remains active until the session is ended or an abnormal network error ends the session 1 Use Allow New Telnet Sessions to specify whether the new Inbound Telnet session is Enabled or Disabled Default value is Enabled Managing Device Security 269 M4100 M7100 Web Management User Guide 2 Use Session Timeout to specify how many minutes of inactivity should occur on a telnet session before the session is logged off You may enter any number from 1 to 160 The factory default is 5 3 Use Maximum Number of Sessions to specify how many simultaneous telnet sessions will be allowed The maximum is 5 which is also the factory default 4 Current Number of Sessions Displays the number of current sessions Outbound Telnet This page regulates new outbound telnet connections If Allow New Telnet Sessions is enabled new outbound telnet sessions can be established until there are no more sessions available If Allow New Telnet Sessions is disabled
227. e from 0 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Metric Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Click REFRESH to refresh the web page to show the latest learned routes Routing 186 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages e Route Configuration on page 187 e Route Preferences on page 189 Route Configuration To display the Route Configuration page click Routing gt Routing Table gt Advanced gt Route Configuration Route Configuration Configure Routes Route Network Next Hop IP ii ee ee poc Learned Routes Next Network Rout Next H aaa Protocol ae DP Hop IP Preference Metric Address Type Interface Address Route Configuration 1 Use the Route Type field to specify default or static reject If creating a default route all that needs to be s
228. e namanang erea aien a a ARS OR RES AES Download File TO Swith s2 3 0 64 5 0444 40 44 6 95445146460 e495 08454 File Download rsdn ei gaai gias eiga aae slaved pon Bharata ud Qa anaes ATP File Download sac a 2450226 edb 4e 4 Qed tee gan e eou ee ee PINGIIPVG os ccumde eros ceaedaracsmathd se onedeoede tear tewasd Tra aceroute PVA sanari tan a desi neta dn aaa kka a Wala ales ora SERNA Traceroute IPVO sid dcannced 24 e a a RES AE S E Chapter 9 Help E 2442 48 dads E ae TE E E T Onine Melre orim ad kana cc edhe RARE ARGS REA eed Ra eae Appendix A Default Settings M4100 M7100 Web Management User Guide Appendix B Configuration Examples Virtual Local Area Networks VLANS 000 00 cee eee VLAN Example Configuration s a saaa aaae Access Control Lists ACLS 0 0 0 0 ce ee MAC ACL Example Configuration 000 c eee eee Standard IP ACL Example Configuration 000 Creating PONCleS cs i eatea dtd oo a ae oa iaintue hm a DiffServ Example Configuration 2 20000 ee ee eee BO ZI orror te C8 gin Dee a ah aH a ae aon end be eee 802 1X Example Configuration 0 0 6 ce eee eee eee MSPs cat eae ara aaa hig eck Me ie ed bh a AREA oa MSTP Example Configuration 24 05 lt 24402 040 4e0ee8200 a4 Appendix C Notification of Compliance Index Getting Started This chapter provides an overview of starting your NETGEAR ProSafe Managed Switches and accessin
229. e number of valid EAPOL frames of any type that have been received by this authenticator EAPOL Frames Transmitted This displays the number of EAPOL frames of any type that have been transmitted by this authenticator EAPOL Start Frames This displays the number of EAPOL start frames that have been received by Received this authenticator Monitoring the System 345 M4100 M7100 Web Management User Guide Field Description EAPOL Logoff Frames Received This displays the number of EAPOL logoff frames that have been received by this authenticator EAPOL Last Frame Version This displays the protocol version number carried in the most recently received EAPOL frame EAPOL Last Frame Source This displays the source MAC address carried in the most recently received EAPOL frame EAPOL Invalid Frames Transmitted This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized EAPOL Length Error Frames Received This displays the number of EAPOL frames that have been received by this authenticator in which the frame type is not recognized EAP Response ID Frames Received This displays the number of EAP response identity frames that have been received by this authenticator EAP Response Frames Received This displays the number of valid EAP response frames other than resp id frames that have been received
230. e of dotidStaticAddress Configuring Switching Information 174 M4100 M7100 Web Management User Guide Static MAC Address To display the Static MAC Address page click Switching gt Address Table gt Advanced gt Static MAC Address Static MAC Address Configuration Port List Interface oi m Static MAC Address Table m Static MAC Address VLAN ID Use Interface to select the physical interface LAGs for which you want to display data Use the Static MAC Address to input the MAC address to be deleted Select the VLAN ID associated with the MAC address Click ADD to add a new static MAC address to the switch Click DELETE to delete a existing static MAC address from the switch Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch DARYVNAa Configuring Switching Information 175 M4100 M7100 Web Management User Guide Ports The pages on the Ports tab allow you to view and monitor the physical port information for the ports available on the switch From the Ports link you can access the following pages Port Configuration on page 176 Port Description on page 178 Port Configuration Use the Port Configuration page to configure the physical interfaces on the switch To access the Port Configuration page click Switching gt Ports gt Port Configuration Port Configuration Port Configuration Ga 2 tacs Al GeoToPort
231. e of the switch 3 If you make changes to the page click APPLY to apply the changes to the system The following table describes the information displayed in the Status table on the DiffServ Configuration page Field Description Class table Displays the number of configured DiffServ classes out of the total allowed on the switch Class Rule table Displays the number of configured class rules out of the total allowed on the switch Policy table Displays the number of configured policies out of the total allowed on the switch Policy Instance table Displays the number of configured policy class instances out of the total allowed on the switch Policy Attributes table Displays the number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Service table Displays the number of configured services attached to the policies on specified interfaces out of the total allowed on the switch Class Configuration Use the Class Configuration page to add a new DiffServ class name or to rename or delete an existing class The page also allows you to define the criteria to associate with a DiffServ class As packets are received these DiffServ classes are used to prioritize packets You can have multiple match criteria in a class The logic is a Boolean logical and for this criteria After creating a Class click the class link to the Class page T
232. e out If multiple RADIUS servers are configured the max retransmit value on each will be exhausted before the next server is attempted A retransmit will not occur until the configured time out value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of retransmit times time out for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a response 2 In the Timeout Duration field specify the time out value in seconds for request retransmissions The valid range is 1 30 The default value is 5 Consideration to maximum delay time should be given when configuring RADIUS max retransmit and RADIUS time out If multiple RADIUS servers are configured the max retransmit value on each will be exhausted before the next server is attempted A Managing Device Security 247 M4100 M7100 Web Management User Guide retransmit will not occur until the configured time out value on that server has passed without a response from the RADIUS server Therefore the maximum delay in receiving a response from the RADIUS application equals the sum of retransmit times time out for all configured servers If the RADIUS request was generated by a user login attempt all user interfaces will be blocked until the RADIUS application returns a resp
233. e physical characteristics of LAN infrastructures in order to provide a means of authenticating and authorizing devices attached to a LAN port that has point to point connection characteristics and of preventing access to that port in cases in which the authentication and authorization process fails In this context a port is a single point of attachment to the LAN such as ports of MAC bridges and associations between stations or access points in IEEE 802 11 Wireless LANs The IEEE 802 11 standard describes an architectural framework within which authentication and consequent actions take place It also establishes the requirements for a protocol between the authenticator the system that passes an authentication request to the authentication server and the supplicant the system that requests authentication as well as between the authenticator and the authentication server The NETGEAR switches support a guest VLAN which allows unauthenticated users to have limited access to the network resources Note You can use QoS features to provide rate limiting on the guest VLAN to limit the network resources the guest VLAN provides Another 802 1X feature is the ability to configure a port to Enable Disable EAPoL packet forwarding support You can disable or enable the forwarding of EAPoL when 802 1X is disabled on the device The ports of an 802 1X authenticator switch provide the means in which it can offer services to other systems reachable v
234. e previous save or system reboot will be retained by the switch Auto Install Configuration To access the Auto Install Configuration page click Maintenance gt Save Config gt Auto Install Configuration Auto Install Configuration Auto Install Configuration AutoInstall Mode Stop AutoInstall Persistent Mode Enabled AutoSave Mode Disabled AutoInstall Retry Count 3 AutoInstall State Waiting for restart timeout 1 Use Auto Install to select the start stop auto install mode on the switch 2 Use Autolnstall Persistent Mode to enable disable Autolnstall persistent mode 3 Use AutoSave Mode to select Enabled Disabled and click the APPLY button to have configuration changes you have made saved across a system reboot All changes submitted since the previous save or system reboot will be retained by the switch 4 Use Autolnstall Retry Count to specify the number of times the unicast TFTP tries should be made for the DHCP specified file before falling back for broadcast TFTP tries Field Description Autolnstall State Displays the current status of the Autolnstall process Reset The Reset menu contains links to the following options e Device Reboot on page 366 e Factory Default on page 366 e Password Reset on page 367 Maintenance 365 M4100 M7100 Web Management User Guide Device Reboot Use the Device Reboot page to reboot ProSafe Managed Switches To access the Device Reboot page click
235. e selected IP ACL and Rule and will be either permitted or denied In this case since all packets match the rule the option of configuring other match criteria will not be offered To configure specific match criteria for the rule remove the rule and re create it or re configure Match Every to False for the other match criteria to be visible e Redirect Interface Specifies the specific egress interface where the matching traffic stream is forced bypassing any forwarding decision normally performed by the device This field cannot be set if a Mirror Interface is already configured for the ACL rule This field is enabled for a Permit Action e Source IP Address Enter an IP address using dotted decimal notation to be compared to a packet s source IP Address as a match criteria for the selected IP ACL rule e Source IP Mask Specify the IP Mask in dotted decimal notation to be used with the Source IP Address value e Rate Limit Conform Data Rate Value of Rate Limit Conform Data Rate specifies the conforming data rate of IP ACL Rule Valid values are 1 to 4294967295 in Kbps e Rate Limit Burst Size Value of Rate Limit Burst Size specifies burst size of IP ACL Rule Valid values are 1 to 128 in Kbytes e Time Range Name of time range associated with the IP ACL Rule e Rule Status Displays if the ACL rule is active or inactive Blank means that no timer schedules are assigned to the rule To delete an IP ACL rule sele
236. e selection to enable or disable this option on the port With EEE mode enabled Port transitions to Low power Mode during Link Idle condition The Default value is Disabled The following table describes the Port Green Mode Statistics non configurable fields Table 4 Field Description Cumulative Energy Saved on this port due to Green Mode s Watts Hours Cumulative Energy saved due to all Green Modes enabled on this port in Watts Hours Operational Status Indicates whether Energy Detect Admin Mode is currently Operational Enabled Reason Reason for the current operational status of Energy Detect Admin Mode Configuring System Information 48 M4100 M7100 Web Management User Guide Table 4 Field Description Operational Status Indicates whether Short Reach Admin Mode is currently Operational Enabled Reason Reason for the current operational status of Short Reach Admin Mode Rx Low Power Idle Event Count This field is incremented each time MAC RX enters LP IDLE state Shows the total number of Rx LPI Events since EEE counters are last cleared Rx Low Power Idle Duration uSec This field indicates duration of Rx LPI state in 10us increments Shows the total duration of Rx LPI since the EEE counters are last cleared Tx Low Power Idle Event Count This field is incremented each time MAC TX enters LP IDLE state Shows the total number o
237. e switch After creating a Class click the class link to the Class page To configure the class match criteria 1 Click the class name for an existing class IPv6 Class Name IPv6 Class Name Class Name Class Type O Class2 Configuring Quality of Service 233 M4100 M7100 Web Management User Guide The class name is a hyperlink The following figure shows the configuration fields for the class IPv6 Class Configuration IPv6 Class Information Class Name Class2 Class Type All IPv6 DiffServ Class Configuration Match Every Any Reference Class Classi Protocol Type ICMP 0 to 255 O Source Prefix Length O Source L4 Port domain 0 to 65525 Destination Prefix Length O Destination L4 Port domain 0 to 65535 Flow Label 0 to 1048575 1 pscp afar v 0 to 63 Class Summary Match Criteria Values Class Name Displays the name for the configured DiffServ class Class Type Displays the DiffServ class type Options e All Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type Define the criteria to associate with a DiffServ class e Match Every This adds to the specified class definition a match condition whereby all packets are considered to belong to the class e Reference Class This lists the class es that can be assigned as reference class es to the current
238. ect one of the options for the EAPOL Flood Mode enable or disable The default value is disable 4 Use Monitor Mode to select one of the options for Monitor mode enable or disable The default value is Disable The feature monitors the dot1x authentication process and helps in diagnosis of the authentication failure cases 5 Use Users to select the user name that will use the selected login list for 802 1x port security 6 Use Login to select the login list to apply to the specified user All configured login lists are displayed Field Description Authentication List Displays the authentication list which is used by 802 1X Advanced From the Advanced link you can access the following pages 802 1X Configuration on page 276 Port Authentication on page 277 Port Summary on page 280 Client Summary on page 283 802 1X Configuration Use the 802 1X Configuration page to enable or disable port access control on the system To display the 802 1X Configuration page click Security gt Port Authentication gt Advanced gt 802 1X Configuration 802 1X Configuration 802 1X Configuration Administrative Mode Disable Enable VLAN Assignment Mode Disable Enable EAPOL Flood Mode Disable Enable Dynamic VLAN Creation Mode Disable Monitor Mode Disable Users admin Login defaultList Authentication List dotixList Managing Device Security 276 M4100 M7100 Web Management User Guide
239. ecurrence e Daily The timer schedule works with daily recurrence e Daily Mode Every WeekDay selection means that the schedule will be triggered every day from Monday to Friday Every Day s selection means that the schedule will be triggered every defined number of days If number of days is not specified then the schedule will be triggered every day e Weekly The timer schedule works with weekly recurrence e Every Week s Define the number of weeks when the schedule will be triggered If number of weeks is not specified then the schedule will be triggered every week e WeekDay Specify the days of week when the schedule should operates e Monthly The timer schedule works with monthly recurrence e Monthly Mode Show the day of the month when the schedule will be triggered Field Every Month s means that the schedule will be triggered every defined number of months 9 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest values 10 Click APPLY to send the updated configuration to the switch The configuration changes take effect immediately Configuring System Information 107 Contiguring Switching Information Use the features in the Switching tab to define Layer 2 features The Switching tab contains links to the following features e VLANs on page 108 e Auto VoIP on page 124 e Spanning Tree Protocol on page 128 e Multicast on page 144 e MVR Configuration
240. ed Use Force Protocol Version to specify the Force Protocol Version parameter for the switch The options are IEEE 802 1d IEEE 802 1w and IEEE 802 1s Use Configuration Name to specify the identifier used to identify the configuration currently being used It may be up to 32 alphanumeric characters Configuring Switching Information 131 M4100 M7100 Web Management User Guide Use Configuration Revision Level to specify the identifier used to identify the configuration currently being used The values allowed are between 0 and 65535 The default value is 0 Use Forward BPDU while STP Disabled to specify whether spanning tree BPDUs should be forwarded while spanning tree is disabled on the switch Value is enabled or disabled Use BPDU Guard to specify whether the BPDU guard feature is enabled The STP BPDU guard allows a network administrator to enforce the STP domain borders and keep the active topology be consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to an administrative disable of the port Use BPDU Filter to specify whether the BPDU Filter feature is enabled STP BPDU filtering applies to all operational edge ports Edge Port in an operational state is supposed to b
241. ed The list includes other as an option for the unnamed ports e Destination IP Address This is a valid destination IP address in the dotted decimal format e DestinationMask This is a bit mask in IP dotted decimal format indicating which part s of the destination IP Address to use for matching against packet content e Destination L4 Port This lists the keywords for the known destination layer 4 ports from which one can be selected The list includes other as an option for the unnamed ports e IP DSCP This lists the keywords for the known DSCP values from which one can be selected The list includes other as an option for the remaining values e Precedence Value This lists the keywords for the IP Precedence value in the range 0 to 7 e IP ToS Configure the IP ToS field e ToS Bits This is the Type of Service octet value in the range 00 to ff to compare against e ToS Mask This indicates which ToS bits are subject to comparison against the Service Type value Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Configuring Quality of Service 232 M4100 M7100 Web Management User Guide IPv6 Class Configuration Use the IPv6 Class Configuration page to add a new IPv6 DiffServ class name or to rename or delete an existing class
242. ed on Destination IPv6 To create an ACL based on the destination IPv6 prefix and IPv6 prefix length e ACL Based on Source IPv6 To create an ACL based on the source IPv6 prefix and IPv6 prefix length e ACL Based on Destination IPv4 L4 Port To create an ACL based on the destination IPv4 layer4 port number e ACL Based on Source IPv4 L4 Port To create an ACL based on the source IPv4 layer4 port number e ACL Based on Destination IPv6 L4 Port To create an ACL based on the destination IPv6 layer4 port number e ACL Based on Source IPv6 L4 Port To create an ACL based on the source IPv6 layer4 port number Use Rule ID to enter a whole number in the range of 1 to 511 that will be used to identify the rule Managing Device Security 315 M4100 M7100 Web Management User Guide 3 Use Action to specify what action should be taken if a packet matches the rule s criteria The choices are permit or deny 4 Use Destination MAC to specify the destination MAC address to compare against an Ethernet frame Valid format is xx xx xx xx xx xx The BPDU keyword may be specified using a Destination MAC address of 01 80 C2 xx xx xx 5 Use Destination MAC Mask to specify the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame Valid format is XX XX XX XX XX XX The BPDU keyword may be specified using a Destination MAC mask of 00 00 00 ff fff 6 Click ADD to add a new rule to th
243. eed and duplex mode If you select auto the duplex mode and speed will be set by the auto negotiation process Note that the port s maximum capability full duplex and speed will be advertised Otherwise your Configuring Switching Information 176 Field Description M4100 M7100 Web Management User Guide selection will determine the port s duplex mode and transmission rate The factory default is auto Use the Link Trap object to determine whether to send a trap when link status changes The factory default is enabled Use Maximum Frame Size to specify the maximum Ethernet frame size the interface supports or is configured including ethernet header CRC and payload 1518 to 9216 The default maximum frame size is 1518 Click CANCEL to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Click APPLY to update the switch with the values you entered If you want the switch to retain the new values across a power cycle you must perform a save Port Type For normal ports this field will be normal Otherwise the possible values are e Mirrored The port is a mirrored port on which all the traffic will be copied to the probe port e Probe Use this port to monitor mirrored port Trunk Number The port is a member of a Link Aggregation trunk Look at the LAG screens for more information Physical Status Indicates the p
244. efault IP address Subnet mask Default gateway Protocol Management VLAN ID Minimum password length IPv6 management mode SNTP client SNTP server Global logging CLI command logging Console logging RAM logging Persistent FLASH logging DNS SNMP SNMP Traps Auto Install Auto Save sFlow 169 254 100 100 255 255 0 0 0 0 0 0 DHCP 1 Eight characters Enabled Enabled Not configured Enabled Disabled Enabled Severity level debug and above Enabled Severity level debug and above Disabled Enabled No servers configured Enabled SNMPv1 SNMPv2 SNMPv3 Enabled Enabled Disabled Enabled 387 Table 11 Default Settings continued M4100 M7100 Web Management User Guide Feature Default ISDP Enabled Versions 1 and 2 RMON Enabled TACACS Not configured RADIUS Not configured SSH SSL Disabled Telnet Enabled Denial of Service Protection Disabled Dot1x Authentication Disabled IEEE 802 1X MAC Based Port Security Access Control Lists ACL IP Source Guard IPSG DHCP Snooping Dynamic ARP Inspection Protected Ports Private Groups Flow Control Support IEEE 802 3x Head of Line Blocking Prevention Maximum Frame Size Auto MDI MDIX Support Auto Negotiation Advertised Port Speed Broadcast Storm Control Port Mirroring LLDP LLDP MED MAC Table Address Aging DHCP Layer 2 Relay Default VLAN ID All ports are unlocked None configured Disabled Disabled Di
245. elect the load balancing mode used on a port channel LAG Traffic is balanced on a port channel LAG by selecting one of the links in the channel over which to transmit specific packets The link is selected by creating a binary pattern from selected fields in a packet and associating that pattern with a particular link e Src MAC VLAN EType incoming port Source MAC VLAN EtherType and incoming port associated with the packet e Dest MAC VLAN EType incoming port Destination MAC VLAN EtherType and incoming port associated with the packet e Src Dest MAC VLAN EType incoming port Source Destination MAC VLAN EtherType and incoming port associated with the packet e Src IP and Src TCP UDP Port fields Source IP and Source TCP UDP fields of the packet e Dest IP and Dest TCP UDP Port fields Destination IP and Destination TCP UDP Port fields of the packet e Src Dest IP and TCP UDP Port Fields Source Destination IP and source destination TCP UDP Port fields of the packet e Enhanced hashing mode Features MODULO N operation based on the number of ports in the LAG non Unicast traffic and unicast traffic hashing using a common hash algorithm excellent load balancing performance and packet attributes selection based on the packet type Configuring Switching Information 180 M4100 M7100 Web Management User Guide e For L2 packets source and destination MAC address are used for hash computation e For L3 packets source
246. em name of the local system System Description Specifies the description of the selected port associated with the local system Port Description Specifies the description of the selected port associated with the local system System Capabilities Supported Specifies the system capabilities of the local system Configuring System Information 88 M4100 M7100 Web Management User Guide Field Description System Capabilities Enabled Specifies the system capabilities of the local system which are supported and enabled Management Address Type Specifies the type of the management address Management Address Specifies the advertised management address of the local system LLDP Remote Device Information This page displays information on remote devices connected to the port To display this page click System gt LLDP gt Remote Device Information A screen similar to the following is displayed LLDP Remote Device Information LLDP Interface Selection Interface 0 1 e Remote Device Information Remote ID 1 Chassis ID 00 1E C9 AA AA E2 Chassis ID Subtype MAC Address Port ID Gi1 0 14 Port ID Subtype Interface Name System Name System Description Port Description System Capabilities Supported System Capabilities Enabled Time To Live 118 Management Address Type Management Address 1 Use Interface to select the local ports which can receive LLDP frames The f
247. en in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is community mode that each member port can forward traffic to other members in the same group but not to members in other groups 4 Click ADD to create a new private group in the switch 5 Click DELETE to delete a selected private group from the switch Managing Device Security 291 M4100 M7100 Web Management User Guide Private Group Membership To display the Private Group Membership page click Security gt Traffic Control gt Private Group gt Private Group Membership Private Group Membership Private Group Membership Group ID Imn Group Name Group Mode a 1 Use Group ID to select the Group ID for which you want to display or configure data 2 Use Port List to add the ports you selected to this private group The port list shows up when at least one group is configured Field Description Group Name This field identifies the name for the Private Group you selected It can be up to 24 non blank characters long Group Mode This field identifies the mode of the Private Group you selected The modes are community e isolated The group mode can be either isolated or community When in isolated mode the member port in the group cannot forward its egress traffic to any other members in the same group By default the mode is
248. ence received including interference that may cause undesired operation FCC Radio Frequency Interference Warnings amp Instructions This equipment has been tested and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio communications However there is no guarantee that interference will not occur in a particular installation If this equipment does cause harmful interference to radio or television reception which can be determined by turning the equipment off and on the user is encouraged to try to correct the interference by one or more of the following methods e Reorient or relocate the receiving antenna e Increase the separation between the equipment and the receiver e Connect the equipment into an electrical outlet on a circuit different from that which the radio receiver is connected e Consult the dealer or an experienced radio TV technician for help Notification of Compliance 409 M4100 M7100 Web Management User Guide FCC Caution e Any changes or modifications not expressly approved by the party responsible for compliance could void the user s authority to operate this equipment e This devi
249. eneral e General Sets port in General Mode e Host Sets port in Host Mode Used for Private VLAN configuration e Promiscuous Sets port in Promiscuous Mode Used for Private VLAN configuration 2 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3 If you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Field Description Interface Select the physical or LAG interface for which you want to display or configure data Private VLAN Host Interface Configuration To display the VLAN Host Interface Configuration page click Security gt Traffic Control gt Private VLAN gt Private VLAN Host Interface Configuration Managing Device Security 296 M4100 M7100 Web Management User Guide Private VLAN Host Interface Configuration Private VLAN Host Interface Configuration 1 LAGS All Go To Interface Lf eso we a CE O E 0 1 0 I E 0 2 fs 0 E 0 3 0 o 0 4 0 0 E o s 0 0 o 6 0 0 E 0 7 0 0 C 0 8 0 0 E 0 9 0 o 0 10 0 0 E 0 11 0 0 0 12 0 o i LAGS All o o M ee 1 Use Host Primary VLAN to set the Primary VLAN ID for Host Association Mode The range of the VLAN ID is 2 4093 2 Use Host Secondary VLAN to set the Secondary VLAN ID for Host Association Mode The range of the VLAN ID is 2 4093 3 Cl
250. ent The Monitoring gt Logs tab contains links to the following pages e Buffered Logs on page 349 e Command Log Configuration on page 351 e Console Log Configuration on page 351 e SysLog Configuration on page 352 e Trap Logs on page 353 e Event Logs on page 356 e Persistent Logs on page 357 Monitoring the System 348 M4100 M7100 Web Management User Guide Buffered Logs To access the Buffered Logs page click Monitoring gt Logs gt Buffered Logs Buffered Logs Buffered Logs Admin States Osable Enable Reaver Wrap Message Log Total number of Messages 1292 lt 14 gt JAN O3 23 40 43 10 27 34 52 3 AUTO_INST 427012512 auto_install_control c 2026 1882 54 Autolnatall Waring for retry teens lt 14 gt JAN 03 23 40 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_control c 3523 1881 OHOP option resolved TFTP IP address 10 9 11 20 lt 24 gt JAN 03 23 30 43 10 27 34 52 2 AUTO_INST 427012512 auto_install_contrel c 2026 1752 Autolnatall Waiting for retry tment lt 14 gt JAN 03 23 30 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_contrel c 3523 1751 DHCP option resolved TFTP IP address 10 9 11 20 lt 14 gt JAN 03 23 20 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_control c 2026 1750 s Autolnatall Waiting for retry teneout lt 14 gt JAN 03 23 20 43 10 27 34 52 1 AUTO_INST 427012512 auto_install_contrel c 3523 1749 DHCP option resolved TFTP IP address 10
251. ent User Guide 7 Use Global Default Gateway to set the global default gateway to the manually configured value A default gateway configured with this command is more preferred than a default gateway learned from a DHCP server Only one default gateway can be configured If you invoke this command multiple times each command replaces the previous value Field Description Default Time to Live The default value inserted into the Time To Live field of the IP header of datagrams originated by the switch ifa TTL value is not supplied by the transport layer protocol Maximum Next Hops The maximum number of hops supported by the switch This is a compile time constant Maximum Routes The maximum number of routes routing table size supported by the switch This is a compile time constant IP Statistics The statistics reported on this screen are as specified in RFC 1213 To display the IP Statistics page click Routing gt IP gt Advanced gt IP Statistics Routing 198 IP Statistics IP Statistics IpInReceives IpInHdrErrors IpInAddrErrors IpForwDatagrams IpInUnknownProtos IpInDiscards IpInDelivers IpOutRequests IpOutDiscards IpOutNoRoutes IpReasmTimeout IpReasmReqds IpReasmOKs IpReasmFails IpFragOKs IpFragFails IpFragCreates IpRoutingDiscards IcmpInMsgs IcmpInErrors IcmpInDestUnreachs IcmpInTimeExcds IcmpInParmProbs IempInSrcQuenchs IcmpInRedirects M4100 M7100 Web Management User
252. ent and Electronic Office Machines aimed at preventing radio interference in such residential areas When used near a radio or TV receiver it may become the cause of radio interference Read instructions for correct handling GPL License Agreement GPL may be included in this product to view the GPL license agreement go to ftp downloads netgear com files GPLnotice pdf Notification of Compliance 410 M4100 M7100 Web Management User Guide For GNU General Public License GPL related information please visit http support netgear com app answers detail a_id 2649 Interference Reduction Table The table below shows the Recommended Minimum Distance between NETGEAR equipment and household appliances to reduce interference in feet and meters Table 12 Household Appliance Recommended Minimum Distance in feet and meters Microwave ovens 30 feet 9 meters Baby Monitor Analog 20 feet 6 meters Baby Monitor Digital 40 feet 12 meters Cordless phone Analog 20 feet 6 meters Cordless phone Digital 30 feet 9 meters Bluetooth devices 20 feet 6 meters ZigBee 20 feet 6 meters Notification of Compliance 411 Index Numerics 802 1X 246 275 276 example configuration 402 A access control ACL example configuration 395 ACLs 314 authentication 802 1X 273 402 enable 14 port based 273 RADIUS 246 SNMP 14 TACACS 252 C certificate 264 compliance 41
253. ependently of any per queue maximum bandwidth configuration It is effectively a second level shaping mechanism Default value is 0 Valid Range is 0 to 100 in increments of 1 The value 0 means maximum is unlimited 4 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Configuring Quality of Service 222 M4100 M7100 Web Management User Guide Interface Queue Configuration Use the Interface Queue Configuration page to define what a particular queue does by configuring switch egress queues User configurable parameters control the amount of bandwidth used by the queue the queue depth during times of congestion and the scheduling of packet transmission from the set of all queues on a port Each port has its own CoS queue related configuration The configuration process is simplified by allowing each CoS queue parameter to be configured globally or per port A global configuration change is automatically applied to all ports in the system To display the Interface Queue Configuration page click the QoS gt CoS gt Advanced gt Interface Queue Configuration Interface Queue Configuration Interface Queue Configuration 1 LAGS All Go To Interface sO a Minimum les T g Interface Bandwidth Scheduler Type Queue Management Type A N E Weighted Tail
254. equests are sent from the client nor are any received SNTP messages processed e Unicast SNTP operates in a point to point fashion A unicast client sends a request to a designated server at its unicast address and expects a reply from which it can determine the time and optionally the round trip delay and local clock offset relative to the server e Broadcast SNTP operates in the same manner as multicast mode but uses a local broadcast address instead of a multicast address The broadcast address has a single subnet scope while a multicast address has Internet wide scope Default value is Disable 2 Use Port to specify the local UDP port to listen for responses broadcasts Allowed range is 1 to 65535 Default value is 123 3 Use Unicast Poll Interval to specify the number of seconds between unicast poll requests expressed as a power of two when configured in unicast mode Allowed range is 6 to 10 Default value is 6 4 Use Broadcast Poll Interval to specify the number of seconds between broadcast poll requests expressed as a power of two when configured in broadcast mode Broadcasts received prior to the expiry of this interval are discarded Allowed range is 6 to 10 Default value is 6 5 Use Unicast Poll Timeout to specify the number of seconds to wait for an SNTP response when configured in unicast mode Allowed range is 1 to 30 Default value is 5 6 Use Unicast Poll Retry to specify the number of times to retry a requ
255. er Management Mode Dynamic Traps Enable Disable 1 The Unit Selection field displays the current PoE unit To change the PoE unit select another unit from the drop down box The following table describes the PoE Configuration non configurable fields Table 7 Field Description Units Displays the Current PoE Unit You can change the PoE Unit by selecting another unit ID listed here Firmware Version Version of the PoE controller s FW image Power Status Indicates the power status Total Power Main AC Displays the total power provided by the MAIN AC power source Total Power RPS Displays the total power provided by the redundant power source Power Source Current source of system power Main AC or RPS Configuring System Information 71 M4100 M7100 Web Management User Guide Table 7 Field Description Threshold Power System can power up one port if consumed power is less than this power i e Consumed power can be between Nominal amp Threshold Power values The threshold power value is effected by changing System Usage Threshold Consumed Power Total amount of a power which is currently being delivered to all ports 2 To set the System Usage Threshold enter a number from 1 to 99 This sets the threshold level at which a trap is sent if consumed power is greater than the threshold power 3 The Power Management Mode describes or controls the power m
256. er of ICMP Destination Unreachable messages received IcmpInTimeExcds IcmpInParmProbs The number of ICMP Time Exceeded messages received The number of ICMP Parameter Problem messages received IcmpInSrcQuenchs The number of ICMP Source Quench messages received IcmpInRedirects The number of ICMP Redirect messages received IcmpInEchos The number of ICMP Echo request messages received IcmpInEchoReps IcmpInTimestamps The number of ICMP Echo Reply messages received The number of ICMP Timestamp request messages received IcmpInTimestampReps The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the inability of IP to route the resultant datagram In some implementations there may be no types of error which contribute to this counter s value IcmpOutDestUnreachs IcmpOutTimeExcds The number of ICMP Destination Unreachable messages sen
257. er space Note that this counter does not include any datagrams discarded while awaiting re assembly IpInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP IpOutRequests The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams Routing 193 M4100 M7100 Web Management User Guide Field Description IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discretionary discard criterion IpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination Note that this counter includes any packets counted in ipForwDatagrams which meet this no route criterion Note that this includes any datagrams which a host cannot route because all of its default gateways are down IpReasmTimeout The maximum number of seconds which received fragments are held while they are awaiting reassembly at this entity IpReasmReqds The number of IP fragments received which needed to be reassembled at thi
258. erver 1 Enter the appropriate SNTP server information in the available fields e Server Type Specifies whether the address for the SNTP server is an IP address IPv4 or hostname DNS Default value is IPv4 e Address Specify the address of the SNTP server This is a text string of up to 64 characters containing the encoded unicast IP address or hostname of a SNTP server Unicast SNTP requests will be sent to this address If this address is a DNS hostname then that hostname should be resolved into an IP address each time a SNTP request is sent to it e Port Enter a port number on the SNTP server to which SNTP requests are sent The valid range is 1 65535 The default is 123 Configuring System Information 38 7 M4100 M7100 Web Management User Guide e Priority Specify the priority of this server entry in determining the sequence of servers to which SNTP requests will be sent The client continues sending requests to different servers until a successful response is received or all servers are exhausted This object indicates the order in which to query the servers A server entry with a precedence of 1 will be queried before a server with a priority of 2 and so forth If more than one server has the same priority then the requesting order will follow the lexicographical ordering of the entries in this table Allowed range is 1 to 3 Default value is 1 e Version Enter the NTP version running on the server The range i
259. es To display the Certificate Management page click Security gt Access gt HTTPS gt Certificate Management Certificate Management Certificate Management Certificate Present None Generate Certificates Delete Certificates Certificate Generation Status Certificate Generation Status No certificate generation in progress 1 Use None when there is nothing to be done with respect to certificate management This is the default selection 2 Use Generate Certificates to begin generating the Certificate files 3 Use Delete Certificates to delete the corresponding Certificate files if present Managing Device Security 263 M4100 M7100 Web Management User Guide Field Description Certificate Present Displays whether there is a certificate present on the device Certificate Generation Status Displays the SSL certificate generation status Certificate Download Use this page to transfer a certificate file to the switch For the Web server on the switch to accept HTTPS connections from a management station the Web server needs a public key certificate You can generate a certificate externally for example off line and download it to the switch To display the Certificate Download page click Security gt Access gt HTTPS gt Certificate Download Downloading SSL Certificates Before you download a file to the switch the following conditions must be true e The file to
260. es the ports that are actively participating in the port channel LAG Membership Use the LAG Membership page to select two or more full duplex Ethernet links to be aggregated together to form a link aggregation group LAG which is also known as a port channel The switch can treat the port channel as if it were a single link To access the LAG Membership page click Switching gt LAG gt LAG Membership Configuring Switching Information 181 M4100 M7100 Web Management User Guide LAG Membership LAG Membership LAG ID chi LAG Description Admin Mode Enable x Link Trap STP Mode Static Mode Hash Mode Src Dest MAC VLAN EType incoming port v Port Selection Table Use LAG ID to select the identification of the LAG Use LAG Name to enter the name you want assigned to the LAG You may enter any string of up to 15 alphanumeric characters A valid name has to be specified in order to create the LAG Use LAG Description to enter the Description string to be attached to a LAG It can be up to 64 characters in length Use Admin Mode to select enable or disable from the drop down menu When the LAG is disabled no traffic will flow and LACPDUs will be dropped but the links that form the LAG will not be released The factory default is enable Use Link Trap to specify whether you want to have a trap sent when link status changes The factory default is enable which will cause the trap to be sent Use
261. es various statuses Switch Status To define system information 1 Open the System Information page 2 Define the following fields a System Name Enter the name you want to use to identify this switch You may use up to 255 alphanumeric characters The factory default is blank b System Location Enter the location of this switch You may use up to 255 alphanumeric characters The factory default is blank c System Contact Enter the contact person for this switch You may use up to 25 alphanumeric characters The factory default is blank d Login Timeout Specify how many minutes of inactivity should occur on a serial port connection before the switch closes the connection Enter a number between 0 and 160 the factory default is 5 Entering 0 disables the timeout 3 Click APPLY to send the updated screen to the switch and cause the changes to take effect on the switch These changes will not be retained across a power cycle unless a save is performed The following table describes the status information the System Page displays Field Description Product Name The product name of this switch IPv4 Network Interface The IPv4 address and mask assigned to the network interface IPv6 Network Interface The IPv6 prefix and prefix length assigned to the network interface IPv4 Loopback Interface The IPv4 address and mask assigned to the loopback interface IPv6 Loopback Interface T
262. est to an SNTP server after the first time out before attempting to use the next configured server when configured in unicast mode Allowed range is 0 to 10 Default value is 1 7 When using SNTP NTP time servers to update the switch s clock the time data received from the server is based on Coordinated Universal Time UTC which is the same as Greenwich Mean Time GMT This cannot be the time zone in which the switch is located Use Time Zone Name to configure a timezone specifying the number of hours and optionally the number of minutes difference from UTC with Offset Hours and Offset Minutes The time zone can affect the display of the current system time The default value is UTC 8 Use Offset Hours to specify the number of hours difference from UTC See Time Zone Name step 7 previous for more information Allowed range is 24 to 24 The default value is 0 9 Use Offset Minutes to specify the number of Minutes difference from UTC See Time Zone Name step 7 previous for more information Allowed range is 0 to 59 The default value is 0 Configuring System Information 36 SNTP Global Status M4100 M7100 Web Management User Guide The following table displays SNTP Global Status information Field Description Version Specifies the SNTP Version the client supports Supported Mode Specifies the SNTP modes the client supports Multiple modes may be supported by a client Last Update Time Specifies
263. estination port on the system It acts as a probe port and will receive all the traffic from configured mirrored port s Default value is blank From the Session Mode menu select the mode for port mirroring on the selected port e Enable Multiple Port Mirroring is active on the selected port e Disable Port mirroring is not active on the selected port but the mirroring information is retained Select the check box next to a port to configure it as a source port Use Source Port to specify the configured port s as mirrored port s Traffic of the configured port s is sent to the probe port Direction Specifies the direction of the Traffic to be mirrored from the configured mirrored port s Default value is Tx and Rx Monitoring the System 359 M4100 M7100 Web Management User Guide 6 Click APPLY to apply the settings to the system If the port is configured as a source port the Mirroring Port field value is Mirrored 7 To delete a mirrored port select the check box next to the mirrored port and then click DELETE 8 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Field Description Status Indicates the port to be in a mirrored state sFlow From the sFlow link under the Monitoring tab you can access the following pages e Basic on page 360 e Advanced on page 361 Basic From the Basic link you can access the followi
264. ext to the VLAN ID and click DELETE To modify IGMP snooping settings for a VLAN select the check box next to the VLAN ID update the desired values and click APPLY Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Configuring Switching Information 151 M4100 M7100 Web Management User Guide Multicast Router Configuration This page configures the interface as the one the multicast router is attached to All IGMP packets snooped by the switch will be forwarded to the multicast router reachable from this interface The configuration is not needed most of the time since the switch will automatically detect the presence of multicast router and forward IGMP packet accordingly It is only needed when you want to make sure the multicast router always receives IGMP packets from the switch in a complex network To access the Multicast Router Configuration page click Switching gt Multicast gt IGMP Snooping gt Multicast Router Configuration Multicast Router Configuration Multicast Router Configuration 1 LAGS All Go To Interface So _ interface CI ee O of1 Disable O 0 2 Disable O o3 Disable J 0 4 Disable Fi 0 5 Disable L ofe Disable O o 7 Disable O o s Disable O o s Disable C o 10 Disable O o1 Disable m Disable i LAGS All Go To Interface GO 1 Use Interface to select the physical interface for which you want Multicast Router to be
265. eys Management None Generate RSA Keys Delete RSA Keys DSA Keys Management None Generate DSA Keys Delete DSA Keys Host Keys Status Keys Present Both Key Generation In Progress None 1 Host Keys Management None is the default selection 2 Use Generate RSA Keys to begin generating the RSA host keys Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions 3 Use Delete RSA Keys to delete the corresponding RSA key file if it is present DSA Keys Management None is the default selection 5 Use Generate DSA Keys to begin generating the DSA host keys Note that to generate SSH key files SSH must be administratively disabled and there can be no active SSH sessions Use Delete DSA Keys to delete the corresponding DSA key file if it is present 7 Click APPLY to start downloading the Host Key file Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions 8 Click REFRESH to refresh the web page and to show the latest SSH Sessions A Field Description Keys Present Displays which keys RSA DSA or both are present if any Key Generation In Progress Displays which key is being generated if any RSA DSA or None Host Keys Download Use this page to transfer a file to or from the switch To display the Host Keys Download page click Security gt Acce
266. f Tx LPI Events since EEE counters are last cleared Tx Low Power Idle Duration uSec This field indicates duration of Tx LPI state in 10us increments Shows the total duration of Tx LPI since the EEE counters are last cleared Tw_sys_ tx uSec Integer that indicates the value of Tw_sys that the local system can support Tw_sys_tx Echo uSec Integer that indicates the remote system s Transmit Tw_sys that was used by the local system to compute the Tw_sys that it wants to request from the remote system Tw_sys_rx uSec Integer that indicates the value of Tw_sys that the local system requests from the remote system Tw_sys_rx Echo uSec Integer that indicates the remote systems Receive Tw_sys that was used by the local system to compute the Tw_sys that it can support Fallback Tw_sys uSec Integer that indicates the value of fallback Tw_sys that the local system requests from the remote system Tx_dll_enabled Data Link Layer Enabled Initialization status of the EEE transmit Data Link Layer management function on the local system Tx_dll_ready Data Link Layer ready This variable indicates that the tx system initialization is complete and is ready to update receive LLDPDU containing EEE TLV Rx_dll_enabled Status of the EEE capability negotiation on the local system Configuring System Information 49 M4100 M7100 Web Management User Guide Table 4
267. f probes per hop The initial value is default The Probes per Hop you enter is not retained across a power cycle Maintenance 380 M4100 M7100 Web Management User Guide e MaxTTL Enter the maximum TTL for the destination The initial value is default value The MaxTTL you enter is not retained across a power cycle e nitTTL Enter the initial TTL to be used The initial value is default value The InitTTL you enter is not retained across a power cycle e MaxFail Enter the maximum Failures allowed in the session The initial value is default value The MaxFail you enter is not retained across a power cycle e Interval secs Enter the Time between probes in seconds The initial value is default value The Interval you enter is not retained across a power cycle e Port Enter the UDP Dest port in probe packets The initial value is default value The port you enter is not retained across a power cycle e Size Enter the Size of probe packets The initial value is default value The Size you enter is not retained across a power cycle 3 Click CANCEL to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 4 Click APPLY to initiate the traceroute The results display in the TraceRoute area Traceroute IPv6 Use this screen to tell the switch to send a TraceRoute request to a specified IP address or Hostname You can use this to discover the paths packets take to a remote de
268. fault value is 0 5 Use Forward BPDU while STP Disabled to specify whether spanning tree BPDUs should be forwarded or not while spanning tree is disabled on the switch Value is enabled or disabled 6 Use BPDU Guard to specify whether the BPDU guard feature is enabled The STP BPDU guard allows a network administrator to enforce the STP domain borders and keep the active topology consistent and predictable The switches behind the edge ports that have STP BPDU guard enabled will not be able to influence the overall STP topology At the Configuring Switching Information 129 M4100 M7100 Web Management User Guide reception of BPDUs the BPDU guard operation disables the port that is configured with this option and transitions the port into disable state This would lead to an administrative disable of the port 7 Use BPDU Filter to specify whether the BPDU Filter feature is enabled STP BPDU filtering applies to all operational edge ports Edge Port in an operational state is supposed to be connected to hosts that typically drop BPDUs If an operational edge port receives a BPDU it immediately loses its operational status In that case if BPDU filtering is enabled on this port then it drops the BPDUs received on this port Field Description Configuration digest key Identifier used to identify the configuration currently being used MST ID Table consisting of the MST instances including the CST and the corresponding VLAN
269. ffServ on page 396 e 802 1X on page 400 e MSTP on page 402 Virtual Local Area Networks VLANs A local area network LAN can generally be defined as a broadcast domain Hubs bridges or switches in the same physical segment or segments connect all end node devices End nodes can communicate with each other without the need for a router Routers connect LANs together routing the traffic to the appropriate port A virtual LAN VLAN is a local area network with a definition that maps workstations on some basis other than geographic location for example by department type of user or primary application To enable traffic to flow between VLANs traffic must go through a router just as if the VLANs were on two separate LANs A VLAN is a group of PCs servers and other network resources that behave as if they were connected to a single network segment even though they might not be For example all marketing personnel might be spread throughout a building Yet if they are all assigned to a single VLAN they can share resources and bandwidth as if they were connected to the same segment The resources of other departments can be invisible to the marketing VLAN members accessible to all or accessible only to specified individuals depending on how the IT manager has set up the VLANs VLANs have a number of advantages e Itis easy to do network segmentation Users that communicate most frequently with each other can be grouped into com
270. fic threshold If the switch is not able to supply power to all connected devices priority is used to determine which ports can supply power The lowest numbered port which is one of the ports of the same priority will have a higher priority Select the priority order from the following list e Low Low priority e Medium Medium priority e High High priority e Critical Critical priority 3 Select the High Power Mode from the following options e Disabled indicates that a port is powered in the IEEE 802 3af mode e Legacy indicates that a port is powered using high inrush current used by legacy PD s whose power requirements are more than 15W from power up e Pre 802 3at indicates a port is powered in the IEEE 802 3af mode initially and then switched to the high power IEEE 802 3at mode before 75 msec This mode needs to Configuring System Information 74 10 M4100 M7100 Web Management User Guide be selected if the PD is NOT performing Layer 2 Classification or the PSE is performing 2 Event Layer 1 Classification e 802 3at indicates that a port is powered in the IEEE 802 3at mode For example if the class detected by PSE is not class4 then the PSE port will not power up the PD The Power Limit Type describes or controls the maximum power that a port can deliver Select the type from the following list e Class indicates that the port power limit is equal to the class of the PD attached e User indicates that the por
271. field displays the User Name representing the identity of the supplicant device Supplicant Mac Address Session Time This field displays supplicant s device Mac Address This field displays the time since the supplicant as logged in seconds Filter ID This field displays policy filter id assigned by the authenticator to the supplicant device Vlan ID This field displays vlan id assigned by the authenticator to the supplicant device Vlan Assigned This field displays reason for the vlan id assigned by the authenticator to the supplicant device Session Timeout This field displays Session Timeout set by the Radius Server to the supplicant device Termination Action This field displays Termination Action set by the Radius Server to the supplicant device Traffic Control From the Traffic Control tab you can configure MAC Filters Storm Control Port Security and Protected Port settings To display the page click the Security gt Traffic Control tab The Traffic Control tab contains links to the following features e MAC Filter on page 284 Managing Device Security 283 M4100 M7100 Web Management User Guide e Port Security on page 286 e Private Group on page 291 e Protected Ports Configuration on page 293 e Private VLAN on page 294 e Storm Control on page 299 MAC Filter The MAC Filter link contains links to the following pages e MAC Filter Configuration on page 285 e
272. fier for the specified port within the CST It is made up from the port priority and the interface number of the port Port Forwarding State The Forwarding State of this port Configuring Switching Information 137 M4100 M7100 Web Management User Guide Field Description Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Designated Root Root Bridge for the CST It is made up using the bridge priority and the base MAC address of the bridge Designated Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port Topology Change Acknowledge Identifies whether the next BPDU to be transmitted for this port would have the topology change acknowledgement flag set It is either True or False Edge port Indicates whether the port is enabled as an edge port It takes the value Enabled or Disabled Point to point MAC Derived value of the po
273. figuration on page 84 e LLDP Interface Configuration on page 85 e LLDP Statistics on page 85 e LLDP Local Device Information on page 87 e LLDP Remote Device Information on page 89 e LLDP Remote Device Inventory on page 90 LLDP Global Configuration Use the LLDP Global Configuration page to specify LLDP parameters that are applied to the switch To display this page click System gt LLDP gt Global Configuration A screen similar to the following is displayed LLDP Global Configuration Global Configuration Transmit Interval 30 5 to 32768 s Transmit Hold Multiplier 2 to 10 secs Re Initialization Delay 2 Notification Interval 5 To configure global LLDP settings 1 Use Transmit Interval to specify the interval in seconds to transmit LLDP frames The range is from 5 to 32768 secs Default value is 30 seconds 2 Use Transmit Hold Multiplier to specify the multiplier on Transmit Interval to assign TTL The range is from 2 to 10 secs Default value is 4 3 Use Re Initialization Delay to specify the delay before re initialization The range is from 1 to 10 secs Default value is 2 seconds 4 Use Notification Interval to specify the interval in seconds for transmission of notifications The range is from 5 to 3600 secs Default value is 5 seconds 5 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 6 Click APPLY to send the updated configurat
274. firm Console Password eeeecece Telnet Password LITI Confirm Telnet Password eeeeccce SSH Password eecccece Confirm SSH Password eececece 1 Use Console Password to enter the Console password Passwords are a maximum of 64 alphanumeric characters 2 Use Confirm Console Password to enter the password again to confirm that you entered it correctly 3 Use Telnet Password to enter the Telnet password Passwords are a maximum of 64 alphanumeric characters 4 Use Confirm Telnet Password to enter the password again to confirm that you entered it correctly Managing Device Security 245 M4100 M7100 Web Management User Guide 5 Use SSH Password to enter the SSH password Passwords are a maximum of 64 alphanumeric characters 6 Use Confirm SSH Password to enter the password again to confirm that you entered it correctly RADIUS RADIUS servers provide additional security for networks The RADIUS server maintains a user database which contains per user authentication information The switch passes information to the configured RADIUS server which can authenticate a user name and password before authorizing use of the network RADIUS servers provide a centralized authentication method for e Web Access e Access Control Port 802 1X The RADIUS link contains links to the following pages e RADIUS Configuration on page 247 e RADIUS Server Configuration on page 248 e Accounting Server Configuration on page 250 Managing Devi
275. g Quality of Service 225 M4100 M7100 Web Management User Guide Diffserv Wizard Diffserv Wizard Traffic Type VOIP v Committed Rate Kbps o 0 Policing Outbound Priority 1 Use Traffic Type to define the DiffServ Class Traffic type options VOIP HTTP FTP Telnet and Every 2 Ports displays the ports which can be configured to support a DiffServ policy The DiffServ policy will be added to selected ports 3 Use Enable Policing to add policing to the DiffServ Policy The policing rate will be applied 4 Committed Rate e When Policing is enabled the committed rate will be applied to the policy and the policing action is set to conform e When Policing is disabled the committed rate is not applied and the policy is set to markdscp 5 Outbound Priority e When Policing is enabled Outbound Priority defines the type of policing conform action where High sets action to markdscp ef Med sets action to markdscp af31 and Low sets action to send e When Policing is disabled Outbound Priority defines the policy where High sets policy to mark ipdscp ef Med sets policy to mark ipdscp af31 Low set policy to mark ipdscp be Basic From the Basic link you can access the following pages e DiffServ Configuration on page 226 DiffServ Configuration Packets are filtered and processed based on defined criteria The filtering criteria is defined by aclass The processing is defined by a policy s attributes Policy attri
276. g the user interface This chapter contains the following sections e Switch Management Interface on page 8 e Web Access on page 8 e Understanding the User Interfaces on page 9 e Interface Naming Convention on page 15 Switch Management Interface NETGEAR ProSafe Managed Switches contain an embedded Web server and management software for managing and monitoring switch functions ProSafe Managed Switches function as simple switches without the management software However you can use the management software to configure more advanced features that can improve switch efficiency and overall network performance Web based management lets you monitor configure and control your switch remotely using a standard Web browser instead of using expensive and complicated SNMP software products From your Web browser you can monitor the performance of your switch and optimize its configuration for your network You can configure all switch features such as VLANs QoS and ACLs by using the Web based management interface Web Access To access the ProSafe Managed Switches management interface e Open a Web browser and enter the IP address of the switch in the address field You must be able to ping the IP address of the ProSafe Managed Switches management interface from your administrative system for Web access to be available If you did not change the IP address of the switch from the default value enter 169 254 100 100 into the address fie
277. ge displays a No MSTs Available message and does not display the fields shown in the field description table that follows To configure MST port settings 1 Use MST ID to select one MST instance from existing MST instances 2 Use Interface to select one of the physical or port channel interfaces associated with VLANs associated with the selected MST instance 3 Use Port Priority to specify the priority for a particular port within the selected MST instance The port priority is set in multiples of 16 For example if the priority is attempted to be set to any value between 0 and 15 it will be set to O If it is tried to be set to any value between 16 and 2 16 1 it will be set to 16 and so on 4 Use Port Path Cost to set the Path Cost to a new value for the specified port in the selected MST instance It takes a value in the range of 1 to 200000000 The following table describes the read only MST port configuration information displayed on the Spanning Tree CST Configuration page Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated Enabled or not Disabled Path cost will be calculated based on the link speed of the port if the configured value for Port Path Cost is zero Port ID The port identifier for the specified port within the selected MST instance It is made up from the port priority and the interface number of the port Port Uptime Since Las
278. ge 21 System CPU Status on page 24 USB Device Information on page 26 Loopback Interface on page 29 Network Interface on page 30 Time on page 34 DNS on page 43 SDM Template Preference on page 45 Green Ethernet Configuration on page 46 16 M4100 M7100 Web Management User Guide System Information After a successful login the System Information page displays Use this page to configure and view general device information To display the System Information page click System gt Management gt System Information A screen similar to the following displays System Information Product Name System Name System Location System Contact Login Timeout IPv4 Network Interface IPv6 Network Interface IPv4 Loopback Interface System Date System Up Time Current SNTP Sync Status System SNMP OID System MAC Address Supported Java Plugin Version Current SNTP Synchronized Time FAN Status System Systemi Temperature Status System M4100 12GF ProSafe 12 port Gigabit Fiber L2 Managed Svitch vith PoE 10 15 17 33 B1 0 0 6 5 0 to 160 mins 10 130 181 160 255 255 255 128 fe80 224e 7fff feSb 8a6c 64 Jan 2 05 25 01 1970 UTC 0 00 1 days 5 hours 25 mins 1 secs Other 1 3 6 1 4 4526 100 11 7 20 4E 7F 5B 8A 6C 1 6 Not Synchronized OK OK 34 Configuring System Information 17 M4100 M7100 Web Management User Guide The System Information provid
279. ge Name ie aa Active Image Description 9 5 imagel mn pe 9 0 2 18 1 image2 True True 10 15 17 33 To configure Dual Image settings 1 2 3 a Use Unit to select the unit whose code image you want to activate update or delete Use Next Active Image to make the selected image the next active image for subsequent reboots Use Image Description to specify the description for the image that you have selected Click DELETE to delete the selected image from permanent storage on the switch Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Note After activating an image you must perform a system reset of the switch in order to run the new code Field Description Image Name This displays the image name for the selected unit Active Image Displays the current active image of the selected unit Version Displays the version of the image1 code file Maintenance 377 M4100 M7100 Web Management User Guide Troubleshooting The Troubleshooting menu contains links to the following options e Ping IPv4 on page 378 e Ping IPv6 on page 379 e Traceroute IPv4 on page 380 e Traceroute IPv6 on page 381 Ping IPv4 Use this screen to tell the switch to send a Ping request to a specified IP address You can use this to check whether the switch can communicate with a particular IP station Once you click the APPLY button t
280. ger that specifies the maximum number of times an ARP request will be retried The range for this field is O to 10 The default value for Retries is 4 4 Use Cache Size to enter an integer that specifies the maximum number of entries for the ARP cache The range for this field is 64 to 512 The default value for Cache Size is 1664 5 Use Dynamic Renew to control whether the ARP component automatically attempts to renew ARP Entries of type Dynamic when they age out The default setting is Enable 6 Use Remove from Table to remove certain entries from the ARP Table The choices listed specify the type of ARP Entry to be deleted e All Dynamic Entries e All Dynamic and Gateway Entries e Specific Dynamic Gateway Entry Selecting this allows the user to specify the required IP Address Routing 212 M4100 M7100 Web Management User Guide e Specific Static Entry Selecting this allows the user to specify the required IP Address e None Selected if the user does not want to delete any entry from the ARP Table 7 Use Remove IP Address to enter the IP Address against the entry that is to be removed from the ARP Table This appears only if the user selects Specific Dynamic Gateway Entry or Specific Static Entry in the Remove from Table Drop Down List Field Description Total Entry Count Total number of Entries in the ARP table Peak Total Entries Highest value reached by Total Entry Count This counter
281. ges of the European Community Language Statement Cesky Czech NETGEAR Inc t mto prohla uje ze tento Radiolan je ve shode se z kladn mi po adavky a dal mi pr slu n mi ustanoven mi smernice 1999 5 ES Dansk Danish Undertegnede NETGEAR Inc erkl rer herved at f lgende udstyr Radiolan overholder de v sentlige krav og vrige relevante krav i direktiv 1999 5 EF Deutsch Hiermit erkl rt NETGEAR Inc dass sich das Ger t Radiolan in bereinstimmung mit den German grundlegenden Anforderungen und den brigen einschl gigen Bestimmungen der Richtlinie 1999 5 EG befindet Eesti Estonian K esolevaga kinnitab NETGEAR Inc seadme Radiolan vastavust direktiivi 1999 5 EU p hin uetele ja nimetatud direktiivist tulenevatele teistele asjakohastele s tetele 407 M4100 M7100 Web Management User Guide English Hereby NETGEAR Inc declares that this Radiolan is in compliance with the essential requirements and other relevant provisions of Directive 1999 5 EC Espa ol Spanish Por medio de la presente NETGEAR Inc declara que el Radiolan cumple con los requisitos esenciales y cualesquiera otras disposiciones aplicables o exigibles de la Directiva 1999 5 CE EAAnvikh Greek ME THN NAPOY2A NETGEAR Inc AHAQNEI OTI Radiolan 2YMMOP ONETAI MNPOZ TIZ OYZIOAEIZ ANAITHZEIZ KAI TI AOINE2 ZXETIKEZ AIATAZSEIZ TH OAHMAZ 1999 S EK Frangais French Par la pr sente NETGEAR
282. h Protocol E yp Source a Sponane Rate Limit Conform Rate Limit Time Rule Interface Interface Every Type 3 Address Mask Bee Ae ori Data Rate Burst Size Range Status I 1 False 4 IP 1 To configure rules for an IP ACL 1 ACL ID Name Use the drop down menu to select the IP ACL for which to create or update a rule 2 Configure the new rule e Rule ID Enter a whole number in the range of 1 to 511 that will be used to identify the rule An IP ACL may have up to 511 rules e Action Specify what action should be taken if a packet matches the rule s criteria The choices are permit or deny e Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action e Assign Queue ID Specifies the hardware egress queue identifier used to handle all packets matching this IP ACL rule Valid range of Queue Ids is 0 to 7 e Mirror Interface Specifies the specific egress interface where the matching traffic stream is copied in addition to being forwarded normally by the device This field cannot be set
283. he IPv6 prefix and prefix length assigned to the loopback interface System Date The current date System Up time The time in days hours and minutes since the last switch reboot Current SNTP Sync Status Displays the current SNTP sync status System SNMP OID The base object ID for the switch s enterprise MIB System Mac Address Universally assigned network address Supported Java Plugin Version The supported version of Java plugin Current SNTP Synchronized Time Displays the SNTP Synchronized time Configuring System Information 18 M4100 M7100 Web Management User Guide FAN Status This screen shows the status of the fans in all units These fans remove the heat generated by the power CPU and other chipsets and allow the chipsets work normally Fan status has three possible values OK Failure and Not Present The following table describes the Fan Status information Field Description UNIT ID The unit identifier is assigned to the switch which the fan belongs to System The working status of the System fan in each unit Click REFRESH to refresh the system information of the switch Temperature Status This screen shows the current temperature of the temperature sensors The temperature is instant and can be refreshed when the REFRESH button is pressed The maximum temperature of the temperature sensors depends on the actual hardwa
284. he Port in unit slot port format and click on the Go button The entry corresponding to the specified Port will be selected Use Port to specify the list of ports on which LLDP 802 1AB can be configured Link Status indicates whether the Link is up or down Use Transmit to specify the LLDP 802 1AB transmit mode for the selected interface Use Receive to specify the LLDP 802 1AB receive mode for the selected interface Use Notify to specify the LLDP 802 1AB notification mode for the selected interface Optional TLV s e Use Port Description to include port description TLV in LLDP frames NO aR WKN e Use System Name to include system name TLV in LLDP frames e Use System Description to include system description TLV in LLDP frames e Use System Capabilities to include system capability TLV in LLDP frames 8 Use Transmit Management Information to specify whether management address is transmitted in LLDP frames for the selected interface LLDP Statistics To display this page click System gt LLDP gt Statistics A screen similar to the following is displayed Configuring System Information 85 M4100 M7100 Web Management User Guide LLDP Statistics LLDP Statistics Last Update 0 Days 00 01 33 Total Inserts 1 Total Deletes 0 Total Drops 0 Total Ageouts 0 LLDP Statistics Iaeiae Transmit Receive Siscards Rice TLV TLV TLV Total Total 9 salad Unknowns MED 802 1 hese 0 0 0 0 2 o 0 0 0
285. he ProSafe Managed switch s management interface The Security gt Access tab contains the following folders e HTTP on page 260 e HTTPS on page 262 e SSH on page 265 e Telnet on page 268 e Console Port on page 270 e Denial of Service Configuration on page 272 Managing Device Security 259 M4100 M7100 Web Management User Guide HTTP From the HTTP link you can access the following pages e HTTP Configuration on page 260 HTTP Configuration To access the switch over a web page you must first configure it with IP information IP address subnet mask and default gateway You can configure the IP information using any of the following e BOOTP e DHCP e Terminal interface via the EIA 232 port Once you have established in band connectivity you can change the IP information using a Web based management To access the HTTP Configuration page click Security gt Access gt HTTP gt HTTP Configuration HTTP Configuration HTTP Configuration HTTP Access Disable Enable Java Mode Disable Enable HTTP Session Soft Timeout Minutes 60 HTTP Session Hard Timeout Hours 24 Maximum Number of HTTP Sessions 16 Authentication List HttpListName To configure the HTTP server settings 1 Use HTTP Access to specify whether the switch may be accessed from a web browser If you choose to enable web mode you will be able to manage the switch from a web browser The factory default is enabled 2 Use Ja
286. he Security gt ACL tab contains links to the following pages ACL Wizard The ACL Wizard helps a user to create a simple ACL and apply it to the selected ports easily and quickly Firstly you must select an ACL type with which you will create an ACL Then add ACL rule to this ACL and at last apply this ACL on the selected ports The ACL Wizard allows you only to create the ACL but doesn t allow you to modify it If you want to modify it please go to the ACL configuration page To display the ACL Wizard click Security gt ACL gt ACL Wizard Managing Device Security 314 M4100 M7100 Web Management User Guide ACL Wizard ACL Type Selection ACL Type ACL Based on Destination MAC w ACL Based on Destination MAC nae Match Destination MAC Destination MAC Every Mask rT W yy Binding Configuration Direction Inbound Port Selection Table Use ACL Type to specify the ACL type you are using to create the ACL You can select one type from 10 optional types e ACL Based on Destination MAC To create an ACL based on the destination MAC address destination MAC mask and VLAN e ACL Based on Source MAC To create an ACL based on the source MAC address source MAC mask and VLAN e ACL Based on Destination IPv4 To create an ACL based on the destination IPv4 address and IPv4 address mask e ACL Based on Source IPv4 To create an ACL based on the source IPv4 address and IPv4 address mask e ACL Bas
287. he Web interface Table 1 Command Buttons Button Function ADD Clicking ADD adds the new item configured in the heading row of a table APPLY Clicking the APPLY button sends the updated configuration to the switch Configuration changes take effect immediately CANCEL Clicking CANCEL cancels the configuration on the screen and resets the data on the screen to the latest value of the switch DELETE Clicking DELETE removes the selected item REFRESH Clicking the REFRESH button refreshes the page with the latest information from the device LOGOUT Clicking the LOGOUT button ends the session Getting Started 11 M4100 M7100 Web Management User Guide Device View The Device View is a Java applet that displays the ports on the switch This graphic provides an alternate way to navigate to configuration and monitoring options The graphic also provides information about device ports current configuration and status table information and feature components The Device View is available from the System gt Device View page The port coloring indicates whether a port is currently active Green indicates that the port is enabled red indicates that an error has occurred on the port or red indicates that the link is disabled The Device View of the switch is shown below Device View NETGEAR PROSAFE M4100 D12G Baegasesasag tsaa qoa a sh TTT Click the port you want to view or co
288. he default value is None DHCPv6 can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces Use DHCPV6 Client DUID to specify an Identifier used to identify the client s unique DUID value This option only displays when DHCPV 6 is enabled Use IPv6 Gateway to specify the gateway for the IPv6 network interface The gateway address is in IPv6 global or link local address format Use IPv6 Prefix Prefix Length to add the IPv6 prefix and prefix length to the IPv6 network interface The address is in global address format Use EUI64 to specify whether to format the IPv6 address in EUI 64 format Default value is false Click ADD to add a new IPv6 address in global format Click DELETE to delete a selected IPv6 address IPv Network Interface Neighbor Table Use this page to display IPv6 Network Port Neighbor entries To display the IPv6 Network Neighbor page click System gt Management gt Network Interface gt IPv6 Network Interface Neighbor Table A screen similar to the following is displayed IPv6 Network Interface Neighbor Table IPv6 Network Interface Neighbor Table Neighbor Last IPv6 Address MAC Address isRtr State Updated The following table displays IPv6 Network Interface Neighbor Table information Field Description IPv6 address The Ipv6 Address of a neighbor switch visible to the network interface MAC address The MAC address of a neighbor switch IsR
289. he following table describes the Green Mode Statistics Summary non configurable fields Table 5 Field Description Current Power Consumption by all ports in Stack mWatts Estimated Power Consumption by all ports in stack in mWatts Estimated Percentage Power Saving per stack Estimated Percentage Power saved on all ports in stack due to Green mode s enabled Cumulative Energy Saving per Stack Watts Hours Estimated Cumulative Energy saved per stack in Watts Hours due to all green modes enabled Unit Displays the Unit ID Green Features supported on this unit List of Green Features supported on the given unit which could be one or more of the following Energy Detect Energy Detect Short Reach Short Reach EEE Energy Efficient Ethernet LPl History EEE Low Power Idle History LLDP Cap Exchg EEE LLDP Capability Exchange Pwr Usg Est Power Usage Estimates Interface Interface for which data is displayed or configured Energy Detect Admin Mode Enable Disable Energy Detect Mode on the port With this mode is enabled when the port link is down the PHY automatically goes down for short period of time and then wakes up to check link pulses This will allow performing auto negotiation and saving power consumption when no link partner is present Energy Detect Operational Status Current operational status of the Energy Detect mode Short Reach Admin M
290. he switch will send specified number of ping requests and the results will be displayed If a reply to the ping is not received you will see e Tx Count Rx 0 Min Max Avg RTT 0 0 0 msec If a reply to the ping is received you will see e Received response for Seq Num 0 Rtt xyz usec e Received response for Seq Num 1 Rtt abc usec e Received response for Seq Num 2 Rtt def usec e Tx Count Rx Count Min Max Avg RTT xyz abc def msec To access the Ping IPv4 page click Maintenance gt Troubleshooting gt Ping IPv4 Ping Ipv4 Ping Details IP Address Host Name a __ Max 255 characters x x x x Count 1 1 to 15 Interval secs 3 o 1 to 60 Datagram Size o 0 to 65507 Ping To configure the settings and ping a host on the network Maintenance 378 M4100 M7100 Web Management User Guide 1 Use IP Address Host Name to enter the IP address or Hostname of the station you want the switch to ping The initial value is blank The IP Address or Hostname you enter is not retained across a power cycle 2 Optionally configure the following settings e Count Enter the number of echo requests you want to send The initial value is default value The Count you enter is not retained across a power cycle e Interval secs Enter the Interval between ping packets in seconds initial value is default value The Interval you enter is not retained across a power cycle e Datagram Size Enter the Size of ping packe
291. he type of power threshold configured on the port Select Dynamic to indicate that the power consumption on each port is measured and calculated in real time 4 To set the traps select Enable to activate the PoE traps Select Disable to deactivate the PoE traps The default setting is enabled 5 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately PoE Port Configuration To display the Advanced PoE Port Configuration page click System gt PoE gt Advanced gt PoE Port Configuration A screen similar to the following is displayed PoE Port Configuration Q puse e mo io ae vo 22032 s2 micron a a aon Serco Noe as use Yer me ae ae we 3008 a Unan None a a aow Secre Mors as oo n Lou ae w mos B Urknoet None a pa org po as cuse Ye noe i ela vt mo ats Urinown Nore a a aow Secre No rs ar puz zo owe enit w 2203 Ce Urnoa Nore a Serco Noto a ju vor me Low ae ver moo s Unan Noe a a ooo Secre ee as GEL a Low ae we moo s2 Urine Nore ow Serce Noro gio Gace Yer me i ae vwe nox a Unon Nore a a aow farses Nors aii sse zo 2 enat ee 22030 sss Urkrset None aow Serce Noro gn us ve ze ae ae wo mos s2 Unon Nore e a aow Secre Mors a Gmeecot aad 1 Select the Admin Mode Enable or Disable to determine the ability of the port to deliver power 2 Port Priority is used to determine which ports can deliver power when the total power delivered by the system crosses a speci
292. hing none The factory default is DHCP 7 Use DHCP Vendor Class Identifier to enable DHCP Vendorld option on the client 8 Use DHCP Vendor Class Identifier String to specify DHCP Vendorld option string on the client 9 Use Management VLAN ID to specify the management VLAN ID of the switch It may be configured to any value in the range of 1 4093 The management VLAN is used for management of the switch This field is configurable for administrative users and read only for other users The following table describes IPv4 Network Configuration information Field Description Burned In MAC Address The burned in MAC address used for in band connectivity if you choose not to configure a locally administered address Configuring System Information 31 M4100 M7100 Web Management User Guide IPv6 Network Interface Configuration To display the IPv6 Network Configuration page click System gt Management gt Network Interface gt IPv6 Network Interface Configuration A screen similar to the following is displayed IPv6 Network Interface Configuration Global Configuration Admin Mode Disable Enable IPv6 Address Auto Configuration Mode Disable Enable Current Network Configuration Protocol None DHCPv6 IPv6 Gateway Interface Status Up IPv6 Network Interface Configuration fa IPv6 Prefix Prefix Length EUI64 FES0 204 6FF FE02 407 64 True The IPv6 network interface is the log
293. hould be forwarded on the appropriate egress port s Of course the trusted field must exist in the packet for the mapping table to be of any use so there are default actions performed when this is not the case These actions involve directing the packet to a specific CoS level configured for the ingress port as a whole based on the existing port default priority as mapped to a traffic class by the current 802 1p mapping table Alternatively when a port is configured as untrusted it does not trust any incoming packet priority designation and uses the port default priority value instead All packets arriving at the Configuring Quality of Service 217 M4100 M7100 Web Management User Guide ingress of an untrusted port are directed to a specific CoS queue on the appropriate egress port s in accordance with the configured default priority of the ingress port This process is also used for cases where a trusted port mapping is unable to be honored such as when a non IP packet arrives at a port configured to trust the IP DSCP value To configure global CoS settings 1 2 3 Use Global to specify all CoS configurable interfaces The option Global represents the most recent global configuration settings Use Interface to specify CoS configuration settings based per interface Use Global Trust Mode to specify whether to trust a particular packet marking at ingress Global Trust Mode can only be one of the following Default va
294. ia the LAN Port based network access control allows the operation of a switch s ports to be controlled in order to ensure that access to its services is only permitted by systems that are authorized to do so Port access control provides a means of preventing unauthorized access by supplicants to the services offered by a system Control over the access to a switch and the LAN to which it Configuration Examples 400 M4100 M7100 Web Management User Guide is connected can be desirable in order to restrict access to publicly accessible bridge ports or to restrict access to departmental LANs Access control is achieved by enforcing authentication of supplicants that are attached to an authenticator s controlled ports The result of the authentication process determines whether the supplicant is authorized to access services on that controlled port A Port Access Entity PAE is able to adopt one of two distinct roles within an access control interaction 1 Authenticator A Port that enforces authentication before allowing access to services available via that Port 2 Supplicant A Port that attempts to access services offered by the Authenticator Additionally there exists a third role 3 Authentication server Performs the authentication function necessary to check the credentials of the Supplicant on behalf of the Authenticator All three roles are required in order to complete an authentication exchange NETGEAR switches s
295. iate orange bar to expose the available ports or LAGs The Port Selection Table provides a list of all available valid interfaces for ACL binding All non routing physical interfaces vlan interface and interfaces participating in LAGs are listed e To add the selected ACL to a port or LAG click the box directly below the port or LAG number so that an X appears in the box e Toremove the selected ACL from a port or LAG click the box directly below the port or LAG number to clear the selection An X in the box indicates that the ACL is applied to the interface The following table describes the information displayed in the Interface Binding Stagtus 324 Field Description Interface Displays the interface of the ACL assigned Direction Displays selected packet filtering direction for ACL Managing Device Security 320 M4100 M7100 Web Management User Guide 324 Field Description ACL Type Displays the type of ACL assigned to selected interface and direction ACL ID Displays the ACL Number in case of IP ACL or ACL Name in case of MAC ACL identifying the ACL assigned to selected interface and direction Sequence Number Displays the Sequence Number signifying the order of specified ACL relative to other ACLs assigned to selected interface and direction 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch
296. ical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over an IPv6 network you must first configure it with IPv6 information IPv6 prefix prefix length and default gateway You can configure the IP information using any of the following e Pv6 Auto Configuration e DHCPv6 e Terminal interface via the EIA 232 port Once you have established in band connectivity you can change the IPv6 information using any of the following e Terminal interface via the EIA 232 port e Terminal interface via telnet e SNMP based management e Web based management 1 Use Admin Mode to enable or disable the IPv6 network interface on the switch The default value is enable 2 Use IPv6 Address Auto Configuration Mode to set the IPv6 address for the IPv6 network interface in auto configuration mode if this option is enabled The default value is disable Configuring System Information 32 8 9 M4100 M7100 Web Management User Guide Auto configuration can be enabled only when IPv6 Auto config or DHCPv6 are not enabled on any of the management interfaces Use Current Network Configuration Protocol to configure the IPv6 address for the IPv6 network interface by DHCPv6 protocol if this option is enabled T
297. ice CoS queueing feature lets you directly configure certain aspects of switch queueing This provides the desired QoS behavior for different types of network traffic when the complexities of DiffServ are not required The priority of a packet arriving at an interface can be used to steer the packet to the appropriate outbound CoS queue through a mapping table CoS queue characteristics that affect queue mapping such as minimum guaranteed bandwidth or transmission rate shaping are user configurable at the queue or port level Eight queues per port are supported From the Class of Service link under the QoS tab you can access the following pages e Basic on page 217 e Advanced on page 219 Basic From the Basic link you can access the following pages e CoS Configuration on page 217 CoS Configuration To display the CoS Configuration page click QoS gt CoS gt Basic gt CoS Configuration CoS Configuration CoS Configuration Global aila Global Trust Mode trust dotip M Interface Interface Trust Mode Use the CoS Configuration page to set the class of service trust mode of an interface Each port in the switch can be configured to trust one of the packet fields 802 1p or IP DSCP or to not trust any packet s priority designation untrusted mode If the port is set to a trusted mode it uses a mapping table appropriate for the trusted field being used This mapping table indicates the CoS queue to which the packet s
298. ice SMAC DMAC Disable Enable Denial of Service TCP FIN amp URG amp PSH Disable Enable Denial of Service TCP Flag amp Sequence Disable Enable Denial of Service TCP Fragment Disable Enable Denial of Service TCP Offset Disable Enable Denial of Service TCP Port Disable Enable Denial of Service TCP SYN Disable Enable Denial of Service TCP SYN amp FIN Disable Enable Denial of Service UDP Port Disable Enable 1 Use Denial of Service Min TCP Header Size to specify the Min TCP Hdr Size allowed If DoS TCP Fragment is enabled the switch will drop these packets e First TCP fragments that has a TCP payload IP_Payload_Length IP_Header_Size lt Min_TCP_Header_Size e Its range is 0 to 255 The default value is 20 2 Use Denial of Service ICMPv4 to enable ICMPv4 DoS prevention which causes the switch to drop ICMPv4 packets that have a type set to ECHO_REQ ping and a size greater than the configured ICMPv4 Pkt Size The factory default is disabled 3 Use Denial of Service Max ICMPv4 Packet Size to specify the Max ICMPv4 Pkt Size allowed If ICMPv4 DoS prevention is enabled the switch will drop IPv4 ICMP ping packets that have a size greater than this configured Max ICMPv4 Pkt Size Its range is 0 to 16376 The default value is 512 4 Use Denial of Service ICMPv6 to enable ICMPv6 DoS prevention which causes the switch to drop ICMPv 6 packets that have a type set to ECHO_REQ ping and a size greater than the configured ICMPv6 Pkt
299. ich you cannot delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list Two default lists are present DefaultList and networkList To display the Login Authentication List page click Security gt Management Security gt Authentication List gt Login Authentication List Login Authentication List Login Authentication List ECTE s je D W A A M E defaultList Local networkList Local 1 List Name If you are creating a new login list enter the name you want to assign It can be up to 15 alphanumeric characters long and is not case sensitive 2 1 Use the drop down menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Enable the privileged EXEC password will be used for authentication e Line the line password will be used for authentication e Local the user s locally stored ID and password will be used for authentication e None the user will not be authenticated e Radius the user s ID and password will be authenticated using the RADIUS server instead of local server Managing Device Security 254 M4100 M7100 Web Management User Guide e Tacacs the user s ID and password will be authenticated using the TACACS
300. ick DELETE to delete the IP subnet based VLAN from the switch 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 If you make changes to the page click APPLY to apply the changes to the system Configuration changes take effect immediately Field Description Interface Select the physical or LAG interface for which you want to display or configure data Operational VLAN s Displays the operational vlan s Private VLAN Promiscuous Interface Configuration To display the Private VLAN Promiscuous Interface Configuration page click Security gt Traffic Control gt Private VLAN gt Private VLAN Promiscuous Interface Configuration Managing Device Security 297 M4100 M7100 Web Management User Guide Private VLAN Promiscuous Interface Configuration Private VLAN Promiscuous Interface Configuration 9 1 LAGS All Go To Interface ee EE E oaao Lt 1 I m 0 2 o 0 3 0 0 4 0 0 5 0 0 6 0 E 0 7 0 0 8 0 F o s o 0 10 0 E 0 11 0 0 12 0 1 LAGS All ooo E ene 1 Use Promiscuous Primary VLAN to set the Primary VLAN ID for Promiscuous Association Mode The range of the VLAN ID is 2 4093 2 Use Promiscuous Secondary VLAN ID s to set the Secondary VLAN ID List for Promiscuous Association Mode This field can accept single VLAN ID or range of VLAN IDs or
301. ield in a packet For example to check for an IP TOS value having bits 7 and 5 set and bit 1 clear where bit 7 is most significant use a TOS Bits value of OxAO and a TOS Mask of OxFF This is an optional configuration e Rate Limit Conform Data Rate Value of Rate Limit Conform Data Rate specifies the conforming data rate of IP ACL Rule Valid values are 1 to 4294967295 in Kbps e Rate Limit Burst Size Value of Rate Limit Burst Size specifies burst size of IP ACL Rule Valid values are 1 to 128 in Kbytes e Time Range Name of time range associated with the IP Extended ACL Rule e Rule Status Displays if the ACL rule is active or inactive Blank means that no timer schedules are assigned to the rule 3 To delete an IP ACL rule select the check box associated with the rule and then click DELETE 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 To modify an existing IP Extended ACL rule click the Rule ID The number is a hyperlink to the Extended ACL Rule Configuration page IPv6 ACL An IPv6 ACL consists of a set of rules which are matched sequentially against a packet When a packet meets the match criteria of a rule the specified rule action Permit Deny is taken and the additional rules are not checked for a match Rules for the IP ACL are specified created using the IPv6 ACL Rule Configuration page To display the IPv6 ACL page click Sec
302. ies model name Specifies asset id Location Information Specifies if location TLV is prese nt in LLDP frames Sub Type Location Information Specifies type of location information Specifies the location information as a string for given type of location id Configuring System Information 95 M4100 M7100 Web Management User Guide LLDP MED Remote Device Information To display this page click System gt LLDP gt LLDP MED gt Remote Device Information A screen similar to the following is displayed LLDP MED Remote Device Information LLDP MED Interface Selection Interface Remote ID Capability Information Supported Capabilities Enabled Capabilities _ Device Class Network Policies Information Media Unknown Tagged Application Priority Bit Bit Type Status Status Inventory Information Hardware Revision Firmware Revision Software Revision Serial Number Manufacturer Name Model Name Asset Id Location Information Sub Type Location Information Extended PoE Device 1 Use Interface to select the ports on which LLDP MED is enabled The following table describes the LLDP MED Remote Device Information fields Configuring System Information 96 M4100 M7100 Web Management User Guide Field Description Capability Information Specifies the supported and enabled capabilities that was received in MED TLV on this port
303. ifferent types of traffic e Weighted Weighted round robin associates a weight to each queue This is the default e Strict Services traffic with the highest priority on a queue first 3 Queue Management Type displays the Queue depth management technique used for queues on this interface This is only used if device supports independent settings per queue Queue Management Type can only be taildrop All packets on a queue are safe until congestion occurs At this point any additional packets queued are dropped 4 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 5 If you make changes to the page click APPLY to apply the changes to the system Differentiated Services The QoS feature contains Differentiated Services DiffServ support that allows traffic to be classified into streams and given certain QoS treatment in accordance with defined per hop behaviors Standard IP based networks are designed to provide best effort data delivery service Best effort service implies that the network delivers the data in a timely fashion although there is no guarantee that it will During times of congestion packets may be delayed sent sporadically or dropped For typical Internet applications such as e mail and file transfer a slight degradation in service is acceptable and in many cases unnoticeable Conversely any degradation of service has undesirable
304. iguration Accounting Server Configuration Accounting Server IP Address Accounting Server Name gt Secret Configured Secret Accounting Mode J EE Eas A CO Statistics Round Malformed Accounting Accounting Accounting Accounting Bad Pending Unknown Packets Trip Accounting Timeouts Server Requests Retransmissions Responses Authenticators Requests Types Dropped Time Responses To configure the RADIUS accounting server Managing Device Security 250 M4100 M7100 Web Management User Guide 1 In the Accounting Server IP Address field specify the IP address of the RADIUS accounting server to add 2 In the Accounting Server Name field enter the name of the accounting server to add 3 In the Port field specify the UDP port number the server uses to verify the RADIUS accounting server The valid range is 0O 65535 If the user has READONLY access the value is displayed but cannot be changed 4 From the Secret Configured drop down box select Yes to add a RADIUS secret in the next field After you add the RADIUS accounting server this field indicates whether the shared secret for this server has been configured 5 In the Secret field type the shared secret to use with the specified accounting server 6 From the Accounting Mode drop down box enable or disable the RADIUS accounting mode 7 To delete a configured RADIUS Accounting server click DELETE The following table describes RADIUS accounting ser
305. iguration on page 30 e IPv6 Network Interface Configuration on page 32 e Pv6 Network Interface Neighbor Table on page 33 IPv4 Network Configuration To display the IPv4 Network Configuration page click System gt Management gt Network Interface gt IPv4 Network Configuration A screen similar to the following is displayed IPv4 Network Interface Configuration IPv4 Network Interface Configuration IP Address 10 27 34 52 Subnet Mask 255 255 255 0 Default Gateway 10 27 34 1 Burned In MAC Address 00 04 06 02 04 07 Locally Administered MAC Address 00 00 00 00 00 00 MAC Address Type Burned In Locally Administered Current Network Configuration Protocol None Bootp DHCP DHCP Vendor Class Identifier Disable Enable DHCP Vendor Class Identifier String Management VLAN ID 1 1 to 4093 Interface Status Up The network interface is the logical interface used for in band connectivity with the switch via any of the switch s front panel ports The configuration parameters associated with the switch s network interface do not affect the configuration of the front panel ports through which traffic is switched or routed To access the switch over a network you must first configure it with IP information IP address subnet mask and default gateway You can configure the IP information using any of the following e BOOTP e DHCP e Terminal interface via the EIA 232 port Configuring System Information 30 M4100 M7100
306. ilable on the switch Table 3 Naming Conventions for Interfaces Interface Description Example Physical The physical ports are gigabit Ethernet interfaces and are numbered sequentially starting from one 0 1 0 2 0 3 and so on Link Aggregation Group LAG LAG interfaces are logical interfaces that are only used for bridging functions lag 1 lag 2 lag 3 and so on CPU Management Interface Routing VLAN Interfaces This is the internal switch interface responsible for the switch base MAC address This interface is not configurable and is always listed in the MAC Address Table This is an interface used for routing functionality 5 1 Vian 1 Vian 2 Vlan 3 and so on Getting Started 15 Contiguring System Intormation Use the features in the System tab to define the switch s relationship to its environment The System tab contains links to the following features Management on page 16 Device View See Device View on page 12 Services on page 55 PoE on page 70 SNMP on page 76 LLDP on page 83 ISDP on page 99 Timer Schedule on page 105 Management This section describes how to display the switch status and specify some basic switch information such as the management interface IP address system clock settings and DNS information From the Management link you can access the following pages System Information on page 17 Switch Statistics on pa
307. ined across a power cycle unless you perform a save Dot1x Authentication List You use this page to configure a dot1x list A dot1x list specifies the authentication method s you want to use to validate port access for the users associated with the list Only one dot1x method can be supported The default list is dot1xList To display the Dot1x Authentication List page click Security gt Management Security gt Authentication List gt Dot1x Authentication List Managing Device Security 256 M4100 M7100 Web Management User Guide Dot1x Authentication List Dotix Authentication List List Name 1 go dotixList 1 List Name Select the dot1x list name for which you want to configure data 2 Use the drop down menu to select the method that should appear first in the selected authentication login list The options are e IAS The user s ID and password in Internal Authentication Server Database will be used for authentication e Local The user s locally stored ID and password will be used for authentication e RADIUS The user s ID and password will be authenticated using the RADIUS server instead of locally e None The user will authenticate without a user name and password HTTP Authentication List You use this page to configure a HTTP list A HTTP list specifies the authentication method s you want to use to validate the switch or port access through HTTP To display the HTTP Authentication List page c
308. ing Mode to enable or disable routing for an interface The default value is enable 8 Use Administrative Mode to enable disable the Administrative Mode of the interface The default value is enable This mode is not supported for Logical VLAN Interfaces 9 Use Forward Net Directed Broadcasts to select how network directed broadcast packets should be handled If you select enable from the drop down menu network directed broadcasts will be forwarded If you select disable they will be dropped The default value is disable 10 Use Encapsulation Type to select the link layer encapsulation type for packets transmitted from the specified interface from the drop down menu The possible values are Ethernet and SNAP The default is Ethernet 11 Use Proxy Arp to disable or enable proxy Arp for the specified interface from the drop down menu 12 Use Local Proxy Arp to disable or enable Local Proxy ARP for the specified interface from the drop down menu 13 Use Bandwidth to specify the configured bandwidth on this interface This parameter communicates the speed of the interface to higher level protocols OSPF uses bandwidth to compute link cost Valid range is 1 to 10000000 14 Use ICMP Destination Unreachables to specify the Mode of Sending ICMP Destination Unreachables on this interface If this is Disabled then this interface will not send ICMP Destination Unreachables By default Destination Unreachables mode is enable 15 Use ICMP Redirects t
309. ingress Global Trust Mode can only be one of the following Default value is trust dot1p e untrusted e trust dot1p e trust ip dscp Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is untrusted e untrusted e trust dot1p e trust ip dscp Configuring Quality of Service 219 M4100 M7100 Web Management User Guide 802 1p to Queue Mapping The 802 1p to Queue Mapping page also displays the Current 802 1p Priority Mapping table To display the 801 p to Queue Mapping page click QoS gt CoS gt Advanced gt 802 1p to Queue Mapping 802 1p to Queue Mapping Interface Selection Interface 0 1 v 802 1p to Queue Mapping a Ce Ce T Le ew fo bs ee ed ee b amp w To map 802 1p priorities to queues 1 2 Use Interface to specify CoS configuration settings based per interface or specify all CoS configurable interfaces Specify which internal traffic class to map the corresponding 802 1p value The queue number depends on the specific hardware The 802 1p Priority row contains traffic class selectors for each of the eight 802 1p priorities to be mapped The priority goes from low 0 to high 3 For example traffic with a priority of 0 is for most data traffic and is sent using best effort Traffic with a higher priority such as 3 might be time sensitive traffic such as voice or video
310. ink is down the PHY will automatically go down for short period of time and then wakes up to check link pulses This will allow performing auto negotiation and saving power consumption when no link partner is present 2 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 3 Click Apply to update the configuration on the switch Green Ethernet Interface Configuration Use this page to configure the Green Ethernet interface settings To access this page click System gt Management gt Green Ethernet gt Green Ethernet Interface Configuration Green Ethernet Interface Configuration Green Ethernet Interface Configuration 1 All Go To Interface GO F 0 1 Enable 0 3 Enable 1 All Go To Interface GO To add a static entry to the local DNS table 1 Specify the Go To Interface by entering the Interface in unit slot port format and click on the Go button The entry corresponding to the specified Interface will be selected 2 Select the Port for which data is to be displayed or configured 3 Use the Auto Power Down Mode selection to enable or disable this option The factory default is enable When the port link is down the PHY will automatically go down for short period of time and then wakes up to check link pulses This will allow performing auto negotiation and saving power consumption when no link partner is present 4 Cli
311. int to point status CST Regional Root Bridge Identifier of the CST Regional Root Itis made up using the bridge priority and the base MAC address of the bridge CST Path Cost Path Cost to the CST Regional Root Port Up Time Since Counters Last Cleared Time since the counters were last cleared displayed in Days Hours Minutes and Seconds Loop Inconsistent State This parameter identifies whether the port is in loop inconsistent state or not Transitions Into Loop Inconsistent State The number of times this interface has transitioned into loop inconsistent state Transitions Out Of Loop Inconsistent State The number of times this interface has transitioned out of loop inconsistent state MST Configuration Use the Spanning Tree MST Configuration page to configure Multiple Spanning Tree MST on the switch To display the Spanning Tree MST Configuration page click Switching gt STP gt Advanced gt MST Configuration Configuring Switching Information 138 M4100 M7100 Web Management User Guide MST Configuration MST Configuration MST ID Priority Bridge Identifier Change Designated Root h t er Topology Root Port Change Identifier Count 32768 80 00 00 06 06 02 04 07 1 O day Ohr IS mind sec 3 Foise 90 00 00 09 00 01 03 68 60000 0 16 To configure an MST instance 1 To add an MST instance configure the MST values and click ADD MST I
312. ion on the switch Configuring System Information 42 M4100 M7100 Web Management User Guide DNS You can use these pages to configure information about DNS servers the network uses and how the switch operates as a DNS client DNS Configuration Use this page to configure global DNS settings and DNS server information To access this page click System gt Management gt DNS gt DNS Configuration DNS Configuration DNS Configuration DNS Status Disable Enable DNS Default Name 1 to 255 alphanumeric characters Retry Number 2 Response Timeout secs 3 0 to 3600 secs DNS Server Configuration Ey Serial No DNS Server Preference agg 10 27 138 20 B 10 27 138 21 1 To configure the global DNS settings 1 Specify whether to enable or disable the administrative status of the DNS Client e Enable Allow the switch to send DNS queries to a DNS server to resolve a DNS domain name Default value is Enable e Disable Prevent the switch from sending DNS queries Enter the DNS default domain name to include in DNS queries When the system is performing a lookup on an unqualified hostname this field is provided as the domain name for example if default domain name is netgear com and the user enters test then test is changed to test netgear com to resolve the name The length of the name should not be longer than 255 characters Use Retry Number to specify the number of times to retry sending DNS queries
313. ion to the switch and cause the changes to take effect on the switch but these changes will not be retained across a power cycle unless a save is performed Configuring System Information 84 M4100 M7100 Web Management User Guide LLDP Interface Configuration To display this page click System gt LLDP gt Interface Configuration A screen similar to the following is displayed LLDP Interface Configuration Interface Configuration 1 All GoTo Port EEP Operational TLV s Transmit se oe bee Transmit Receive Notify ee Information a Up Sf bs al Lal Enable Enable E Down Enable Enable Disable Enable Enable Enable Enable Enable 0 3 Up Enable Enable Disable Enable Enable Enable Enable Enable 0 4 Down Enable Enable Disable Enable Enable Enable Enable Enable E 0 5 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 6 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 7 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 8 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 9 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 10 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 11 Down Enable Enable Disable Enable Enable Enable Enable Enable 0 12 Down Enable Enable Disable Enable Enable Enable Enable Enable 1 All GotoPet Jeco 1 Use Go To Port to enter t
314. ion until the APPLY button is pressed GuestVLAN ID This field allows the user to configure Guest Vlan ID on the interface The valid range is 0 4093 The default value is 0 Changing the value will not change the configuration until the APPLY button is pressed Enter 0 to clear the Guest Vlan Id on the interface Guest VLAN Period This input field allows the user to enter the guest VLAN period for the selected port The guest VLAN period is the value in seconds of the timer used by the GuestVlan Authentication The guest Vlan time out must be a value in the range of 1 and 300 The default value is 90 Changing the value will not change the configuration until the APPLY button is pressed Unauthenticated VLAN ID This input field allows the user to enter the Unauthenticated VLAN ID for the selected port The valid range is 0 4093 The default Managing Device Security 278 M4100 M7100 Web Management User Guide value is 0 Changing the value will not change the configuration until the Submit button is pressed Enter 0 to clear the Unauthenticated VLAN ID on the interface e Supplicant Timeout This input field allows the user to enter the supplicant time out for the selected port The supplicant time out is the value in seconds of the timer used by the authenticator state machine on this port to time out the supplicant The supplicant time out must be a value in the range of 1 and 65535 The default value is 30 Changing the value wi
315. is 1 to Group Membership Interval 1 Its value should be less than group membership interval value 6 Use Multicast Router Expiry Time to set the value for multicast router expiry time of MLD Snooping for the specified VLAN ID Valid range is 0 to 3600 Multicast Router Configuration To access the Multicast Router Configuration page click Switching gt Multicast gt MLD Snooping gt Multicast Router Configuration Configuring Switching Information 159 M4100 M7100 Web Management User Guide Multicast Router Configuration Multicast Router Configuration 1 LAGS All Go To Interface GO GO Multicast Router _ Disable 0 2 Disable 0 3 Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable gege ge gege 1 Interface Select the interface for which you want Multicast Router to be enabled 2 Use Multicast Router to enable or disable Multicast Router on the selected interface Multicast Router VLAN Configuration To access the Multicast Router VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt Multicast Router VLAN Configuration Multicast Router VLAN Configuration Multicast Router VLAN Configuration Interface Multicast Router VLAN Configuration m VLAN ID Multicast Router 1 Use interface to select the interface for which you want Multicast Router to be enabled 2 Use VLAN ID to select the VLAN ID for which the Multicast Router Mode is
316. is e Portuguese outras disposi es da Directiva 1999 5 CE Slovensko NETGEAR Inc izjavlja da je ta Radiolan v skladu z bistvenimi zahtevami in ostalimi Slovenian relevantnimi dolo ili direktive 1999 5 ES Slovensky NETGEAR Inc t mto vyhlasuje e Radiolan sp a z kladn po iadavky a v etky Slovak pr slu n ustanovenia Smernice 1999 5 ES Suomi Finnish NETGEAR Inc vakuuttaa t ten ett Radiolan tyyppinen laite on direktiivin 1999 5 EY oleellisten vaatimusten ja sit koskevien direktiivin muiden ehtojen mukainen Notification of Compliance 408 M4100 M7100 Web Management User Guide Svenska Harmed intygar NETGEAR Inc att denna Radiolan star 6verensstammelse med de Swedish v sentliga egenskapskrav och vriga relevanta best mmelser som framg r av direktiv 1999 5 EG slenska H r me l sir NETGEAR Inc yfir v a Radiolan er samr mi vi grunnkr fur og a rar Icelandic kr fur sem ger ar eru tilskipun 1999 5 EC Norsk NETGEAR Inc erkl rer herved at utstyret Radiolan er i samsvar med de grunnleggende Norwegian krav og vrige relevante krav i direktiv 1999 5 EF This device is a 2 4 GHz wideband transmission system transceiver intended for use in all EU member states and EFTA countries except in France and Italy where restrictive use applies In Italy the end user should apply for a license at the national spectrum authorities in order to obtai
317. is enable then only the router can send ECHO replies By default ICMP Echo Replies are sent for echo requests 3 Use ICMP Redirects to select enable or disable If it is enabled globally and on interface level then only the router can send ICMP Redirects 4 Use ICMP Rate Limit Interval to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By default Rate limit is 100 packets sec i e burst interval is 1000 msec To disable ICMP Rate limiting set this field to 0 Valid Rate Interval must be in the range 0 to 2147483647 5 Use ICMP Rate Limit Burst Size to control the ICMP error packets by specifying the number of ICMP error packets that are allowed per burst interval By default burst size is 100 packets When burst interval is O then configuring this field is not a valid operation Valid Burst Size must be in the range 1 to 200 6 Use Select to configure Global Default Gateway to edit the Global Default Gateway field 7 Use Global Default Gateway to set the global default gateway to the manually configured value A default gateway configured with this command is more preferred than a default gateway learned from a DHCP server Only one default gateway can be configured If you invoke this command multiple times each command replaces the previous value Routing 190 M4100 M7100 Web Management User Guide Field Description Default Time to Live The default
318. is leads to stale information in the ARP cache unless entries are updated in reaction to new information seen on the network periodically refreshed to determine if an address still exists or removed from the cache if the entry has not been identified as a sender of an ARP packet during the course of an ageout interval usually specified via configuration From the ARP link you can access the following pages e Basic on page 209 e Advanced on page 210 Basic From the Basic link you can access the following pages e ARP Cache on page 210 Routing 209 M4100 M7100 Web Management User Guide ARP Cache Use this screen to show ARP entries in the ARP Cache To display the ARP Cache page click Routing gt ARP gt Basic gt ARP Cache ARP Cache ARP Cache IP Address MAC Address 10 27 34 64 0 12 00 0F FE 00 8E 7 6 10 27 34 58 0 12 C8 0A 4A9 32 F3 63 10 27 34 1 0 12 00 16 9C E1 D8 00 1 Use Port to select the associated Unit Slot Port of the connection 2 IP Address displays the IP address It must be the IP address of a device on a subnet attached to one of the switch s existing routing interfaces 3 MAC Address displays the unicast MAC address of the device The address is six two digit hexadecimal numbers separated by colons for example 00 06 29 32 81 40 4 Click REFRESH to show the latest IP information Advanced From the Advanced link you can access the following pages e Static ARP Cache on page 210
319. isplays current number of the MVR groups allocated MVR Group Configuration To display the MVR Group Configuration page click Switching gt MVR gt Advanced gt MVR Group Configuration A screen similar to the following is displayed MVR Group Configuration MVR Group Configuration _ MvR Group 1P a ane cas ee U 1 Use the MVR Group IP to specify the IP Address for the new MVR group 2 Use the Count to specify the number of contiguous MVR groups It is a service option helping user to create multiple MVR groups via single press of Add button If the field is empty then pressing the button creates only one new group The field is displayed as empty for each particular group The range is from 1 to 256 3 Click ADD to add a new MVR group 4 Click DELETE to delete a selected MVR group 5 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Field Definition Status Displays the status of the specific MVR group Members Displays the list of ports that participate in the specific MVR group Configuring Switching Information 166 M4100 M7100 Web Management User Guide MVR Interface Configuration To display the MVR Interface Configuration page click Switching gt MVR gt Advanced gt MVR Interface Configuration A screen similar to the following is displayed MVR Interface Configuration
320. isplays name of each class instance within the policy Configuring Quality of Service 238 M4100 M7100 Web Management User Guide Service Interface Configuration Use the Service Interface Configuration page to activate a policy on an interface To display the page click QoS gt DiffServ gt Advanced gt Service Interface Configuration Service Interface Configuration Service Interface Configuration i LAGS All Go To Interface Go Poli Policy Out Name Name o N E 0 1 0 2 0 3 0 4 0 5 0 6 0 7 0 8 o O o 0 oO 0 E d oO 0 o O Go To Interface Go To configure DiffServ policy settings on an interface 1 Use Interface to select the interface on which you will configure the DiffServer service 2 Policy Name Lists all the policy names from which one can be selected This field is not shown for Read Write users where inbound service policy attachment is not supported by the platform Field Description Direction Shows that the traffic direction of this service interface is In Operational Status Shows the operational status of this service interface either Up or Down Service Statistics This screen displays class oriented statistical information for the policy which is specified by the interface and direction The Member Classes drop down list is populated on the basis of Configuring Quality of Service 239 M4100 M7100 Web Management User Guide
321. isplays the number of received IGMP Reports V1 Configuring Switching Information 168 M4100 M7100 Web Management User Guide Field Definition IGMP Report V2 Received IGMP Leave Received Displays the number of received IGMP Reports V2 Displays the number of received IGMP Leaves IGMP Query Transmitted Displays the number of transmitted IGMP Queries IGMP Report V1 Transmitted Displays the number of transmitted IGMP Reports V1 IGMP Report V2 Transmitted IGMP Leave Transmitted Displays the number of transmitted IGMP Reports V2 Displays the number of transmitted IGMP Leaves IGMP Packet Receive Failures Displays the number of IGMP packet receive failures IGMP Packet Transmit Failures Displays the number of IGMP packet transmit failures Configuring Switching Information 169 M4100 M7100 Web Management User Guide Address Table From the Address Table link you can access the following pages e Basic on page 170 e Advanced on page 172 Basic From the Basic link you can access the following pages e Address Table on page 170 Address Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching gt Address Table gt
322. it is not activated When enabled Diffserv services are activated Class table Displays the number of configured DiffServ classes out of the total allowed on the switch Class Rule table Displays the number of configured class rules out of the total allowed on the switch Policy table Displays the number of configured policies out of the total allowed on the switch Policy Instance table Displays the number of configured policy class instances out of the total allowed on the switch Policy Attributes table Displays the number of configured policy attributes attached to the policy class instances out of the total allowed on the switch Service table Displays the number of configured services attached to the policies on specified interfaces out of the total allowed on the switch Configuring Quality of Service 227 M4100 M7100 Web Management User Guide Advanced e Diffserv Configuration on page 228 e Class Configuration on page 229 e IPv6 Class Configuration on page 233 e Policy Configuration on page 235 e Service Interface Configuration on page 239 e Service Statistics on page 239 Diffserv Configuration Packets are filtered and processed based on defined criteria The filtering criteria is defined by aclass The processing is defined by a policy s attributes Policy attributes may be defined on a per class instance basis and it is these attributes that are applied when a match occurs The configuration pro
323. itted and received on each port To display the Spanning Tree Statistics page click Switching gt STP gt Advanced gt STP Statistics STP Statistics STP Statistics 1 LAGS All STP Interface BPDUs Received 0 1 0 3 0 5 0 7 0 9 0 0 0 0 0 0 0 0 0 0 0 0 RSTP MSTP MSTP STP BPDUs RSTP BPDUs BPDUs BPDUs BPDUs Transmitted Transmitted OC in o E o iC eC i Oo Received Received Transmitted i ao o oF c GI o eo GI o eo mo o fen o ie o eC eC a o fen OC ie Oo ie OC OC e eC ie o HOC eC HC m The following table describes the information available on the STP Statistics page Field Description Interface Selects one of the physical or port channel interfaces of the switch STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port Configuring Switching Information 143 M4100 M7100 Web Management User Guide Field Description MSTP BPDUs Received Number of MSTP BPDUs received at the selected port MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port Multicast Multicast IP traffic is traffic that is destined to a host group Hos
324. k Time Protocol 34 SNMP traps 78 using 14 v1 v2 76 SNTP 34 server configuration 38 server status 39 SSL 262 storm control 299 STP 128 example configuration 404 Status 129 131 Stratum 0 34 134 2 34 T T1 34 T2 34 T3 34 T4 34 TACACS folder 252 settings 252 technical support 2 time 34 levels 34 trademarks 2 traffic control 283 trap flags 80 U Unicast 34 upload configuration 369 413 M4100 M7100 Web Management User Guide V VLAN 108 example configuration 393 guest 402 ID 108 managing 108 Port VLAN ID 115 PVID 115 414
325. lar to the following is displayed LLDP MED Global Configuration Global Configuration Fast Start Repeat Count 3 Device Class Network Connectivity 1 Use Fast Start Repeat Count to specify the number of LLDP PDUs that will be transmitted when the protocol is enabled The range is from 1 to 10 Default value of fast repeat count is 3 The following table describes the LLDP MED Global Configuration fields Configuring System Information 91 M4100 M7100 Web Management User Guide Field Description Device Class Specifies local device s MED Classification There are four different kinds of devices three of them represent the actual end points classified as Class Generic IP Communication Controller etc Class II Media Conference Bridge etc Class III Communication IP Telephone etc The fourth device is Network Connectivity Device which is typically a LAN Switch Router IEEE 802 1 Bridge IEEE 802 11 Wireless Access Point etc LLDP MED Interface Configuration To display this page click System gt LLDP gt LLDP MED gt Interface Configuration A screen similar to the following is displayed LLDP MED Interface Configuration Interface Configuration 1 All GoTo Port GO co Transmit Type Length Values Extended Extended Link Med Operational Notification MED Network Location Inventory Yds Status Status Status Status Capabilities Poli Identification Jaara i Infor
326. ld Accessing the switch directly from your Web browser displays the login screen shown below M4100 M7100 Web Management User Guide M4100 12GF NETGEAR 12 Port Fiber Gigabit Layer 2 onnect with Innovation Managed Switch with Static Routing Understanding the User Interfaces ProSafe Managed Switches software includes a set of comprehensive management functions for configuring and monitoring the system by using one of the following methods e Web user interface e Simple Network Management Protocol SNMP e Command Line Interface CLI Each of the standards based management methods allows you to configure and monitor the components of the ProSafe Managed Switches software The method you use to manage the system depends on your network size and requirements and on your preference The ProSafe M4100 M7100 Managed Switch Web Management User Manual describes how to use the Web based interface to manage and monitor the system Using the Web Interface To access the switch by using a Web browser the browser must meet the following software requirements e HTML version 4 0 or later e HTTP version 1 1 or later e Java Runtime Environment 1 6 or later Use the following procedures to log on to the Web interface Getting Started 9 M4100 M7100 Web Management User Guide 1 Open a Web browser and enter the IP address of the switch in the Web browser address field 2 The default username is admin default passwo
327. ld These severity levels have been enumerated below e Emergency 0 system is unusable Monitoring the System 357 M4100 M7100 Web Management User Guide e Alert 1 action must be taken immediately e Critical 2 critical conditions e Error 3 error conditions e Warning 4 warning conditions e Notice 5 normal but significant conditions e Informational 6 informational messages e Debug 7 debug level messages 3 Click REFRESH to refresh the web page to show the latest messages in the persistent log Format of the messages e Total number of Messages Number of persistent log messages displayed on the switch e lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a user level message 1 with severity 7 debug ona system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged Messages logged to a collector or relay via syslog have an identical format to the above message Port Mirroring The page under the Mirroring link allows you to view and configure port mirroring on the system Multiple Port Mirroring Port mirroring selects the network traffic for analysis by a network analyzer This is done for specific ports of the switch As such many switch ports are configured as source ports and
328. lds of the packet e Src Dest IP and TCP UDP Port fields Source Destination IP and source destination TCP UDP Port fields of the packet e Enhanced Hashing mode Features MODULO N operation based on the number of ports in the LAG non Unicast traffic and unicast traffic hashing using a common hash algorithm excellent load balancing performance and packet attributes selection based on the packet type For L2 packets source and destination MAC address are used for hash computation ForL3 packets source IP destination IP address TCP UDP ports are used Use the Port Selection Table to select the ports as members of the LAG Configuring Switching Information 183 Routing The Routing tab contains links to the following features Routing Table on page 184 IP on page 189 VLAN on page 206 ARP on page 209 Router Discovery on page 213 Routing Table The Routing Table collects routes from multiple sources static routes and local routes The Routing Table may learn multiple routes to the same destination from multiple sources The Routing Table lists all routes From the Routing Table link you can access the following pages Basic on page 185 Advanced on page 187 184 M4100 M7100 Web Management User Guide Basic From the Basic link you can access the following pages Route Configuration on page 185 Route Configuration To display the Route Configuration page click Routing gt Routing Table gt
329. le Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disable Disabled Disable Disable Disable Disable Enable Disabled o 11 128 Enable Disable Disable Disabled Disable Disable Disable Disable Enable Disabled 0 12 128 Enable Disable Disable Disabled Disable Disable Disable Disable Enable Disabled 1 LAGS All Go To Interface so 1 LAGS All Port Port Path Admii Interface priority Edge Port Cost Oo O o 128 Enable 20000 0 2 128 Enable 0 3 128 Enable 0 4 128 Enable 0 5 128 Enable 0 6 128 Enable 0 7 128 Enable 0 8 128 Enable 0 9 128 Enable 0 10 128 Enable oooogoo0o0o D ps NN RN NNN NNN WN ece0eb cob obo 6 m e a To configure CST port settings 1 Interface One of the physical or port channel interfaces associated with VLANs associated with the CST 2 Use Port Priority to specify the priority for a particular port within the CST The port priority is set in multiples of 16 For example if the priority is attempted to be set to any value between 0 and 15 it will be set to O If it is tried to be set to any value between 16
330. led Power module is present but power cable is not plugged in or a bad cable is plugged in PoE Version Version of the PoE controller FW image MAX PoE Indicates the status of maximum PoE power available on the switch as follows e ON Indicates less than 7W of PoE power available for another device OFF Indicates at least 7W of PoE power available for another device e N A Indicates that PoE is not supported by the unit Click REFRESH to refresh the system information of the switch Configuring System Information 20 M4100 M7100 Web Management User Guide Switch Statistics Use this page to display the switch statistics To display the Switch Statistics page click System gt Management gt Switch Statistics A screen similar to the following is displayed Switch Statistics Statistics ifIndex 53 Octets Received 3929228 Packets Received Without Errors 33757 Unicast Packets Received 5532 Multicast Packets Received 23710 Broadcast Packets Received 4515 Receive Packets Discarded 0 Octets Transmitted 14036105 Packets Transmitted Without Errors 126647 Unicast Packets Transmitted 5658 Multicast Packets Transmitted 120979 Broadcast Packets Transmitted 10 Transmit Packets Discarded 0 Most Address Entries Ever Used 14 Address Entries in Use 9 Maximum VLAN Entries 1024 Most VLAN Entries Ever Used 2 Static VLAN Entries 2 Dynamic VLAN Entries 0 VLAN Deletes 0 Time Since Counters Last Cle
331. led Statistics 0 0 ee 339 EAP StaliStiCS ccs scn otha ences Soa Wa wee a a tak dade Ba 345 M4100 M7100 Web Management User Guide Cable TES nic 444c24uiere bo eeek eeeea eek Sas dene Se ea LOGS PE ET Gare Sion Rs add RAs oda TEER base REREAD eee Buliered LOGS esrb ioei etaren a Gages Sone awneseagradea doa Command Log Configuration 00 000 ee Console Log Configuration 20 2 0060se0 seen eben ea eee ew eee SYSLog Conniquiatons sess opens iisaee aden kecrik t ehdusdg cab Wap lOGSis 6 6d uk oie Se ji nee beet bese bad dda doe dete ais Event LOGS tis ig as sae miaa i Md Soh dB Glia dd Sok o a Hdd decd Persistent LOGS 2 02 c2wted eerie hee ri eee Eira r KETENE POr MITO eriga 524s obetae haat eek ba eae eta Multiple POR MITORING sssssirrres erines EEES ol Soa OAS SHOW case noseseede ahasied aanapawndada die abt bbe hed Dates Chapter 8 Maintenance Save Configuration as 2444 tesa we densa deen OSA EM Sane ae Bake age Save COMIGUIAUONS seg eaaa EDA REEERE RARER ETA Auto Install Configuration 2 0 0 0 ee RESOU o tuciea a aoe een era u piaia e 4 andar ndv Raw Aaand dl Aras WM dad Saas Device REDGOL rrid nera bartera tei a Ta eee ba eae ieee Faciory Delal Ss 2 isre ro ea Bah Sys O AEN A et Password Restes o 2045 04 04 hka a a a Upload File From SWItCH nai scap nemum aa a a A File Uploads sac auiciatuayda na ausich tum arian S AAE E EA ATP File Upload 2 24 0 4 2 42e4 pebder ated a e a EA USB File Upload sa
332. lick APPLY to start downloading the Host Key file Note that to download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Telnet To display the Telnet page click Security gt Access gt Telnet Managing Device Security 268 M4100 M7100 Web Management User Guide TELNET Authentication List Login Authentication List networkList Enable Authentication List enableNetList Inbound Telnet Telnet Server Admin Mode Disable Enable Allow new telnet sessions Disable Enable Session Timeout Minutes 5 1 to 160 Maximum Number of Sessions 5 0 to 5 Current Number of Sessions 0 Outbound Telnet Allow new telnet sessions Disable Enable Session Timeout Minutes 5 1 to 160 Maximum Number of Sessions 5 0 to 5 Current Number of Sessions 0 Telnet Authentication List This page allows you to select the login and enable authentication list available The login list specifies the authentication method s you want to use to validate switch or port access for the users associated with the list The enable list specifies the authentication method s you want to use to validate privileged EXEC access for the users associated with the list These lists can be created through the Authentication List link under Management Security 1 Use Login Authentication List to specify which authentication list to use login through telnet Th
333. lick Security gt Management Security gt Authentication List gt HTTP Authentication List HTTP Authentication List HTTP Authentication List Sa FP S EE httpList Local 1 List Name Select the HTTP list name for which you want to configure data 2 Use the drop down menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Local The user s locally stored ID and password will be used for authentication e Radius The user s ID and password will be authenticated using the RADIUS server instead of locally e TACACS The user s ID and password will be authenticated using the TACACS server Managing Device Security 257 M4100 M7100 Web Management User Guide 3 Use the drop down menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 Use the drop down menu to select the method if any that should appear third in the selected authentication login list HTTPS Authentication List You use thi
334. lid range is 48 to 2048 Maintenance 379 M4100 M7100 Web Management User Guide 4 Result Displays the result after the switch send a Ping IPv6 request to the specified IPv6 address Traceroute IPv4 Use this screen to tell the switch to send a TraceRoute request to a specified IP address or Hostname You can use this to discover the paths packets take to a remote destination Once you click the APPLY button the switch will send traceroute and the results will be displayed below the configurable data If a reply to the traceroute is received you will see e 1x y z w 9869 usec 9775 usec 10584 usec e 2 0 0 0 0 0 usec 0 usec 0 usec e 30 0 0 0 0 usec 0 usec 0 usec e Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute IPv4 page click Maintenance gt Troubleshooting gt Traceroute IPv4 TraceRoute IPv4 TraceRoute Ipv4 IP Address Hostname Probes Per Hop MaxTTL Init TTL MaxFail w uw KY Ww WwW Interval secs Port 33434 Size 0 Results To configure the Traceroute settings and send probe packets to discover the route to a host on the network 1 Use IP Address Hostname to enter the IP address or Hostname of the station you want the switch to discover path The initial value is blank The IP Address or Hostname you enter is not retained across a power cycle 2 Optionally configure the following settings e Probes Per Hop Enter the number o
335. link you can access the following pages e DHCP Server Configuration on page 55 e DHCP Pool Configuration on page 57 e DHCP Pool Options on page 60 e DHCP Server Statistics on page 61 e DHCP Bindings Information on page 62 e DHCP Conflicts Information on page 63 DHCP Server Configuration To display the DHCP Server Configuration page click System gt Services gt DHCP Server gt DHCP Server Configuration A screen similar to the following is displayed DHCP Server Configuration DHCP Server Configuration Admin Mode Disable Enable Ping Packet Count 2 0 2 to 10 Conflict Logging Mode Disable Enable Bootp Automatic Mode Disable Enable Excluded Address z IP Range From IP Range To To enable or disable DHCP service 1 Use Admin Mode to specify whether the DHCP Service is to be Enabled or Disabled Default value is Disable Configuring System Information 55 M4100 M7100 Web Management User Guide Use Ping Packet Count to specify the number of packets a server sends to a Pool address to check for duplication as part of a ping operation Default value is 2 Valid Range is 0 2 to 10 Setting the value to 0 will disable the function Use Conflict Logging Mode to specify whether conflict logging on a DHCP Server is to be Enabled or Disabled Default value is Enable Use BOOTP Automatic Mode to specify whether BOOTP for dynamic pools is to be Enabled or Disabled Default value is Disable Click
336. links to the following features e Management Security Settings on page 242 e Configuring Management Access on page 259 e Port Authentication on page 273 e Traffic Control on page 283 e Control on page 301 e Configuring Access Control Lists on page 314 Management Security Settings From the Management Security Settings tab you can configure the login password Remote Authorization Dial In User Service RADIUS settings Terminal Access Controller Access Control System TACACS settings and authentication lists To display the page click the Security gt Management Security tab The Management Security tab contains links to the following features e Local User on page 242 e Enable Password Configuration on page 245 e Line Password Configuration on page 245 e RADIUS on page 246 e TACACS on page 252 e Authentication List Configuration on page 254 e Login Sessions on page 259 Local User From the Local User link you can access the following pages e User Management on page 243 e User Password Configuration on page 244 242 M4100 M7100 Web Management User Guide User Management By default two user accounts exist e admin with Read Write privileges e guest with Read Only privileges By default both of these accounts have blank passwords The names are not case sensitive If you logon to a user account with Read Write privileges i e as admin you can use the User Management screen to assign passwords
337. ll not change the configuration until the APPLY button is pressed e Server Timeout This input field allows the user to enter the server time out for the selected port The server time out is the value in seconds of the timer used by the authenticator on this port to time out the authentication server The server time out must be a value in the range of 1 and 65535 The default value is 30 Changing the value will not change the configuration until the APPLY button is pressed e Maximum Requests This input field allows the user to enter the maximum requests for the selected port The maximum requests value is the maximum number of times the authenticator state machine on this port will retransmit an EAPOL EAP Request Identity before timing out the supplicant The maximum requests value must be in the range of 1 and 10 The default value is 2 Changing the value will not change the configuration until the APPLY button is pressed e PAE Capabilities This field selects the port access entity PAE functionality of the selected port Possible values are Authenticator or Supplicant e Periodic Reauthentication This select field allows the user to enable or disable reauthentication of the supplicant for the specified port The selectable values are enable or disable If the value is enable reauthentication will occur Otherwise reauthentication will not be allowed The default value is disable Changing the selection will
338. login You can only use this button if you have Read Write access The change will not be retained across a power cycle unless you perform a save Enable Authentication List You use this page to configure enable lists A enable list specifies the authentication method s you use to validate privileged EXEC access for the users associated with the list The pre configured users admin and guest are assigned to a pre configured list named defaultList which you cannot delete All newly created users are also assigned to the defaultList until you specifically assign them to a different list Two default lists are present enableList and enableNetList To display the Enable Authentication List page click Security gt Management Security gt Authentication List gt Enable Authentication List Enable Authentication List Enable Authentication List a HWH WN WW WN A enableList Enable None enableNetList Enable None 1 List Name If you are creating a new enable list enter the name you want to assign It can be up to 15 alphanumeric characters long and is not case sensitive Managing Device Security 255 M4100 M7100 Web Management User Guide 2 1 Use the drop down menu to select the method that should appear first in the selected authentication enable list The options are e Enable the privileged EXEC password will be used for authentication e Line the line password will be used for authentication e None the user
339. lowing the first login after password expiration A value of 0 indicates that passwords never expire 3 Use Password History to specify the number of previous passwords to store for prevention of password reuse This ensures that each user does not reuse passwords often A value of 0 indicates that no previous passwords will be stored 4 Use Lockout Attempts to specify the number of allowable failed local authentication attempts before the user s account is locked A value of 0 indicates that user accounts will never be locked Managing Device Security 244 M4100 M7100 Web Management User Guide Enable Password Configuration This page prompts you to change the Privileged EXEC password Passwords are a maximum of 64 alphanumeric characters The password is case sensitive To display the Enable Password Configuration page click Security gt Management Security gt Enable Password Enable Password Configuration Enable Password Configuration Password eeccccece Confirm Password eeccccce 1 Use Password to specify a password Passwords are a maximum of 64 alphanumeric characters 2 Use Confirm Password to enter the password again to confirm that you entered it correctly Line Password Configuration To display the Line Password Configuration page click Security gt Management Security gt Line Password Line Password Configuration w Line Password Configuration Console Password eeeeceee Con
340. lue is trust dot1p e untrusted e trust dot1p e trust ip dscp Use Interface Trust Mode to specify whether to trust a particular packet marking at ingress Interface Trust Mode can only be one of the following Default value is untrusted e untrusted e trust dot1p e trust ip dscp Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch If you change any of the settings on the page click APPLY to send the updated configuration to the switch Configuring Quality of Service 218 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages CoS Configuration on page 219 802 1p to Queue Mapping on page 220 Advanced IP DSCP to Queue Mapping on page 221 Advanced CoS Interface Configuration on page 221 Advanced Interface Queue Configuration on page 223 Advanced CoS Configuration To display the CoS Configuration page click QoS gt CoS gt Advanced gt CoS Configuration CoS Configuration CoS Configuration AN Faai wc 7 R Global All Global Trust Mode trust dotip Interface Interface Trust Mode Use Global to specify all CoS configurable interfaces The option Global represents the most recent global configuration settings Use Interface to specify CoS configuration settings based per interface Use Global Trust Mode to specify whether to trust a particular packet marking at
341. ly partial information for the page The following table describes the detailed port information displayed on the screen To view information about a different port select the port number from the Interface drop down menu Use the buttons at the bottom of the page to perform the following actions e Click CLEAR to clear all the counters This resets all statistics for this port to the default values e Click REFRESH to refresh the data on the screen and display the most current statistics Monitoring the System 339 M4100 M7100 Web Management User Guide Field Description MST ID Display the MST instances associated with the interface iflndex This object indicates the iflndex of the interface table entry associated with this port on an adapter Port Type For normal ports this field will be normal Otherwise the possible values are e Mirrored This port is a participating in port mirroring as a mirrored port Look at the Port Mirroring screens for more information e Probe This port is a participating in port mirroring as the probe port Look at the Port Mirroring screens for more information e Trunk Member The port is a member of a Link Aggregation trunk Look at the Port Channel screens for more information Port Channel ID If the port is a member of a port channel the port channel s interface ID and name are shown Otherwise Disable is shown Port Role Each MST Bridge Po
342. m interfaces including those received in error IpInHdrErrors The number of input datagrams discarded due to errors in their IP headers including bad checksums version number mismatch other format errors time to live exceeded errors discovered in processing their IP options etc IpInAddrErrors The number of input datagrams discarded because the IP address in their IP header s destination field was not a valid address to be received at this entity This count includes invalid addresses e g 0 0 0 0 and addresses of unsupported Classes e g Class E For entities which are not IP Gateways and therefore do not forward datagrams this counter includes datagrams discarded because the destination address was not a local address lpForwDatagrams The number of input datagrams for which this entity was not their final IP destination as a result of which an attempt was made to find a route to forward them to that final destination In entities which do not act as IP Gateways this counter will include only those packets which were Source Routed via this entity and the Source Route option processing was successful IpInUnknownProtos The number of locally addressed datagrams received successfully but discarded because of an unknown or unsupported protocol IpInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buff
343. mation z i mra PSE PD ieee A Enable Disable Enable Enable o le le a le ooo 0 2 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 3 Up Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 4 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable E o s Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 6 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable J 0 7 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 8 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 9 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 10 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable o 0 11 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 0 12 Down Enable Disable Enable Enable Enable Enable Disable Disable Enable 1 All Go To Port kso 1 Use Go To Port to enter the Port in unit slot port format and click on the Go button The entry corresponding to the specified Port will be selected 2 Use Interface to specify the list of ports on which LLDP MED 802 1AB can be configured 3 Use MED Status to specify whether LLDP MED mode is enabled or disabled on this interface 4 Use Notification Status to specify the LLDP MED topology notification mode of the interface
344. mer Time Disable Recurring Recurring EU Recurring USA Non Recurring Summer Time Status Summer Time Disable Summer Time In Effect No To configure the summer time configuration 1 The summer time option is used to select one of the below four options e Disable This option is used to disable Summer Time Configuring System Information 40 M4100 M7100 Web Management User Guide e Recurring This option is used to enable Recurring Summer Time e Recurring EU This option is used to enable Recurring EU Summer Time e Recurring USA This option is used to enable Recurring USA Summer Time e Non Recurring This option is used to configure Non Recurring Summer Time The below fields will be visible only when Summer Time is Recurring or Recurring EU or Recurring USA Field Description Begins At The fields under this are used to configure the Start values of date and time e Week This field is used to configure start week e Day This field is used to configure start day e Month This field is used to configure start month e Hours This field is used to configure start hours e Minutes This field is used to configure start minutes Ends At The fields under this are used to configure the End values of date and time e Week This field is used to configure end week e Day This field is used to configure end day e Month This field is used to configure end month e Hours
345. mon VLANs regardless of physical location Each group s traffic is contained largely within the VLAN reducing extraneous traffic and improving the efficiency of the whole network 391 M4100 M7100 Web Management User Guide They are easy to manage The addition of nodes as well as moves and other changes can be dealt with quickly and conveniently from a management interface rather than from the wiring closet They provide increased performance VLANs free up bandwidth by limiting node to node and broadcast traffic throughout the network They ensure enhanced network security VLANs create virtual boundaries that can be crossed only through a router So standard router based security measures can be used to restrict access to each VLAN Packets received by the switch are treated in the following way When an untagged packet enters a port it is automatically tagged with the port s default VLAN ID tag number Each port has a default VLAN ID setting that is user configurable the default setting is 1 The default VLAN ID setting for each port can be changed in the Port PVID Configuration screen See Port PVID Configuration on page 3 115 When a tagged packet enters a port the tag for that packet is unaffected by the default VLAN ID setting The packet proceeds to the VLAN specified by its VLAN ID tag number If the port through which the packet entered does not have membership with the VLAN specified by the VLAN ID tag the pa
346. n authorization to use the device for setting up outdoor radio links and or for supplying public access to telecommunications and or network services This device may not be used for setting up outdoor radio links in France and in some areas the RF output power may be limited to 10 mW EIRP in the frequency range of 2454 2483 5 MHZ For detailed information the end user should contact the national spectrum authority in France FCC Requirements for Operation in the United States FCC Information to User This product does not contain any user serviceable components and is to be used with approved antennas only Any product changes or modifications will invalidate all applicable regulatory certifications and approvals FCC Guidelines for Human Exposure This equipment complies with FCC radiation exposure limits set forth for an uncontrolled environment This equipment should be installed and operated with minimum distance of 20 cm between the radiator and your body This transmitter must not be co located or operating in conjunction with any other antenna or transmitter FCC Declaration of Conformity We NETGEAR Inc 350 East Plumeria Drive San Jose CA 95134 declare under our sole responsibility that the M4100 M7100 Web Management User Guide complies with Part 15 Subpart B of FCC CFR47 Rules Operation is subject to the following two conditions e This device may not cause harmful interference and e This device must accept any interfer
347. n defined are applied to the selected interface Use the IP Binding Configuration page to assign ACL lists to ACL Priorities and Interfaces To display the IP Binding Configuration page click Security gt ACL gt Advanced gt IP Binding Configuration Managing Device Security 331 M4100 M7100 Web Management User Guide IP Binding Configuration Binding Configuration ACLID Direction Inbound iv Sequence Number ios 1 to 4294967295 Port Selection Table Interface Binding Status ACL Type ACL ID Name Sequence Number To configure IP ACL interface bindings 1 Select an existing IP ACL from the ACL ID drop down menu The packet filtering direction for ACL is Inbound which means the IP ACL rules are applied to traffic entering the port Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is not specified by the user a sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used The valid range is 14294967295 Click the appropriate orange bar to expose the available ports or LAGs The Port Selection
348. n is only available to READWRITE users These changes will not be retained across a power cycle unless a save is performed Field Description Current Indicates if this server is currently in use as the authentication server The following table describes the RADIUS server statistics available on the page Use the buttons at the bottom of the page to perform the following actions e Click Clear Counters to reset the authentication server and RADIUS statistics to their default values Field Description Radius Server Displays the address of the RADIUS server or the name of the RADIUS server for which the statistics are displayed Round Trip Time The time interval in hundredths of a second between the most recent Access Reply Access Challenge and the Access Request that matched it from this RADIUS authentication server Access Requests The number of RADIUS Access Request packets sent to this server This number does not include retransmissions Access Retransmissions The number of RADIUS Access Request packets retransmitted to this server Access Accepts The number of RADIUS Access Accept packets including both valid and invalid packets that were received from this server Managing Device Security 249 M4100 M7100 Web Management User Guide Field Description Access Rejects The number of RADIUS Access Reject packets including both valid and invalid packets
349. n on page 150 e Multicast Router Configuration on page 152 e Multicast Router VLAN Configuration on page 152 e IGMP Snooping Querier on page 153 e IGMP Snooping Querier Configuration on page 154 e IGMP Snooping Querier VLAN Configuration on page 155 IGMP Snooping Configuration Use the IGMP Snooping Configuration page to configure the parameters for IGMP snooping which is used to build forwarding lists for multicast traffic Note that only a user with Read Write access privileges may change the data on this screen To access the IGMP Snooping Configuration page click Switching gt Multicast gt IGMP Snooping gt Configuration IGMP Snooping Configuration IGMP Snooping Configuration Admin Mode Disable Enable Multicast Control Frame Count 0 Validate IGMP IP header Disable Enable Interfaces Enabled for IGMP Snooping VLAN IDs Enabled for IGMP Snooping To configure IGMP Snooping 1 Use the Admin Mode Enable Disable radio button to select the administrative mode for IGMP Snooping for the switch The default is disable The following table displays information about the global IGMP snooping status and statistics on the page Configuring Switching Information 148 M4100 M7100 Web Management User Guide Field Description Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for IGMP Snooping A list of all the interface
350. n page click Switching gt Multicast gt IGMP Snooping gt IGMP VLAN Configuration IGMP VLAN Configuration IGMP VLAN Configuration Group Membership Interval Maximum Multicast Router Response Time Expiry Time To configure IGMP snooping settings for VLANs 1 To enable IGMP snooping on a VLAN enter the VLAN ID in the appropriate field and configure the IGMP Snooping values e Use Admin Mode to enable or disable IGMP Snooping for the specified VLAN ID e Use Fast Leave Admin Mode to enable or disable the IGMP Snooping Fast Leave Mode for the specified VLAN ID Configuring Switching Information 150 M4100 M7100 Web Management User Guide e Use Group Membership Interval to set the value for group membership interval of IGMP Snooping for the specified VLAN ID Valid range is Maximum Response Time 1 to 3600 seconds e Use Maximum Response Time to set the value for maximum response time of IGMP Snooping for the specified VLAN ID Valid range is 1 to Group Membership Interval 1 Its value should be greater than group membership interval value e Use Multicast Router Expiry Time to set the value for multicast router expiry time of IGMP Snooping for the specified VLAN ID Valid range is 0 to 3600 seconds Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch To disable IGMP snooping on a VLAN and remove it from the list select the check box n
351. n page 306 DHCP Snooping Global Configuration To display the DHCP Snooping Global Configuration page click Security gt Control gt DHCP Snooping gt Global Configuration Managing Device Security 301 M4100 M7100 Web Management User Guide DHCP Snooping Global Configuration DHCP Snooping Global Configuration DHCP Snooping Mode Disable Enable MAC Address Validation Disable Enable VLAN Configuration a VLAN ID DHCP Snooping Mode DHCP Snooping Configuration 1 Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature The factory default is disabled 2 Use MAC Address Validation to enable or disable the validation of sender MAC Address for DHCP Snooping The factory default is enabled DHCP Snooping VLAN Configuration 1 Use VLAN ID to enter the VLAN for which the DHCP Snooping Mode is to be enabled 2 Use DHCP Snooping Mode to enable or disable the DHCP Snooping feature for entered VLAN The factory default is disabled 3 Click APPLY to apply the new configuration and cause the changes to take effect These changes will not be retained across a power cycle unless a save configuration is performed Managing Device Security 302 M4100 M7100 Web Management User Guide DHCP Snooping Interface Configuration To display the DHCP Snooping Interface Configuration page click Security gt Control gt DHCP Snooping gt Interface Configuration DHCP Snooping Interface Configuration
352. n you select a tab the features for that tab appear as links directly under the tabs The feature links in the blue bar change according to the navigation tab that is selected The configuration pages for each feature are available as links in the page menu on the left side of the page Some items in the menu expand to reveal multiple configuration pages as the following figure shows When you click a menu item that includes multiple configuration pages the item becomes preceded by a down arrow symbol and expands to display the additional pages Getting Started 10 M4100 M7100 Web Management User Guide gt System Page Link Information gt Switch Statistics gt System CPU Status gt Loopback Interface Network Interface Configuration IPv4 oo Pages Configuration IPv6 Network Configuration IPv6 Network Interface Neighbor Table Time gt DNS gt SDM Template Preference Configuration and Monitoring Options The area directly under the feature links and to the right of the page menu displays the configuration information or status for the page you select On pages that contain configuration options you can input information into fields or select options from drop down menus Each page contains access to the HTML based help that explains the fields and configuration options for the page Each page also contains command buttons Table 1 shows the command buttons that are used throughout the pages in t
353. nd Use Burst Interval secs to specify the burst interval value for rate limiting purpose on this interface If the rate limit is None burst interval has no meaning shows it as N A The factory default is 1 second Managing Device Security 311 M4100 M7100 Web Management User Guide DAI ACL Configuration This screen shows the ARP ACLs configured To display the DAI ACL Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI ACL Configuration Dynamic ARP Inspection ACL Configuration DAI ACL Configuration 1 Use Name to create New ARP ACL for DAI 2 Click ADD to add a new DAI ACL to the switch configuration 3 Click DELETE to remove the currently selected DAI ACL from the switch configuration DAI ACL Rule Configuration This screen shows the Rules for selected DAI ARP ACL To display the DAI ACL Rule Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI ACL Rule Configuration Dynamic ARP Inspection ACL Rules Configuration Rules ACL Name Test v DAI Rule Table et Source IP Address Source MAC Address 1 ACL Name Selects the DAI ARP ACL for which information want to be displayed or configured 2 Click ADD to add a new Rule to the selected ACL 3 Click DELETE to remove the currently selected Rule from the selected ACL Managing Device Security 312 M4100 M7100 Web Management User Guide Field Description Source IP
354. nfigure to see a menu that displays statistics and configuration options Click the menu option to access the page that contains the configuration or monitoring options NETGEAR soda eta 12 Port Fiber Gigabit Layer 2 Connect with Innovation Managed Switch with Static Routing System Switching Routing QoS Security Monitoring Maintenance Help Index Management PoE SNMP LLDP ISDP Timer Schedule Device View Port Configuration Cable Test Port Detailed Statistics Port Summary Statistics Double VLAN Tunneling Spanning Tree Port Configuration Spanning Tree Port Configuration Status VLAN Port Configuration GARP Port Configuration Port Security Interface Configuration Port Security Static Port Security Dynamic Port Security Violation Status IP Interface Configuration Port Access Control Configuration Port Access Control Statistics MVR Interface Configuration REFRESH If you click the graphic but do not click a specific port the main menu appears This menu contains the same option as the navigation tabs at the top of the page Getting Started 12 M4100 M7100 Web Management User Guide NETGEAR M4100 D12G z 12 Port Fiber Gigabit Layer 2 Connect with Innova Managed Switch with Static Routing System Switching Routing QoS Security Monitoring Maintenance Help Index Management Services PoE SNMP LLDP ISDP Timer Schedule Device View NETGEAR PROSAFE M4100 D12G a p o o o o D mm Wanagement gt
355. ng Table on page 540 The ACL named Sales_ACL looks for Ethernet frames with destination and source MAC addresses and MAC masks defined in the rule Also the frame must be tagged with VLAN ID 2 which is the Sales department VLAN The CoS value of the frame must be 0 which is the default value for Ethernet frames Frames that match this criteria are permitted on interfaces 6 7 and 8 and are assigned to the hardware egress queue 0 which is the default queue All other traffic is explicitly denied on these interfaces To allow additional traffic to enter these Configuration Examples 394 M4100 M7100 Web Management User Guide ports you must add a new permit rule with the desired match criteria and bind the rule to interfaces 6 7 and 8 Standard IP ACL Example Configuration The following example shows how to create an IP based ACL that prevents any IP traffic from the Finance department from being allowed on the ports that are associated with other departments Traffic from the Finance department is identified by each packet s network IP address 1 From the IP ACL screen create a new IP ACL with an IP ACL ID of 1 See P ACL on page 541 2 From the IP Rules screen create a rule for IP ACL 1 with the following settings e Rule ID 1 e Action Deny e Assign Queue ID 0 optional 0 is the default value e Match Every False e Source IP Address 192 168 187 0 e Source IP Mask 255 255 255 0 For additional information about
356. ng packets per the policing metrics from which one can be selected The default is send For each of the above Action Selectors one of the following actions can be taken e Drop These packets are immediately dropped e Mark IP DSCP These packets are marked by DiffServ with the specified DSCP value before being presented to the system forwarding element This selection requires that the DSCP value field be set e Mark CoS These packets are marked by DiffServ with the specified CoS value before being presented to the system forwarding element This selection requires that the Mark CoS value field be set e Send These packets are presented unmodified by DiffServ to the system forwarding element Configuring Quality of Service 237 M4100 M7100 Web Management User Guide e Mark IP Precedence These packets are marked by DiffServ with the specified IP Precedence value before being presented to the system forwarding element This selection requires that the Mark IP Precedence value field be set 5 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 6 If you change any of the settings on the page click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Field Description Policy Name Displays name of the DiffServ policy Policy Type Displays type of the policy as In Member Class Name D
357. ng page e sFlow Agent Information on page 360 sFlow Agent Information To display the sFlow Agent page click Monitoring gt sFlow gt Basic gt sFlow Agent Information sFlow Agent Information sFlow Agent Information Agent Version 1 3 Netgear Inc 3 21 13 28 Agent Address 10 27 34 52 Monitoring the System 360 M4100 M7100 Web Management User Guide Field Description Agent Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organization Software Revision where e MIB Version 1 3 the version of this MIB e Organization NETGEAR Inc e Revision 1 0 Agent Address The IP address associated with this agent Click REFRESH to refresh the web page to show the latest sFlow agent information Advanced From the Advanced link you can access the following pages e sFlow Agent on page 361 e sFlow Receiver Configuration on page 362 e sFlow Interface Configuration on page 363 sFlow Agent To display the sFlow Agent page click Monitoring gt sFlow gt Advanced gt sFlow Agent sFlow Agent Information sFlow Agent Information Agent Version Agent Address 1 3 Netgear Inc 3 21 13 28 10 27 34 52 Field Description Agent Version Uniquely identifies the version and implementation of this MIB The version string must have the following structure MIB Version Organiza
358. nk The following figure shows the configuration fields for the class Configuring Quality of Service 230 M4100 M7100 Web Management User Guide Class Configuration Class Information Class Name Class Type DiffServ Class Configuration Q Match Every Reference Class Class Of Service f O VLAN O Secondary Class of Service Secondary VLAN O Ethernet Type Source MAC Destination MAC Protocol Type O Source IP O Source L4 Port Destination IP Destination L4 Port IP pscp Precedence Value IP Tos Class Summary Any w 0 0 Address Address ICMP Address domain Address domain afii o Bit Value Appletalk Classi All 4095 gt 4095 6 ffff he Mask Mask Mask Mask Bit Mask Match Criteria Values Class Name Displays the name for the configured DiffServ class Class Type Displays the DiffServ class type Options e All Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type Define the criteria to associate with a DiffServ class e Match Every This adds to the specified class definition a match condition whereby all packets are considered to belong to the class e Reference Class This lists the class es that can be assigned as reference class es to the current class e Class of Service
359. not configurable Authenticator PAE State This field displays the current state of the authenticator PAE state machine Possible values are e Initialize e Disconnected e Connecting e Authenticating Authenticated Aborting e Held ForceAuthorized e ForceUnauthorized Managing Device Security 281 M4100 M7100 Web Management User Guide Field Description Backend State This field displays the current state of the backend authentication state machine Possible values are e Request e Response e Success Fail Timeout Initialize Idle Vlan Assigned This field displays the vlan id assigned to the selected interface by the Authenticator This field is displayed only when the port control mode of the selected interface is not mac based This field is not configurable Vlan Assigned Reason This field displays reason for the vlan id assigned by the authenticator to the selected interface This field is displayed only when the port control mode of the selected interface is not mac based This field is not configurable Possible values are Radius Unauth Default Not Assigned Key Transmission Enabled This field displays if key transmission is enabled on the selected port This is not a configurable field The possible values are true and false
360. nterface Interface Mask Id de Address O 10 1022 Permit Disable 0 False Permit Disable 0 False To configure rules for an IP ACL 1 To add an IP ACL rule select the ACL ID to add the rule to complete the fields described in the following list and click ADD Only displays ACL IDs from 1 to 99 e Rule ID Enter a whole number in the range of 1 to 511 that will be used to identify the rule An IP ACL may have up to 511 rules e Action Specify what action should be taken if a packet matches the rule s criteria The choices are permit or deny e Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was Managing Device Security 324 M4100 M7100 Web Management User Guide hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is visible for a Deny Action e Assign Queue ID Specifies the hardware egress queue identifier used to handle all packets matching this IP ACL rule Valid range of Queue lds is 0 to 7 This field is visible when Permit is chosen as Action e Match Every Select true or false from the drop down menu True signifies that all packets will match th
361. o 8 5 Use Sampling Rate to specify the statistical sampling rate for packet sampling from this source A sampling rate of 1 counts all packets A sampling rate of 0 disables sampling Allowed range is 1024 to 65536 6 Use Maximum Header Size to specify the maximum number of bytes that should be copied from a sampled packet Allowed range is 20 to 256 Monitoring the System 363 Maintenance Use the features available from the Maintenance tab to help you manage the switch The Maintenance tab contains links to the following features e Save Configuration on page 364 e Reset on page 365 e Upload File From Switch on page 367 e Download File To Switch on page 371 e File Management on page 376 e Troubleshooting on page 378 Save Configuration The Save Configuration menu contains links to the following options e Save Configuration on page 364 e Auto Install Configuration on page 365 Save Configuration To access the Save Configuration page click Maintenance gt Save Config gt Save Configuration Save Configuration Save Configuration Saving all applied changes will cause all changes to configuration panels that were applied but not saved to be saved thus retaining their new values across a system reboot 364 M4100 M7100 Web Management User Guide 1 Select the check box and click the APPLY button to have configuration changes you have made saved across a system reboot All changes submitted since th
362. o different VLANs can take different paths within any Region per IEEE DRAFT P802 1s D13 All bridges whether they use STP RSTP or MSTP send information in configuration messages via Bridge Protocol Data Units BPDUs to assign port roles that determine each port s participation in a fully and simply connected active topology based on one or more spanning trees The information communicated is known as the spanning tree priority vector The BPDU structure for each of these different protocols is different A MSTP bridge will transmit the appropriate BPDU depending on the received type of BPDU from a particular port An MST Region comprises of one or more MSTP Bridges with the same MST Configuration Identifier using the same MSTIs and which have no Bridges attached that cannot receive and transmit MSTP BPDUs The MST Configuration Identifier has the following components 1 Configuration Identifier Format Selector 2 Configuration Name 3 Configuration Revision Level Configuration Examples 403 M4100 M7100 Web Management User Guide 4 Configuration Digest 16 byte signature of type HMAC MD5 created from the MST Configuration Table a VLAN ID to MSTID mapping As there are Multiple Instances of Spanning Tree there is a MSTP state maintained on a per port per instance basis or on a per port per VLAN basis as any VLAN can be in one and only one MSTI or CIST For example port A can be forwarding for instance 1 while discarding fo
363. o display the page click QoS gt DiffServ gt Advanced gt Class Configuration Class Name Class Name E Class Name Class Type Configuring Quality of Service 229 M4100 M7100 Web Management User Guide To configure a DiffServ class 7 To create a new class enter a class name select the class type and click ADD This field also lists all the existing DiffServ class names from which one can be selected The switch supports only the Class Type value All which means all the various match criteria defined for the class should be satisfied for a packet match All signifies the logical AND of all the match criteria Only when a new class is created this field is a selector field After class creation this becomes a non configurable field displaying the configured class type To rename an existing class select the check box next to the configured class update the name and click APPLY To remove a class click the check box beside the Class Name then click DELETE Click REFRESH to refresh the page with the most current data from the switch Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch After creating a Class click the class link to the Class page To configure the class match criteria 1 Click the class name for an existing class Class Name Class Name _ class name __ Class Type C Classi The class name is a hyperli
364. o enable disable ICMP Redirects Mode The router sends an ICMP Redirect on an interface only if Redirects are enabled both globally and on the interface By default ICMP Redirects Mode is enable 16 Use IP MTU to specify the maximum size of IP packets sent on an interface Valid range is 68 bytes to the link MTU Default value is 0 A value of 0 indicates that the IP MTU is unconfigured When the IP MTU is unconfigured the router uses the link MTU as the IP MTU The IP MTU is the maximum frame size minus the length of the layer 2 header Field Description VLAN ID Displays the VLAN ID for the interface Link State The state of the specified interface is either Active or Inactive An interface is considered active if it the link is up and it is in forwarding state Routing Interface Status Indicates whether the link status is up or down Click DELETE to delete the IP Address from the selected interface Click REFRESH to refresh the web page to show the latest IP information Routing 205 M4100 M7100 Web Management User Guide VLAN You can configure ProSafe Managed Switches software with some ports supporting VLANs and some supporting routing You can also configure the software to allow traffic on a VLAN to be treated as if the VLAN were a router port When a port is enabled for bridging default rather than routing all normal bridge processing is performed for an inbound packet which is then associated with a VLAN
365. ode Enable Disable Short Reach Admin Mode on the port With short reach mode enabled PHY is forced to operate in low power mode irrespective of the cable length Short Reach Operational Status Current operational status of the Short Reach mode EEE Admin Mode Enable Disable Energy Efficient Ethernet Mode on the port With EEE mode enabled Port transitions to Low power Mode during Link Idle condition 8 Click REFRESH to refresh the page with the most current data from the switch Configuring System Information 52 M4100 M7100 Web Management User Guide Port GreenMode EEE History Use this page to configure the Port GreenMode EEE History settings To access this page click System gt Management gt Green Ethernet gt Green Ethernet LPI History Port GreenMode EEE History Interface Ee Sampling Interval 3600 30 to 36000 Max Samples to keep 168 1 to 168 Percentage LPI time per Stack 39319264 Time Since Percentage Time spent Percentage Time spent Sample No The Sample in LPI mode in LPI mode since Was Recorded since last sample last reset To configure the port GreenMode EEE history 1 Select the Interface for which data is to be displayed or configured 2 The Sampling Interval is the Interval at which EEE LPI data needs to be collected This is a global setting and is applied to all interfaces The Range is 30 to 36000 The Default value is 3600 3 The M
366. of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination Metric Administrative cost of the path to the destination If no value is entered default is 1 The range is 0 255 Click REFRESH to refresh the web page to show the latest learned routes Routing 188 M4100 M7100 Web Management User Guide Route Preferences Use this panel to configure the default preference for each protocol e g 60 for static routes 120 for RIP These values are arbitrary values in the range of 1 to 255 and are independent of route metrics Most routing protocols use a route metric to determine the shortest path known to the protocol independent of any other protocol The best route to a destination is chosen by selecting the route with the lowest preference value When there are multiple routes to a destination the preference values are used to determine the preferred route If there is still a tie the route with the best route metric will be chosen To avoid problems with mismatched metrics i e RIP and OSPF metrics are not directly comparable you must configure different preference values for each of the protocols To display the Route Preferences page click Routing gt Routing Table gt Advanced gt Route Preferences Route
367. ollowed by the remaining greater mac addresses An exact match is required Searched by VLAN ID Select VLAN ID from drop down menu enter the VLAN ID for example 100 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Searched by Port Select Port from drop down menu enter the port ID in Unit Slot Port for example 2 1 1 Then click on the Go button If the address exists the entry will be displayed as the first entry followed by the remaining greater mac addresses Configuring Switching Information 173 M4100 M7100 Web Management User Guide Field Description Total MAC Address Displaying the number of total MAC addresses learned or configured MAC Address A unicast MAC address for which the switch has forwarding and or filtering information The format is a 6 byte MAC Address that is separated by colons for example 01 23 45 67 89 AB VLAN ID The VLAN ID associated with the MAC Address Port The port upon which this address was learned Status The status of this entry The meanings of the values are Static the value of the corresponding instance was added by the system or a user and cannot be relearned e Learned the value of the corresponding instance was learned and is being used e Management the value of the corresponding instance is also the value of an existing instanc
368. ollowing table describes the LLDP Remote Device Information fields Configuring System Information 89 M4100 M7100 Web Management User Guide Field Description Remote ID Specifies the Remote ID Chassis ID Specifies the chassis component associated with the remote system Chassis ID Subtype Specifies the source of the chassis identifier Port ID Specifies the port component associated with the remote system Port ID Subtype Specifies the source of port identifier System Name Specifies the system name of the remote system System Description Specifies the description of the given port associated with the remote system Port Description Specifies the description of the given port associated with the remote system System Capabilities Supported Specifies the system capabilities of the remote system System Capabilities Enabled Specifies the system capabilities of the remote system which are supported and enabled Time to Live Specifies the Time To Live value in seconds of the received remote entry Management Address Type Specifies the type of the management address Management Address e Management Address Specifies the advertised management address of the remote system Type Specifies the type of the management address LLDP Remote Device Inventory To display this page click System gt LLDP gt LLDP gt Remote Device
369. on Configuring Quality of Service 235 M4100 M7100 Web Management User Guide 4 Click ADD to add a new policy to the switch 5 Click DELETE to delete the currently selected policy from the switch To configure the policy attributes 1 Click the name of the policy Policy Configuration Policy Configuration E Policy Name Policy Type Member Class O Class2 In The policy name is a hyperlink The following figure shows the configuration fields for the policy Policy Class Configuration Class Information Policy Name Class2 Policy Type In Member Class Name Policy Attribute Policy Attribute Assign Queue 0 v Drop Mark VLAN Cos ow O Mark IP Precedence 0 v Mark IP DscP afi m O Simple Policy Color Mode Color Blind Comitted Rate Comitted Burst Size Conform Action Send Drop O Mark Cos 0 O Mark IP Precedence 0 O Mark IP oscp afii 10 Violate Action Send Drop O Mark Cos 0 Mark IP Precedence 0 Mark IP DSCP af1 1 10 2 Select the queue to which packets will of this policy class will be assigned This is an integer value in the range 0 to 7 3 Configure the policy attributes Configuring Quality of Service 236 M4100 M7100 Web Management User Guide Drop Select the drop radio button This flag indicates that the policy attribute is defined to drop every inbound packet Mark VLAN CoS This is an integer value in the range from 0 to 7 for setting the VLAN priori
370. on information in the available fields described below and then click ADD a Community Name Enter the community string for the SNMP trap packet to be sent to the trap manager This may be up to 16 characters and is case sensitive b Version Select the trap version to be used by the receiver from the pull down menu e SNMP V1 Uses SNMP V1 to send traps to the receiver e SNMP V2 Uses SNMP V2 to send traps to the receiver c Protocol Select the protocol to be used by the receiver from the pull down menu Select the IPv4 if the receiver s address is IPv4 address or IPv6 if the receiver s address is IPv6 Configuring System Information 78 M4100 M7100 Web Management User Guide d Address Enter the IPv4 address in x x x x format or IPv6 address in XXXX XXXX XXXX XXXXX XXXX XXXX XXXX XXXX Or a hostname starting with an alphabet to receive SNMP traps from this device Length of address can not exceed 158 characters e Status Select the receiver s status from the drop down menu e Enable Send traps to the receiver e Disable Do not send traps to the receiver To modify information about an existing SNMP recipient select the check box next to the recipient change the desired fields and then click APPLY Configuration changes take effect immediately To delete a recipient select the check box next to the recipient and click DELETE Click CANCEL to cancel the configuration on the screen and reset the data on the
371. on to the switch Configuration changes take effect immediately File Management The system maintains two versions of the ProSafe Managed Switches software in permanent storage One image is the active image and the second image is the backup image The active image is loaded during subsequent switch restarts This feature reduces switch down time when upgrading or downgrading the ProSafe Managed Switches software The File Management menu contains links to the following options e Copy on page 376 e Dual Image Configuration on page 377 Copy To display the Copy page click Maintenance gt File Management gt Copy Copy Copy Source Image image1 image2 Destination Image imagel image2 1 Use Source Image to select the image1 or image2 as source image when copy occurs 2 Use Destination Image to select the image1 or image2 as destination image when copy occurs Maintenance 376 M4100 M7100 Web Management User Guide Dual Image Configuration The Dual Image feature allows switch to retain two images in permanent storage The user designates one of these images as the active image to be loaded during subsequent switch restarts This feature reduces switch down time when upgrading downgrading the image To display the Dual Image Configuration page click Maintenance gt File Management gt Dual Image Configuration Dual Image Configuration Dual Image Configuration Active at aoe Unit Ima
372. onfiguration Community Configuration H Soreness Client Address Client IP Mask Access Mode Status Name O public 0 0 0 0 0 0 0 0 Read Only Enable C private 0 0 0 0 0 0 0 0 Read Write Enable 1 Use Community Name to reconfigure an existing community or to create a new one Use this drop down menu to select one of the existing community names or select Create to add a new one A valid entry is a case sensitive string of up to 16 characters 2 Client Address Taken together the Client Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either Client Address or IP Mask value is 0 0 0 0 access is allowed from any IP address Otherwise every client s address is ANDed with the mask as is the Client Address and if the values are equal access is allowed For example if the Client Address and Client IP Mask parameters are 192 168 1 0 255 255 255 0 then any client whose address is Configuring System Information 77 M4100 M7100 Web Management User Guide 192 168 1 0 through 192 168 1 255 inclusive will be allowed access To allow access from only one station use a Client IP Mask value of 255 255 255 255 and use that machine s IP address for Client Address 3 Client IP Mask Taken together the Client Address and Client IP Mask denote a range of IP addresses from which SNMP clients may use that community to access this device If either Client
373. onfiguration To display the DAI Interface Configuration page click Security gt Control gt Dynamic ARP Inspection gt DAI Interface Configuration Dynamic ARP Inspection Interface Configuration DAI Interface Configuration 1 LAGS all Go To Interface GC pet ommes enuon T peneme O o1 Disable 1 O 0 2 Disable 15 1 O os Disable 15 1 O 0 4 Disable 15 1 O o s Disable 15 1 O o6 Disable 15 1 Ol o 7 Disable 15 1 O o s Disable 15 1 O 0 9 Disable 15 1 O o 10 Disable 15 1 E 0 11 Disable 15 1 O 0 12 Disable 15 1 1 LAGS All Go To Interface GO Interface Selects the physical interface for which data is to be configured Use Trust Mode to indicate whether the interface is trusted for Dynamic ARP Inspection purpose If this object is set to Enable the interface is trusted ARP packets coming to this interface will be forwarded without checking If this object is set to Disable the interface is not trusted ARP packets coming to this interface will be subjected to ARP inspection The factory default is disable Use Rate Limit pps to specify rate limit value for Dynamic ARP Inspection purpose If the incoming rate of ARP packets exceeds the value of this object for consecutively burst interval seconds ARP packets will be dropped If this value is N A there is no limit The value can set to 1 which means N A The range of Rate Limit is 0 300 The factory default is 15pps packets per seco
374. onse 3 From the Accounting Mode menu select whether the RADIUS accounting mode is enabled or disabled on the current server 4 Use RADIUS Attribute 4 to enable or disable RADIUS attribute 4 Default value is Disable 5 The Radius Attribute 4 Value is an optional field and can be seen only when Radius attribute 4 Mode is enabled It takes an IP address value in the format xx xx xx xx Field Description Current Server Address The Address of the current server This field is blank if no servers are configured Number of Configured Authentication Servers Displays the number of configured Authentication RADIUS servers The value can range from 0 to 32 Number of Configured Accounting Servers Displays the number of RADIUS Accounting Servers configured The value can range from 0 to 32 Number of Named Authentication Server Groups Displays the number of Named RADIUS server Authentication groups configured Number of Named Accounting Server Groups Displays the number of Named RADIUS server Accounting groups configured RADIUS Server Configuration Use the RADIUS Server Configuration page to view and configure various settings for the current RADIUS server configured on the system To access the RADIUS Server Configuration page click Security gt Management Security gt RADIUS gt Server Configuration link Server Configuration Server Configuration Radius Server IP Address Ra
375. oping Querier VLAN Configuration on page 161 MLD Snooping Configuration Use this menu to configure the parameters for MLD Snooping which is used to build forwarding lists for multicast traffic Note that only a user with Read Write access privileges may change the data on this screen To access the MLD Snooping Configuration page click Switching gt Multicast gt MLD Snooping gt Configuration MLD Snooping Configuration MLD Snooping Configuration MLD Snooping Admin Mode Disable Enable Multicast Control Frame Count 0 Interfaces Enabled for MLD Snooping VLAN IDs Enabled for MLD Snooping 1 Use MLD Snooping Admin Mode to select the administrative mode for MLD Snooping for the switch The default is disable Field Definition Multicast Control Frame Count The number of multicast control frames that are processed by the CPU Interfaces Enabled for MLD Snooping A list of all the interfaces currently enabled for MLD Snooping VLAN Ids Enabled For MLD Snooping Displays VLAN Ids enabled for MLD snooping Configuring Switching Information 157 M4100 M7100 Web Management User Guide MLD Snooping Interface Configuration To access the MLD Snooping Interface Configuration page click Switching gt Multicast gt MLD Snooping gt Interface Configuration MLD Snooping Interface Configuration MLD Snooping Interface Configuration 1 LAGS All Go To Interfac
376. or PAE sets the controlled port mode to reflect the outcome of the authentication exchanges between the supplicant authenticator and the authentication server on a per supplicant basis e N A The control mode is not applicable Use MAB to enable or disable MAP The default selection is Disable Quiet Period This input field allows the user to configure the quiet period for the selected port This command sets the value in seconds of the timer used by the authenticator state machine on this port to define periods of time in which it will not attempt to acquire a supplicant The quiet period is the period for which the authenticator does not attempt to acquire a supplicant after a failed authentication exchange with the supplicant The quiet period must be a number in the range of 0 and 65535 A quiet period value of O means that the authenticator state machine will never acquire a supplicant The default value is 60 Changing the value will not change the configuration until the APPLY button is pressed Transmit Period This input field allows the user to configure the transmit period for the selected port The transmit period is the value in seconds of the timer used by the authenticator state machine on the specified port to determine when to send an EAPOL EAP Request Identity frame to the supplicant The transmit period must be a number in the range of 1 and 65535 The default value is 30 Changing the value will not change the configurat
377. ormation 167 M4100 M7100 Web Management User Guide MVR Group Membership To display the MVR Configuration page click Switching gt MVR gt Advanced gt MVR Group Membership A screen similar to the following is displayed MVR Group Membership MVR Group Membership Group IP 1 Use the Group IP to specify the IP multicast address of the MVR group for which you want to display or configure data 2 Use the Port List to show the configured list of members of the selected MVR group You can use this port list to add the ports you selected to this MVR group 3 Click CANCEL to cancel the configuration on the screen and reset the data on the screen 4 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately MVR Statistics To display the MVR Configuration page click Switching gt MVR gt Advanced gt MVR Statistics A screen similar to the following is displayed Statistics Mvr Statistics IGMP Query Received IGMP Report Vi Received IGMP Report V2 Received IGMP Leave Received IGMP Query Transmitted IGMP Report Vi Transmitted IGMP Report V2 Transmitted IGMP Leave Transmitted IGMP Packet Receive Failures O O O OOQOOOOO IGMP Packet Transmit Failures 1 Click REFRESH to refresh the web page to show the latest MVR statistics Field Definition IGMP Query Received Displays the number of received IGMP Queries IGMP Report V1 Received D
378. ort 67 packets domain Relay DNS UDP port 53 packets isakmp Relay ISAKMP UDP port 500 packets mobile ip Relay Mobile IP UDP port 434 packets nameserver Relay IEN 116 Name Service UDP port 42 packets netbios dgm Relay NetBIOS Datagram Server UDP port 138 packets netbios ns Relay NetBIOS Name Server UDP port 137 packets ntp Relay network time protocol UDP port 123 packets pim auto rp Relay PIM auto RP UDP port 496 packets rip Relay RIP UDP port 520 packets tacacs Relay TACACS UDP port 49 packet tftp Relay TFTP UDP port 69 packets time Relay time service UDP port 37 packets Other If this option is selected the UDP Port Other Value is enabled This option permits a user to enter their own UDP port in UDP Port Other Value 4 Use UDP Port Other Value to specify a UDP Destination Port that lies between 0 and 65535 5 Click ADD to create an entry in UDP Relay Table with the specified configuration Configuring System Information 68 M4100 M7100 Web Management User Guide 6 Click DELETE to remove all entries or a specified one from UDP Relay Table The following table describes the UDP Relay Global Configuration fields Field Description Hit Count Show the number of UDP packets hitting the UDP port UDP Relay Interface Configuration To display the UDP Relay Interface Configuration page click System gt Services gt UDP Relay gt UDP Relay Interface
379. ort speed and duplex mode Link Status Indicates whether the Link is up or down iflndex The iflndex of the interface table entry associated with this port Configuring Switching Information 177 Port Description M4100 M7100 Web Management User Guide This page configures and displays the description for all ports in the box To access the Port Description page click Switching gt Ports gt Port Description Port Description Port Description 1 VLANS LAGS All Q Go To Port Eo PortList Ee pe Description MAC Address Ea a 1 0 2 0 3 0 4 0 6 0 7 0 8 0 9 0 10 0 11 0 12 o O o 0O O 0 d 0 oO 0 o O 1 VLANS LAGS All 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 00 09 02 07 09 0B 11 00 09 02 07 09 0B 12 Go To Port Go A o ony FU amp WN e N m o m o 1 Use Port Description to enter the description string to be attached to a port It can be up to 64 characters in length Field Description Port Selects the interface for which data is to be displayed or configured MAC Address Displays the physical address of the specified interface PortList Bit Offset Displays the bit offset value which corresponds to the port when the MIB object type PortList is used to manage in SNMP iflnde
380. orts must have a defined PVID e If no other value is specified the default VLAN PVID is used e If you want to change the port s default PVID you must first create a VLAN that includes the port as a member e Use the Port VLAN ID PVID Configuration page to configure a virtual LAN on a port To access the Port PVID Configuration page click Switching gt VLAN gt Advanced gt Port PVID Configuration Port PVID Configuration PVID Configuration 1 LAGS All Go To Interface aso Acceptable Configured Current Frame Ingress Ingress Types Filtering Filtering EO Vi Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable Admit All Disable Disable 0 11 Admit All Disable Disable 0 12 Admit All Disable Disable 1 LAGS All Go To Interface laco Current PVID Configured PVID Interface Port Priority l T Dooooooooooon Q o e e e e fee ee ee To configure PVID information 1 Click ALL to display information for all Physical ports and LAGs 2 Select the check box next to the interfaces to configure You can select multiple interfaces to apply the same setting to the selected interfaces Select the check box in the heading row to apply the same settings to all interfaces 3 Use Interface to select
381. ory default is the IPv4 address 0 0 0 0 5 Use Remote File Path to enter the path of the file which you want to download You may enter up to 96 characters The factory default is blank 6 Use Remote File Name to enter the name of the file on the TFTP server you want to download You may enter up to 32 characters The factory default is blank SSH From the SSH link you can access the following pages e SSH Configuration on page 265 e Host Keys Management on page 266 e Host Keys Download on page 267 SSH Configuration To display the SSH Configuration page click Security gt Access gt SSH gt SSH Configuration SSH Configuration SSH Configuration SSH Admin Mode Disable Enable SSH Version 1 Disable Enable SSH Version 2 Disable Enable SSH Session Timeout l 5 minutes Maximum Number of SSH Sessions 5 Current Number of SSH Sessions Keys Present No Login Authentication List networkList v Enable Authentication List enableNetList v Managing Device Security 265 M4100 M7100 Web Management User Guide 1 Use SSH Admin Mode to Enable or Disable the administrative mode of SSH The currently configured value is shown when the web page is displayed The default value is Disable 2 Use SSH Version 1 to Enable or Disable Protocol Level 1 for SSH The currently configured value is shown when the web page is displayed The default value is Enable 3 Use SSH Version 2 to Enable or Disable
382. ose from 1200 2400 4800 9600 19200 38400 57600 and 115200 baud The factory default is 115200 baud 3 Use Login Authentication List to specify which authentication list to use when you login through Telnet The default value is defaultList 4 Use Enable Authentication List to specify which authentication list to use when going into the privileged EXEC mode The default value is enableList Field Description Character Size bits The number of bits in a character This is always 8 Flow Control Whether hardware flow control is enabled or disabled It is always disabled Stop Bits The number of stop bits per character Its is always 1 Parity The parity method used on the serial port It is always None Managing Device Security 271 M4100 M7100 Web Management User Guide Denial of Service Configuration To display the Denial of Service page click Security gt Access gt Denial of Service Configuration Denial of Service Configuration Denial of Service Configuration Denial of Service Min TCP Header Size 20 0 to 255 Denial of Service ICMPv4 Disable Enable Denial of Service Max ICMPv4 Packet Size 0 to 16376 Denial of Service ICMPv6 Disable Enable Denial of Service Max ICMPv6 Packet Size 0 to 16376 Denial of Service First Fragment Disable Enable Denial of Service ICMP Fragment Disable Enable Denial of Service SIP DIP Disable Enable Denial of Serv
383. ource L4 Port to specify a packet s source layer 4 port as a match condition for the selected IPv6 ACL rule Source port information is optional Source port information can be specified in two ways a Select keyword other from the drop down menu and specify the number of the port in the range from 0 to 65535 b Select one of the keyword from the list DOMAIN ECHO FTP FTPDATA WWW HTTP SMTP SNMP TELNET and TFTP Each of these values translates into its equivalent port number which is used as both the start and end of the port range Use Destination Prefix Prefix Length to enter up to 128 bit prefix combined with prefix length to be compared to a packet s destination IP Address as a match criteria for the selected IPv6 ACL rule Prefix length can be in the range 0 to 128 Managing Device Security 330 12 13 14 15 16 17 18 19 20 M4100 M7100 Web Management User Guide Use Destination L4 Port to specify a packet s destination layer 4 port as a match condition for the selected IPv6 ACL rule Destination port information is optional Destination port information can be specified in two ways a Select keyword other from the drop down menu and specify the number of the port in the range from 0 to 65535 b Select one of the keyword from the list DOMAIN ECHO FTP FTPDATA WWW HTTP SMTP SNMP TELNET and TFTP Each of these values translates into its equivalent port number which is used as both
384. pace is filled 3 Click REFRESH to refresh the web page to show the latest messages in the log 4 Click CLEAR to clear the buffered log in the memory Monitoring the System 349 M4100 M7100 Web Management User Guide Message Log This help message applies to the format of all logged messages which are displayed for the message log persistent log or console log Format of the messages Messages logged to a collector or relay via syslog have an identical format of either type If system is not stacked e lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a message with severity 7 15 mod 8 debug on a system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged If the system is stacked e lt 15 gt Aug 24 05 34 05 0 0 0 0 1 MSTP 2110 mspt_api c 318 237 Interface 12 transitioned to root state on message age timer expiry The above example indicates a message with severity 7 15 mod 8 debug on a system that is stacked and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged with system IP 0 0 0 0 and task id 1 Format of the messages e lt 15 gt Aug 24 05 34 05 STKO MSTP 2110 mspt_api c 318 237 Interface 12 transi
385. pairs unterminated or grounded Field Description Cable Status This displays the cable status as Normal Open or Short e Normal the cable is working correctly e Open the cable is disconnected or there is a faulty connector e Short there is an electrical short in the cable Cable Test Failed The cable status could not be determined The cable may in fact be working Monitoring the System 347 M4100 M7100 Web Management User Guide Field Description Cable Length The estimated length of the cable in meters The length is displayed as a range between the shortest estimated length and the longest estimated length Unknown is displayed if the cable length could not be determined The Cable Length is only displayed if the cable status is Normal Failure Location The estimated distance in meters from the end of the cable to the failure location The failure location is only displayed if the cable status is Open or Short Logs The switch may generate messages in response to events faults or errors occurring on the platform as well as changes in configuration or other occurrences These messages are stored locally and can be forwarded to one or more centralized points of collection for monitoring purposes or long term archival storage Local and remote configuration of the logging capability includes filtering of messages logged or forwarded based on severity and generating compon
386. pecified is the next hop IP address otherwise each field needs to be specified 2 Network Address displays the IP route prefix for the destination 3 Subnet Mask indicates the portion of the IP interface address that identifies the attached network This is also referred to as the subnet network mask 4 Next Hop IP Address displays the outgoing router IP address to use when forwarding traffic to the next router if any in the path towards the destination The next router will always be one of the adjacent neighbors or the IP address of the local interface for a directly attached network 5 Preference displays an integer value from 1 to 255 The user can specify the preference value sometimes called administrative distance of an individual static route Among routes to the same destination the route with the lowest preference value is the route entered into the forwarding database By specifying the preference of a static route the user controls whether a static route is more or less preferred than routes from dynamic routing protocols The preference also controls whether a static route is more or less preferred than other static routes to the same destination 6 Use Description to specify the description of this route that identifies the route Description must consist of alpha numeric dash or underscore characters and have length in the range from 0 to 31 7 Click ADD to add a new static route entry to the switch Click
387. played The default value is Enable 3 Use TLS Version 1 to Enable or Disable Transport Layer Security Version 1 0 The currently configured value is shown when the web page is displayed The default value is Enable Managing Device Security 262 M4100 M7100 Web Management User Guide 4 Use HTTPS Port to set the HTTPS Port Number The value must be in the range of 1 to 65535 Port 443 is the default value The currently configured value is shown when the web page is displayed 5 Use HTTPS Session Soft Timeout Minutes to set the inactivity time out for HTTPS sessions The value must be in the range of 1 to 60 minutes The default value is 60 minutes The currently configured value is shown when the web page is displayed 6 Use HTTPS Session Hard Timeout Hours to set the hard time out for HTTPS sessions This time out is unaffected by the activity level of the session The value must be in the range of 1 to 168 hours The default value is 24 hours The currently configured value is shown when the web page is displayed 7 Use Maximum Number of HTTPS Sessions to set the maximum allowable number of HTTPS sessions The value must be in the range of 0 to 16 The default value is 16 The currently configured value is shown when the web page is displayed Field Description Authentication List Displays authentication list for HTTPS Certificate Management Use this page to generate or delete certificat
388. plays the device ID format capability Device ID format Displays the device ID format Configuring System Information 101 M4100 M7100 Web Management User Guide Interface Configuration To display this page click System gt ISDP gt Advanced gt Interface Configuration A screen similar to the following is displayed ISDP Interface Configuration Interface Configuration ji All Go To Port i Admin Mode E 0 1 Enable O 0 2 Enable E 0 3 Enable CO 0 4 Enable O 0 5 Enable CO 0 6 Enable 0 7 Enable O 0 8 Enable C 0 9 Enable J 0 10 Enable C 0 11 Enable J 0 12 Enable 1 All Go To Port aso 1 Use Port to select the port on which the admin mode is configured 2 Use Admin Mode to enable or disable ISDP on the port The default value is enable ISDP Neighbor To display this page click System gt ISDP gt Advanced gt Neighbor A screen similar to the following is displayed ISDP Neighbor ISDP Neighbor Search By Entry Time 2TH11959F002C 0 1 Router GSM7212P 0 1 178 4 Days 01 33 46 10 19 5 39 2TG12151F0010 0 3 Router GSM5212P 0 1 168 2 Days 21 53 44 7 0 0 0 Configuring System Information 102 M4100 M7100 Web Management User Guide The following table describes the ISDP Neighbor fields Field Description Device ID The device ID of the ISDP neighbor Interface The interface on which the neighbor is discovered Address
389. power or due to administrative action SNMP From the SNMP link under the System tab you can configure SNMP settings for SNMP V1 V2 and SNMPv3 From the SNMP link you can access the following pages e SNMP V1 V2 on page 77 e SNMP V3 on page 82 Configuring System Information 76 M4100 M7100 Web Management User Guide SNMP V1 V2 The pages under the SNMP V1 V2 menu allow you to configure SNMP community information traps and trap flags From the SNMP V1 V2 link you can access the following pages e Community Configuration on page 77 e Trap Configuration on page 78 e Trap Flags on page 80 e Supported MIBs on page 81 Community Configuration By default two SNMP Communities exist e Private with Read Write privileges and status set to Enable e Public with Read Only privileges and status set to Enable These are well known communities Use this page to change the defaults or to add other communities Only the communities that you define using this page will have access to the switch using the SNMP V1 and SNMP V2 protocols Only those communities with read write level access can be used to change the configuration using SNMP Use this page when you are using the SNMP V1 and SNMP V2 protocol If you want to use SNMP v3 you should use the User Accounts menu To display this page click System gt SNMP gt SNMP V1 V2 gt Community Configuration A screen similar to the following is displayed Community C
390. pports MVR Current Multicast Groups Displays current number of the MVR groups allocated Configuring Switching Information 164 M4100 M7100 Web Management User Guide 3 Use MVR Global query response time to set the maximum time to wait for the IGMP reports membership on a receiver port This time applies only to receiver port leave processing When an IGMP query is sent from a receiver port the switch waits for the default or configured MVR query time for an IGMP group membership report before removing the port from the multicast group membership The value is equal to the tenths of second The range is from 1 to 100 tenths The factory default is 5 tenths or one half 4 Use MVR Mode to specify the MVR mode of operation The factory default is compatible Advanced From the Advanced link you can access the following pages MVR Configuration on page 165 MVR Group Configuration on page 166 MVR Interface Configuration on page 167 MVR Group Membership on page 168 MVR Statistics on page 168 MVR Configuration To display the MVR Configuration page click Switching gt MVR gt Advanced gt MVR Configuration A screen similar to the following is displayed MVR Configuration MVR Configuration MVR Running Disable Enable MVR Multicast Vian a 1 to 4094 MVR Max Multicast Groups 256 MVR Current Multicast Groups 0 MVR Global query response time L5 1 to 100 MVR Mode compatible dynamic
391. ps were last displayed Displaying the traps by any method terminal interface display Web display upload file from switch etc will cause this counter to be cleared to 0 Log The sequence number of this trap System Up Time The time at which this trap occurred expressed in days hours minutes and seconds since the last reboot of the switch Trap Information identifying the trap Monitoring the System 355 Event Logs This panel displays the event log which contains error messages from the system Event log M4100 M7100 Web Management User Guide is not cleared on a system reset To access the Event Log page click Monitoring gt Logs gt Event Logs Event Logs S aie Event Le Eve K _ EVENT gt EVENT gt EVENT gt EVENT gt EVENT gt EVENT gt EVENT gt EVENT gt 23 EVENT gt EVENT gt 27 _ EVENT gt unitmgr c unitmgr c jl unitmgr c _ unitmgr c 5806 _ unitmgr c _ unitmgr c unitmgr c _ unitmgr c _ unitmgr c unitmgr c unitmgr c 5806 unitmgr c 00031 00031 003142 001334 0024 00239 00536 0060 00247 ama ooon __ 014817 001210 00045 00148 00340 The following table describes the Event Log information displayed on the screen Use the buttons at the bottom of the page to perform the following actions Monitoring the System 356 M4100 M7100
392. qual to or above a configured severity threshold Select the severity option by selecting the corresponding line on the drop down entry field These severity levels have been enumerated below e Emergency 0 system is unusable e Alert 1 action must be taken immediately e Critical 2 critical conditions e Error 3 error conditions e Warning 4 warning conditions e Notice 5 normal but significant conditions e Informational 6 informational messages e Debug 7 debug level messages Monitoring the System 351 M4100 M7100 Web Management User Guide SysLog Configuration To access the SysLog Configuration page click Monitoring gt Logs gt Sys Log Configuration Syslog Configuration Syslog Configuration Admin Status Disable Enable Local UDP Port 514 1 to 65535 Messages Received 205 Messages Relayed 0 Messages Ignored 0 Host Configuration m IP Address Type Host Address Status Port Severity Filter 1 Use Admin Status to enable disable logging to configured syslog hosts Setting this to disable stops logging to all syslog hosts Disable means no messages will be sent to any collector relay Enable means messages will be sent to configured collector relays using the values configured for each collector relay Enable Disable the operation of the syslog function by selecting the corresponding radio button 2 Use Local UDP Port to specify the port on
393. r disable activation of ACL traps by selecting the corresponding radio button The factory default is disabled Use PoE to enable or disable activation of PoE traps by selecting the corresponding radio button The factory default is enabled Indicates whether PoE traps will be sent Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Configuring System Information 80 M4100 M7100 Web Management User Guide Supported MIBs This page displays all the MIBs supported by the switch To access this page click System gt SNMP gt SNMP V1 V2 gt Supported MIBs SNMP Supported MIBS RFC 1907 SNMPV2 MIB The MIB module for SNMPV2 erties _ Remote Network Monitoring Management Information Base Eroadcom REF MIS Broadcom Reference SNMP COMMUNITY MIB This MIB module defines objects to help support coexistence between SNMPVi SNMPY2 and SNMPv3 SNMP FRAMEWORK MIS The SNMP Management Archtecture MIB _SNMP MPO MIB SNMP NOTIFICATION M16 The Notification MIB Module The Target MIB Module SNMP USER BASED SM MIB The management information defintions for the SNMP User based Securty Model USM TARGET TAG MIB SNMP Research Inc Fastpath Power Ethernet Extensions MIB POWER ETMERNET MIB Power Ethernet MIS SPW lem FASTPATH ISDP MIB Industry Standard Discovery Proto
394. r instance 2 The port states have changed since IEEE 802 1D specification To support multiple spanning trees a MSTP bridge has to be configured with an unambiguous assignment of VLAN IDs VIDs to spanning trees This is achieved by 1 Ensuring that the allocation of VIDs to FIDs is unambiguous 2 Ensuring that each FID supported by the Bridge is allocated to exactly one Spanning Tree Instance The combination of VID to FID and then FID to MSTI allocation defines a mapping of VIDs to spanning tree instances represented by the MST Configuration Table With this allocation we ensure that every VLAN is assigned to one and only one MSTI The CIST is also an instance of spanning tree with a MSTID of 0 An instance may occur that has no VIDs allocated to it but every VLAN must be allocated to one of the other instances of spanning tree The portion of the active topology of the network that connects any two bridges in the same MST Region traverses only MST bridges and LANs in that region and never Bridges of any kind outside the Region in other words connectivity within the region is independent of external connectivity MSTP Example Configuration This example shows how to create an MSTP instance from a switch The example network has three different ProSafe Managed Switches that serve different locations in the network In this example ports 1 0 1 1 0 5 are connected to host stations so those links are not subject to network loops
395. r the switch The default is disable 2 Use Interface to select the physical interface for which you want to configure data 3 Use Interface Mode to select the Voice VLAN mode for selected interface e Disable Default value e None Allow the IP phone to use its own configuration to send untagged voice traffic e VLAN ID Configure the phone to send tagged voice traffic e dot1p Configure Voice Vian 802 1p priority tagging for voice traffic When this is selected please enter the dot1p value in the Value field e Untagged Configure the phone to send untagged voice traffic 4 Use Value to enter the VLAN ID or dot1p value This is enable only when VLAN ID or dottp is selected as Interface Mode 5 Use CoS Override Mode to select the Cos Override mode for selected interface The default is disable Configuring Switching Information 121 M4100 M7100 Web Management User Guide Field Description Operational State This is the operational status of the voice vlan on the given interface GARP Switch Configuration Note It can take up to 10 seconds for GARP configuration changes to take effect To display the GARP Switch Configuration page click Switching gt VLAN gt Advanced gt GARP Switch Configuration GARP Switch Configuration GARP Switch Configuration GVRP Mode Disable Enable GMRP Mode Disable Enable 1 Use GVRP Mode to choose the GARP VLAN Registration Protocol administ
396. r to be displayed before the login prompt Text Configuration Specify configuration in text mode when you want to update the switch s configuration If the file has errors the update will be stopped Use Config Script to specify script configuration file Use SSH 1 RSA Key File to specify SSH 1 Rivest Shamir Adleman RSA Key File Use SSH 2 RSA Key PEM File to specify SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded Use SSH 2 DSA Key PEM File to specify SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded Use SSL Trusted Root Certificate PEM File to specify SSL Trusted Root Certificate File PEM Encoded Use SSL Server Certificate PEM File to specify SSL Server Certificate File PEM Encoded Use SSL DH Weak Encryption Parameter PEM File to specify SSL Diffie Hellman Weak Encryption Parameter File PEM Encoded Use SSL DH Strong Encryption Parameter PEM File to specify SSL Diffie Hellman Strong Encryption Parameter File PEM Encoded The factory default is Image1 Maintenance 372 10 M4100 M7100 Web Management User Guide Note To download SSH key files SSH must be administratively disabled and there can be no active SSH sessions Note To download SSL PEM files SSL must be administratively disabled and there can be no active SSH sessions Use Image Name to select one of the images from the list e Image Specify the code image1 when you want to retrieve e Image2 Specify the code image2
397. ransfer a slight degradation in service is acceptable and in many cases unnoticeable However any degradation of service has undesirable effects on applications with strict timing requirements such as voice or multimedia Quality of Service QoS can provide consistent predictable data delivery by distinguishing between packets that have strict timing requirements from those that are more tolerant of delay Packets with strict timing requirements are given special treatment in a QoS capable network With this in mind all elements of the network must be QoS capable If one node is unable to meet the necessary timing requirements this creates a deficiency in the network path and the performance of the entire packet flow is compromised There are two basic types of QoS e Integrated Services network resources are apportioned based on request and are reserved resource reservation according to network management policy RSVP for example e Differentiated Services network resources are apportioned based on traffic classification and priority giving preferential treatment to data with strict timing requirements NETGEAR switches support DiffServ The DiffServ feature contains a number of conceptual QoS building blocks you can use to construct a differentiated service network Use these same blocks in different ways to build other types of QoS architectures There are 3 key QoS building blocks needed to configure DiffServ e Class e
398. rative mode for the switch by selecting enable or disable from the radio button The factory default is disable 2 Use GMRP Mode to choose the GARP Multicast Registration Protocol administrative mode for the switch by selecting enable or disable from the radio button The factory default is disable GARP Port Configuration Note It can take up to 10 seconds for GARP configuration changes to take effect To display the GARP Port Configuration page click Switching gt VLAN gt Advanced gt GARP Port Configuration Configuring Switching Information 122 M4100 M7100 Web Management User Guide GARP Port Configuration GARP Port Configuration 1 LAGS All Go To Interface GO Leave Port GVRP Port GMRP Join Timer Leave All Interface A Timer Mode Mode centisecs z Timer centisecs centisecs C Disable 1000 Disable 1000 Disable 1000 Disable Disable Disable Disable Disable Disable Disable Disable Disable Go To Interface l m C E a o a o a o E E O 1 Use Interface to select the physical interface for which data is to be displayed or configured 2 Use Port GVRP Mode to choose the GARP VLAN Registration Protocol administrative mode for the port by selecting enable or disable from the drop down list If you select disable the protocol will not be active and the Join Time Leave Time and Leave All Time will have no effect The factory default is disable 3 Use Port GMRP
399. rch By MAC Address GO VLAN Forwarding MAC Address Component Type Description ID Interfaces 1 Use Search by MAC Address to enter a MAC Address whose MFDB table entry you want displayed Enter six two digit hexadecimal numbers separated by colons for example 00 01 23 43 45 67 Then click on the GO button If the address exists that entry will be displayed An exact match is required Field Description MAC Address The multicast MAC address for which you requested data VLAN ID The VLAN ID to which the multicast MAC address is related Type This displays the type of the entry Static entries are those that are configured by the end user Dynamic entries are added to the table as a result of a learning process or protocol Component This is the component that is responsible for this entry in the Multicast Forwarding Database Possible values are IGMP Snooping GMRP Static Filtering and MLD Snooping Description The text description of this multicast table entry Possible values are Management Configured Network Configured and Network Assisted Forwarding Interfaces The resultant forwarding list is derived from combining all the forwarding interfaces and removing the interfaces that are listed as the static filtering interfaces Configuring Switching Information 146 M4100 M7100 Web Management User Guide MFDB Statistics To display the MFDB Statistics page click Switching gt
400. rd is none no password Type the username into the field on the login screen and then click Login Usernames and passwords are case sensitive 3 After the system authenticates you the System Information page displays The figure below shows the layout of the Managed Switch Web interface Navigation Tab Feature Link Help Link 12 Port Fiber Gigabit Layer 2 Managed Switch with Static Routing LOGOUT System Information System Information gt Switch Statistics gt System CPU Status System Information USB Device M4100 12GF ProSafe 12 port Gigabit Fiber L2 Managed Product Name Information Switch with PoE 10 15 17 33 61 0 0 6 ee e Help Page System Location gt Time gt DNS System Contact gt SDM Template Login Timeout Preference IPv4 Network Interface gt Greenfkthernet IPV6 Network Interface IPv4 Loopback Interface System Date Jan 2 05 10 25 1970 UTC 0 00 P M System Up Time 1 days 5 hours 10 mins 25 secs a ge enu Current SNTP Sync Status Other System SNMP OID 1 3 6 1 4 4526 100 11 7 System MAC Address 20 45 7F 5B 8A 6C Cc fi ti St t d 0 ti PORA TE ontiguration otatus an ptions Current SNTP Synchronized Time Not Synchronized REFRESH Navigation Tabs Feature Links and Page Menu The navigation tabs along the top of the Web interface give you quick access to the various switch functions The tabs are always available and remain constant regardless of which feature you configure Whe
401. re The following table describes the Temperature Status information Field Description System The current temperature of the System sensor of the switch maximum is 34 C Click REFRESH to refresh the system information of the switch Device Status This screen shows the software version of each device The following table describes the Device Status information Field Description Firmware Version The release version maintenance number of the code currently running on the switch For example if the release was 1 the version was 2 and the maintenance number was 4 the format would be 1 2 4 Boot Version The version of the boot code which is in the flash memory to load the firmware into the memory CPLD Version The version of the software for CPLD Configuring System Information 19 M4100 M7100 Web Management User Guide Field Description Serial Number The serial number of this switch AC Remote Indicates the status of the appropriate power module in each unit Status can be any of the following e OK Power module is present and functioning properly Not Present Power module is not present in the slot e No power Power module is present but not connected to the power source e Not powering Power module is present connected but the switch uses another power source Incompatible Power module is present but incompatible e Fai
402. red value must be less than the Group Membership Interval Configuring Switching Information 158 M4100 M7100 Web Management User Guide 5 Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite time out i e no expiration 6 Use Fast Leave Admin mode to select the Fast Leave mode for a particular interface from the drop down menu The default is disable MLD VLAN Configuration To access the MLD VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt MLD VLAN Configuration MLD VLAN Configuration MLD VLAN Configuration G Admin TANP Maximum Multicast Router Membership Response Time Expiry Time Interval 1 Use VLAN ID to set the VLAN IDs for which MLD Snooping is enabled 2 Use Admin Mode to enable MLD Snooping for the specified VLAN ID 3 Use Fast Leave Admin Mode to enable or disable the MLD Snooping Fast Leave Mode for the specified VLAN ID 4 Use Group Membership Interval to set the value for group membership interval of MLD Snooping for the specified VLAN ID Valid range is Maximum Response Time 1 to 3600 5 Use Maximum Response Time to set the value for maximum response time of MLD Snooping for the specified VLAN ID Valid range
403. rity on ProSafe Managed Switches and prompts the hosts connected on ports g5 g8 for an 802 1X based authentication The switch passes the authentication information to the configured RADIUS server MSTP Spanning Tree Protocol STP runs on bridged networks to help eliminate loops If a bridge loop occurs the network can become flooded with traffic IEEE 802 1s Multiple Spanning Tree Protocol MSTP supports multiple instances of Spanning Tree to efficiently channel VLAN traffic over different interfaces Each instance of the Spanning Tree behaves in the manner specified in IEEE 802 1w Rapid Spanning Tree with slight modifications in the Configuration Examples 402 M4100 M7100 Web Management User Guide working but not the end effect chief among the effects is the rapid transitioning of the port to the Forwarding state The difference between the RSTP and the traditional STP IEEE 802 1D is the ability to configure and recognize full duplex connectivity and ports that are connected to end stations resulting in rapid transitioning of the port to the Forwarding state and the suppression of Topology Change Notification These features are represented by the parameters pointtopoint and edgeport MSTP is compatible to both RSTP and STP It behaves appropriately to STP and RSTP bridges A MSTP bridge can be configured to behave entirely as a RSTP bridge or a STP bridge So an IEEE 802 1s bridge inherently also supports IEEE 802 1w and IE
404. rking IP DSCP or IP Precedence Marking re marking the DiffServ code point in a packet with the DSCP value representing the service level associated with a particular DiffServ traffic class Alternatively the IP Precedence value of the packet can be marked re marked e Marking CoS 802 1p Sets the three bit priority field in the first only 802 1p header to a specified value when packets are transmitted for the traffic class An 802 1p header is inserted if it does not already exist This is useful for assigning a layer 2 priority level based on a DiffServ forwarding class i e DSCP or IP Precedence value definition to convey some QoS characteristics to downstream switches which do not routinely look at the DSCP value in the IP header e Policing A method of constraining incoming traffic associated with a particular class so that it conforms to the terms of the TCS Special treatment can be applied to out of profile packets that are either in excess of the conformance specification or are non conformant The DiffServ feature supports the following types of traffic policing treatments actions e drop The packet is dropped e mark cos The 802 1p user priority bits are re marked and forwarded e mark dscp The packet DSCP is re marked and forwarded e mark prec The packet IP Precedence is re marked and forwarded e send the packet is forwarded without DiffServ modification Color Mode Awareness Policing in the DiffServ feature use
405. rmation Web page which is the page that displays after a successful login displays the information you need to configure an SNMP manager to access the switch Any user can connect to the switch using the SNMPv3 protocol but for authentication and encryption the switch supports only one user which is admin therefore there is only one profile that can be created or modified To configure authentication and encryption settings for the SNMPv3 admin profile by using the Web interface 1 Navigate to the System gt SNMP gt SNMPv3 gt User Configuration page 2 To enable authentication select an Authentication Protocol option which is either MD5 or SHA 3 To enable encryption select the DES option in the Encryption Protocol field Then enter an encryption code of eight or more alphanumeric characters in the Encryption Key field 4 Click APPLY To access configuration information for SNMP V1 or SNMP V2 click System gt SNMP gt SNMPv1 v2 and click the page that contains the information to configure Getting Started 14 M4100 M7100 Web Management User Guide Interface Naming Convention The ProSafe Managed Switches support physical and logical interfaces Interfaces are identified by their type and the interface number The physical ports are gigabit interfaces and are numbered on the front panel You configure the logical interfaces by using the software Table 3 describes the naming convention for all interfaces ava
406. rned MAC address to a statically locked address To display the Dynamic MAC Address page click Security gt Traffic Control gt Port Security gt Dynamic MAC Address Dynamic MAC Address Table Port Security Settings Fi Convert Dynamic Address to Static Number Of Dynamic MAC Addresses Learned o Dynamic MAC Address Table Port List oft v VLAN ID MAC Address To convert learned MAC addresses 1 Port List Select the physical interface for which you want to display data 2 Use Convert Dynamic Address to Static to convert a dynamically learned MAC address to a statically locked address The Dynamic MAC address entries are converted to Static MAC address entries in a numerically ascending order until the Static limit is reached 3 Click REFRESH to refresh the web page and to show the latest MAC address es learned on a specific port The Dynamic MAC Address Table shows the MAC addresses and their associated VLANs learned on the selected port Use the Port List drop down menu to select the interface for which you want to display data Managing Device Security 289 M4100 M7100 Web Management User Guide Field Description Number of Dynamic MAC Addresses Learned Displays the number of dynamically learned MAC addresses on a specific port VLAN ID Displays the VLAN ID corresponding to the MAC address MAC Address Displays the MAC addresses learned on a specific port Static MAC Addres
407. roup Configuration Protocol Based VLAN Group Configuration Group 1D Group Name Protocol VLAN ID Ports 1 Use Group Name to assign a name to a new group You may enter up to 16 characters 2 Use Protocol s to select the protocols you want to be associated with the group There are three configurable protocols IP IPX ARP e IP IP is a network layer protocol that provides a connectionless service for the delivery of data e ARP Address Resolution Protocol ARP is a low level protocol that dynamically maps network layer addresses to physical medium access control MAC addresses e IPX The Internetwork Packet Exchange IPX is a connectionless datagram Network layer protocol that forwards data over a network 3 Use VLAN ID to select the VLAN ID It can be any number in the range of 1 to 4093 All the ports in the group will assign this VLAN ID to untagged packets received for the protocols you included in this group Configuring Switching Information 117 M4100 M7100 Web Management User Guide 4 Click ADD to add a new Protocol Based VLAN group to the switch 5 Click DELETE to remove the Protocol Based VLAN group identified by the value in the Group ID field Field Description Group ID A number used to identify the group created by the user Group IDs are automatically assigned when a group is created by the user Ports Display all the member ports which belong to the group Protocol
408. rt that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Designated Alternate Backup Master or Disabled STP Mode The Spanning Tree Protocol Administrative Mode associated with the port or Port Channel The possible values are e Enable Spanning tree is enabled for this port e Disable Spanning tree is disabled for this port STP State The port s current Spanning Tree state This state controls what action a port takes on receipt of a frame If the bridge detects a malfunctioning port it will place that port into the broken state The five states are defined in IEEE 802 1D Disabled e Blocking e Listening e Learning e Forwarding e Broken Admin Mode The Port control administration state The port must be enabled in order for it to be allowed into the network The factory default is enabled Flow Control Mode Indicates whether flow control is enabled or disabled for the port This field is not valid for Lag interfaces LACP Mode Indicates the Link Aggregation Control Protocol administration state The mode must be enabled in order for the port to participate in Link Aggregation Physical Mode Indicates the port speed and duplex mode In auto negotiation mode the duplex mode and speed are set from the auto negotiation process Physical Status Indicates the port speed and duplex mode Link Status Indicates whether the Link is
409. s To display the Static MAC Address page click Security gt Traffic Control gt Port Security gt Static MAC Address Static MAC Address Configuration Port List Interface Static MAC Address Table ioe Static MAC Address VLAN ID Interface Select the physical interface for which you want to display data Static MAC Address Accepts user input for the MAC address to be added Use VLAN ID to select the VLAN ID corresponding to the MAC address being added Click ADD to add a new static MAC address to the switch Click DELETE to delete a existing static MAC address from the switch AKA wWN 2 Managing Device Security 290 M4100 M7100 Web Management User Guide Private Group The Private Group link contains links to the following pages e Private Group Configuration on page 291 e Private Group Membership on page 292 Private Group Configuration To display the Private Group Configuration page click Security gt Traffic Control gt Private Group gt Private Group Configuration Private Group Configuration Private Group Configuration oe 1 Use Group Name to enter the Private Group name to be configured The name string can be up to 24 bytes of non blank characters 2 Use the optional Group ID field to specify the private group identifier The range of group id is 1 to 192 3 Use Group Mode to configure the mode of private group The group mode can be either isolated or community Wh
410. s 1 to 4093 IP Address Displays IP Address for the binding entry in the binding database Lease Time Displays the remaining Lease time for the Dynamic entries Click CLEAR to delete all DHCP Snooping binding entries DHCP Snooping Persistent Configuration To display the DHCP Snooping Persistent Configuration page click Security gt Control gt DHCP Snooping gt Persistent Configuration Managing Device Security 304 M4100 M7100 Web Management User Guide DHCP Snooping Persistent Configuration DHCP Snooping Persistent Configuration Store Local Remote Remote IP Address 0 0 0 0 Remote File Name Write Delay 300 15 to 86400 seconds Use Store to select the local store or remote store Selecting Local will disable the Remote fields like Remote File Name and Remote IP address Use Remote IP Address to configure Remote IP Address on which the snooping database will be stored when Remote is selected Use Remote File Name to configure Remote file name to store the database when Remote is selected Use Write Delay to configure the maximum write time to write the database into local or remote The range of Write Delay is 15 to 86400 Managing Device Security 305 M4100 M7100 Web Management User Guide DHCP Snooping Statistics To display the DHCP Snooping Statistics page click Security gt Control gt DHCP Snooping gt Statistics DHCP Snooping Statistics DHCP Snooping Statistics 1 LAGS All
411. s This central device is the IGMP querier The IGMP query responses known as IGMP reports keep the switch updated with the current multicast group membership on a port by port basis If the switch does not receive updated membership information in a timely fashion it will stop forwarding multicasts to the port where the end device is located These pages enable you to configure and display information on IGMP snooping queriers on the network and separately on VLANs Configuring Switching Information 153 M4100 M7100 Web Management User Guide IGMP Snooping Querier Configuration Use this menu to configure the parameters for IGMP Snooping Querier Note that only a user with Read Write access privileges may change the data on this screen To access this page click Switching gt Multicast gt IGMP Snooping gt Querier Configuration IGMP Snooping Querier Configuration IGMP Snooping Querier Configuration Querier Admin Mode Disable Enable Querier IP Address 0 0 0 0 IGMP Version 2 Query Interval secs 60 Querier Expiry Interval secs 60 60 t VLAN Ids Enabled for IGMP Snooping Querier To configure IGMP Snooping Querier settings 1 Use Querier Admin Mode to select the administrative mode for IGMP Snooping for the switch The default is disable 2 Use Querier IP Address to specify the Snooping Querier Address to be used as source address in periodic IGMP queries This address is used when no address is configure
412. s 1 4 The default is 4 Click ADD Repeat the previous steps to add additional SNTP servers You can configure up to three SNTP servers To remove an SNTP server select the check box next to the configured server to remove and then click DELETE The entry is removed and the device is updated To change the settings for an existing SNTP server select the check box next to the configured server and enter new values in the available fields and then click APPLY Configuration changes take effect immediately Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch Click REFRESH to refresh the page with the most current data from the switch SNTP Server Status The SNTP Server Status table displays status information about the SNTP servers configured on your switch The following table describes the SNTP Global Status fields The following table displays SNTP Server Status information Field Description Address Specifies all the existing Server Addresses If no Server configuration exists a message saying No SNTP server exists flashes on the screen Last Update Time Specifies the local date and time UTC that the response from this server was used to update the system clock Last Attempt Time Specifies the local date and time UTC that this SNTP server was last queried Configuring System Information 39 M4100 M710
413. s because the information timeliness interval has expired Interface Specifies the unit slot port for the interfaces Transmit Total Specifies the number of LLDP frames transmitted by the LLDP agent on the corresponding port Receive Total Specifies the number of valid LLDP frames received by this LLDP agent on the corresponding port while the LLDP agent is enabled Discards Specifies the number of LLDP TLVs discarded for any reason by the LLDP agent on the corresponding port Errors Specifies the number of invalid LLDP frames received by the LLDP agent on the corresponding port while the LLDP agent is enabled Age outs Specifies the number of age outs that occurred on a given port An age out is the number of times the complete set of information advertised by a particular MAC Service Access Point MSAP has been deleted from tables associated with the remote entries because information timeliness interval had expired TLV Discards Specifies the number of LLDP TLVs discarded for any reason by the LLDP agent on the corresponding port TLV Unknowns Specifies the number of LLDP TLVs received on the local ports which were not recognized by the LLDP agent on the corresponding port TLV MED Specifies the total number of LLDP MED TLVs received on the local ports TLV 802 1 Specifies the total number of LLDP TLVs received on the local ports which are of type 802 1 TLV 80
414. s currently defined as members of the selected Policy Name Choose one member class name at a time to display its statistics If no class is associated with the chosen policy then nothing will be populated in the list Offered Packets Octets A count of the total number of packets octets offered to all class instances in this service policy before their defined DiffServ treatment is applied This is the overall count per interface per direction Configuring Quality of Service 240 M4100 M7100 Web Management User Guide Field Description Discarded Packets Octets A count of the total number of packets octets discarded for all class instances in this service policy for any reason due to DiffServ treatment This is the overall count per interface per direction Sent Packets Octets A count of the total number of packets octets forwarded for all class instances in this service policy after their defined DiffServ treatments were applied In this case forwarding means the traffic stream was passed to the next functional element in the data path such as the switching or routing function of an outbound link transmission element This is the overall count per interface per direction Configuring Quality of Service 241 Managing Device Security Use the features available from the Security tab to configure management security settings for port user and server security The Security tab contains
415. s currently enabled for IGMP Snooping VLAN Ids Enabled For IGMP Snooping Displays VLAN Ids enabled for IGMP snooping IGMP Snooping Interface Configuration Use the IGMP Snooping Interface Configuration page to configure IGMP snooping settings on specific interfaces To access the IGMP Snooping Interface Configuration page click Switching gt Multicast gt IGMP Snooping gt Interface Configuration IGMP Snooping Interface Configuration IGMP Snooping Interface Configuration 1 LAGS All Go To Interface Group Max R Present jax Response Interface Membership 3 P Expiration Time secs Time secs Interval secs OO Eee Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Disable Oi o Gio Gio Bo mo Igy o Oo Ei oO 0 oO adl O 0 o 0 o O To configure IGMP Snooping interface settings 1 Interface Lists all physical VLAN and LAG interfaces Select the interface you want to configure Configuring Switching Information 149 M4100 M7100 Web Management User Guide 2 Use Admin Mode to select the interface mode for the selected interface for IGMP Snooping for the switch from the drop down menu The default is disable 3 Use Group Membership Interval to specify the amount of time you want the switch to wait for a report for a par
416. s directly linked to a Stratum 0 time source is used Stratum 1 time servers provide primary network time standards e Stratum 2 The time source is distanced from the Stratum 1 server over a network path For example a Stratum 2 server receives the time over a network link via NTP from a Stratum 1 server Information received from SNTP servers is evaluated based on the time level and server type SNTP time definitions are assessed and determined by the following time levels e 11 Time at which the original request was sent by the client e 72 Time at which the original request was received by the server e 3 Time at which the server sent a reply e T4 Time at which the client received the server s reply The device can poll Unicast server types for the server time Configuring System Information 34 M4100 M7100 Web Management User Guide Polling for Unicast information is used for polling a server for which the IP address is known SNTP servers that have been configured on the device are the only ones that are polled for synchronization information T1 through T4 are used to determine server time This is the preferred method for synchronizing device time because it is the most secure method If this method is selected SNTP information is accepted only from SNTP servers defined on the device using the SNTP Server Configuration page The device retrieves synchronization information either by actively requesting information or
417. s either color blind or color aware mode Color blind mode ignores the coloration marking of the incoming packet Color aware mode takes into consideration the current packet marking when determining the policing outcome An auxiliary traffic class is used in conjunction with the policing definition to specify a value for one of the 802 1p Secondary 802 1p IP DSCP or IP Precedence fields designating the incoming color value to be used as the conforming color The color of exceeding traffic may be optionally specified as well e Counting Updating octet and packet statistics to keep track of data handling along traffic paths within DiffServ In this DiffServ feature counters are not explicitly configured by the user but are designed into the system based on the DiffServ policy being created See the Statistics section of this document for more details e Assigning QoS Queue Directs traffic stream to the specified QoS queue This allows a traffic classifier to specify which one of the supported hardware queues are used for handling packets belonging to the class e Redirecting Forces classified traffic stream to a specified egress port physical or LAG This can occur in addition to any marking or policing action It may also be specified along with a QoS queue assignment DiffServ Example Configuration To create a DiffServ Class Policy and attach it to a switch interface follow these steps Configuration Examples 398 M4100 M7
418. s entity IpReasmOKs The number of IP datagrams successfully re assembled IpReasmFails The number of failures detected by the IP re assembly algorithm for whatever reason timed out errors etc Note that this is not necessarily a count of discarded IP fragments since some algorithms can lose track of the number of fragments by combining them as they are received lpFragOKs The number of IP datagrams that have been successfully fragmented at this entity lpFragFails The number of IP datagrams that have been discarded because they needed to be fragmented at this entity but could not be e g because their Don t Fragment flag was set lpFragCreates The number of IP datagram fragments that have been generated as a result of fragmentation at this entity IpRoutingDiscards The number of routing entries which were chosen to be discarded even though they are valid One possible reason for discarding such an entry could be to free up buffer space for other routing entries IcmpInMsgs The total number of ICMP messages which the entity received Note that this counter includes all those counted by icmpInErrors Routing 194 M4100 M7100 Web Management User Guide Field Description IcmpInErrors The number of ICMP messages which the entity received but determined as having ICMP specific errors bad ICMP checksums bad length etc IcmpInDestUnreachs The numb
419. s page to configure a HTTPS list A login list specifies the authentication method s you want to use to validate the switch or port access through HTTPS for the users associated with the list The default list is httpsList To display the HTTPS Authentication List page click Security gt Management Security gt Authentication List gt HTTPS Authentication List HTTPS Authentication List HTTPS Authentication List A httpsList 1 List Name Select the HTTPS list name for which you want to configure data 2 1 Use the drop down menu to select the method that should appear first in the selected authentication login list If you select a method that does not time out as the first method such as local no other method will be tried even if you have specified more than one method The options are e Local The user s locally stored name and password will be used for authentication e None The user will not be authenticated e RADIUS The user s name and password will be authenticated using the RADIUS server instead of local authentication e TACACS The user will authenticate without a username and password 3 2 Use the drop down menu to select the method if any that should appear second in the selected authentication login list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this par
420. s the MLD protocol version of the last querier from which a query was snooped on the VLAN Operational Max Response Time Displays maximum response time to be used in the queries that are sent by the Snooping Querier Configuring Switching Information 163 M4100 M7100 Web Management User Guide MVR Configuration From the MVR Configuration link under the Switching tab you can configure the MVR settings From the MVR Configuration link you can access the following pages e Basic on page 164 e Advanced on page 165 Basic From the Basic link you can access the following pages e MVR Configuration on page 164 MVR Configuration To display the MVR Configuration page click Switching gt MVR gt Basic gt MVR Configuration A screen similar to the following is displayed MVR Configuration MVR Configuration MVR Running Disable Enable MVR Multicast Vlan a 1 to 4094 MVR Max Multicast Groups 256 MVR Current Multicast Groups 0 MVR Global query response time 5 1 to 100 MVR Mode compatible dynamic 1 Use MVR Running to Enable or Disable the MVR feature The factory default is Disable 2 Use MVR multicast to specify the VLAN on which MVR multicast data will be received All source ports belong to this VLAN The value can be set in a range of 1 to 4093 The default value is 1 Field Definition MVR Max Multicast Groups Displays the maximum number of multicast groups that MVR su
421. s the number of DHCPOFFER messages sent by the DHCP Server DHCPACK Specifies the number of DHCPACK messages sent by the DHCP Server DHCPNAK Specifies the number of DHCPNAK messages sent by the DHCP Server DHCP Bindings Information To display the DHCP Bindings Information page click System gt Services gt DHCP Server gt DHCP Bindings Information A screen similar to the following is displayed DHCP Bindings Information Reset All Dynamic Bindings O Specific Dynamic Binding DHCP Bindings Information Search By Binding IP GO IP Address Hardware Address saer lige Type Left 1 Choose e All Dynamic Bindings to specify all dynamic bindings to be deleted e Specific Dynamic Binding to specify specific dynamic binding to be deleted The following table describes the DHCP Bindings Information fields Field Description IP Address Specifies the Client s IP Address Hardware Address Specifies the Client s Hardware Address Lease Time Left Specifies the Lease time left in Days Hours and Minutes dd hh mm format Type Specifies the Type of Binding Dynamic Manual Configuring System Information 62 M4100 M7100 Web Management User Guide DHCP Conflicts Information To display the DHCP Conflicts Information page click System gt Services gt DHCP Server gt DHCP Conflicts Information A screen similar to the following is displayed DHCP Conflicts Information
422. sabled None None Enabled Disabled 1518 bytes Enabled Enabled Maximum Capacity Enabled Disabled Enabled Disabled 300 seconds Dynamic Addresses Disabled 1 Default Settings 388 Table 11 Default Settings continued M4100 M7100 Web Management User Guide Feature Default Default VLAN Name Default GVRP Disabled GARP Timers Leave 60 centiseconds Leave All 1000 centiseconds Join 20 centiseconds Voice VLAN Disabled Guest VLAN Disabled RADIUS assigned VLANs Disabled Double VLANs Disabled Spanning Tree Protocol STP Enabled STP Operation Mode Optional STP Features STP Bridge Priority Multiple Spanning Tree Link Aggregation LACP System Priority Routing Mode IP Helper and UDP Relay Tunnel and Loopback Interfaces DiffServ Auto VoIP Auto VoIP Traffic Class Bridge Multicast Filtering MLD Snooping IGMP Snooping IGMP Snooping Querier GMRP IEEE 802 1s Multiple Spanning Tree Disabled 32768 Enabled No Link Aggregation Groups LAGs configured 1 Disabled Enabled None Enabled Enabled 6 Disabled Disabled Disabled Disabled Disabled Default Settings 389 M4100 M7100 Web Management User Guide Default Settings 390 Contiguration Examples This appendix contains information about how to configure the following features e Virtual Local Area Networks VLANs on page 391 e Access Control Lists ACLs on page 393 e Differentiated Services Di
423. screen to the latest value of the switch Configuring System Information 79 M4100 M7100 Web Management User Guide Trap Flags Use the Trap Flags page to enable or disable traps When the condition identified by an active trap is encountered by the switch a trap message is sent to any enabled SNMP Trap Receivers and a message is written to the trap log To access the Trap Flags page click System gt SNMP gt SNMP V1 V2 gt Trap Flags Trap Flags Trap Flags Authentication Disable Enable Link Up Down Disable Enable Multiple Users Disable Enable Spanning Tree Disable Enable ACL Disable Enable To configure the trap flags i 2 Use Authentication to enable or disable activation of authentication failure traps by selecting the corresponding radio button The factory default is enabled Use Link Up Down to enable or disable activation of link status traps by selecting the corresponding radio button The factory default is enabled Use Multiple Users to enable or disable activation of multiple user traps by selecting the corresponding radio button The factory default is enabled This trap is triggered when the same user ID is logged into the switch more than once at the same time either via telnet or the serial port Use Spanning Tree to enable or disable activation of spanning tree traps by selecting the corresponding radio button The factory default is enabled Use ACL to enable o
424. select enable or disable radio button When you select enable DHCP requests will be forwarded to the IP address you entered in the Server Address field Use Minimum Wait Time to enter a Minimum Wait Time in seconds This value will be compared to the time stamp in the client s request packets which should represent the time since the client was powered up Packets will only be forwarded when the time stamp exceeds the minimum wait time The range is 0 to 100 Use Circuit ID Option Mode to enable or disable Circuit ID Option mode If you select enable Relay Agent options will be added to requests before they are forwarded to the server and removed from replies before they are forwarded to clients DHCP Relay Status The following table describes the DHCP Relay Status fields Field Description Requests Received The total number of DHCP requests received from all clients since the last time the switch was reset Configuring System Information 64 M4100 M7100 Web Management User Guide Field Description Requests Relayed The total number of DHCP requests forwarded to the server since the last time the switch was reset Packets Discarded The total number of DHCP packets discarded by this Relay Agent since the last time the switch was reset DHCP L2 Relay From the DHCP L2 Relay link you can access the following pages e DHCP L2 Relay Global Configuration on page 65 e DHCP L2 Rel
425. selected pool Configuring System Information 60 M4100 M7100 Web Management User Guide DHCP Server Statistics To display the DHCP Server Statistics page click System gt Services gt DHCP Server gt DHCP Server Statistics A screen similar to the following is displayed DHCP Server Statistics Binding Details Automatic Bindings 0 Expired Bindings 0 Malformed Messages 0 Message Received DHCPDISCOVER 0 DHCPREQUEST 0 DHCPDECLINE 0 DHCPRELEASE 0 DHCPINFORM 0 Message Sent DHCPOFFER 0 DHCPACK 0 DHCPNAK 0 The following table describes the DHCP Server Statistics fields Field Description Automatic Bindings Specifies the number of Automatic Bindings on the DHCP Server Expired Bindings Specifies the number of Expired Bindings on the DHCP Server Malformed Messages Specifies the number of the malformed messages DHCPDISCOVER Specifies the number of DHCPDISCOVER messages received by the DHCP Server DHCPREQUEST Specifies the number of DHCPREQUEST messages received by the DHCP Server DHCPDECLINE Specifies the number of DHCPDECLINE messages received by the DHCP Server DHCPRELEASE Specifies the number of DHCPRELEASE messages received by the DHCP Server Configuring System Information 61 M4100 M7100 Web Management User Guide Field Description DHCPINFORM Specifies the number of DHCPINFORM messages received by the DHCP Server DHCPOFFER Specifie
426. selected user account The valid Authentication Protocols are None MD5 or SHA e If you select None the user will be unable to access the SNMP data from an SNMP browser Configuring System Information 82 M4100 M7100 Web Management User Guide e If you select MD5 or SHA the user login password will be used as the SNMPv3 authentication password and you must therefore specify a password and it must be eight characters long 4 Use Encryption Protocol to specify the SNMPv3 Encryption Protocol setting for the selected user account The valid Encryption Protocols are None or DES e Ifyou select the DES Protocol you must enter a key in the Encryption Key field e If None is specified for the Protocol the Encryption Key is ignored 5 Encryption Key If you selected DES in the Encryption Protocol field enter the SNMPv3 Encryption Key here otherwise this field is ignored Valid keys are 0 to 15 characters long The APPLY checkbox must be checked in order to change the Encryption Protocol and Encryption Key 6 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 7 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately LLDP The IEEE 802 1AB defined standard Link Layer Discovery Protocol LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions This information is viewed
427. smission is inhibited by exactly one collision Multiple Collision Frames A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by more than one collision Excessive Collision Frames A count of frames for which transmission on a particular interface fails due to excessive collisions STP BPDUs Received Number of STP BPDUs received at the selected port STP BPDUs Transmitted Number of STP BPDUs transmitted from the selected port RSTP BPDUs Received Number of RSTP BPDUs received at the selected port RSTP BPDUs Transmitted Number of RSTP BPDUs transmitted from the selected port MSTP BPDUs Received Number of MSTP BPDUs received at the selected port MSTP BPDUs Transmitted Number of MSTP BPDUs transmitted from the selected port 802 3x Pause Frames Transmitted A count of MAC Control frames transmitted on this interface with an opcode indicating the PAUSE operation This counter does not increment when the interface is operating in half duplex mode GVRP PDUs Received The count of GVRP PDUs received in the GARP layer GVRP PDUs Transmitted The count of GVRP PDUs transmitted from the GARP layer GVRP Failed Registrations The number of times attempted GVRP registrations could not be completed GMRP PDUs Received The count of GMRP PDUs received from the GARP layer GMRP PDUs Transmitted Th
428. ss gt SSH gt Host Keys Download Managing Device Security 267 M4100 M7100 Web Management User Guide Host Keys Download amp Host Keys Download File Type SSH 1 RSA Key File v Transfer Mode TFTP Mj Server Address Type IPv4 v Server Address 0 0 0 0 Remote File Path Remote File Name 1 Use File Type to specify the type of file you want to transfer e SSH 1 RSA Key File SSH 1 Rivest Shamir Adleman RSA Key File e SSH 2 RSA Key PEM File SSH 2 Rivest Shamir Adleman RSA Key File PEM Encoded e SSH 2 DSA Key PEM File SSH 2 Digital Signature Algorithm DSA Key File PEM Encoded 2 Use Transfer Mode to specify the protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy 3 Use Server Address Type to specify either IPv4 IPv6 or DNS to indicate the format of the TFTP SFTP SCP Server Address field The factory default is IPv4 4 Use Server Address to enter the IP address or DNS hostname of the server in accordance with the format indicated by the Server Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Path to Enter the path of the file which you want to download You may enter up to 96 characters The factory default is blank 6 Use Remote File Name to enter the name of the file on the TFTP server you want to download You may enter up to 32 characters The factory default is blank 7 C
429. stination Once you click the APPLY button the switch will send traceroute and the results will be displayed below the configurable data If a reply to the traceroute is received you will see e 1 atb c d e f g 9869 usec 9775 usec 10584 usec e 2 0 0 0 0 0 0 0 0 0 usec 0 usec 0 usec e Hop Count w Last TTL z Test attempt x Test Success y To display the Traceroute IPv6 page click Maintenance gt Troubleshooting gt Traceroute IPv6 Traceroute IPv6 amp Traceroute IPv6 IPv6 Address Host Name Port 33434 Results 1 Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to discover path The initial value is blank The IPv6 Address or Hostname you enter is not retained across a power cycle Maintenance 381 M4100 M7100 Web Management User Guide 2 Use Port to enter the UDP Dest port in probe packets The initial value is default value The port you enter is not retained across a power cycle Maintenance 382 M4100 M7100 Web Management User Guide Maintenance 383 Help Use the features available from the Help tab to connect to online resources for assistance The Help tab contains a link to Online Help Registration The first time you log onto the switch you will be given the option of registering with NETGEAR Registration confirms your email alerts will work lowers technical support resolution time and ensures your shipping address
430. stination MAC address to compare against an Ethernet frame Valid format is xx xx xx xx xx xx The BPDU keyword may be specified using a Destination MAC address of 01 80 C2 xx xx xx Use Destination MAC Mask to specify the destination MAC address mask specifying which bits in the destination MAC to compare against an Ethernet frame Valid format is XX XX XX XX XX XX The BPDU keyword may be specified using a Destination MAC mask of 00 00 00 fff ff Use EtherType Key to specify the EtherType value to compare against an Ethernet frame Valid values are e Appletalk e ARP e IBM SNA e Pv4 e IPv6 e IPX e MPLS multicast e MPLS unicast e NetBIOS e Novell e PPPoE Managing Device Security 318 11 12 13 14 15 16 17 18 19 20 21 22 M4100 M7100 Web Management User Guide e Reverse ARP e User Value Use EtherType User Value to specify the user defined customized EtherType value to be used when the user has selected User Value as EtherType Key to compare against an Ethernet frame Valid range of values is Ox0600 to OxFFFF Use Source MAC to specify the Source MAC address to compare against an Ethernet frame Valid format is XX XX XX XX XX XX Use Source MAC Mask to specify the Source MAC address mask specifying which bits in the Source MAC to compare against an Ethernet frame Valid format is xx Xx XX XX XX XX Use VLAN to specify the VLAN ID to compare against an Etherne
431. t The number of ICMP Time Exceeded messages sent IcmpOutParmProbs The number of ICMP Parameter Problem messages sent Routing 195 M4100 M7100 Web Management User Guide Field Description IcmpOutSrcQuenchs The number of ICMP Source Quench messages sent IcmpOutRedirects The number of ICMP Redirect messages sent For a host this object will always be zero since hosts do not send redirects IcmpOutEchos The number of ICMP Echo request messages sent IcmpOutEchoReps The number of ICMP Echo Reply messages sent IcmpOutTimestamps The number of ICMP Timestamp request messages IcmpOutTimestampReps The number of ICMP Timestamp Reply messages sent IcmpOutAddrMasks The number of ICMP Address Mask Request messages sent Routing 196 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages e IP Configuration on page 197 e IP Statistics on page 198 e IP Interface Configuration on page 203 IP Configuration Use this menu to configure routing parameters for the switch as opposed to an interface To display the IP Configuration page click Routing gt IP gt Advanced gt IP Configuration IP Configuration IP Configuration Default Time to Live 64 Routing Mode Enable Disable ICMP Echo Replies Enable Disable ICMP Redirects Enable Disable ICMP Rate Limit Interval 1
432. t LAG Configuration LAG Configuration LAG Configuration r LAG z A Configured Active LAG hemme ue Ports State chi lag1 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN O ch2 lag2 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN ch3 lag3 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN ch4 lag4 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN chS lagS Enable 3 Src Dest MAC VLAN EType incomin 1g port Enable Enable Disable DOWN O che lag6 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN ch7 lag7 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN O chs lag8 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN ch lag9 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN O cho lag 10 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN chil lag 11 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN O chi2 lag 12 Enable 3 Src Dest MAC VLAN EType incoming port Enable Enable Disable DOWN To configure LAG settings 1 Use LAG Name to enter the name you want assigned to the LAG You may enter any string of up to 15 alphanumeric characters A valid name has to be specified in order to create the LAG 2 Use Hash Mode to s
433. t initial value is default value The Size you enter is not retained across a power cycle 3 PING displays the result after the switch sends a Ping request to the specified address 4 Click CANCEL to cancel the operation on the screen and reset the data on the screen to the latest value of the switch 5 Click APPLY to send the ping The switch sends the number of pings specified in the Count field and the results are displayed below the configurable data in the Ping area Ping IPv This screen is used to send a Ping request to a specified Hostname or IPv6 address You can use this to check whether the switch can communicate with a particular IPv6 station Once you click the APPLY button the switch will send three pings and the results will be displayed below the configurable data The output will be Send count 3 Receive count n from IPv6 Address Average round trip time n ms To access the Ping IPv6 page click Maintenance gt Troubleshooting gt Ping IPv6 Ping IPv6 Ping IPv6 Ping Global BA IPv6 Address Host Name Datagram Size 64 Result 1 Use Ping to select either global IPv6 Address Hostname or Link Local Address to ping Use IPv6 Address Hostname to enter the IPv6 address or Hostname of the station you want the switch to ping The initial value is blank The IPv6 Address or Hostname you enter is not retained across a power cycle 3 Use Datagram Size to enter the datagram size The va
434. t seconds to specify the time out period in seconds for aging out dynamically learned forwarding information 802 1D 1990 recommends a default of 300 seconds The value may be specified as any number between 10 and 1000000 seconds The factory default is 300 Configuring Switching Information 172 M4100 M7100 Web Management User Guide Address Table This table contains information about unicast entries for which the switch has forwarding and or filtering information This information is used by the transparent bridging function in determining how to propagate a received frame To display the Address Table page click Switching gt Address Table gt Advanced gt Address Table Address Table MAC Address Table Search By VLAN ID s L _ eog Total MAC Addresses 43 e e e ee emee 00 06 02 05 06 05 0 12 Learned 00 07 03 05 05 05 5 1 Management 00 0F FE 00 8E 7 6 0 12 Learned 00 16 9C E1 D8 00 0 12 Learned 00 19 E7 D3 82 2D 0 12 Learned 00 1A A0 1A 94 FA 0 12 Learned 00 E0 0C BC E5 60 0 12 Learned 52 54 40 22 46 5C 0 12 Learned C8 0A 49 32 F3 63 0 12 Learned 1 Use Search By to search for MAC Addresses by MAC Address VLAN ID and port Searched by MAC Address Select MAC Address from drop down menu enter the 6 byte hexadecimal MAC Address in two digit groups separated by colons for example 01 23 45 67 89 AB Then click on the Go button If the address exists that entry will be displayed as the first entry f
435. t Clear Counters Time since the counters were last cleared displayed in Days Hours Minutes and Seconds Configuring Switching Information 141 M4100 M7100 Web Management User Guide Field Description Port Mode Spanning Tree Protocol Administrative Mode associated with the port or port channel The possible values are Enable or Disable Port Forwarding State The Forwarding State of this port Port Role Each MST Bridge Port that is enabled is assigned a Port Role for each spanning tree The port role will be one of the following values Root Port Designated Port Alternate Port Backup Port Master Port or Disabled Port Designated Root Root Bridge for the selected MST instance It is made up using the bridge priority and the base MAC address of the bridge Designated Cost Path Cost offered to the LAN by the Designated Port Designated Bridge Bridge Identifier of the bridge with the Designated Port It is made up using the bridge priority and the base MAC address of the bridge Designated Port Port Identifier on the Designated Bridge that offers the lowest cost to the LAN It is made up from the port priority and the interface number of the port Configuring Switching Information 142 STP Statistics M4100 M7100 Web Management User Guide Use the Spanning Tree Statistics page to view information about the number and type of bridge protocol data units BPDUs transm
436. t Security Se T 0 1 Disable Disable 0 2 Disable Disable 0 3 Disable Disable 0 4 Disable Disable 0 5 Disable Disable 0 6 Disable Disable 0 7 Disable Disable 0 8 Disable Disable 0 9 Disable Disable 0 10 Disable Disable 0 11 Disable Disable 0 12 Disable Disable Go To Interface Go o Oo o Oo o Oo o Oo o Oo o Oo p gt o wn 2 1 Interface Selects the interface to enable IPSG 2 Use IPSG Mode to enable or disable validation of Sender IP Address on this interface If IPSG is enabled Packets will not be forwarded if Sender IP Address is not in DHCP Snooping Binding database The factory default is disabled 3 Use IPSG Port Security to enable or disables the IPSG Port Security on the selected interface If IPSG Port Security is enabled then the packets will not be forwarded if the sender MAC Address is not in FDB table and it is not in DHCP snooping binding database To enforce filtering based on MAC address other required configurations are e Enable port security globally e Enable port security on the interface level IPSG Port Security can t be Enabled if IPSG is Disabled The factory default is disabled Managing Device Security 307 M4100 M7100 Web Management User Guide IP Source Guard Binding Configuration To display the IP Source Guard Binding Configuration page click Security gt Control gt IP Source Guard gt Binding Configuration IP Source Guard Binding Configuration St
437. t assigned to the CST It takes a value if True or False Designated root The bridge identifier of the root bridge It is made up from the bridge priority and the base MAC address of the bridge Root Path Cost Path Cost to the Designated Root for the CST Root Port Identifier Port to access the Designated Root for the CST Max Age secs Path Cost to the Designated Root for the CST Forward Delay secs Derived value of the Root Port Bridge Forward Delay parameter Hold Time secs Minimum time between transmission of Configuration BPDUs Configuring Switching Information 134 M4100 M7100 Web Management User Guide Field Description CST Regional Root Priority and base MAC address of the CST Regional Root CST Path Cost Path Cost to the CST tree Regional Root CST Port Configuration Use the Spanning Tree CST Port Configuration page to configure the Common Spanning Tree CST and Internal Spanning Tree on a specific port on the switch To display the Spanning Tree CST Port Configuration page click Switching gt STP gt Advanced gt CST Port Configuration CST Port Configuration CST Port Configuration o pasa zoos TCN Guard Port Mode Guard Guard St Disable Disabled Disable Disable Disable Disable Enable Forwarding Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disabled Disable Disable Disable Disable Enable Disabled Disable Disabled Disable Disable Disab
438. t frame Valid range of values is 1 to 4095 Either VLAN Range or VLAN can be configured Logging When set to Enable logging is enabled for this ACL rule subject to resource availability in the device If the Access List Trap Flag is also enabled this will cause periodic traps to be generated indicating the number of times this rule was hit during the current report interval A fixed 5 minute report interval is used for the entire system A trap is not issued if the ACL rule hit count is zero for the current interval This field is only supported for a Deny Action Rate Limit Conform Data Rate Value of Rate Limit Conform Data Rate specifies the conforming data rate of MAC ACL Rule Valid values are 1 to 4294967295 in Kbps Rate Limit Burst Size Value of Rate Limit Burst Size specifies burst size of MAC ACL Rule Valid values are 1 to 128 in Kbytes Time Range Name of time range associated with the MAC ACL Rule Use Rule Status Displays if the ACL rule is active or inactive Blank means that no timer schedules are assigned to the rule Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch To delete a rule select the check box associated with the rule and click DELETE To change a rule select the check box associated with the rule change the desired fields and click APPLY Configuration changes take effect immediately MAC Binding Configura
439. t groups are identified by class D IP addresses which range from 224 0 0 0 to 239 255 255 255 From the Multicast link you can access the following pages e MFDB on page 144 e IGMP Snooping on page 147 e MLD Snooping on page 157 MFDB From the MFDB link you can access the following pages e Bridge Multicast Forwarding on page 145 e MFDB Table on page 146 e MFDB Statistics on page 147 Configuring Switching Information 144 M4100 M7100 Web Management User Guide Bridge Multicast Forwarding When you create a VLAN a default multicast forwarding option is assigned You can use the Global Multicast Mode setting to set all VLANs currently configured on the switch to a selected forwarding mode The global setting does not create a default setting for VLANs created subsequently it simply ensures that all existing VLANs are configured with the specified mode You can also configure how the switch forwards multicast packets on an individual or per VLAN basis To display the Bridge Multicast Forwarding page click Switching gt Multicast gt MFDB gt Bridge Multicast Forwarding Bridge Multicast Forwarding Bridge Multicast Forwarding Table VLAN ID Forwarding Mode Forward Unregistered 5 2 Forward Unregistered 1 Use VLAN ID to select the VLAN for which the Forwarding Mode is to be changed 2 Use Forwarding Mode to select the forwarding mode from the drop down list Possible values are Forward Unregistered
440. t power limit is equal to the value specified by Power Limit e None indicates that the port will draw up to class 0 max power in case of low power mode and up to class 4 max power in case of high power mode Select the Power Limit to define the maximum power in watts which can be delivered by a port The Detection Type Describes a PD detection mechanism performed by the PSE port e pre ieee Only legacy detection is done e ieee 4 Point Resistive Detection is done e auto 4 Point Resistive Detection followed by Legacy Detection is done e Apoint and Legacy indicates that the resistive 4 point detection scheme is used and when it fails to detect a connected PD legacy capacitive detection is used The Timer Schedule defines the timer schedule assigned to the port Select None to remove the timer schedule assignment Click Reset to forcibly reset the PSE port Click CANCEL to cancel the configuration on the screen This will also reset the data on the screen to the latest value of the switch Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately The following table describes the PoE Configuration non configurable fields Table 9 Field Description Port The interface for which data is to be displayed or configured High Power Enabled when particular port supports High Power Mode Max Power The maximum power in Watts that can be provided by the port
441. t value is 60 5 Use Querier Expiry Interval secs to specify the time interval in seconds after which the last querier information is removed The Querier Expiry Interval must be a value in the range of 60 and 300 The default value is 60 Field Description VLAN Ids Enabled For MLD Snooping Querier Displays VLAN Ids enabled for MLD snooping querier MLD Snooping Querier VLAN Configuration To access the MLD Snooping Querier VLAN Configuration page click Switching gt Multicast gt MLD Snooping gt Querier VLAN Configuration Configuring Switching Information 161 M4100 M7100 Web Management User Guide MLD Snooping Querier VLAN Configuration MLD Snooping Querier VLAN Configuration Querier Election Participate Mode Querier VLAN VLAN ID Address Operational Last Last Operational Operational Max Querier Querier State v pelegos Address Version Response Time OL E MW 1 VLAN ID Specifies the VLAN ID on which MLD Snooping Querier is administratively enabled and VLAN exists in the VLAN database 2 Use Querier Election Participate Mode to enable or disable the MLD Snooping Querier participate in election mode When this mode is disabled up on seeing other querier of same version in the vlan the snooping querier move to non querier state Only when this mode is enabled the snooping querier will participate in querier election where in the least ip address will win the querier
442. te a LAG add selected ports to a LAG then add LAG to the newly created VLAN e Enable tagging on selected ports if the port is in another VLAN Disable tagging if a selected port does NOT exist in another VLAN e Exclude ports NOT selected from the VLAN e Enable routing on the VLAN using the IP address and subnet mask entered To display the VLAN Routing Wizard page click Routing gt VLAN gt VLAN Routing Wizard Routing 206 M4100 M7100 Web Management User Guide VLAN Routing Wizard VLAN Routing Wizard Vian 10 jo IP Address BE vetwork Mask 1 Use VLAN ID to specify the VLAN Identifier VID associated with this VLAN The range of the VLAN ID is 1 to 4093 2 Use Ports to display selectable physical ports and LAGs if any Selected ports will be added to the Routing VLAN Each port has three modes e Tagged Select the ports on which all frames transmitted for this VLAN will be tagged The ports that are selected will be included in the VLAN e U Untagged Select the ports on which all frames transmitted for this VLAN will be untagged The ports that are selected will be included in the VLAN e BLANK Autodetect Select the ports that may be dynamically registered in this VLAN via GVRP This selection has the effect of excluding a port from the selected VLAN 3 Use the LAG Enabled option to add selected ports to VLAN as a LAG The default is No 4 Use IP Address to define the IP address of the VLA
443. terface including framing characters Packets Transmitted Without Errors The total number of packets transmitted out of the interface Unicast Packets Transmitted The total number of packets that higher level protocols requested that will be transmitted to a subnetwork unicast address including those that were discarded or not sent Multicast Packets Transmitted The total number of packets that higher level protocols requested that will be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested that will be transmitted to the Broadcast address including those that were discarded or not sent Transmit Packets Discarded The number of outbound packets which were chosen to be discarded even though no errors had been detected to prevent their being deliverable to a higher layer protocol A possible reason for discarding a packet could be to free up buffer space Most Address Entries Ever Used The highest number of Forwarding Database Address Table entries that have been learned by this switch since the most recent reboot Address Entries in Use The number of Learned and static entries in the Forwarding Database Address Table for this switch Configuring System Information 22 M4100 M7100 Web Management User Guide Field Description Maximum
444. the interface you want to configure 4 Use PVID to specify the VLAN ID you want assigned to untagged or priority tagged frames received on this port The factory default is 1 Configuring Switching Information 115 M4100 M7100 Web Management User Guide 5 Use Acceptable Frame Types to specify the types of frames that may be received on this port The options are VLAN only and Admit All e When set to VLAN only untagged frames or priority tagged frames received on this port are discarded e When set to Admit All untagged frames or priority tagged frames received on this port are accepted and assigned the value of the Port VLAN ID for this port With either option VLAN tagged frames are forwarded in accordance to the 802 1Q VLAN specification 6 Ingress Filtering e When enabled the frame is discarded if this port is not a member of the VLAN with which this frame is associated In a tagged frame the VLAN is identified by the VLAN ID in the tag In an untagged frame the VLAN is the Port VLAN ID specified for the port that received this frame e When disabled all frames are forwarded in accordance with the 802 1Q VLAN bridge specification The factory default is disabled 7 Use Port Priority to specify the default 802 1p priority assigned to untagged packets arriving at the port The possible value is from 0 to 7 MAC Based VLAN The MAC Based VLAN feature allows incoming untagged packets to be assigned to a VL
445. the local host from which syslog messages are sent The default port is 514 Specify the local port in the text field Field Description Messages Received The number of messages received by the log process This includes messages that are dropped or ignored Messages Relayed The count of syslog messages relayed Messages Ignored The count of syslog messages ignored 3 Use IP Address Type to specify the Address Type of Host It may be one of the following e Pv4 e IPv6 e DNS 4 Host Address This is the address of the host configured for syslog 5 Port This is the port on the host to which syslog messages are sent The default port is 514 Specify the port in the text field 6 Severity Filter A log records messages equal to or above a configured severity threshold Select the severity option by selecting the corresponding line on the drop down entry field These severity levels have been enumerated below Monitoring the System 352 M4100 M7100 Web Management User Guide e Emergency 0 system is unusable e Alert 1 action must be taken immediately e Critical 2 critical conditions e Error 3 error conditions e Warning 4 warning conditions e Notice 5 normal but significant conditions e Informational 6 informational messages e Debug 7 debug level messages Trap Logs This screen lists the entries in the trap log The information can be retrieved as a file by using System Utilities Upload File from
446. the range of 1 to 4093 3 Click ADD to add an entry of MAC Address to VLAN mapping 4 Click DELETE to delete and entry of MAC Address to VLAN mapping Protocol Based VLAN Group Configuration You can use a protocol based VLAN to define filtering criteria for untagged packets By default if you do not configure any port IEEE 802 1Q or protocol based VLANs untagged packets will be assigned to VLAN 1 You can override this behavior by defining either port based VLANs or protocol based VLANs or both Tagged packets are always handled according to the IEEE 802 1Q standard and are not included in protocol based VLANs If you assign a port to a protocol based VLAN for a specific protocol untagged frames received on that port for that protocol will be assigned the protocol based VLAN ID Untagged frames received on the port for other protocols will be assigned the Port VLAN ID either the default PVID 1 or a PVID you have specifically assigned to the port using the Port VLAN Configuration screen You define a protocol based VLAN by creating a group Each group has a one to one relationship with a VLAN ID can include one to three protocol definitions and can include multiple ports When you create a group you will choose a name and a Group ID will be assigned automatically To display the Protocol Based VLAN Group Configuration page click Switching gt VLAN gt Advanced gt Protocol Based VLAN Group Configuration Protocol Based VLAN G
447. ticular group on a particular interface before it deletes that interface from the group Enter a value between 1 and 3600 seconds The default is 260 seconds 4 Use Max Response Time to specify the amount of time you want the switch to wait after sending a query on an interface because it did not receive a report for a particular group on that interface Enter a value greater or equal to 1 and less than the Group Membership Interval in seconds The default is 10 seconds The configured value must be less than the Group Membership Interval 5 Use Present Expiration Time to specify the amount of time you want the switch to wait to receive a query on an interface before removing it from the list of interfaces with multicast routers attached Enter a value between 0 and 3600 seconds The default is 0 seconds A value of zero indicates an infinite time out i e no expiration 6 Use Fast Leave Admin mode to select the Fast Leave mode for a particular interface from the drop down menu The default is disable 7 Click CANCEL to cancel the configuration on the screen and reset the data on the screen to the latest value of the switch 8 If you make any configuration changes click APPLY to apply the new settings to the switch Configuration changes take effect immediately IGMP VLAN Configuration Use the IGMP Snooping VLAN Configuration page to configure IGMP snooping settings for VLANs on the system To access the IGMP Snooping VLAN Configuratio
448. tination port The factory default is disabled Port Authentication In port based authentication when 802 1X is enabled globally and on the port successful authentication of any one supplicant attached to the port results in all users being able to use Managing Device Security 273 M4100 M7100 Web Management User Guide the port without restrictions At any given time only one supplicant is allowed to attempt authentication on a port in this mode Ports in this mode are under bidirectional control This is the default authentication mode The 802 1X network has three components e Authenticators Specifies the port that is authenticated before permitting system access e Supplicants Specifies the host connected to the authenticated port requesting access to the system services e Authentication Server Specifies the external server for example the RADIUS server that performs the authentication on behalf of the authenticator and indicates whether the user is authorized to access system services From the Port Authentication page you can access the following pages e Basic on page 275 e Advanced on page 276 Managing Device Security 274 M4100 M7100 Web Management User Guide Basic From the Basic link you can access the following pages e 802 1X Configuration on page 275 802 1X Configuration Use the 802 1X Configuration page to enable or disable port access control on the system To display the 802 1X
449. tion When an ACL is bound to an interface all the rules that have been defined are applied to the selected interface Use the MAC Binding Configuration page to assign MAC ACL lists to ACL Priorities and Interfaces To display the MAC Binding Configuration page click Security gt ACL gt Basic gt MAC Binding Configuration Managing Device Security 319 M4100 M7100 Web Management User Guide MAC Binding Configuration Binding Configuration ACL ID i Direction Sequence Number O 1 to 4294967295 Port Selection Table Interface Binding Status ACL Type ACLID Sequence Number 1 Select an existing MAC ACL from the ACL ID drop down menu You can select one and bind it to the interfaces you want The packet filtering direction for ACL is Inbound which means the MAC ACL rules are applied to traffic entering the port Specify an optional sequence number to indicate the order of this access list relative to other access lists already assigned to this interface and direction A low number indicates high precedence order If a sequence number is already in use for this interface and direction the specified access list replaces the currently attached access list using that sequence number If the sequence number is not specified by the user a Sequence number that is one greater than the highest sequence number currently in use for this interface and direction will be used The valid range is 14294967295 Click the appropr
450. tion Software Revision where MIB Version 1 3 the version of this MIB e Organization NETGEAR Inc e Revision 1 0 Agent Address The IP address associated with this agent Click REFRESH to refresh the web page to show the latest sFlow agent information Monitoring the System 361 M4100 M7100 Web Management User Guide sFlow Receiver Configuration To display the sFlow Receiver Configuration page click Monitoring gt sFlow gt Advanced gt sFlow Receiver Configuration sFlow Receiver Configuration Receiver Receiver Owner ee receiver owner ol sFlow Receiver Configuration Receiver 3 Datagram P Address sumer 1 o False 1400 0 0 0 0 6343 5 2 o False 1400 0 0 0 0 6343 5 3 o False 1400 0 0 0 0 6343 5 4 o False 1400 0 0 0 0 6343 5 5 o False 1400 0 0 0 0 6343 5 6 o False 1400 0 0 0 0 6343 5 7 o False 1400 0 0 0 0 6343 5 e o False 1400 0 0 0 0 6343 5 Receiver Owner The entity making use of this sFlowRcvrTable entry The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to default values An entity wishing to claim an sFlowRcvrTable entry must ensure that the entry is unclaimed before trying to claim it The entry is claimed by setting the owner string The entry must be claimed before any changes can be made to other sampler objects Receiver Timeout The time in seconds remaining before the sampler is released and
451. tion on page 262 e Certificate Management on page 263 e Certificate Download on page 264 HTTPS Configuration Secure HTTP enables the transmission of HTTP over an encrypted Secure Sockets Layer SSL or Transport Layer Security TLS connection When you manage the switch by using a Web interface secure HTTP can help ensure that communication between the management system and the switch is protected from eavesdroppers and man in the middle attacks Use the Secure HTTP Configuration page to configure the settings for HTTPS communication between the management station and the switch To display the Secure HTTP Configuration page click Security gt Access gt HTTPS gt HTTPS Configuration HTTPS Configuration HTTPS Configuration HTTPS Admin Mode Disable Enable SSL Version 3 Disable Enable TLS Version 1 Disable Enable HTTPS Port 443 HTTPS Session Soft Timeout Minutes 60 HTTPS Session Hard Timeout Hours 24 Maximum Number of HTTPS Sessions 16 Authentication List HttpsListName To configure HTTPS settings 1 Use HTTPS Admin Mode to Enable or Disable the Administrative Mode of Secure HTTP The currently configured value is shown when the web page is displayed The default value is Disable You can only download SSL certificates when the HTTPS Admin mode is disabled 2 Use SSL Version 3 to Enable or Disable Secure Sockets Layer Version 3 0 The currently configured value is shown when the web page is dis
452. tioned to root state on message age timer expiry The above example indicates a user level message 1 with severity 7 debug ona system that is not stack and generated by component MSTP running in thread id 2110 on Aug 24 05 34 05 by line 318 of file mstp_api c This is the 237th message logged Messages logged to a collector or relay via syslog have an identical format to the above message e Total number of Messages For the message log only the latest 200 entries are displayed on the webpage Monitoring the System 350 M4100 M7100 Web Management User Guide Command Log Configuration To access the Command Log Configuration page click Monitoring gt Logs gt Command Log Configuration Command Log Configuration Command Log Configuration Admin Status Disable Enable 1 Use Admin Mode to enable disable the operation of the CLI Command logging by selecting the corresponding radio button Console Log Configuration This allows logging to any serial device attached to the host To access the Console Log Configuration page click Monitoring gt Logs gt Console Log Configuration Console Log Configuration Console Log Configuration Admin Status Disable Enable Severity Filter Error v 1 A log that is Disabled shall not log messages A log that is Enabled shall log messages Enable or Disable logging by selecting the corresponding radio button 2 Severity Filter A log records messages e
453. to be Enabled or Disabled 3 Use Multicast Router to enable or disable the multicast router for the Vlan ID Configuring Switching Information 160 M4100 M7100 Web Management User Guide MLD Snooping Querier Configuration Use this page to configure the parameters for MLD Snooping Querier Note that only a user with Read Write access privileges may change the data on this screen To access the MLD Snooping Querier Configuration page click Switching gt Multicast gt MLD Snooping gt Querier Configuration MLD Snooping Querier Configuration MLD Snooping Querier Configuration Querier Admin Mode Disable Enable Querier Address MLD Version 1 Query Interval secs 60 Querier Expiry Interval secs 60 VLAN Ids Enabled for MLD Snooping Querier 1 Use Querier Admin Mode to select the administrative mode for MLD Snooping for the switch The default is disable 2 Use Querier Address to specify the Snooping Querier Address to be used as source address in periodic MLD queries This address is used when no address is configured on the VLAN on which query is being sent The supported IPv6 formats are x x x x X X x x and xox 3 Use MLD Version to specify the MLD protocol version used in periodic MLD queries MLD queries 4 Use Query Interval secs to specify the time interval in seconds between periodic queries sent by the snooping querier The Query Interval must be a value in the range of 1 and 1800 The defaul
454. tr True 1 if the neighbor machine is a router false 2 otherwise Configuring System Information 33 M4100 M7100 Web Management User Guide Field Description Neighbor State The state of the neighboring switch e reachable 1 The neighbor is reachable by this switch e stale 2 Information about the neighbor is scheduled for deletion e delay 3 No information has been received from neighbor during delay period e probe 4 Switch is attempting to probe for this neighbor unknown 6 Unknown status Last Updated The last sysUpTime that this neighbor has been updated Time ProSafe Managed Switches software supports the Simple Network Time Protocol SNTP You can also set the system time manually SNTP assures accurate network device clock time synchronization up to the millisecond Time synchronization is performed by a network SNTP server ProSafe Managed Switches software operates only as an SNTP client and cannot provide time services to other systems Time sources are established by Stratums Stratums define the accuracy of the reference clock The higher the stratum where zero is the highest the more accurate the clock The device receives time from stratum 1 and above since it is itself a stratum 2 device The following is an example of stratums e Stratum 0 A real time clock is used as the time source for example a GPS system e Stratum 1 A server that i
455. ts should be sampled before and after a common interval Packets Transmitted 64 Octets Packets Transmitted 65 127 Octets Packets Transmitted 128 255 Octets Packets Transmitted 256 511 Octets Packets Transmitted 512 1023 Octets Packets Transmitted 1024 1518 Octets Packets Transmitted gt 1518 Octets The total number of packets including bad packets received that were 64 octets in length excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 65 and 127 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 128 and 255 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 256 and 511 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 512 and 1023 octets in length inclusive excluding framing bits but including FCS octets The total number of packets including bad packets received that were between 1024 and 1518 octets in length inclusive excluding framing bits but including FCS octets The total number of packets transmitted that were longer than 1518 octets excluding framing bits but including FCS octets and were otherwise
456. ts on Switch 3 directly Likewise hosts of Switch 1 use VLAN 300 MST instance 1 to communicate with the hosts on Switch 3 directly The hosts use different instances of MSTP to effectively use the links across the switch The same concept can be extended to other switches and more instances of MSTP Configuration Examples 406 Notification of Compliance NETGEAR Managed Stackable Switch Regulatory Compliance Information Note This section includes user requirements for operating this product in accordance with National laws for usage of radio spectrum and operation of radio devices Failure of the end user to comply with the applicable requirements may result in unlawful operation and adverse action against the end user by the applicable National regulatory authority Note This product s firmware limits operation to only the channels allowed in a particular Region or Country Therefore all options described in this user s guide may not be available in your version of the product Europe EU Declaration of Conformity CE Marking by the above symbol indicates compliance with the Essential Requirements of the R amp TTE Directive of the European Union 1999 5 EC This equipment meets the following conformance standards EN300 328 2 4Ghz EN301 489 17 EN301 893 5Ghz EN60950 1 For complete DoC visit the NETGEAR EU Declarations of Conformity website at http support netgear com app answers detail a_id 11621 EDOC in Langua
457. ts segment Transmit Packet Errors The number of outbound packets that could not be transmitted because of errors Collision Frames The best estimate of the total number of collisions on this Ethernet segment Time Since Counters Last Cleared The elapsed time in days hours minutes and seconds since the statistics for this port were last cleared Monitoring the System 338 M4100 M7100 Web Management User Guide Port Detailed Statistics The Port Detailed Statistics page displays a variety of per port traffic statistics To access the Port Detailed page click Monitoring gt Ports gt Port Detailed Statistics Following figure show some but not all of the fields on the Port Detailed Statistics page Port Detailed Statistics Port Detailed Statistics Interface 0 1 v MST ID CST v iflndex 1 Port Type Normal Port Channel ID Disable Port Role STP Mode Enable STP State Admin Mode Enable Flow Control Mode Disable LACP Mode Enable Physical Mode Auto Physical Status 1000 Mbps Link Status Link Up Link Trap Enable Packets RX and TX 64 Octets 1612226 Packets RX and TX 65 127 Octets 440500 Packets RX and TX 128 255 Octets 93632 Packets RX and TX 256 511 Octets 180132 Packets RX and TX 512 1023 Octets 89944 Packets RX and TX 1024 1518 Octets 51297 Packets RX and TX 1519 2047 Octets 0 Packets RX and TX 2048 4095 Octets 0 Packets RX and TX 4096 9216 Octets 0 The figure above shows on
458. ty Mark IP Precedence This is an IP Precedence value in the range from 0 to 7 Mark IP DSCP This lists the keywords for the known DSCP values from which one can be selected The list includes other as an option for the remaining values Simple Policy Use this attribute to establish the traffic policing style for the specified class This command uses single data rate and burst size resulting in two outcomes conform and violate If you select the Simple Policy attribute you can configure the following fields Color Mode This lists the color mode The default is Color Blind e Color Blind e Color Aware Color Aware mode requires the existence of one or more color classes that are valid for use with this policy instance A valid color class contains a single non excluded match criterion for one of the following fields provided the field does not conflict with the classifier of the policy instance itself e Cos e IP DSCP e IP Precedence Committed Rate This value is specified in the range 1 to 4294967295 kilobits per second Kbps Committed Burst Size This value is specified in the range 1 to 128 KBytes The committed burst size is used to determine the amount of conforming traffic allowed Conform Action This lists the actions to be taken on conforming packets per the policing metrics from which one can be selected The default is send Violate Action This lists the actions to be taken on violati
459. type and the rate at which the packets are transmitted The Storm Control link contains links to the following pages e Storm Control Global Configuration on page 299 e Storm Control Interface Configuration on page 300 Storm Control Global Configuration To display the Storm Control Global Configuration page click Security gt Traffic Control gt Storm Control gt Storm Control Global Configuration Storm Control Port Settings Global Flow Control IEEE 802 3x Mode Disable _ w Broadcast Storm Control All Disable Enable Multicast Storm Control All Disable Enable Unknown Unicast Storm Control All Disable Enable The following four controls provide an easy way to enable or disable each type of packets to be rate limited on every port in a global fashion The effective storm control state of each port can be viewed by going to the port configuration page e Global Flow Control IEEE 802 3x Mode Enable or disable this option by selecting the drop down menu The factory default is disabled e Broadcast Storm Control All Enable or disable the Broadcast Storm Recovery mode on all ports by clicking the corresponding radio button When you specify Enable for Broadcast Storm Recovery and the broadcast traffic on any Ethernet port exceeds the configured threshold the switch blocks discards the broadcast traffic The factory default is enabled e Multicast Storm Control All Enable or disable the Multicast Storm
460. ues from which one can be selected The list includes other as an option for the remaining values 5 Match Criteria Displays the configured match criteria for the specified class 6 Values Displays the values of the configured match criteria 7 Click CANCEL to cancel the configuration on the screen Resets the data on the screen to the latest value of the switch 8 Click APPLY to send the updated configuration to the switch Configuration changes take effect immediately Policy Configuration Use the Policy Configuration page to associate a collection of classes with one or more policy statements After creating a Policy click the policy link to the Policy page To display the page click QoS gt DiffServ gt Advanced gt Policy Configuration Policy Configuration Policy Configuration Ei Policy Name Policy Type Member Class 1 Use Policy Name to uniquely identify a policy using a case sensitive alphanumeric string from 1 to 31 characters 2 Member Class This lists all existing DiffServ classes currently defined as members of the specified Policy from which one can be selected This list is automatically updated as a new class is added to or removed from the policy This field is a selector field only when an existing policy class instance is to be removed After removal of the policy class instance this becomes a non configurable field 3 Policy Type Indicates the type is specific to inbound traffic directi
461. upload image1 e image2 Select image2 to upload image2 e CLI Banner Specify CLI Banner when you want retrieve the CLI banner file e Text Configuration Specify configuration in text mode when you want to retrieve the stored configuration e Script File Specify script file when you want to retrieve the stored configuration e Error Log Specify error log to retrieve the system error persistent log sometimes referred to as the event log e Buffered Log Specify buffered log to retrieve the system buffered in memory log e Trap Log Specify trap log to retrieve the system trap records e Tech Support Specify Tech Support to retrieve the switch information needed for trouble shooting The factory default is Archive Use Transfer Mode to specify what protocol to use to transfer the file e TFTP Trivial File Transfer Protocol e SFTP Secure File Transfer Program e SCP Secure Copy Use Server Address Type to specify either IPv4 IPv6 or DNS to indicate the format of the Server Address field The factory default is IPv4 Maintenance 368 M4100 M7100 Web Management User Guide 4 Use Server Address to enter the IP address of the server in accordance with the format indicated by the Seer Address Type The factory default is the IPv4 address 0 0 0 0 5 Use Remote File Path to enter the path where you want to upload the file File path may include alphabetic numeric forward slash dot or underscore characters onl
462. upport the Authenticator role only in which the PAE is responsible for communicating with the Supplicant The Authenticator PAE is also responsible for submitting the information received from the Supplicant to the Authentication Server in order for the credentials to be checked which will determine the authorization state of the Port The Authenticator PAE controls the authorized unauthorized state of the controlled Port depending on the outcome of the RADIUS based authentication process Supplicant Authenticator Switch Authentication Server RADIUS 192 168 10 23 Supplicant 802 1X Example Configuration This example shows how to configure the switch so that 802 1X based authentication is required on the ports in a corporate conference room 1 0 5 1 0 8 These ports are available to visitors and need to be authenticated before granting access to the network The authentication is handled by an external RADIUS server When the visitor is successfully authenticated traffic is automatically assigned to the guest VLAN This example assumes that a VLAN has been configured with a VLAN ID of 150 and VLAN Name of Guest Configuration Examples 401 M4100 M7100 Web Management User Guide 1 From the Port Authentication screen select ports 1 0 5 1 0 6 1 0 7 and 1 0 8 2 From the Port Control menu select Unauthorized The Port Control setting for all other ports where authentication is not needed should Authorized When the Port
463. ured querier query interval If the snooping switch sees a better querier in the VLAN it moves to non querier mode e Non Querier Snooping switch is in Non Querier mode in the VLAN If the querier expiry interval timer is expired the snooping switch will move into querier mode e Disabled Snooping Querier is not operational on the VLAN The Snooping Querier moves to disabled mode when IGMP Snooping is not operational on the VLAN or when the querier address is not configured or the network management address is also not configured Operational Version Displays the operational IGMP protocol version of the querier Last Querier Address Displays the IP address of the last querier from which a query was snooped on the VLAN Last Querier Version Displays the IGMP protocol version of the last querier from which a query was snooped on the VLAN Operational Max Response Time Displays maximum response time to be used in the queries that are sent by the Snooping Querier Configuring Switching Information 156 M4100 M7100 Web Management User Guide MLD Snooping From the MLD Snooping link you can access the following pages MLD Snooping Configuration on page 157 MLD Snooping Interface Configuration on page 158 MLD VLAN Configuration on page 159 Multicast Router Configuration on page 159 Multicast Router VLAN Configuration on page 160 MLD Snooping Querier Configuration on page 161 MLD Sno
464. urity gt ACL gt Advanced gt IPv6 ACL Managing Device Security 328 M4100 M7100 Web Management User Guide IPv6 ACL IPv6 Configuration Current Number of ACL 5 Maximum ACL 100 IPv6 ACL Table A IPv6 ACL Rules Type SaaS es O ipv acl 5 1 IPv6 ACL 1 IPv6 ACL is the IPv6 ACL ID or IPv6 ACL Name which is dependent on the IPv6 ACL Type IPv6 ACL Name string includes alphanumeric characters only The name must start with an alphabetic character 2 Click ADD to add a new IPv6 ACL to the switch configuration 3 Click DELETE to remove the currently selected IPv6 ACL from the switch configuration Field Description Current Number of ACL The current number of the IP ACLs configured on the switch Maximum ACL The maximum number of IP ACL that can be configured on the switch it depends on the hardware Rules The number of the rules associated with the IP ACL Type The type is IPv6 ACL IPv Rules Use these screens to configure the rules for the IPv6 Access Control Lists which are created using the IPv6 Access Control List Configuration screen By default no specific value is in effect for any of the IPv6 ACL rules To display the IPv6 Rules page click Security gt ACL gt Advanced gt IPv6 Rules IPv6 Rules IPv6 Rules ACL Name IPv6 ACL Rule Table Rule _ Assign Mirror Redirect Match 2H SO Eanes Poe Action Logging Protocol Prefix L4 refi 1D Queue ID
465. va Mode to enable or disable the java applet that displays a picture of the switch in the Device view tab of the System tab If you run the applet you will be able to click on the picture of the switch to select configuration screens instead of using the navigation tree on the left side of the screen The factory default is Enable 3 Use HTTP Session Soft Timeout Minutes to set the inactivity time out for HTTP sessions The value must be in the range of 1 to 60 minutes The default value is 60 minutes The currently configured value is shown when the web page is displayed 4 Use HTTP Session Hard Timeout Hours to set the hard time out for HTTP sessions This time out is unaffected by the activity level of the session The value must be in the range of Managing Device Security 260 M4100 M7100 Web Management User Guide 1 to 168 hours The default value is 24 hours The currently configured value is shown when the web page is displayed 5 Use Maximum Number of HTTP Sessions to set the maximum allowable number of HTTP sessions The value must be in the range of 0 to 16 The default value is 16 The currently configured value is shown when the web page is displayed Field Description Authentication List Shows the authentication list which HTTP is using Managing Device Security 261 M4100 M7100 Web Management User Guide HTTPS From the HTTPS link you can access the following pages e HTTPS Configura
466. values are Enable or Disable 10 Use Loop Guard to configure the loop guard on the port to protect layer 2 forwarding loops If loop guard is enabled the port moves into the STP loop inconsistent blocking state instead of the listening learning forwarding state 11 Use TCN Guard to configure the TCN guard for a port restricting the port from propagating any topology change information received through that port The possible values are Enable or Disable 12 Use Port Mode to enable disable Spanning Tree Protocol Administrative Mode associated with the port or port channel The possible values are Enable or Disable Field Description Auto Calculated Port Path Cost Displays whether the path cost is automatically calculated Enabled or not Disabled Path cost will be calculated based on the link speed of the port if the configured value for Port Path Cost is zero Hello Timer Displays the value of the parameter for the CST Auto Calculated External Port Path Cost Displays whether the external path cost is automatically calculated Enabled or not Disabled External Path cost will be calculated based on the link speed of the port if the configured value for External Port Path Cost is zero BPDU Guard Effect Display the BPDU Guard Effect it disables the edge ports that receive BPDU packets The possible values are Enable or Disable Port Forwarding State The Forwarding State of this port Configuring Switching Information 136
467. ved successfully but discarded because of an unknown or unsupported protocol IpInDiscards The number of input IP datagrams for which no problems were encountered to prevent their continued processing but which were discarded e g for lack of buffer space Note that this counter does not include any datagrams discarded while awaiting re assembly IpInDelivers The total number of input datagrams successfully delivered to IP user protocols including ICMP IpOutRequests The total number of IP datagrams which local IP user protocols including ICMP supplied to IP in requests for transmission Note that this counter does not include any datagrams counted in ipForwDatagrams IpOutDiscards The number of output IP datagrams for which no problem was encountered to prevent their transmission to their destination but which were discarded e g for lack of buffer space Note that this counter would include datagrams counted in ipForwDatagrams if any such packets met this discretionary discard criterion lpOutNoRoutes The number of IP datagrams discarded because no route could be found to transmit them to their destination Note that this counter includes any packets counted in ipForwDatagrams which meet this no route criterion Note that this includes any datagrams which a host cannot route because all of its default gateways are down Routing 200 M4100 M7100 Web Management User Guide Field
468. ver statistics available on the page Click CLEAR COUNTERS to clear the accounting server statistics Field Description Accounting Server Address Displays the accounting server associated with the statistics Round Trip Time secs Displays the time interval in hundredths of a second between the most recent Accounting Response and the Accounting Request that matched it from this RADIUS accounting server Accounting Requests Displays the number of RADIUS Accounting Request packets sent not including retransmissions Accounting Retransmissions Displays the number of RADIUS Accounting Request packets retransmitted to this RADIUS accounting server Accounting Responses Displays the number of RADIUS packets received on the accounting port from this server Malformed Accounting Responses Displays the number of malformed RADIUS Accounting Response packets received from this server Malformed packets include packets with an invalid length Bad authenticators and unknown types are not included as malformed accounting responses Bad Authenticators Displays the number of RADIUS Accounting Response packets that contained invalid authenticators received from this accounting server Pending Requests Displays the number of RADIUS Accounting Request packets sent to this server that have not yet timed out or received a response Managing Device Security 251 M4100 M7100 Web Management User Guide
469. w control restrict contents of routing updates decide which types of traffic are forwarded or blocked and provide security for the network ACLs are normally used in firewall routers that are positioned between the internal network and an external network such as the Internet They can also be used on a router positioned between two parts of the network to control the traffic entering or exiting a specific part of the internal network The added packet processing required by the ACL feature does not affect switch performance That is ACL processing occurs at wire speed Access lists are a sequential collection of permit and deny conditions This collection of conditions known as the filtering criteria is applied to each packet that is processed by the switch or the router The forwarding or dropping of a packet is based on whether or not the packet matches the specified criteria Traffic filtering requires the following two basic steps 1 Create an access list definition The access list definition includes rules that specify whether traffic matching the criteria is forwarded normally or discarded Additionally you can assign traffic that matches the Configuration Examples 393 M4100 M7100 Web Management User Guide criteria to a particular queue or redirect the traffic to a particular port A default deny all rule is the last rule of every list 2 APPLY the access list to an interface in the inbound direction ProSafe Managed
470. w on page 360 Ports The pages available from the Ports link contain a variety of information about the number and type of traffic transmitted from and received on the switch From the Ports link you can access the following pages e Port Statistics on page 337 e Port Detailed Statistics on page 339 e EAP Statistics on page 345 e Cable Test on page 347 336 Port Statistics M4100 M7100 Web Management User Guide The Port Statistics page displays a summary of per port traffic statistics on the switch To access the Port Statistics page click Monitoring gt Ports gt Port Statistics Port Statistics Status 1 LAGS All Total Packets Interface received without Errors Packets Packets Go To Interface GO Time Broadcast Transmit since received transmitted Collision with Errors Packets p Packet counters z without Frames received Errors last Errors cleared 0 1 789757 0 2 o 0 3 109676 0 4 0 5 0 6 0 7 0 8 0 9 0 10 0 11 0 12 LAGS All ora iG oa GI ooo o ge E o nn SOG Gi i o fy o io ia o Si o ig o 299442 1677536 0 0 31 day 9 hr 51 min 9 sec o o ie ie 31 day 9 hr 51 min 9 sec 36 420083 fa fa 31 day 9 hr 51 min 9 sec o o o o 31 day 9 hr 51 min 9 sec a o 0 0 31 day 9 hr 51 min 9 sec oO o ie 0 31 day 9 hr 51 min 9 sec o 0 o o 31 day 9 hr 51 min 9 sec o o o o 31 day 9 hr 51 min 9 sec o 0 o o 31 day 9 hr 51 min 9 sec e ie ie ie 31 da
471. ware Revision 10 14 19 6 Serial Number 23 Manufacturer Name Broadcom Corporation Model Name GSM7212P _ Asset Id Location Information Sub Type Location Information Coordinate Based ELIN Extended PoE Device Unknown _ High 0 Watts 1 Use Interface to select the ports on which LLDP MED frames can be transmitted The following table describes the LLDP MED Local Device Information fields Configuring System Information 94 M4100 M7100 Web Management User Guide Field Description Network Policy Information Specifies if network policy TLV is present in the LLDP frames Media Application Type Specifies the application type Types of application types are unknown voicesignaling guestvoice guestvoicesignalling softphonevoice videoconferencing streammingvideo vidoesignalling Each application type that is received has the VLAN id priority DSCP tagged bit status and unknown bit status A port may receive one or many such application types If a network policy TLV has been transmitted only then would this information be displayed Inventory Hardware Revision Specifies if inventory TLV is present in LLDP frames Specifies hardware version Firmware Revision Specifies Firmware version Software Revision Serial Number Specifies Software version Specifies serial number Manufacturer Name Specifies manufacturers name Model Name Asset ID Specif
472. well formed This counter has a max increment rate of 815 counts per sec at 10 Mb s Maximum Frame Size The maximum ethernet frame size the interface supports or is configured including ethernet header CRC and payload 1518 to 9216 The default maximum frame size is 1518 Total Packets Transmitted Successfully Unicast Packets Transmitted The number of frames that have been transmitted by this port to its segment The total number of packets that higher level protocols requested be transmitted to a subnetwork unicast address including those that were discarded or not sent Monitoring the System 343 M4100 M7100 Web Management User Guide Field Description Multicast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to a Multicast address including those that were discarded or not sent Broadcast Packets Transmitted The total number of packets that higher level protocols requested be transmitted to the Broadcast address including those that were discarded or not sent Total Transmit Errors The sum of Single Multiple and Excessive Collisions Total Transmit Packets Discarded The sum of single collision frames discarded multiple collision frames discarded and excessive frames discarded Single Collision Frames A count of the number of successfully transmitted frames on a particular interface for which tran
473. which the entity received but determined as having ICMP specific errors bad ICMP checksums bad length etc IcmpInDestUnreachs The number of ICMP Destination Unreachable messages received IcmpInTimeExcds The number of ICMP Time Exceeded messages received IcmpInParmProbs The number of ICMP Parameter Problem messages received IcmpInSrcQuenchs IcmpInRedirects The number of ICMP Source Quench messages received The number of ICMP Redirect messages received Routing 201 M4100 M7100 Web Management User Guide Field Description IcmpInEchos The number of ICMP Echo request messages received IcmpInEchoReps The number of ICMP Echo Reply messages received IcmpInTimestamps The number of ICMP Timestamp request messages received IcmpInTimestampReps The number of ICMP Timestamp Reply messages received IcmpInAddrMasks The number of ICMP Address Mask Request messages received IcmpInAddrMaskReps The number of ICMP Address Mask Reply messages received IcmpOutMsgs The total number of ICMP messages which this entity attempted to send Note that this counter includes all those counted by icmpOutErrors IcmpOutErrors The number of ICMP messages which this entity did not send due to problems discovered within ICMP such as a lack of buffers This value should not include errors discovered outside the ICMP layer such as the
474. will not be authenticated e RADIUS the user s name and password will be authenticated using the RADIUS server instead of local server e TACACS the user s name and password will be authenticated using the TACACS server e Deny authentication always fails 3 2 Use the drop down menu to select the method if any that should appear second in the selected authentication enable list This is the method that will be used if the first method times out If you select a method that does not time out as the second method the third method will not be tried Note that this parameter will not appear when you first create a new login list 4 3 Use the drop down menu to select the method if any that should appear third in the selected authentication enable list If you select a method that does not time out as the third method the fourth method will not be tried 5 4 Use the drop down menu to select the method if any that should appear fourth in the selected authentication enable list If you select a method that does not time out as the fourth method the fifth method will not be tried 6 5 Use the drop down menu to select the method if any that should appear fifth in the selected authentication enable list 7 Click ADD to add a new login list to the switch Click DELETE to remove the selected authentication enable list from the configuration You can only use this button if you have Read Write access The change will not be reta
475. with the lowest MAC address is elected as the root bridge see CST Configuration on page 162 5 From the CST Port Configuration screen select ports 1 0 1 1 0 8 and select Enable from the STP Status menu see CST Port Configuration on page 164 6 Click APPLY Configuration Examples 405 10 11 12 M4100 M7100 Web Management User Guide Select ports 1 0 1 1 0 5 edge ports and select Enable from the Fast Link menu Since the edge ports are not at risk for network loops ports with Fast Link enabled transition directly to the Forwarding state Click APPLY You can use the CST Port Status screen to view spanning tree information about each port From the MST Configuration screen create a MST instances with the following settings e MSTID 1 e Priority Use the default 32768 e VLAN ID 300 For more information see MST Configuration on page 168 Click ADD Create a second MST instance with the following settings e MST ID 2 e Priority 49152 e VLAN ID 500 Click ADD In this example assume that Switch 1 has become the Root bridge for the MST instance 1 and Switch 2 has become the Root bridge for MST instance 2 Switch 3 has hosts in the Sales department ports 1 0 1 1 0 2 and 1 0 3 and in the HR department ports 1 0 4 and 1 0 5 Switches 1 and 2 also have hosts in the Sales and Human Resources departments The hosts connected from Switch 2 use VLAN 500 MST instance 2 to communicate with the hos
476. word again to confirm that you entered it correctly This field will not display the password as it is typed but will show asterisks 5 Access Mode indicates the user s access mode The admin account always has Read Write access and all other accounts have Read Only access The default value is Read Only Click ADD to add a user account with Read Only or Read Write access 7 Click DELETE to delete the currently selected user account You can not delete the admin Read Write user Managing Device Security 243 M4100 M7100 Web Management User Guide Field Description Lockout Status Indicates whether the user account is locked out TRUE or FALSE Password Expiration Date Indicates the current password expiration date in date format User Password Configuration To display the User Password Configuration page click Security gt Management Security gt Local User gt User Password Configuration Password Configuration Password Configuration Password Minimum Length Password Aging days Password History Lockout Attempts o o oO oO 1 Use Password Minimum Length to specify the minimum character length of all new local user passwords 2 Use Password Aging days to specify the maximum time for which the user passwords are valid in days from the time the password is set Once a password expires the user will be required to enter a new password fol
477. x Displays the interface index associated with the port Configuring Switching Information 178 M4100 M7100 Web Management User Guide Link Aggregation Groups Link aggregation groups LAGs which are also known as port channels allow you to combine multiple full duplex Ethernet links into a single logical link Network devices treat the aggregation as if it were a single link which increases fault tolerance and provides load sharing You assign the LAG VLAN membership after you create a LAG The LAG by default becomes a member of the management VLAN A LAG interface can be either static or dynamic but not both All members of a LAG must participate in the same protocols A static port channel interface does not require a partner system to be able to aggregate its member ports Static LAGs are supported When a port is added to a LAG as a static member it neither transmits nor receives LACPDUs From the LAGs link you can access the following pages e LAG Configuration on page 180 e LAG Membership on page 181 Configuring Switching Information 179 M4100 M7100 Web Management User Guide LAG Configuration Use the LAG Port Channel Configuration page to group one or more full duplex Ethernet links to be aggregated together to form a link aggregation group which is also known as a port channel The switch treats the LAG as if it were a single link To access the LAG Configuration page click Switching gt LAG g
478. y You may enter up to 160 characters The factory default is blank 6 Use Remote File Name to enter the name of the file you want to download from the server You may enter up to 32 characters The factory default is blank 7 Use Local File Name to specify the local script file name you want to upload This field is visible only when File Type is Script File 8 Use User Name to enter the username for remote login to SFTP SCP server where the file will be sent This field is visible only when SFTP or SCP transfer modes are selected 9 Use Password to enter the password for remote login to SFTP SCP server where the file will be sent This field is visible only when SFTP or SCP transfer modes are selected 10 The last row of the table is used to display information about the progress of the file transfer HTTP File Upload To display the HTTP File Upload page click Maintenance gt Upload gt HTTP File Upload HTTP File Upload HTTP File Upload File Type Archive Image Name image1 1 Use File Type to specify what type of file you want to upload e Archive Specify archive STK code when you want to retrieve from the operational flash e Image Name Select one of the images from the list e Image Specify the code image1 when you want to retrieve e Image2 Specify the code image2 when you want to retrieve e CLI Banner Specify CLI Banner when you want retrieve the CLI banner file e Text Configuration
479. y 9 hr 51 min 9 sec 0 o o o 31 day 9 hr 51 min 9 sec e o ie ie 31 day 9 hr 51 min 9 sec Go To Interface GO The following table describes the per port statistics displayed on the screen Use the buttons at the bottom of the page to perform the following actions e To clear all the counters for all ports on the switch select the check box in the row heading and click CLEAR The button resets all statistics for all ports to default values e Toclear the counters for a specific port select the check box associated with the port and click CLEAR e Click REFRESH to refresh the data on the screen and display the most current statistics Field Description Interface This object indicates the interface of the interface table entry associated with this port on an adapter Total Packets Received Without Errors The total number of packets received that were without errors Monitoring the System 337 M4100 M7100 Web Management User Guide Field Description Packets Received With Error The number of inbound packets that contained errors preventing them from being deliverable to a higher layer protocol Broadcast Packets Received The total number of good packets received that were directed to the broadcast address Note that this does not include multicast packets Packets Transmitted Without Errors The number of frames that have been transmitted by this port to i
480. you can change its type to Static Configuring Switching Information 110 M4100 M7100 Web Management User Guide Advanced From the Advanced link you can access the following pages e VLAN Configuration on page 109 e VLAN Membership on page 112 e VLAN Status on page 113 e Port PVID Configuration on page 115 e MAC Based VLAN on page 116 e Protocol Based VLAN Group Configuration on page 117 e Protocol Based VLAN Group Membership on page 118 e IP Subnet Based VLAN on page 119 e Port DVLAN Configuration on page 120 e Voice VLAN Configuration on page 120 e GARP Switch Configuration on page 122 e GARP Port Configuration on page 122 VLAN Configuration To display the VLAN Configuration page click Switching gt VLAN gt Advanced gt VLAN Configuration VLAN Configuration Reset Reset Configuration go Internal VLAN Configuration Internal VLAN Allocation Base 4093 Internal VLAN Allocation Policy Ascending Descending VLAN Configuration amp VLAN ID VLAN Name VLAN Type Make Static OO O a default Default Disable Reset Configuration If you select this button and confirm your selection on the next screen all VLAN configuration parameters will be reset to their factory default values Also all VLANs except for the default VLAN will be deleted The factory default values are e All ports are assigned to the default VLAN of 1 e All ports are configured with a PVID of
481. ype of the SNTP Server address for the last received valid packet Server Stratum Specifies the claimed stratum of the server for the last received valid packet Reference Clock Id Specifies the reference clock identifier of the server for the last received valid packet Configuring System Information 37 M4100 M7100 Web Management User Guide Field Description Server Mode Specifies the mode of the server for the last received valid packet Unicast Server Max Entries Specifies the maximum number of unicast server entries that can be configured on this client Unicast Server Current Entries Specifies the number of current valid unicast server entries configured for this client Broadcast Count Specifies the number of unsolicited broadcast SNTP messages that have been received and processed by the SNTP client since last reboot SNTP Server Configuration Use the SNTP Server Configuration page to view and modify information for adding and modifying Simple Network Time Protocol SNTP servers To display the SNTP Server Configuration page click System gt Management gt Time gt SNTP Server Configuration SNTP Server Configuration SNTP Server Configuration S al cand Address Port Priority Version Type U M M SNTP Server Status Last Last Last Failed Requests Update Attempt Attempt Requests Time Time Status To configure a new SNTP S
Download Pdf Manuals
Related Search