User`s Manual - PLANET Technology Corporation.
Contents
1. cccccceeeseeeeeenseeeeenseeeeenseeeeeanseeeonaseeeoeaseeeeoasseeeonseeeeoaseesoosseeeonaseesoaseesensseesonas 44 SAWED Mahade TE 45 3 5 SNMP based Network Management cccccesssseeecceenseeeeeecenseeseoeasseeeseoeasseeeseoauseeeeseoaaseeeseoonseesseonaes 46 3 0 PLANET Smart DISCOVERY UWY eege EE 46 4 WEB CONFIGURATION 0cccccscsssssssnscescnscnsensensensensensenssnnennnensensensennensensensenseneenseneennenssns 48 ET INANE WV ea PA LE 50 BZ DV SUSI EE 52 SE un FO UMM ere Geer ices ise Galant al Sige Sea ea edt Seta et EAEEREN eee ieee eo se eee dee ieee 53 AZZ lee EE 54 NEE 56 Gr PLAN EI User s Manual of GS 5220 Series Networking amp Communication 42A Users CO ill SUR ALON EE 57 do Ar MUNI EE 60 4 2 6 NIP el lee 61 4 2 7 Time Configuration eee 62 EE ee 64 me MB EE 66 4 2 10 DHCP Ee 67 AD WP BE 69 gn T e LO EE 70 de T Deed EO ME 71 4 2 14 Remote Syslog sescwssccseweniccciaesdeceennnsadecned denssdeasedecaes seceusnadcdseedsaebencavdnadcdaniat deniuneadadancebbenieden lade bauededsdnnnedcensedediedanes 72 4 2 15 SMTP Configuration cece 73 4 2 16 Web Firmware ee TE 14 AA Ue Lie ln ee EN 15 4 2 18 Save Startup COMMG dccrcoccssesasncctesnineveiinss neck bdemctanes bencbbduie edeinbbenicksydnnetaeertbesabeieestesiccdeeshreanetsdesddnecteimeeteisininestaleds 76 4 2 19 Configuration Download 76 dU Ba a lee lila age 92 WEE 77 4221 EEGENEN 77 4 2 22 Configuration Delete A 78 4 2 23 I2. Clear This button is available in the following modes s Force Authorized e Force Unauthorized e Port based 802 1X e Single 802 1X Click to clear the counters for the selected port _ Clear Ai This button is available in the following modes e Multi 802 1X e MAC based Auth X 245 e PLANET Networking amp Communication User s Manual of GS 5220 Series Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however Clear This This button is available in the following modes e Multi 802 1X e MAC based Auth X Click to clear only the currently selected client s counters 246 e 4 11 6 RADIUS This page allows you to configure the RADIUS Servers The RADIUS Configuration screen in Figure 4 11 7 appears PLANET Networking amp Communication RADIUS Server Configuration Global Configuration NAS Identifier Server Configuration Add New Server Figure 4 11 7 RADIUS Server Configuration Page Screenshot The page includes the following fields Global Configuration These setting are common for all of the RADIUS Servers User s Manual of GS 5220 Series Object e Timeout e Retransmit e Dead Time Description Timeout is the number of seconds in the range 1 to 1000 to wait for a reply from a RADIUS server before retransmitting the request Retransmit is the number of times in the range f
3. PLANET Networking amp Communication User s Manual of GS 5220 Series 4 16 8 LLDP PoE Neighbours This page provides a status overview for all LLDP PoE neighbors The displayed table contains a row for each port on which an LLDP PoE neighbor is detected The columns hold the following information The screen in Figure 4 16 7 appears LLDP Neighbour Power Over Ethernet Information Local Port Powar Type No PoE neighbour information found Figure 4 16 7 LLDP PoE Neighbour Screenshot Please note that administrator has to enable LLDP port from LLDP configuration please refer to the following example The screen in Figure 4 16 8 appears To enable LLDP function from port1 to port3 administrator has to plug a PD that supports PoE LLDP function and then administrator is going to see the PoE information of the PD from LLDP LLDP Port Configuration Port Mode CDP Aware Port Description System Name System Description System Capabilities Management Address 1 Enahlel 2 Enablel a RR fs E fs O fs fs fs O fs fs fs O K E e fs fs fs O HLE LLDP Configuration LLDP Parameters Tx Hold 4 times LLDP Port Configuration CDP Aware Port Description System Name System Description System Capabilities Management Address pe eh ek JE K E a oO JE aKa RSR RK a sl is A IEE EIS amp oO Figure 4 16 8 LLDP Configuration Screenshot
4. Click to refresh the page immediately kx Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt Updates the table starting with the entry after the last entry currently displayed 4 6 5 VLAN Port Status This page provides VLAN Port Status The VLAN Port Status screen in Figure 4 6 5 appears VLAN Port Status for Combined users Port Type Ingress TE Frame Type Port YLAN ID Untagged LAN ID Conflicts C Port 1 Untag Di 2 C Port All 1 Untag PID No 2 C Port All 1 Untag PID No d C Port All 1 Untag PID No 5 C Port All 1 Untag PID No 6 C Paort All 1 Untag PID No 7 C Port All 1 Untag PID No kd All Ho Figure 4 6 5 VLAN Port Status for Combined users Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e Port Type Show the VLAN Awareness for the port If VLAN awareness is enabled the tag is removed from tagged frames received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are classified to the Port VLAN ID and 121 PLANET Networking amp Communication a e Ingress Filtering e Frame Type e Port VLAN ID e Tx Tag e Untagged VLAN ID User s Manual of GS 5220 Series tags are not removed Show the ingress filtering for a port This parameter affects VLAN ingr
5. PLANET Networking amp Communication K User s Manual L2 Gigabit 10 Gigabit DE Managed Switch e gt GS 5220 Series ELEVA LL ae PEE Be Ea PEE bei FID we FEF www PLANET com tw PLAN EI User s Manual of GS 5220 Series Networking amp Communication e Trademarks Copyright PLANET Technology Corp 2015 Contents are subject to revision without prior notice PLANET is a registered trademark of PLANET Technology Corp All other trademarks belong to their respective owners Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications and makes no warranty and representation either implied or expressed with respect to the quality performance merchantability or fitness for a particular purpose PLANET has made every effort to ensure that this User s Manual is accurate PLANET disclaims liability for any inaccuracies or omissions that may have occurred Information in this User s Manual is subject to change without notice and does not represent a commitment on the part of PLANET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find info
6. a PLANET User s Manual of GS 5220 Series Networking amp Communication 10Gbps SFP 10G Ethernet 10GBASE Model Speed Mbps SE Fiber Mode Distance Wavelength nm Operating Temp 10Gbps SFP 10GBASE BX Single Fiber Bi directional SFP Model Sy oY 1 10 E E1 0J 9 SE Fiber Mode Distance Wavelength TX Wavelength RX Operating Temp It is recommended to use PLANET SFP SFP on the Managed Switch If you insert an SFP SFP transceiver that is not supported the Managed Switch will not recognize it 1 Before we connect the GS 5220 series to the other network device we have to make sure both sides of the SFP transceivers are with the same media type for example 1000BASE SX to 1000BASE SX 1000Bas LX to 1000BASE LX 2 Check whether the fiber optic cable type matches with the SFP transceiver requirement gt To connect to 1000BASE SX SFP transceiver please use the multi mode fiber cable with one side being the male duplex LC connector type gt Toconnect to 1OOOBASE LX SFP transceiver please use the single mode fiber cable with one side being the male duplex LC connector type Connect the Fiber Cable 1 Insert the duplex LC connector into the SFP SFP transceiver 2 Connect the other end of the cable to a device with SFP SFP transceiver installed 3 Check the LNK ACT LED of the SFP SFP slot on the front of the Managed Switch Ensure that the SFP SFP transceiver is operating correctly 4 Check the
7. 136 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e E The path cost to the root from the transmitting port a The port identifier of the transmitting port The switch sends BPDUs to communicate and construct the spanning tree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDUs are not directly forwarded by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The communication between switches via BPDUs results in the following E One switch is elected as the root switch a The shortest distance to the root switch is calculated for each switch a A designated switch is selected This is the switch closest to the root switch through which packets will be forwarded to the root E A port for each switch is selected This is the port providing the best path from the switch to the root switch a Ports included in the STP are selected Creating a Stable STP Topology It is to make the root port a fastest link If all switches have STP enabled with default settings the switch with the lowest MAC address in the network will become the root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch When STP is enabled using the default parameters the path between sourc
8. 4 Enable 5 Enable b Enable lt Al gt T lt All gt Y zA Profile 1 ou sat T High T EIS Profile 1 ou sat T High T EIS Profile 1 DZ sat High Y J6 Profile 1 ou sat T High T EIS Profile 1 ou Sat High Y ab Profile 1 ou sat T High T EIS andat Hirah T 2 Figure 4 16 4 Power over Ethernet Configuration Screenshot The page includes the following fields Object e PoE Mode e Schedule e AF AT Mode e Priority Description There are three modes for PoE mode WR Enable enable PoE function RW Disable disable PoE function M Schedule enable PoE function in schedule mode Indicates the schedule profile mode Possible profiles are WM Profile1 WM Profile2 E Profile3 E Profile4 Allows user to select 802 3at or 802 3af compatibility mode The default value is 802 3at mode This function will affect POE power reservation under the power limit classification only As in 802 3af mode the system will reserve a maximum of 15 4W for PD that supports Class3 level As in IEEE 802 3at mode the system will reserve 30 8W for PD that supports Class4 level From class to class3 level in the 802 3at mode the PoE power will be reserved the same as that in 802 3af mode The Priority represents PoE ports priority There are three levels of power priority named Low High and Critical 318 PLAN EI User s Manual of GS 5220 Series Networking amp Communication v i The
9. AMS is an acronym for Auto Media Select AMS is used for dual media ports ports supporting both copper cu and fiber SFP cables AMS automatically determines if an SFP or a CU cable is inserted and switches to the corresponding media If both SFP and cu cables are inserted the port will select the prefered media APS is an acronym for Automatic Protection Switching This protocol is used to secure switching that is done bidirectional in both ends of a protection group as defined in G 8031 Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device 345 a PLANET User s Manual of GS 5220 Series e Networking amp Communication Auto
10. Automatic refresh occurs every 3 seconds 4 8 14 MLD Group Information Entries in the MLD Group Table are shown on this page The MLD Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the MLD Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MLD Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD Group Table The MLD Groups Information screen in Figure 4 8 17 appears MLD Snooping Group Information Auto refresh C Start from VLAN 1 and group Address Gr with 20 entries per page Port Members ons fe hfe No more entries 47 Figure 4 8 17 MLD Snooping Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Groups Group address of the group displayed e Port Members Ports under this group Buttons E Automatic refresh occurs every 3 seconds Auto refresh Retesh J Click to refresh the page immediately e Updates the table starting with the first entry in the IGMP Group Table gt gt Updates the table starting with the entry after the last entry currently displayed 173 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 8 15 MLDv2 Information
11. IGMP Snooping VLAN Configuration Start from VLAN with entries per page Add New IGMP VLAN Apply Figure 4 8 8 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry The designated entry will be deleted during the next save e VLAN ID The VLAN ID of the entry e IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 32 VLANs can be selected e Querier Election Enable the IGMP Querier election in the VLAN Disable to act as an IGMP Non Querier e Querier Address Define the IPv4 address as source address used in IP header for IGMP Querier election Mi Wien the Querier address is not set system uses IPv4 management address of the IP interface associated with this VLAN Wien the IPv4 management address is not set system uses the first available IPv4 management address Otherwise system uses a pre defined value By default this value will be 192 0 2 1 e Compatibility Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network The allowed selection is IGMP Auto Forced IGMPv1 Forced IGMPv2 Forced IGMPvs3 Default compatibility value is IGMP Auto 162 PLANET Networking amp Communication al e PRI e QRI e LLQI LMAQI for IGMP e URI Buttons Retresh User s Manual of GS 5220 Series P
12. PLANET Networking amp Communication e Path Cost e Priority e AdminEdge AutoEdge e Restricted Role e Restricted TCN e BPDU Guard e Point to point User s Manual of GS 5220 Series Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 Controls whether the operEdge flag should start as being set or cleared The initial operEdge state when a port is initialized Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to
13. Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Cancal_ Return to the previous page 219 e 4 10 4 ACL Ports Configuration PLANET Networking amp Communication User s Manual of GS 5220 Series Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The ACL Ports Configuration screen in Figure 4 10 4 appears zl D o E Ww hb The page includes the following fields Object Port Policy ID Action Rate Limiter ID Port Redirect Logging Shutdown A Action te Limiter ID Port Redirect Logging Shutdown ACL Ports Configuration Zei v Debed Dial v Sid v 9345 Dial v Diken v e Distal v Disabled abled 0 Disabled abled 0 Disabled abled 0 Disabled abled U Figure 4 10 4 ACL Ports Configuration Page Screenshot Description The logical port for the settings contained in the same row Select the policy to apply to this port The allowed values are 0 through 255 The default value is 0 Select whether forwarding is permitted Permit or denied Deny The default value is Permit Select which rate limiter to apply on this port The allowed values are Disabled or the values 1 through 16 The default value is Disabled Select which port frames are redirected on The allowed values are Disabled o
14. Click to refresh the page immediately Auto refresh L Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds kx Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID Updates the table starting with the entry after the last entry currently displayed gt gt Updates the table starting with the entry after the last entry currently displayed 333 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 18 5 RMON History Configuration Configure RMON History table on this page The entry index key is ID screen in Figure 4 18 6 appears RMON History Configuration Buckets Delete 10 Data Source interval Buckets Buckets _ Add New Entry Figure 4 18 6 RMON History Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Data Source Indicates the port ID which wants to be monitored e Interval Indicates the interval in seconds for sampling the history statistics data The range is from 1 to 3600 default value is 1800 seconds e Buckets Indicates the maximum data entries associated this History control entry stored in RMON The range is from 1 to 3600 default value is 50 e Buckets Granted The number of data will b
15. Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the device be rebooted You can login the management WEB interface within the same subnet of 192 168 0 xx 4 2 25 System Reboot The Reboot page enables the device to be rebooted from a remote location Once the Reboot button is pressed user have to re login the WEB interface about 60 seconds later the System Reboot screen in Figure 4 2 30 appears Restart Device Are you sure you want to perform a Restart Figure 4 2 30 System Reboot Page Screenshot Buttons ves Click to reboot the system No Click to return to the Port State page without rebooting the system SS You can also check the SYS LED on the front panel to identify whether the System is loaded completely or not If the SYS LED is blinking then it is in the firmware load stage if the SYS LED light is on you can use the Web browser to login the Managed Switch 80 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 3 Simple Network Management Protocol 4 3 1 SNMP Overview The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices
16. Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts in Microsoft Windows Neighborhood Network SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail The SubNetwork Access Protocol SNAP is a mechanism for multiplexing on networks using IEEE 802 2 LLC more 356 PLANET User s Manual of GS 5220 Series Networking amp Communication protocols than can be distinguished by the 8 bit 802 2 Service Access Point SAP fields SNAP supports identifying protocols by Ethernet type field values it also supports vendor private protocol identifier SNMP is an acronym for Simple Network M
17. The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or PLANET Networking amp Communication vi User s Manual of GS 5220 Series retransmission TX Timeouts radiusAccClientExt The number of accounting Timeouts timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description IP Address IP address and UDP port for the accounting server in question State Shows the state of the server It takes one of the following values Round Trip radiusAccClientExtRo W Time und Trip Time 257 Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and run
18. The same functions mentioned above also can be found in Option tools bar 3 To click the Control Packet Force Broadcast function it can allow assign new setting value to the Web Smart Switch under a different IP subnet address 4 Press Connect to Device button and the Web login screen appears in Figure 3 1 4 5 Press Exit button to shut down the Planet Smart Discovery Utility 47 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 WEB CONFIGURATION This section introduces the configuration and functions of the Web based management from Managed Switch About Web based Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer The Web based Management supports Internet Explorer 7 0 It is based on Java Applets with an aim to reduce network bandwidth consumption enhance access speed and present an easy viewing screen SC By default IE7 0 or later version does not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports Note The Managed Switch can be configured through an Ethernet connection making sure the manager PC must be set on the same IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is
19. User s Manual of GS 5220 Series A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to Possible security models are E any Accepted any security model v1 v2c usm M vi Reserved for SNMPv1 M vice Reserved for SNMPv2c E usm User based Security Model USM Indicates the security model that this entry should belong to Possible security models are WR NodAuth NoPriv None authentication and none privacy RW Auth NoPriv Authentication and none privacy WM Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 The name of the MIB view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Add New Entry Click to add a new access entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 92 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr 4 4 Port Management Use the Port Menu to display or configure the Managed Switch s p
20. When selecting different PoE management modes refer to the user manual for proper operation Figure 4 16 2 PoE Configuration Screenshot The page includes the following fields Object Description e System PoE Admin Allows user to enable or disable PoE function It will cause all of PoE ports to Mode supply or not supply power e PoE Temperature Allows user to enable or disable PoE Temperature Protection Protection e PoE Management There are Six modes for configuring how the ports PDs may reserve power and Mode when to shut down ports E Class Consumption mode System offers PoE power according to PD real 315 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i power consumption mM Class Reserved Power mode System reserves PoE power to PD according to PoE class level E Allocation Consumption mode System offers PoE power according to PD real power consumption E Allocation Reserved Power mode Users are allowed to assign how much PoE power for each port and system will reserve PoE power to PD E LLDP Consumption mode System offers PoE power according to PD real power consumption E LLDP Reserved Power mode System reserves PoE power to PD according to LLDP configuration e Power Supply Budget Set limit value of the total PoE port providing power to the PDs W GS 5220 8P2T2S available maximum value is 240 watts e Temperature Allows setting over temperature protection threshold v
21. all switches Interface none specific all switches LLOP none specific all switches Ll Authentication Fail Clem ORMON Fa Figure 4 3 2 SNMP Trap Configuration Page Screenshot The page includes the following fields Object Description e Trap Config Indicates which trap Configuration s name for configuring The allowed string length is 0 to 255 and the allowed content is ASCII characters from 33 to 126 e Trap Mode Indicates the SNMP trap mode operation Possible modes are E Enabled Enable SNMP trap mode operation E Disabled Disable SNMP trap mode operation e Trap Version Indicates the SNMP trap supported version Possible versions are 84 PLANET Networking amp Communication Trap Community Trap Destination Address Trap Destination Port Trap Inform Mode Trap Inform Timeout seconds Trap Inform Retry Times Trap Probe Security Engine ID Trap Security Engine ID Trap Security Name System Interface AAA User s Manual of GS 5220 Series E SNMP v1 Set SNMP trap supported version 1 E SNMP v2c Set SNMP trap supported version 2c E SNMP v3 Set SNMP trap supported version 3 Indicates the community access string when send SNMP trap packet The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 Indicates the SNMP trap destination address Indicates the SNMP trap destination port SNMP Agent will send SNM
22. client be forwarded on the switch There are no EAPOL frames involved in this 234 e PLANET Networking amp Communication e RADIUS Assigned QoS Enabled e RADIUS Assigned VLAN Enabled User s Manual of GS 5220 Series authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality When RADIUS Assigned QoS is both globally enabled and enabled checked for a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid traffic received on the supplicant s port will be classified to the given QoS C
23. mesae Info 1970 01 01 Thu O0 00 0S 00 00 Switch just made a cold boot Info 1970 01 01 Thu O0 00 13 00 00 Link up on port 23 Figure 4 2 15 System Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system log entry e Level The level of the system log entry The following level types are supported RW Info Information level of the system log E Warning Warning level of the system log E Error Error level of the system log WR ATI All levels e Clear Level To clear the system log entry level The following level types are supported E Info Information level of the system log RW Warning Warning level of the system log WR Error Error level of the system log E All All levels e Time The time of the system log entry e Message The message of the system log entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Updates the system log entries starting from the current entry ID H Flushes the selected log entries Hides the selected log entries Er 1E 2 Downloads the selected log entries 70 PLAN ET User s Manual of GS 5220 Series Networking amp Communication kx Updates the system log entries starting from the first available entry ID EA Updates the system log entries ending at the last entry currently displayed Updates the system
24. s Manual of GS 5220 Series Networking amp Communication a e Restart Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect jReauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized im Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Buttons Refresh Click to refresh the page APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 238 PLANET Networking amp Communication User s Manual of GS 5220 Series 4 11 4 Network Access Overview This page provides an overview of the current NAS port states for the selected switch The Network Access Overview screen in Figure 4 11 5 appears Network Access Server Switch Status Admin State Port State Last ID QoS Class Port VLAN ID SO od T
25. the Managed Switch s 802 1x system configuration 12345678 at this case 1 Configure the IP Address of remote RADIUS server and secret key RADIUS Server Configuration Global Configuration seconds O minutes NAS IP Address NAS IPv6 Address NAS Identifier Server Configuration Add New Server Figure 4 11 11 RADIUS Server Configuration Screenshot 258 PLANET User s Manual of GS 5220 Series Networking amp Communication 2 Add New RADIUS Client on the Windows 2003 server SI Internet Authentication Service File Action wiew Help ECH REECH Internet Authentication Service Local Friendly Name Address Protocol 192 166 0 5 RADIUS HE Remote Acce OU ESEN Hae Remobe Acce i EIN d OI Connection H View d Refresh Export List Help New Ciee Figure 4 11 12 Windows Server Add New RADIUS Client Setting 3 Assign the client IP address to the Managed Switch New RADIUS Client Name and Address Type a frendly name and ether an IP Address or ONS name for the client Friendly name E Managed Switch Chent address IP or ONS f SAISON Very 4 Back Cancel Figure 4 11 13 Windows Server RADIUS Server Setting 259 a PL ANET User s Manual of GS 5220 Series Networking amp Communication 4 The shared secret key should be as same as the key configured on the Managed Switch New RADIUS Client RADIUS Standard e EE F
26. DVMRP or PIM to support IP multicasting across the Internet 157 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 8 2 Profile Table This page provides IPMC Profile related configurations The IPMC profile is used to deploy the access control on IP multicast streams It is allowed to create at maximum 64 Profiles with at maximum 128 corresponding rules for each The Profile Table screen in Figure 4 8 5 appears IPMC Profile Configurations Global Profile Mode Disabled ze IPMC Profile Table Setting Profile Name Profile Description feel e i Add New IPMC Profile Figure 4 8 5 IPMC Profile Configuration Page The page includes the following fields Object Description e Global Profile Mode Enable Disable the Global IPMC Profile System starts to do filtering based on profile settings only when the global profile mode is enabled e Delete Check to delete the entry The designated entry will be deleted during the next save e Profile Name The name used for indexing the profile table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present e Profile Description Additional description which is composed of at maximum 64 alphabetic and numeric characters about the profile No blank or space characters are permitted as part of description Use _ or to separate the description sentence e
27. Octets Pkts pint peel Be all g ie Jabb Coll ae e een Fa rae ae ifIndex ene 12 7 255 511 1023 1588 Figure 4 18 9 RMON Statistics Status Overview Page Screenshot The page includes the following fields Object e ID e Data Source iflndex e Drop e Octets e Pkts e Broadcast e Multicast e CRC Errors e Undersize e Oversize e Frag e Jabb Description Indicates the index of Statistics entry The port ID which wants to be monitored The total number of events in which packets were dropped by the probe due to lack of resources The total number of octets of data including those in bad packets received on the network The total number of packets including bad packets broadcast packets and multicast packets received The total number of good packets received that were directed to the broadcast address The total number of good packets received that were directed to a multicast address The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets The total number of packets received that were less than 64 octets The total number of packets received that were longer than 1518 octets The number of frames whose size is less than 64 octets received with invalid CRC The number of frames whose size is larger than 64 octets received with invalid CRC 337 PLAN EI User s Manual of GS 5220 Series Networking
28. Protocols and Related Reading 3 1 Requirements a Workstations running Windows 2000 XP 2003 Vista 7 8 2008 MAC OS9 or later or Linux UNIX or other platforms compatible with TCP IP protocols E Workstation is installed with Ethernet NIC Network Interface Card a Serial Port connect Terminal e The above PC with COM Port DB9 RS 232 or USB to RS232 converter Ethernet Port connect e Network cables Use standard network UTP cables with RJ45 connectors The above workstation is installed with Web Browser and JAVA runtime environment plug in It is recommended to use Internet Explore 7 0 or above to access Managed Switch 42 v i 3 2 Management Access Overview PLANET Networking amp Communication User s Manual of GS 5220 Series The Managed Switch gives you the flexibility to access and manage it using any or all of the following methods An administration console a Web browser interface E An external SNMP based network management application The administration console and Web browser interface support are embedded in the Managed Switch software and are available for immediate use Each of these management methods has their own advantages Table 3 1 compares the three management methods Method Console e Web Browser e SNMP Agent e Advantages No IP address or subnet needed Text based Telnet functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operatin
29. The CIST is the default instance which is always active e Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 148 PLANET User s Manual of GS 5220 Series Networking amp Communication e 4 7 6 MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 8 appears MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 00 30 4f 11 22 33 Configuration Revision MSTI Mapping Apply Reset Figure 4 7 8 MSTI Configuration Page Screenshot The page includes the following fields Configuration Identification Object Description e Configuration Name The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters e Configuration Revision The revision of the MSTI configuration named a
30. Ve mer Internet m IP Address IP Address 192 168 0 100 192 168 0 x SNMP Operations SNMP itself is a simple request response protocol NMSs can send multiple requests without receiving a response HM Get Allows the NMS to retrieve an object instance from the agent WW Get Allows the NMS to set values for object instances within an agent Trap Used by the agent to asynchronously inform the NMS of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where 81 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e information is sent The community name is used to identify the group A SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the Managed Switch s SNMP function This section has the following items a System Configuration Configure SNMP on this page a Trap Configuration Configure SNMP trap on this page S System Information The system information is provided here E SNMPv3 Communities Configure SNMPv3 communities table on this page E SNMPv3 Users Configure SNMPv3 users table on this page a SNMPv3 Gro
31. amp Communication a e Coll The best estimate of the total number of collisions in this Ethernet segment e 64 Bytes The total number of packets including bad packets received that were 64 octets in length e 65 127 The total number of packets including bad packets received that were between 65 to 127 octets in length e 128 255 The total number of packets including bad packets received that were between 128 to 255 octets in length e 256 511 The total number of packets including bad packets received that were between 256 to 511 octets in length e 512 1023 The total number of packets including bad packets received that were between 512 to 1023 octets in length e 1024 1518 The total number of packets including bad packets received that were between 1024 to 1518 octets in length Buttons Refresh Click to refresh the page immediately Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds kx Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID gt ER Updates the table starting with the entry after the last entry currently displayed 338 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 5 SWITCH OPERATION 5 1 Address Table The Managed Switch is implemented with an address table This address table is composed of many entries Each entry is used to store the add
32. and then by group Each page shows up to 99 entries from the MVR Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MVR Group Table The Start from VLAN and group input fields allow the user to select the starting point in the MVR Group Table The MVR Groups Information screen in Figure 4 8 21 appears MVR Channels Groups Information Auto refresh L and Group Address with 20 entries per page Start from VLAN 1 Port Members No more entries Figure 4 8 21 MVR Groups Information Page Screenshot The page includes the following fields Object Description e VLAN VLAN ID of the group e Groups Group ID of the group displayed e Port Members Ports under this group Buttons Auto refresh Li Automatic refresh occurs every 3 seconds Retesh Refreshes the displayed table starting from the input fields k Updates the table starting from the first entry in the MVR Channels Groups Information Table gt gt Updates the table starting with the entry after the last entry currently displayed 4 8 19 MVR SFM Information Entries in the MVR SFM Information Table are shown on this page The MVR SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Po
33. each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated 1 No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN 2 The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware The Managed Switch s default is to assign all ports to a single 802 1Q VLAN named DEFAULT VLAN As new VLAN is created the member ports assigned to the new VLAN will be removed from the DEFAULT_ VLAN port member list The DEFAULT_VLAN has a VID 1 This section has the following items E VLAN Port Configuration Enables VLAN group MAC based VLAN Status Displays MAC based VLAN entries Protocol based VLAN Configures the protocol based VLAN entries E VLAN Membership Status Displays VLAN membership status a VLAN Port Status Displays VLAN port status E Private VLAN Creates removes primary or community VLANs a Port Isolation Enables disablse port isolation on port e MAC based VLAN Configures the MAC based VLAN entries E S Protocol based VLAN Displays the protocol based VLAN entr
34. input fields kx Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt Updates the table starting with the entry after the last entry currently displayed Add New IGMP VLAN Click to add new IGMP VLAN Specify the VID and configure the new entry Click Save The specific IGMP VLAN starts working after the corresponding static VLAN is also created Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 163 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i 4 8 6 IGMP Snooping Port Group Filtering In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If
35. known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Add New Policy Click to add a new policy Specify the Application type Tag VLAN ID L2 Priority and DSCP for the new policy Click Save The number of policies supported is 32 298 PLAN ET User s Manual of GS 5220 Series Networking amp Communication al Port Policies Configuration Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration Object Description e Port The port number for which the configuration applies e Policy ID The set of policies that shall apply for a given port The set of policies is selected by checkmarking the checkboxes that corresponds to the policies Buttons Apply
36. s Manual of GS 5220 Series Networking amp Communication e 2 INSTALLATION This section describes the hardware features and installation of the Managed Switch on the desktop or rack mount For easier management and control of the Managed Switch familiarize yourself with its display indicators and ports Front panel illustrations in this chapter display the unit LED indicators Before connecting any network device to the Managed Switch please read this chapter completely 2 1 Hardware Description 2 1 1 Switch Front Panel The front panel provides a simple interface monitoring the Managed Switch Figures 2 1 1 to 2 1 6 show the front panel of the Managed Switch GS 5220 8P2T2S Front Panel Figure 2 1 1 Front Panel of GS 5220 8P2T2S GS 5220 16S8C Front Panel 2 elt Fa w A 1 3 5 7T 9 14 18 45 17 19 21 93 UI e Ken ef GS 5220 16S8C Reset PWR LNK ACT A 1000 Y 10 100 Pee ke EE Figure 2 1 2 Front Panel of GS 5220 16S8C GS 5220 16S8CR Front Panel 3 PLANET 24 Port 100 1000X SFP Managed Switch BARRRRRRRRRMRA BEE Hee MAM Fault EE OORT eut SCT 4 1000 Y 10 100 3 e 7 i i j i i j j e x GS 5220 16S8CR Reset Pwr Figure 2 1 3 Front Panel of GS 5220 16S8CR GS 5220 44S4C Front Panel Figure 2 1 4 Front Panel of GS 5220 44S4C 27 PLAN ET User s Manual of GS 5220 Series Networking amp Communication GS 5220 46S2C4X Front Pane PLANET Figure 2
37. the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options WR Circuit ID option 1 m Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is van d module_id port_no The parameter of vlan_id is the first two bytes representing the VLAN ID The parameter of module_id is the third byte for the module ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value equals the DHCP relay agent s MAC address The DHCP Relay Configuration screen in Figure 4 2 12 appears DHCP Relay pech Relay Information Mode Disabled e Relay Information Policy Figure 4 2 12 DHCP Relay Configuration Page Screenshot The page includes the following fields Object Description e Relay Mode Indicates
38. 0 100 RED Drop Probability Function The following illustration shows the drop probability function with associated parameters 200 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi Drop Probability Max DP 3 Max DP 2 Max DP 1 Average Filling Level Min Threshold 100 Max DP 1 3 is the drop probability when the average queue filling level is 100 Frames marked with Drop Precedence Level 0 are never dropped Min Threshold is the average queue filling level where the queues randomly start dropping frames The drop probability for frames marked with Drop Precedence Level n increases linearly from zero at Min Threshold average queue filling level to Max DP n at 100 average queue filling level Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 201 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 9 15 QoS Statistics This page provides statistics for the different queues for all switch ports The QoS Statistics screen in Figure 4 9 17 appears Queuing Counters Auto refresh LJ 1 aib 0 0 O O0 O OA oO A oO A OU ge DIR ER Pk Eed EH Ee ett RE He H EE e ay 3 U U O0 O0 UU UU UU UU UU UO DU 4 OU U U UU U UU UU UU UU UO DU o 0 OU U UU Uo UU Uo ob UU U oO DU B a0 ic eee ep d co Brel Ekel a El Hl des dE el Desmet H ZU D oO DU UU UU UU U
39. 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Managed Switch to 192 168 1 1 with subnet mask 255 255 255 0 via console then the manager PC should be set at 192 168 1 x where x is a number between 2 and 254 to do the relative configuration on manager PC PC Workstation with Web Browser 192 168 0 x Managed Switch y q ee RJ45 UTP Cable IP Address 192 168 0 100 Figure 4 1 1 Web Management m Logging on the Managed Switch 1 Use Internet Explorer 7 0 or above Web browser Enter the factory default IP address to access the Web interface The factory default IP Address is shown as follows http 192 168 0 100 48 PLANET User s Manual of GS 5220 Series Networking amp Communication 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Connect to 197 168 0 100 A The server 192 168 0 100 at Web Management requires a Username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name admin sy Password Cre _ R
40. 23 PLANET User s Manual of GS 5220 Series Networking amp Communication GS 5220 44S4C GS 5220 46S2C4X GS 5220 48T4X Hardware Specifications 4 10 100 1000BASE T RJ45 auto MDI MDI X ports shared with Port 1 to Port 4 2 10 100 1000BASE T RJ45 auto MDI MDI X ports shared with Port 1 to Port 2 48 10 100 1000BASE T Copper Ports RJ45 auto MDI MDI X ports 4 100 1000BASE X SFP 48 100 1000BASE X SFP 48 100 1000BASE X SFP interfaces shared with SFP mini GBIC Slots interfaces compatible with interfaces compatible with Port 45 to Port 48 1O00BASE FX SFP 100BASE FX SFP compatible with transceiver transceiver 100BASE FX SFP transceiver zo oO OoOo Compatible v with 1000BASE SX LX BX SFP Ee Fees Tee Tee IEEE 802 3x pause frame for full duplex Flow Control OoOo A w 9 for half duplex Jumbo Frame Frame 10K menge lt 5 sec System reboot HEGEL SGI gt 5 sec Eer EH default Dimensions Dimensions WxDxH X Dimensions WxDxH x H 440 x 300 x 44 5 mm 1U 440x300 x 44 5 mm 1U height Power Requirements 100 240V AC 50 60Hz Power Consumption max 45 watts 153 BTU 80 watts 272 9 BTU 58 watts 197 9 BTU ESD Protection 2KV DC 6KV DC 6KV DC Layer 2 Management Functions Port disable enable Port Configuration Auto negotiation 10 100 1000Mbps full and half duplex mode selection Flow control disable enable Display each port s speed duplex mode link status f
41. 325 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 17 Loop Protection This chapter describes enabling loop protection function that provides loop protection to prevent broadcast loops in Managed Switch 4 17 1 Configuration This page allows the user to inspect the current Loop Protection configurations and possibly change them as well as screen in Figure 4 17 1 appears Loop Protection Configuration General Settings Global Configuration Enable Loop Protection Diable ze Shutdown Time Port Configuration Dot vA y lt i Sat i 2 Enable v J Shutdown Port v Enable 4 Enable 5 Shutdown Fort o 7 Shutdown Port v ao ef Shutdown Port _ k j 4 Figure 4 17 1 Loop Protection Configuration Page Screenshot The page includes the following fields General Settings Object Description e Enable Loop Controls whether loop protection is enabled as a whole Protection 326 PLANET Networking amp Communication al e Transmission Time e Shutdown Time Port Configuration Object e Port e Enable e Action e Tx Mode Buttons User s Manual of GS 5220 Series The interval between each loop protection PDU sent on each port Valid values are 1 to 10 seconds The period in seconds for which a port will be kept disabled in the event of a loop is detected and the port action shuts down the port Valid values are 0 to 604
42. 4 9 8 appears QoS Port DSCP Configuration Rewrite S lt Alb 1 o Disable 2 a Disable Disahle ze 3 D 4 5 D 6B O 7 O Disable Sisake Disable Y Figure 4 9 8 QoS Port DSCP Configuration Page Screenshot The page includes the following fields Object Description e Port The Port column shows the list of ports for which you can configure dscp ingress and egress settings e Ingress In Ingress settings you can change ingress translation and classification settings for individual ports There are two configuration parameters available in Ingress E Translate m Classify e Translate To Enable the Ingress Translation click the checkbox e Classify Classification for a port have 4 different values WR Disable No Ingress DSCP Classification WR DSCPZ 0 Classify if incoming or translated if enabled DSCP is 0 WH Selected Classify only selected DSCP for which classification is enabled as specified in DSCP Translation window for the specific DSCP WR All Classify all DSCP e Egress Port Egress Rewriting can be one of WR Disable No Egress rewrite m Enable Rewrite enable without remapped m Remap DP Unaware DSCP from analyzer is remapped and frame is 189 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e remarked with remapped DSCP value The remapped DSCP value is always taken from the DSCP Translation gt Egress Remap DO table m Remap DP Aware DSCP
43. 7 appears Privilege Level Configuration Privilege Levels Group Name configuration Status Statistics Read only Read vwrite Read only Read vwrite Aggregation DHCP Client Diagnostics DC Snooping LACH LLOP Loop Protect MAC Table Wlaintenance T 4 T 4 4 4 SEA E 4 4 4 ee ee ee See Se ee Eech ke ech Kai eau Tea le le A SE le le le nT TE ETE lie Sll Sl Le 4 4 4 bei Jet Keng i css ka aca ken Kail ki ei Ure kay kei i a Iech Kai k B Ile le A SE le le en le TE le le le le SEA E 4 4 4 4 4 T 4 T 4 4 Mirroring WR NTP Ports Private VLANs Clos security T lt SB S S ws lt lt 4 4 4 4 4 Sl Sl 4 Sl Sl 4 4 4 4 4 spanning Tree T 4 T 4 system UPnP VLANs Voice WLAN SES 4 4 SES Zi 10 v S Lei Figure 4 2 7 Privilege Levels Configuration Page Screenshot The page includes the following fields Object Description e Group Name The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contain more than one The following description defines these privilege level groups in details E System Contact Name Location Timezone Log PLAN ET User s Manual of GS 5220 Series Networking amp Communication a M Security Authentication System Access Management Port con
44. 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition Within the LLDP MED Endpoint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 applicable to Generic Endpoints Class 1 and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class Il and Generic Endpoints Class 1 LLDP MED Generic Endpoint Class l The LLDP MED Generic Endpoint Class definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Co
45. Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 302 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 14 5 Neighbor This page provides a status overview for all LLDP neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP Neighbor Information screen in Figure 4 14 4 appears LLDP Neighbor Information LLDP Remote Device Summary Local Port Chassis ID Port ID Port Description System Name System Capabilities Management Address No neighbor information found Auto refresh L Figure 4 14 4 LLDP Neighbor Information Page Screenshot The page includes the following fields Object Description e Local Port The port on which the LLDP frame was received e Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames e Port ID The Port ID is the identification of the neighbor port e Port Description Port Description is the port description advertised by the neighbor unit e System Name System Name is the name advertised by the neighbor unit e System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other Repeater Bridge WLAN Access Point 2 3 4 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by
46. Clears all statistics 68 PLANET Metworking amp Communication User s Manual of GS 5220 Series 4 2 11 CPU Load This page displays the CPU load using a SVG graph The load is measured as average over the last 100ms 1sec and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 14 appears CPU Load 15sec 1 10sec 1 Suleretesh El 100ms 3 f all numbers running average D0 on RA ett N 1 a f DN i r i aT te L y m Figure 4 2 14 CPU Load Page Screenshot Buttons DEE I H Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds If your browser cannot display anything on this page please download Adobe SVG tool and install it in your computer 69 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 2 12 System Log The Managed Switch system log information is provided here The System Log screen in Figure 4 2 15 appears System Log Information The total number of entries is 2 for the given level start fram ID with 20 entries per page Tojiev rme
47. EAPOL Logoff frames that have been received by the switch The number of EAPOL frames that have been received by the switch in which the frame type is not recognized The number of EAPOL frames that have been received by the switch in T PLANET Networking amp Communication e Backend Server Counters Tx Tx Tx User s Manual of GS 5220 Series Total dot1xAuthEapolFrames TX Request ID dot1xAuthEapolReqldFr amesTx Requests dot1xAuthEapolReqFra mesTx which the Packet Body Length field is invalid The number of EAPOL frames of any type that have been transmitted by the switch The number of EAPOL Request Identity frames that have been transmitted by the switch The number of valid EAPOL Request frames other than Request Identity frames that have been transmitted by the switch These backend RADIUS frame counters are available for the following administrative states Direction Rx Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Access dot1xAuthBackendAcce Challenges ssChallenges 242 Description 802 1 X based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port l
48. Figure 2 2 4 shows MGB SX LX 2 fhi SY 1000Base SX LX LC Fiber Figure 2 2 4 Plug in the SFP SFP Transceiver Approved PLANET SFP SFP Transceivers PLANET Managed Switch supports both single mode and multi mode SFP SFP transceivers The following list of approved PLANET SFP SFP transceivers is correct at the time of publication Fast Ethernet Transceiver 100BASE X SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength nm Operating Temp 38 PL ANET User s Manual of GS 5220 Series Networking amp Communication wi Fast Ethernet Transceiver 100BASE BX Single Fiber Bi directional SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength TX RX Operating Temp Gigabit Ethernet Transceiver 1000BASE X SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength nm Operating Temp mGB GT 1000 copper Igel o 6oaegreesc MGB Sx MGB SX2 MGB LX MGB L30 MGB L50 MGB L70 MGB L120 MGB TSX MGB TLX MGB TL30 MGB TL70 Gigabit Ethernet Transceiver 1000BASE BX Single Fiber Bi directional SFP Model Speed Mbps Connector Interface Fiber Mode Distance Wavelength TX RX Operating Temp MGB LA10 MGB LB10 MGB LA20 MGB LB20 MGB LA40 MGB LB40 MGB LA60 MGB LB60 MGB TLA10 MGB TLB10 MGB TLA20 MGB TLB20 MGB TLA4O MGB TLB40 MGB TLA60 39
49. Gl Unlimited v Unlimited ed a g Ke ab d d C tie wd aw KIK KIK KIK IK i Figure 4 8 7 IGMP Snooping Configuration Page Screenshot The page includes the following fields Object Description e Snooping Enabled Enable the Global IGMP Snooping e Unregistered IPMCv4 Enable unregistered IPMCvV4 traffic flooding Flooding Enabled The flooding control takes effect only when IGMP Snooping is enabled When IGMP Snooping is disabled unregistered IPMCv4 traffic flooding is always 160 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al active in spite of this setting IGMP SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range e Leave Proxy Enable Enable IGMP Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side e Proxy Enable Enable IGMP Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side e Router Port Specify which ports act as IGMP router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier The Switch forwards IGMP join or leave packets to an IGMP router port a Auto Select Auto to have the Managed Switch automatically uses the port as IGMP Router port if the port receives IGMP query packets a Fix The Mana
50. Group Name map entry check this box The entry will be deleted on the switch during the next Save Frame Type can have one of the following values 1 Ethernet 2 LLC 3 SNAP Note On changing the Frame type field valid value of the following text field will vary depending on the new frame type you selected Valid value that can be entered in this text field depends on the option selected from the preceding Frame Type selection menu Below is the criteria for three different Frame Types 1 For Ethernet Values in the text field when Ethernet is selected as a Frame Type is called etype Valid values for etype ranges from 0x0600 Oxffff 2 For LLC Valid value in this case is comprised of two different sub values a DSAP 1 byte long string 0x00 Oxff b SSAP 1 byte long string Ox00 Oxff 3 For SNAP Valid value in this case also is comprised of two different sub values a OUI OUI Organizationally Unique Identifier is value in format of XX XX xx where each pair xx in string is a hexadecimal value ranges from Ox00 Oxff b PID If the OUI is hexadecimal 000000 the protocol ID is the Ethernet type EtherType field value for the protocol running on top 133 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a of SNAP if the OUI is an OUI for a particular organization the protocol ID is a value assigned by that organization to the protocol running on top of SNAP In other words if va
51. H 330 x 200 x 43 5 mm 1U height Weight Power over Ethernet PoE Standard 2kg IEEE 802 3af 802 3at POE PSE PoE Power Supply Type End span PoE Power Output Per port 54V DC max 30 8 watts Power Pin Assignment 1 2 3 6 18 PLANET Networking amp Communication v i User s Manual of GS 5220 Series PoE Power Budget 240 watts max 25 degrees C 200 watts max 50 degrees C PoE Ability PD 7 watts 8 units PD 15 4 watts 8 units PD 30 8 watts 8 units Layer2 Management Functions Basic Management Interfaces Console Telnet Web browser SNMP v1 v2c Secure Management Interfaces SSH SSL SNMP v3 Port Configuration Port disable enable Auto negotiation 10 100 1000Mbps full and half duplex mode selection Flow Control disable enable Port Status Display each port s speed duplex mode link status flow control status auto negotiation status trunk status Port Mirroring TX RX Both Many to 1 monitor VLAN 802 1Q tagged based VLAN up to 255 VLAN groups Q in Q tunneling Private VLAN Edge PVE MAC based VLAN Protocol based VLAN Voice VLAN MVR Multicast VLAN Registration Up to 255 VLAN groups out of 4094 VLAN IDs Link Aggregation IEEE 802 3ad LACP Static Trunk Supports 6 trunk groups with 8 ports per trunk QoS Traffic classification based strict priority and
52. IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The maximum number of ACEs is 512 on each switch The Voice VLAN OUI Table screen in Figure 4 10 1 appears ACL Status User Ingress Port Frame Type Rate Limiter Port Redirect CPU Once Conflict DHCP AIl IPv4 UDP 67 DHCP Client Deny Disabled Disabled Yes No DHCP AIl IPv4 UDP 68 DHCP Serer Deny Disabled Disabled Yes Wo Combined Autoxeftesh L Figure 4 10 1 ACL Status Page Screenshot The page includes the following fields Object Description e User Indicates the ACL user e Ingress Port Indicates the ingress port of the ACE Possible values are HM All The ACE will match all ingress port DW Port The ACE will match a specific ingress port e Frame Type Indicates the frame type of the ACE Possible values are BW Any The ACE will match any frame type FH EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP 206 PLANET Networking amp Communication al e Action e Rate Limiter e Port Redirect User s Manual of GS 5220 Series frames ARP The ACE will ma
53. Indicates the Type It can be either Allow or Deny e Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv6 address could be handled by chip or not Buttons Auto refresh Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields ka Updates the table starting from the first entry in the MLD SFM Information Table gt ER Updates the table starting with the entry after the last entry currently displayed 174 PLANET User s Manual of GS 5220 Series Networking amp Communication vi 4 8 16 MVR Multicast VLAN Registration The MVR feature enables multicast traffic forwarding on the Multicast VLANs HM Ina multicast television application a PC or a network television or a set top box can receive the multicast stream HM Multiple set top boxes or PCs can be connected to one subscriber port which is a switch port configured as an MVR receiver port When a subscriber selects a channel the set top box or PC sends an IGMP MLD report message to Switch A to join the appropriate multicast group address HM Uplink ports that send and receive multicast data to and from the multicast VLAN are called MVR source ports It is allowed to create at maximum 8 MVR VLANs with corresponding channel settings for each Multicast VLAN There will be totally at maximum 256 group addresses for channel settings Service Provid
54. It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth An SNMP managed network consists of three key components Network management stations NMSs SNMP agents Management information base MIB and network management protocol Network management stations NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment HM Agents Agents are software modules that reside in network elements They collect and store management information such as the number of error packets received by a network element HM Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules Network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol MRTG Index Page Stil rf PC Workstation with Managed Switch SNMP application SNMP Agent Status Enabled cai a _ e d
55. J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 14 4 LLDP MED Neighbor This page provides a status overview for all LLDP MED neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP MED Neighbor Information screen in Figure 4 14 3 appears The columns hold the following information LLDP MED Neighbour Information Device Type Capabilities SEN Class Ill LLOP MED Capabilities Network ee Extended Power via MOI PO EES Voice Defined TALLE Voice Signaling Defined Untagged Auto negotiation MT peop aon Auto negotiation Capabilities MAU Type JODOUBASE T half duplex mode 1000BASE x La 5 CX AN oe EE supported Enabled full duplex mode Asymmetric and Symmetric PAUSE for UTP full du i EE g full duplex inks Symmetric PAUSE for fullduplex links i P Figure 4 14 3 LLDP MED Neighbor Information Page Screenshot The page includes the following fields Fast start repeat count Object Description e Port The port on which the LLDP frame was received e Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition 299 a PLANET Networking amp Communication User s Manual of GS 5220 Series LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE
56. Manage Your Server e Internet Explor Startup Microsoft NET Framework 1 1 Configuration Internet Explorer Microsoft NET Framework 1 1 Wizards Outlook Express Network Load Balancing Manager Remote Assistance Performance Administrative Tools Remote Desktops T Thariok b Routing and Remote Access All Programs SE g Semer 1 Hi ei 2 ei ei GAUSS dE Mal AEN S Terminal Server Licensing Log ea Terminal Services Configuration 7 start Ej 8 wi Terminal Services Manager LEDE 9 13 PM Figure 4 11 16 Windows 2003 AD Server Setting Path T Enter Active Directory Users and Computers create legal user data next right click a user what you created to enter properties and what to be noticed 261 PLANET User s Manual of GS 5220 Series Networking amp Communication New Object User x Create in ca test po Users First name test Initials Last name Full name test User logon name test mca test pe M User logon name pre Windowe Z000 KEN ftest 4 Back Cancel Figure 4 11 17 Add User Properties Screen New Object User i x Create ir ca test po Users Password eseose Confirm password eseese User must change password at next logon M User cannot change password Iw Password never expires Account is disabled lt Back Cancel Figure 4 11 18 Add User Properties Screen Set the Port Authenticate Stat
57. Medium and High for individual application QCL is an acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects Each accessible traffic object contains an identifier to its QCL The privileges determine specific traffic object to specific QoS class QL In SyncE this is the Quality Level of a given clock source This is received on a port in a SSM indicating the quality of the clock received in the port QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources Every incoming frame is classified to a QoS class which is used throughout the device for providing queuing scheduling and congestion control guarantees to the frame according to what was configured for that specific QoS class There is a one to one mapping between QoS class queue and priority A QoS class of 0 zero has the lowest priority R RARP is an acronym for Reverse Ad
58. Name The system name configured in SNMP System Information System Name e Location The system location configured in SNMP System Information System Location e MAC Address The MAC Address of this Managed Switch e Temperature Indicates chipset temperature e System Date The current GMT system time and date The system time is obtained through the configured NTP Server if any e System Uptime The period of time the device has been operational e Software Version The software version of the Managed Switch e Software Date The date when the Managed Switch software was produced Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page any changes made locally will be undone 53 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 2 2 IP Configuration The IP Configuration includes the IP Configuration IP Interface and IP Routes The configured column is used to view or change the IP configuration The maximum number of interfaces supported is 128 and the maximum number of routes is 32 The screen in Figure 4 2 2 appears IP Configuration DNS Server ONS Proxy IP Interfaces Delete YLAN o 1 of ERR TSS CL Add Interface IP Routes 0 L 0 0 0 0 0 192 165 0 254 Figure 4 2 2 IP Configuration Page Screenshot The current column is used to show the active IP configura
59. Network Access Server Copnfguraton rrena 228 4 11 4 Network Access TEE 239 4 11 5 Network Access Statistics sciic seits jcbisansdavensds iavwdcads aids dE EEN CECR EENEG 240 SE KE RADIU ho ements ee a ene eee ee eee eee eee ee ene eee eee eee ee eee 247 NN ee 249 eh RE E 250 ATO RADIUS Details eege 252 4 11 10 Windows Platform RADIUS Server Configuration ccccccccceeeeeceeeeeeeeeeeeeeeeeeeeseeeeesseeeeeseeeeeseeeeesaeeeesaeees 258 4 11 11 802 1X Client Configuration cccccccccseeeceeeeeeeeceeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeseeeeeeseaeeeeseeeeeseeeeeeseaeeeeaeeeeesseeeetsneeeeas 263 KU E 266 Ke POC Bir AG OM te ieee ce ce ecu ke ne ano aden ack ea Sine ent nae cele ad oe mc ica ne ee een teen 266 4 12 2 eC GOSS Managemen EE 270 4 12 3 ACCESS Management Statistics EE 271 e KE ER 272 KM 273 412 6 Pont Sec nty Status EE 273 AOR OO CUNY RT TEE 276 AC EG SOO DN EE 277 4 129 9912 9 010 RE 279 4 12 10 IP Source Guard Conftguraton rrr nan erenn enea 279 A AZ 11 IP Source Guard SIAlIC Tale EE 281 412 12ARP e et eee ee ne ne ee ee a ee ee ee eee E eer meee ae eee 282 4 12 13 ARP Inspection Static Table E 283 4 12 14 Dynamic ARP Inspection Table uk 284 a SPOON CSS TANG a sizcrccee cc eceetaeec ane ccene a dausegnteecerenanaqneseassesceesaates 286 4 13 1 MAC Table CGontguraton nne 286 4 13 2 MAC Address Ee E 288 AAEE eege 290 4 14 1 Link Layer Discovery Protocol WEE 290 AE A BR RTE ai e 290 4 14 3 LLDP MED Configurati
60. Protocol is a protocol that facilitates control of virtual local area networks VLANs within a larger network Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN e Port Members A row of check boxes for each port is displayed for each VLAN ID If a port is included in a VLAN an image will be displayed If a port is included in a Forbidden port list an image will be displayed If a port is included in a Forbidden port list and dynamic VLAN user register VLAN on same Forbidden port then conflict port will be displayed as conflict port e VLAN Membership The VLAN Membership Status page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users are selected it shall show this information for all the VLAN Users and this is by default VLAN membership 120 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e allows the frames classified to the VLAN ID to be forwarded on the respective VLAN member ports Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Select VLAN Users from this drop down list
61. Reset Click to undo any changes made locally and revert to previously saved values 4 12 14 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 12 14 appears Dynamic ARP Inspection Table Start from VLAN MAC Address 00 00 00 00 00 00 and IP Address 0 0 0 0 with entries per page Mo more entries Auto refresh D Figure 4 12 14 Dynamic ARP Inspection Table Screenshot Navigating the ARP Inspection Table Each page shows up to 99 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per Page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last en
62. Sample Startup Rising Rising Falling Falling Add New Entry Apply Figure 4 18 1 RMON Alarm Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold The range is from 1 to 2431 1 e Variable Indicates the particular variable to be sampled the possible variables are WR InOctets The total number of octets received on the interface including framing characters E InUcastPkts The number of uni cast packets delivered to a higher layer 329 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al protocol E InNUcastPkts The number of broadcast and multi cast packets delivered to a higher layer protocol E InDiscards The number of inbound packets that are discarded even the packets are normal E InErrors The number of inbound packets that contains errors preventing them from being deliverable to a higher layer protocol E InUnknownProtos the number of the inbound packets that is discarded because of the unknown or un support protocol WR OutOctets The number of octets transmitted out of the interface including framing characters OutUcastPkts The number of uni cast packets that requests to transmit OutN
63. Series VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance m Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services E Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type M Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy Tag indicating whether the specified application type is using a tagged or an untagged VLAN E Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance E Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field
64. Switch is actively sending or receiving data over that port GS 5220 46S2C4X LED Indication 5 5270 46520C4 A Figure 2 1 11 Front Panel LEDs of GS 5220 46S2C4X gt System ED Color Function Par an paramasasra PWR Green Lights up to indicate tnat tne Switch has power Fant Red Lights up to indicate fant has failed FaN2 Red Lights up to indicate fenzhasfaled gt Per 10 100 1000Mbps RJ45 port Port 1 to Port 2 Color Function 1000 Lights up to indicate the port is running at 1000Mbps speed and successfully established LNK ACT Blinks to indicate that the switch is actively sending or receiving data over that port 10 100 Pa ER Lights up to indicate the port is running at 10 100Mbps speed and successfully established LNK ACT g Blinks to indicate that the switch is actively sending or receiving data over that port gt Per 100 1000BASE X SFP Interface Port 1 to Port 48 Color Function 1000 Lights up to indicate the port is running at 1000Mbps speed and successfully established LNK ACT Blinks to indicate that the switch is actively sending or receiving data over that port 100 CHE Lights up to indicate the port is running at 100Mbps speed and successfully established LNK ACT g Blinks to indicate that the switch is actively sending or receiving data over that port gt Per 10G SFP Interface Port 49 to Port 52 LED Color Function 32 PLAN ET User s Manual of GS 5220 Series Networking
65. The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes e Result Display the ping result Buttons Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values H Clears the IP Address and the result of ping value 309 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a 4 15 4 Cable Diagnostics This page is used for running the Cable Diagnostics Press to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnostic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The VeriPHY Cable Diagnostics screen in Figure 4 15 4 appears VeriPHY Cable Diagnostics Peal Cable Status Pair AC 1 2 Length A Pair B 3 6 Length B Pair C 4 5 Length C Pair D 7 8 Length D zl DN on P DA bh Figure 4 15 4 VeriPHY Cable Diagnostics Page Screenshot The page includes the following fields Object Description e Port The port where you are requesting Cable Diagnostics e Description Displ
66. This parameter is only shown if Scheduler Mode is set to Weighted The default value is 17 Shows the weight in percent for this queue This parameter is only shown if Scheduler Mode is set to Weighted Controls whether the port shaper is enabled for this switch port Controls the rate for the port shaper This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Controls the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to undo any changes made locally and return to the previous page 4 9 6 Port Tag Remarking This page provides an overview of QoS Egress Port Tag Remarking for all switch ports The Port Tag Remarking screen in Figure 4 9 6 appears Qos Egress Port Tag Remarking Classified Classified Classified Classified Classified Classified Classified Classified 1 S 3 4 2 6 f m Figure 4 9 6 QoS Egress Port Tag Remarking Page Screenshot 187 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure ta
67. WRR 8 level priority for switching Port number 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP packet IGMP Snooping IGMP v1 v2 v3 Snooping up to 255 multicast groups IGMP Querier mode support MLD Snooping MLD v1 v2 Snooping up to 255 multicast groups MLD Querier mode support Access Control List IP based ACL MAC based ACL Up to 256 entries Bandwidth Control Per port bandwidth control Ingress 100Kbps 1000Mbps Egress 100Kbps 1000Mbps SNMP MIBs RFC 1213 MIB II RFC 2863 IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2737 Entity MIB RFC 2819 RMON MIB Groups 1 2 3 and 9 RFC 2618 RADIUS Client MIB RFC 3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Power over Ethernet MIB 19 PLAN ET User s Manual of GS 5220 Series Networking amp Communication pi Layer 3 Functions IP Interfaces Max 8 VLAN interfaces Routing Table Max 32 routing entries Routing Protocols IPv4 software static routing IPv6 software static routing Standards Conformance Regulatory Compliance FCC Part 15 Class A CE IEEE 802 3 10BASE T IEEE 802 1Q VLAN tagging IEEE 802 3u IEEE 802 1x Port Authentication Network 100BASE TX 100BASE FX Control IEEE 802 3z 1000BASE SX LX IEEE 802 1ab LLDP IEEE 802 3ab 1000BASE T IEEE 802 3af Power over Ethernet IEEE 802 3x flow
68. a backup role Lower number means greater priority Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 3 LACP System Status This page provides a status overview for all LACP instances The LACP Status Page display the current LACP aggregation Groups and LACP Port status The LACP System Status screen in Figure 4 5 5 appears LACP System Status Agar ID Partner Partner Partner Last Local System ID Key Priority Changed Ports No pons enabled or no existing partners Auto refresh L Figure 4 5 5 LACP System Status Page Screenshot The page includes the following fields Object Description e Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id e Partner System ID The system ID MAC address of the aggregation partner e Partner Key The Key that the partner has assigned to this aggregation ID e Partner Priority The priority of the aggregation partner e Last changed The time since this aggregation changed e Local Ports Shows which ports are a part of this aggregation for this switch Buttons Retresh Click to refresh the page immediately Auto refresh L Automatic refresh occurs every 3 seconds 107 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 5 4 LACP Port Status This page provides a status
69. a core region of the network influence the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also Known as Root Guard If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning tree s active topology as a result of persistently incorrect learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or the physical link state of the attached LANs transits frequently If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the similar bridge setting the port Edge status does not effect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or forced either true or false Transitions to the forwarding state is faster for point to point LANs than for shared media 146 PLANET User s Manual of GS 5220 Series Networking amp Communication Y Buttons APPIY J Click to apply changes Reset Cli
70. a given port left most table or client right most table Possible retransmissions are not counted Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X Single 802 1X hey Multi 802 1X MAC based Auth Name IEEE Name MAC dot1xAuthLastEapolF Address rameSource VLAN ID Version dot1xAuthLastEapolF rameVersion Identity Description Description The MAC address of the last supplicant client The VLAN ID on which the last frame from the last supplicant client was received 802 1 X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable The Selected Counters table is visible when the port is one of the following administrative states Ka Multi 802 1X WW MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if 244 PLANET Networking amp Communication vi Attached MAC Address Object e Identity e MAC Address e VLAN ID e State e Last Authentication Buttons User s Manual of GS 5220 Series no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the
71. addresses are allowed HM Multicast Only Multicast MAC addresses are allowed 193 PLANET Networking amp Communication e e SMAC e Tag Type e VID e PCP e DEI e Frame Type e Action e Modification Buttons User s Manual of GS 5220 Series WW Broadcast Only Broadcast MAC addresses are allowed The default value is Any Displays the OUI field of Source MAC address i e first three octet byte of MAC address Indicates tag type Possible values are HM Any Match tagged and untagged frames WW Untagged Match untagged frames Mi Tagged Match tagged frames The default value is Any Indicates VLAN ID either a specific VID or range of VIDs VID can be in the range 1 4095 or Any Priority Code Point Valid value PCP are specific 0 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any Indicates the type of frame to look for incoming frames Possible frame types are BW Any The QCE will match all frame type HM Ethernet Only Ethernet frames with Ether Type 0x600 OxFFFF are allowed LLC Only LLC frames are allowed SNAP Only SNAP frames are allowed IPv4 The QCE will match only IPV4 frames Mi IPv6 The QCE will match only IPV6 frames Indicates the classification action taken on ingress frame if parameters configured are matched with the frame s content There are three
72. and Mask are in the format x y z w where x y Z and w are decimal numbers between 0 and 255 When Mask is converted to a 32 bit binary string and read from left to right all bits following the first zero must also be zero DSCP Diffserv Code Point value DSCP It can be specific value range of value or Any DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF11 AF43 WW IP Fragment Pv4 frame fragmented option yes nojany HM 8 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP HM Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP e IPv6 Protocol IP protocol number 0 255 TCP or UDP or Am Source IP IPv6 source address a b c d or Any 32 LS bits DSCP Diffserv Code Point value DSCP It can be specific value range of value or Amy DSCP values are in the range 0 63 including BE CS1 CS7 EF or AF 11 AF43 Sport Source TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP Dport Destination TCP UDP port 0 65535 or Any specific or port range applicable for IP protocol UDP TCP e Action Parameters Class QoS class 0 7 or Default 196 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e DPL Valid Drop Precedence Level can be 0 3 or Default DSCP Valid DSCP value can be 0 63 BE CS1 CS7 EF or AF11 AF43 or Default Defaul
73. and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames 232 vi PLANET Networking amp Communication User s Manual of GS 5220 Series sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to Know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the sup
74. and layer 4 features The description of this model is shown below Model Name Gigabit RJ45 Ports Gigabit SFP Slots PoE Ports 10G SFP Slots Managed Switch is used as an alternative name in this user s manual 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items gt FM If any of these are missing or damaged please contact your dealer immediately if possible retain the carton including the The Managed Switch Quick Installation Guide RJ45 to RS232 Cable Rubber Feet Two Rack mounting Brackets with Attachment Screws Power Cord SFP Dust proof Caps Model Name SFP Dust proof Caps GS 5220 8P2T2S GS 5220 44S4C 48 GS 5220 46S2C4X 52 GS 5220 48T4X original packing material and use them again to repack the product in case there is a need to return it to us for repair 10 User s Manual of GS 5220 Series PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 1 2 Product Description Ideal Combination of 10G Uplink high density Gigabit and Layer 3 Static Routing PLANET GS 5220 series is a Layer 2 managed Gigabit 10 Gigabit Ethernet switch and supports static Layer 3 routing ina 1U case The GS 5220 series can handle extremely large amounts of data in a secure topology linking to an enterprise backbone or high capacity servers Layer 3 IPv4 and IPv6 VLAN Routing for Secure and Flexible
75. as Figure 4 16 3 shows Port Sequential Power up Interval Sequential Power up Option Sequential Power up Interval 1 30 seconds Sequential Power up Port Option Port Sequential Power up Interval Sequential Power up Option Enable ze Sequential Power up Interval OOo a 30 seconds Sequential Power up Port Option Figure 4 16 3 PoE Port Sequential Power Up Interval Configuration Screenshot The PoE port will start up after the whole system program has finished running The page includes the following fields Object Description e Sequential Power up Allows user to enable or disable Sequential Power up function Option e Sequential Power up Allows user to configure the PoE Port Start Up interval time Interval e Sequential Power up There are two modes for Starting Up the PoE Port Port Option By Port The PoE Port will start up by following Port number By Priority The PoE Port will start up by following the PoE Priority Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 317 PLANET Networking amp Communication c 4 16 5 Port Configuration User s Manual of GS 5220 Series This section allows the user to inspect and configure the current PoE port settings as Figure 4 16 4 shows Power Over Ethernet Configuration PoE Mode Schedule AFAT Mode Power gll E M 1 Enable 2 Enable 3 Enable
76. bad packets The number of received and transmitted good and bad bytes including FCS but excluding framing bits The number of received and transmitted good and bad unicast packets The number of received and transmitted good and bad multicast packets The number of received and transmitted good and bad broadcast packets A count of the MAC Control frames received or transmitted on this port that has an opcode indicating a PAUSE operation 96 PLAN EI User s Manual of GS 5220 Series Networking amp Communication Receive and Transmit Size Counters The number of received and transmitted good and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue Counters The number of received and transmitted packets per input and output queue Receive Error Counters Object Description e Rx Drops The number of frames dropped due to lack of receive buffers or egress congestion e Rx CRC Alignment The number of frames received with CRC or alignment errors e Rx Undersize The number of short frames received with valid CRC e Rx Oversize The number of long frames received with valid CRC e Rx Fragments The number of short frames received with invalid CRC e Rx Jabber The number of long frames received with invalid CRC e Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames ar
77. be managed via any management software based on standard of SNMP protocol For reducing product learning time the GS 5220 series offers Cisco like command via Telnet or console port and customer doesn t need to learn new command from these switches Moreover the GS 5220 series offers secure remote management by supporting SSH SSL and SNMPv3 connection which encrypt the packet content at each session Flexibility and Extension Solution The multi mini GBIC slots built in the GS 5220 series support dual speed as it features 100BASE FX and 1000BASE SX LX SFP Small Form factor Pluggable fiber optic modules Now the administrator can flexibly choose the suitable SFP transceiver according to not only the transmission distance but also the transmission speed required The distance can be extended from 550 meters to 2km multi mode fiber up to above 10 20 30 40 50 70 120 kilometers single mode fiber or WDM fiber They are well suited for applications within the enterprise data centers and distributions Intelligent SFP Diagnosis Mechanism The GS 5220 series supports SFP DDM Digital Diagnostic Monitor function that greatly helps network administrator to easily monitor real time parameters of the SFP such as optical output power optical input power temperature laser bias current and transceiver supply voltage 12 PLAN EI User s Manual of GS 5220 Series Networking amp Communication vi 1 3 How to Use This Manual This Use
78. can be done to just the promiscuous ports within the private VLAN This page is used for enabling or disabling port isolation on ports in a Private VLAN A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN The Port Isolation screen in Figure 4 6 6 appears Auto refresh L Port Isolation Configuration Port Number 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 gt ITU UU Figure 4 6 6 Port Isolation Configuration Page Screenshot The page includes the following fields Object Description e Port Members A check box is provided for each port of a private VLAN When checked port isolation is enabled on that port When unchecked port isolation is disabled on that port By default port isolation is disabled on all ports Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately 124 PLANET User s Manual of GS 5220 Series Networking amp Communication e 4 6 7 VLAN setting example E Separate VLAN E 802 1Q VLAN Trunk E Port Isolate 4 6 7 1 Two Separate 802 1Q VLANs The diagram shows how the Managed Switch handle Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Gro
79. control and back IEEE 802 3at Power over Ethernet Plus pressure RFC 768 UDP E Ee IEEE 802 3ad port trunk with RFC 793 TFTP Se Ee LACP RFC 791 IP IEEE 802 1D Spanning Tree RFC 792 ICMP Protocol RFC 2068 HTTP IEEE 802 1w Rapid Spanning Tree RFC 1112 IGMP v1 Protocol RFC 2236 IGMP v2 IEEE 802 1s Multiple Spanning RFC 3376 IGMP v3 Tree Protocol RFC 2710 MLD v1 IEEE 802 1p Class of Service FRC 3810 MLD v2 Temperature 0 50 degrees C Operating l o Relative Humidity 5 95 non condensing Temperature 10 70 degrees C Storage Relative Humidity 5 95 non condensing 20 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e GS 5220 16S8C GS 5220 16S8CR Hardware Specifications foment ecw ooo EES Share Data Buffer Data Buffer 16M bits Flow Control IEEE 802 3x pause frame for full duplex e A wa EH for half duplex Jumbo Frame Frame 10K 40K bytes lt 5 sec System reboot Teor Buton gt 5 sec Dees EH default Dimensions Dimensions WxDxH X Dimensions WxDxH x H 440 x 200 x 44 5 mm 1U 440x200x44 5mm 1Uheight Weight 2745g Power Power Requirements AC Power Requirements AC AC 100 240V 50 60Hz Poner RES GS Le 48V DC 0 6A nominal voltage Operating Range 36 60V DC Power Power Consumption 45 watts 153 BTU max ESD Protection 6KV DC Layer 2 Functions Port disable enable Port Configuration Auto negotiation 10 100 1000Mbps full and
80. direction to either East of the prime meridian or West of the prime meridian Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters Meters Representing meters of Altitude defined by the vertical datum specified 294 PLANET Networking amp Communication al e Map Datum Civic Address Location User s Manual of GS 5220 Series Floors Representing altitude in a form more relevant in buildings which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance The Map Datum used for the coordinates given in this Option WR WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich M NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW E NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations o
81. drop down list box for EAP type 263 PLANET User s Manual of GS 5220 Series lt lt Networking amp Communication JCOM 3C940 Properties General Suthentication Advanced Select this option to provide authenticated network access for Ethernet networks Enable IEEE 802 1 authentication for this network EAP type Protected EAP FEAF w MDOS Challenge Protected EAF FEAF Smart Card or other Certificate Authenticate as computer when computer information is available Authenticate as guest when user or computer information is unavailable Figure 4 11 20 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue i Local Area Connection 3 a Click here to enter your user name and password For the Figure 4 11 21 Windows Client Popup Login Request Message 264 PLANET User s Manual of GS 5220 Series Networking amp Communication e 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Local Area Connection 3 User name test Logon domat Figure 4 11 22 265 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 12 Security This section is to control the access of the Managed Switch includes the user access and management control The Secu
82. e Hours Select the ending hour e Minutes Select the ending minute e Offset Settings Enter the number of minutes to add during Daylight Saving Time Range 1 to 1440 Buttons Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 8 UPnP Configure UPnP on this page UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components The UPnP Configuration screen in Figure 4 2 10 appears UPnP on ration a Duration Figure 4 2 10 UPnP Configuration Page Screenshot The page includes the following fields Object Description e Mode Indicates the UPnP operation mode Possible modes are E Enabled Enable UPnP mode operation E Disabled Disable UPnP mode operation 64 PL ANET lt Networking amp Communication e TTL e Advertising Duration Buttons User s Manual of GS 5220 Series When the mode is enabled two ACEs are added automatically to trap UPnP related packets to CPU The ACEs are automatically removed when the mode is disabled Valid values are in the range of 1 to 255 The TTL value is used by UPnP to send SSDP advertisement messages The duration carried in SSDP packets is used
83. e Postal community Postal community name Example Leonia name e P O Box Post office box P O BOX Example 12345 e Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description e Emergency Call Emergency Call Service ELIN identifier data format is defined to carry the ELIN Service identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 This network policy is potentially advertised and associated with multiple
84. enabled Auto refresh LJ Figure 4 7 12 STP Statistics Page Screenshot The page includes the following fields Object Description e Port The switch port number of the logical RSTP port e MSTP The number of MSTP Configuration BPDU s received transmitted on the port e RSTP The number of RSTP Configuration BPDU s received transmitted on the port e STP The number of legacy STP Configuration BPDU s received transmitted on the port e TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port e Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port e Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the port Buttons Auto refresh Automatic refresh occurs every 3 seconds Retesh Click to refresh the page immediately Clear Clears the counters for all ports 153 PLANET User s Manual of GS 5220 Series Networking amp Communication vi 4 8 Multicast 4 8 1 IGMP Snooping The Internet Group Management Protocol IGMP lets host and routers share information about multicast groups memberships IGMP snooping is a switch feature that monitors the exchange of IGMP messages and copies them to the CPU for feature processing The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group About the Internet Group Manag
85. enabled The flooding control takes effect only wnen MLD Snooping is enabled When MLD Snooping is disabled unregistered IPMCv 6 traffic flooding is always active in spite of this setting e MLD SSM Range SSM Source Specific Multicast Range allows the SSM aware hosts and routers run the SSM service model for the groups in the address range e Leave Proxy Enable Enable MLD Leave Proxy This feature can be used to avoid forwarding unnecessary leave messages to the router side e Proxy Enable Enable MLD Proxy This feature can be used to avoid forwarding unnecessary join and leave messages to the router side e Router Port Specify which ports act as router ports A router port is a port on the Ethernet 168 PLAN ET User s Manual of GS 5220 Series Networking amp Communication switch that leads towards the Layer 3 multicast device or MLD querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port The allowed selection is Auto Fix Fone default compatibility value is Auto e Fast Leave Enable the fast leave on the port e Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 11 MLD Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected th
86. enters Port 3 PC 1 and PC 2 will received the packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet E Untagged packet entering VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 For this example VLAN Group 1 just set as default VLAN but only focus on VLAN 2 and VLAN 3 traffic flow Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Global VLAN Configuration Allowed Access VLANs 13 Ir Ethertype for Custom S ports 97 Figure 4 6 8 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 52 126 PLANET User s Manual of GS 5220 Series Networking amp Communication vi Global VLAN Configuration Allowed Access VLANs o Fort VLAN Configuration Ethertype for Custom S ports for Custom 5 ports SSS oa O s a p 1 Access EE KIT Rk EN Access BI 20 KH 3 access sl 2 KIT
87. entries were It also shows the time when the last entry was last deleted or added It also last changed shows the time elapsed since the last change was detected e Total Neighbors Shows the number of new entries added since switch reboot Entries Added e Total Neighbors Shows the number of new entries deleted since switch reboot Entries Deleted e Total Neighbors Shows the number of LLDP frames dropped due to that the entry table was full Entries Dropped e Total Neighbors Shows the number of entries deleted due to Time To Live expiring Entries Aged Out 304 al LLDP Statistics Local Counters PLANET Networking amp Communication User s Manual of GS 5220 Series The displayed table contains a row for each port The columns hold the following information Object Buttons Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLVs Discarded TLVs Unrecognized Org Discarded Age Outs Retresh Description The port on which LLDP frames are received or transmitted The number of LLDP frames transmitted on the port The number of LLDP frames received on the port The number of received LLDP frames containing some kind of error If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remot
88. half duplex mode selection Flow control disable enable Display each port s speed duplex mode link status flow control status auto negotiation status trunk status TX RX Both Port Mirrori EE 802 1Q tagged based VLAN Q in Q tunneling Private VLAN Edge PVE MAC based VLAN VLAN Protocol based VLAN Voice VLAN IP Subnet based VLAN MVR Multicast VLAN registration Up to 255 VLAN groups out of 4094 VLAN IDs SE IEEE 802 3ad LACP static trunk LEAL 12 groups of 8 port trunk supported STP IEEE 802 1D Spanning Tree Protocol Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol 21 i PLAN ET User s Manual of GS 5220 Series Networking amp Communication Traffic classification based strict priority and WRR 8 Level priority for switching Port Number 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP packet IGMP v1 v2 v3 snooping up to 255 multicast groups RS IGMP querier mode support e MLD v1 v2 snooping up to 255 multicast groups MLD MLD querier mode support Access Control Liei IP based ACL MAC based ACL Up to 256 entries Per port bandwidth control Bandwidth Control Ingress 100Kbps 1000Mbps Egress 100Kbps 1000Mbps Layer 3 Functions IP Interfaces Max 128 VLAN interfaces Routing Table Max 32 routing entries IPv4 hardware static routing l Ee IPv6 hardware static routing Management Basic Management In
89. is actively sending or receiving data over that port Lights to indicate the port is providing 54VDC in line power Off to indicate the connected device is not a PoE Powered Device PD HM 10 100 1000BASE T Interfaces Port 9 to Port 10 Color Function LED i To indicate the link through that port is successfully established LNK ACT i To indicate that the switch is actively sending or receiving data over that port 1000 Orange Lights To indicate that the port is operating at 1000Mbps 29 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication Off If LNK ACT LED is lit it indicates that the port is operating at 10 100Mbps If LNK ACT LED is off it indicates that the port is link down Mi 10 100 1000BASE X SFP Interfaces Port 11 to Port 12 Color Function LED Lights To indicate the link through that port is successfully established LNK ACT Blinks To indicate that the switch is actively sending or receiving data over that port Lights To indicate that the port is operating at 1000Mbps Orange Off If LNK ACT LED is lit it indicates that the port is operating at 100Mbps If LNK ACT LED is off it indicates that the port is link down GS 5220 16S8C GS 5220 16S8CR LED Indication gt PLANET 24 Port 100 1000X SFP Managed Switch Networking amp Communication Alert F gt 20 gt dch Fault ev 17 V Ki CT A 1000 23 ev 10 10
90. mode enabled Possible policies are E Replace Replace the original relay information when receiving a DHCP message that already contains it E Keep Keep the original relay information when receiving a DHCP message that already contains it WR Drop Drop the package when receiving a DHCP message that already contains relay information Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 10 DHCP Relay Statistics This page provides statistics for DHCP relay The DHCP Relay Statistics screen in Figure 4 2 13 appears DHCP Relay Statistics Server Statistics Transmit to Transmit Receive from Receive Missing Agent Receive Missing Receive Missing Receive Bad Receive Bad Server Error Server Option Circuit ID Remote ID Circuit ID Remote ID 0 0 D 0 D 0 D 0 Client Statistics Transmit to Client Receive from Client Receive Agent Option Replace Agent Option Keep Agent Option Drop Agent Option D D D D D D 0 Auto Refresh Figure 4 2 13 DHCP Relay Statistics Page Screenshot 67 a The page includes the following fields PLANET Networking amp Communication Server Statistics Object Transmit to Server Transmit Error Receive from Server Receive Missing Agent Option Receive Missing Circuit ID Receive Missing Remote ID Receive Bad Circuit ID Receive Bad Remote ID Client Statistics Object Buttons A
91. occurs is displayed in parentheses This state is only reachable when more than one server is enabled Buttons Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately 251 PLANET User s Manual of GS 5220 Series Melworking amp Communication 4 11 9 RADIUS Details This page provides detailed statistics for a particular RADIUS server The RADIUS Authentication Accounting for Server Overview screen in Figure 4 11 10 appears RADIUS Authentication Statistics for Server 1 Receive Packets Transmit Packets Access Accepts 0 Access Requests Access Rejects g Access Retransmissions Access Challenges 0 Pending Requests Malformed Access Responses 0 Timeouts Bad Authenticators 0 Unknown Types 0 Packets Dropped 0 Other Info IP Address 0 0 0 0 0 State Disabled Round Trip Time 0 ms RADIUS Accounting Statistics for Server 1 Receive Packets Transmit Packets Responses Requests Nalformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Dropped IP Address 0 0 0 0 0 State Disabled Round Trip Time U ms Figure 4 11 10 RADIUS Authentication Accounting for Server Overview Screenshot The page includes the following fields RADIUS Authentication Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server
92. off and on the power The following is the summary table of reset button functions Reset Button Pressed and Released Function lt 5 sec System Reboot Reboot the Managed Switch Reset the Managed Switch to Factory Default configuration gt 5 sec Factory Default The Managed Switch will then reboot and load the default settings as shown below 28 PLANET User s Manual of GS 5220 Series Networking amp Communication vi Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 The reset button of GS 5220 48T4X is located at the side of the switch 2 1 2 LED Indications The front panel LEDs indicate instant status of power and system status fan status port links PoE in use and data activity they help monitor and troubleshoot when needed Figures 2 1 7 to 2 1 12 show the LED indications of the Managed Switch GS 5220 8P2T2S LED Indication gt DC S eee Pee hee im S02 3at POE EYEE ETT Networking amp Communication LIH GS 5220 8P2125S Function Green Lights to indicate that the fan is not working Lights to indicate the system is working Off to indicate the system is booting Lights to indicate the Switch has power Per 10 100 1000BASE T PoE Port LED Function Lights To indicate the link through that port is successfully established LNK ACT Blinks To indicate that the switch
93. port are checked against the filter profile If a requested multicast group is permitted the MLD join report is forwarded as normal If a requested multicast group is denied the MLD join report is dropped MLD throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new MLD join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group The MLD Snooping Port Group Filtering Configuration screen in Figure 4 8 15 appears MLD Snooping Port Filtering Profile Configuration Port Filtering Profile 99999909090 Figure 4 8 15 MLD Snooping Port Group Filtering Configuration Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings e Filtering Group Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 171 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 8 13 MLD Snooping Status This page provides MLD Snooping status T
94. ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port status are illustrated as follows State Disabled Down Link RJ45 Ports SS nm fF SFP Ports E o a 50 PLANET User s Manual of GS 5220 Series Networking amp Communication amp Main Menu Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can set up the Managed Switch by selecting the functions those listed in the Main Function The screen in Figure 4 1 5 appears t System t SNMP t Port Management LINK Aggregation k VLONS t Spanning Tree t Multicast OOS Authentication k Security MAC Address Table LLDF t Diagnostics t Loop Frotectian RMON Figure 4 1 5 Managed Switch Main Functions Menu 51 e 4 2 System PLANET Networking amp Communication User s Manual of GS 5220 Series Use the System menu items to display and configure basic administrative details of the Managed Switch Under the System the following topics are provided to configure and view the system information This section has the following items System Information IP Configuration IP Status Users Configuration Privilege Levels NTP Configuration Time Configuration UPnP DHCP Re
95. previously saved values 4 8 17 MVR Status This page provides MVR status The MVR Status screen in Figure 4 8 20 appears MVR Statistics VLAN ID IGMP MLD IGMP MLD IGMPyvi1 IGMPy MLDv1 IGMPy 3 MLDv IGMPyv2 MLDv1 Queries Received Queries Transmitted Joins Received Reports Received Reports Received Leaves Received No morg antes Auto refresh LJ Figure 4 8 20 MVR Status Page Screenshot The page includes the following fields Object Description e VLAN ID The Multicast VLAN ID e IGMP MLD Queries Received The number of Received Queries for IGMP and MLD respectively e IGMP MLD Queries Transmitted The number of Transmitted Queries for IGMP and MLD respectively e IGMPv1 Joins Received The number of Received IGMPv1 Joins e IGMPv2 MLDv1 Reports Received The number of Received IGMPv2 Joins and MLDv1 Reports respectively e IGMPv3 MLDv2 Reports Received The number of Received IGMPv1 Joins and MLDv2 Reports respectively IGMPv2 MLDv1 Leaves Received The number of Received IGMPv2 Leaves and MLDv1 Dones respectively Buttons Retresh Click to refresh the page immediately Clear Clears all Statistics counters i Automatic refresh occurs every 3 seconds Auto refresh 178 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 8 18 MVR Groups Information Entries in the MVR Group Table are shown on this page The MVR Group Table is sorted first by VLAN ID
96. priority is used in case the total power consumption is over the total power budget In this case the port with the lowest priority will be turned off and power for the port of higher priority will be offered e Power Allocation It can limit the port PoE supply wattage Per port maximum value must be less than 30 8W watts total ports values must be less than the Power Reservation value Once power overload is detected the port will automatically shut down and continue to be in detection mode until Pad s power consumption is lower than the power limit value Buttons Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 319 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a 4 16 6 PoE Status This page allows the user to inspect the total power consumption total power reserved and current status for all PoE ports The screen in Figure 4 16 5 appears Power Over Ethernet Status PoE System Status sste Ke Cciss2 K eri re K isst pons KI Reseed PowerfResened mode L PoE Temperate Current Power Consumption 0 U 240 WW PoE Port Status Local Port PD Class Power Used W Current Used ma Port Status AF ZAT Mode High PoE search High PoE Search PESE Det Ceasreek Figure 4 16 5 PoE Status Screenshot The page includes the following fields Object Description e Sequential Power On Displa
97. refresh the page automatically Automatic refresh occurs every 3 seconds Retesh Click to refresh the page immediately 135 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 7 Spanning Tree Protocol 4 7 1 Theory The Spanning Tree protocol can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions E STP Spanning Tree Protocol IEEE 802 1D a RSTP Rapid Spanning Tree Protocol IEEE 802 1w E MSTP Multiple Spanning Tree Protocol IEEE 802 1s The IEEE 802 1D Spanning Tree Protocol and IEEE 802 1w Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links a
98. select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description 252 e PLANET Networking amp Communication Rx Rx Rx Rx Rx Rx Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authenticators Unknown Types Packets Dropped 253 User s Manual of GS 5220 Series radiusAuthClientExtA ccessAccepts radiusAuthClientExtA ccessRejects radiusAuthClientExtA ccessChallenges radiusAuthClientExt MalformedAccessRe sponses radiusAuthClientExtB adAuthenticators radiusAuthClientExtU nknownTypes radiusAuthClientExtP acketsDropped The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenti
99. sent Each device connected to a Local Area Network LAN or Wide Area Network WAN is given an Internet Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet IPMC is an acronym for IP MultiCast IP Source Guard LACP IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port 350 PLANET User s Manual of GS 5220 Series O Networking amp Communication LLDP is an IEEE 8
100. sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 296 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a 4 Video Conferencing 5 Streaming Video 6 Control Signaling conditionally support a separate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description e Delete Check to delete the policy It will be deleted during the next save e Policy ID ID for the policy This is auto generated and shall be used when selecting the polices that shall be mapped to the specific ports e Application Type Intended use of the application types M Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive
101. standard Port overlapping allowing a port to participate in multiple VLANs End stations can belong to multiple VLANs Passing traffic between VLAN aware and VLAN unaware devices Priority tagging WW IEEE 802 1Q Standard IEEE 802 1Q tagged VLAN are implemented on the Switch 802 1Q VLAN require tagging which enables them to span the entire network assuming all switches on the network are IEEE 802 1Q compliant VLAN allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging m The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in packet headers m The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet _Untagging The act of stripping 802 1Q VLAN information out of the packet header 111 PLAN
102. switch will drop the packet Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to the default As new VLAN are configured in Port based mode their respective member ports are removed from the default WE Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic
103. the Bridge when it is the Root Bridge Valid values are in the range 6 to 40 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 6 to 40 hops The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Description Control whether a port explicitly configured as Edge will transmit and receive BPDUs Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology 143 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e e Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot e Port Error Recovery The time that has to pass before a port in the error disabled state can be Timeout enabled Valid values are between 30 and 86400 seconds 24 hours The Managed Swit
104. the IPMC Profile as the channel filtering condition for the specific MVR VLAN Summary about the Interface Channel Profiling of the MVR VLAN will be shown by clicking the view button Profile selected for designated interface channel is not allowed to have overlapped permit group address The logical port for the settings Configure an MVR port of the designated MVR VLAN as one of the following roles E Inactive The designated port does not participate MVR operations WR Source Configure uplink ports that receive and send multicast data as source ports Subscribers cannot be directly connected to source ports WR Receiver Configure a port as a receiver port if it is a subscriber port and should only receive multicast data It does not receive data unless it becomes a member of the multicast group by issuing IGMP MLD messages Be Caution MVR source ports are not recommended to be overlapped with management VLAN ports Select the port role by clicking the Role symbol to switch the setting indicates Inactive S indicates Source R indicates Receiver 177 de PLAN ET User s Manual of GS 5220 Series Networking amp Communication The default Role is Inactive e Immediate Leave Enable the fast leave on the port Buttons Add New MVE VLAN Click to add new MVR VLAN Specify the VID and configure the new entry Click Save APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to
105. the Root Bridge If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to block a particular connection is based on the STP calculation of the most current Bridge and Port settings Now if sw
106. to match this entry HM 1 TCP frames where the PSH field is set must be able to match this entry BW Any Any value is allowed don t care e TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE Mi 0 TCP frames where the ACK field is set must not be able to match this entry HM 1 TCP frames where the ACK field is set must be able to match this entry BW Any Any value is allowed don t care e TCP URG Specify the TCP Urgent Pointer field significant URG value for this ACE HM 0 TCP frames where the URG field is set must not be able to match this entry BW 8 1 TCP frames where the URG field is set must be able to match this entry WW Any Any value is allowed don t care m Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description e EtherType Filter Specify the Ethernet type filter for this ACE BW Any No EtherType filter is specified EtherType filter status is don t care HM Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears e Ethernet Type Value When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to OxXFFFF but excluding 0x800 IPv4 0x806 ARP and Ox86DD IPv6 A frame that hits this ACE matches this EtherType value Buttons
107. to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsolete by RSTP SyncE Is an abbreviation for Synchronous Ethernet This functionality is used to make a network clock frequency synchronized Not to be confused with real time clock synchronized IEEE 1588 T 357 PLAN EI User s Manual of GS 5220 Series Networking amp Communication wi TACACS is an acronym for Terminal Access Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applicat
108. to the same VLAN s either manually or dynamically using GVRP However if you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices nor the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not support VLAN tagging DW VLAN Classification When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame 113 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al WW Port Overlapping Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch Mi Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast dom
109. to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise 27 3 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a The status page is divided into two sections one with a legend of user modules and one with the actual port status The Port Security Status screen in Figure 4 12 6 appears Port Security Switch Status User Module Legend User Module Name Abbr Limit Control ou 1x Voice VLAN Port Status Sta MAC Count Count ate Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 5 7 1 0 TT bi i a Figure 4 12 6 Port Security Status Screen Page Screenshot The page includ
110. type is using a tagged or an untagged VLAN Can be Tagged or Untagged E Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 E Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Auto negotiation identifies if MAC PHY auto negotiation is supported by the link partner Auto negotiation status identifies if auto negotiation is currently enabled at the link partner If Auto negotiation is supported and Auto negotiation status is disabled the 802 3 PMD operating mode will be determined the operational MAU type field value rather than by auto negotiation Auto negotiation Capabilities shows the link partners MAC PHY capabilities Click to refresh the page immediately
111. xx xx xx x is a hexadecimal digit e Description The description of OUI address Normally it describes which vendor telephony device it belongs to The allowed string length is 0 to 32 Buttons Add New Entry Click to add a new access management entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 205 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 10 Access Control Lists ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and
112. your networks should be active all the time please consider using UPS Uninterrupted Power Supply for your device Power Notice It will prevent you from network data loss or network downtime In some areas installing a surge suppression device may also help to protect your Managed Switch from being damaged by unregulated surge or current to the Switch or the power adapter Mi DC Power Connector The rear panel of the GS 5220 16S8CR has a power switch and a DC power connector where the latter accepts DC power input voltage from 36V to 60V DC Connect the power cable to the Managed Switch at the input terminal block The size of the two screws in the terminal block is M3 5 DC POWER Z CAUTION ON Ensure the power switch in the OFF position betore connect the DC wire 4 DC Input Range 36 60 Figure 2 1 16 Rear Panel of GS 5220 16S8CR Before connecting the DC power cable to the input terminal block of the GS 5220 16S8CR make sure Mali that the power switch is in the OFF position and the DC power is OFF 35 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 2 2 Installing the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch Please read the following topics and perform the procedures in the order being presented To install your Managed Switch on a desktop or shelf simply complete the following steps 2 2 1 Desk
113. 0 Wi GS 5220 16S8C Reset PAR A amp Yy Figure 2 1 8 GS 5220 16S8C LED on Front Panel gt PLANET 24 Port 100 1000X SFP Managed Switch Networking amp Communication e GS 5220 16S8CR Reset PAR NE ee ACT 1000 W A 10 100 Function Lights to indicate that the Switch has AC power input BR Gs Lights to indicate that the Switch has DC power input GS 5220 16S8CR Only Function Lights to indicate fan failure Lights to indicate ports 1 24 or power input failure 30 PLAN ET User s Manual of GS 5220 Series Networking amp Communication gt Per 10 100 1000Mbps RJ45 port Port 1 to Port 8 Color Function 1000 De To indicate the port is running in 1000Mbps speed and successfully established LNK ACT Blinks To indicate that the switch is actively sending or receiving data over that port 10 100 Lights To indicate the port is running in 10 100Mbps speed and successfully established Orange LNK ACT Blinks To indicate that the switch is actively sending or receiving data over that port gt Per 100 1 DERE ROE X SFP Interface Port 1 to Port 24 Color Function eni To indicate the port is successfully established at 1000Mbps 1000 LNK ACT Blinks To indicate that the Switch is actively sending or receiving data over that port 100 ee Lights To indicate the port is successfully established at 100Mbps LNK ACT Orange Blink To indicate that the Switch is actively sen
114. 02 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP LLDP MED is an extension of IEEE 802 1ab and is defined by the telecommunication industry association TIA 1057 LOC is an acronym for Loss Of Connectivity and is detected by a MEP and is indicating lost connectivity in the network Can be used as a switch criteria by EPS Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a
115. 1 5 Front Panel of GS 5220 46S2C4X GS 5220 48T4X Front Panel DPURNET cs s220 4aTsx 48 Port Gigabit 4 Port 10G SFP Nanaged S itch d i i i i LE A E ome LE o IER Do Likes Figure 2 1 6 Front Panel of GS 5220 48T4X Mi Gigabit TP interface 10 100 1000BASE T Copper RJ45 twisted pair Up to 100 meters WW SFP slot 100 1000BASE X mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters to 2km multi mode fiber up to above 10 20 30 40 50 70 120 kilometers single mode fiber HM 10 Gigabit SFP slot 10GBASE SR LR mini GBIC slot SFP Small Factor Pluggable Plus Transceiver module supports from 300 meters multi mode fiber up to 10 kilometers single mode fiber Mi Console port The console port is a RJ45 port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information including IP address setting factory reset port management link status and system setting Users can use the attached DB9 to RJ45 console cable in the package and connect to the console port on the device After the connection users can run any terminal emulation program Hyper Terminal ProComm Plus Telix Winterm and so on to enter the startup screen of the device WW Reset button The front panel of the GS 5220 8P2T2S GS 5220 16S8C R GS 5220 44S4C GS 5220 46S2C4X comes with a reset button designed for rebooting the Managed Switch without turning
116. 1 second Refreshes the displayed table starting from the VLAN input fields k Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt ER Updates the table starting with the entry after the last entry currently displayed Add New MLD VLAN Click to add new MLD VLAN Specify the VID and configure the new entry Click Save The specific MLD VLAN starts working after the corresponding static VLAN is also created APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 170 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i 4 8 12 MLD Snooping Port Group Filtering In certain switch applications the administrator may want to control the multicast services that are available to end users For example an IP TV service based on a specific subscription plan The MLD filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and MLD throttling limits the number of simultaneous multicast groups a port can join MLD filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the port A MLD filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled MLD join reports received on the
117. 11 22 33 Get Device Information done Figure 3 1 6 Planet Smart Discovery Utility Screen 46 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Y If there are two LAN cards or above in the same administrator PC choose a different LAN card by using the Select Adapter tool 3 Press Refresh button for the currently connected devices in the discovery list as the screen shows below ep PLANET Smart Discovery Lite A D A File Option Help 1 00 30 4F AB CD EF 13406140815 192 168 0 100 192 168 0 100 255 255 255 0 192 168 0 254 GS 5220 4652C4x select Adapter 192 168 0 21 40 61 96 04 18 69 Control Packet Force Broadcast Update Device Update Multi Update All N Connect ta Device Device GS W 24048F 00 30 4F 63 54 5 7 Get Device Information done Figure 3 1 7 Planet Smart Discovery Utility Screen 1 This utility shows all necessary information from the devices such as MAC Address Device Name firmware version and Device IP Subnet address It can also assign new password IP Subnet address and description for the devices 2 After setup is completed press Update Device Update Multi or Update All button to take effect The meaning of the 3 buttons above are shown as below W Update Device use current setting on one single device M Update Multi use current setting on choose multi devices W Update All use current setting on whole devices in the list
118. 768 E a Auto scil Active v Fast 32768 7 O mo Soe Paz 32768 m d Auto w m Aasian ag Fast w Figure 4 5 4 LACP Port Configuration Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner e Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot The default setting is Auto e Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait fora LACP packet from a partner speak if spoken to e Timeout The Timeout controls the period between BPDU transmissions Fast will transmit LACP packets each second while Slow will wait for 30 seconds before sending a LACP packet 106 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Priority The Priority controls the priority of the port If the LACP partner wants to form a larger group than is supported by this device then this parameter will control which ports will be active and which ports will be in
119. 800 seconds 7 days A value of zero will keep a port disabled until next device restart Description The switch port number of the port Controls whether loop protection is enabled on this switch port Configures the action performed when a loop is detected on a port Valid values are Shutdown Port Shutdown Port and Log or Log Only Controls whether the port is actively generating loop protection PDU s or whether it is just passively looking for looped PDU s Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 17 2 Loop Protection Status This page displays the loop protection port status of the switch screen in Figure 4 17 2 appears Loop Protection Status Auto refresh 1 Mo ports enabled O S OO Do pots enabled Figure 4 17 2 Loop Protection Status Screenshot The page includes the following fields Object Description e Port The Managed Switch port number of the logical port 327 PLANET Networking amp Communication e Action e Transmit e Loops e Status e Loop e Time of Last Loop User s Manual of GS 5220 Series The currently configured port action The currently configured port transmit mode The number of loops detected on this port The current loop protection status of the port Whether a loop is currently detected on the port The time of the last loop event detected Buttons Refresh Click to
120. Access ial 2 Bo TE ee een Boo o SO 7 ees ne Booo SOS E a Accessi 27 HH ee 9 access a e bBo o o 40 access wll allcPat sel l Tanned and Untanne C PRS Figure 4 6 9 Change Port VLAN of Port 1 3 to be VLAN2 and Port VLAN of Port 4 6 to be VLAN3 3 Enable VLAN Tag for specific ports Link Type Port 3 VLAN 2 and Port 6 VLAN 3 Change Port 3 Mode as Trunk Selects Egress Tagging as Tag All and Types 2 in the Allowed VLANs column Change Port 6 Mode as Trunk and Selects Egress Tagging as Tag All and Types 3 in the Allowed VLANs column The Per Port VLAN configuration in Figure 4 6 10 appears Global VLAN Configuration Fort VLAN Configuration Port Ingress oe Egress Allowed Forbidden Oo w Ae E mme WE T J kee Ee ESCHW Ee Cd Figure 4 6 10 Check VLAN 2 and 3 Members on VLAN Membership Page 4 6 7 2 VLAN Trucking between two 802 1Q aware switches The most cases are used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears 127 PLANET User s Manual of GS 5220 Series Networking amp Communication vi PC 2 PC 3 Untagged Tagged PC E PC 6 Untagged Tagged E E em em Em Em ps sm men S em em pm Pm em pm em em em Em 802 10 Trunking Figure 4 6 11 VLAN Trunking Diagram VLAN 2 VLAN 3 PC 1 Untagged B
121. Accounting Statistics The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS accounting server packet counter There are five receive and four transmit counters Direction Name RFC4670 Name Description Rx Responses radiusAccClientExt The number of RADIUS Responses packets valid or invalid received from the server 255 PLANET Networking amp Communication e Rx Rx Rx Rx Tx Tx Tx Malformed Responses Bad Authenticators Unknown Types Packets Dropped Requests Retransmissions Pending Requests 256 User s Manual of GS 5220 Series radiusAccClientExt MalformedRespons eS radiusAcctClientExt BadAuthenticators radiusAccClientExt UnknownTypes radiusAccClientExt PacketsDropped radiusAccClientExt Requests radiusAccClientExt Retransmissions radiusAccClientExt PendingRequests The number of malformed RADIUS packets received from the server Malformed packets include packets with an invalid length Bad authenticators or unknown types are not included as malformed access responses The number of RADIUS packets containing invalid authenticators received from the server The number of RADIUS packets of unknown types that were received from the server on the accounting port
122. CE choose this value Two field for entering an policy value and bitmask appears e Policy Value When Specific is selected for the policy filter you can enter a specific policy value The allowed range is 0 to 255 e Policy Bitmask When Specific is selected for the policy filter you can enter a specific policy bitmask The allowed range is 0x0 to Oxff e Frame Type Select the frame type for this ACE These frame types are mutually exclusive HM Any Any frame can match this ACE 210 al PLANET Networking amp Communication e Action e Rate Limiter e Port Redirect e Logging e Shutdown e Counter User s Manual of GS 5220 Series BW Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 describes the value of Length Type Field specifications to be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with Ethernet type E IPv4 Only IPv4 frames can match this ACE Notice the IPv4 frames won t match the ACE with Ethernet type Del IPv6 Only IPv6 frames can match this ACE Notice the IPv6 frames won t match the ACE with Ethernet type Specify the action to take with a frame that hits this ACE HM Permit The frame that hits this ACE is granted permission for the ACE operation Deny The frame that hits this ACE is dropped Specify the rate limiter in number of base units The allowed
123. Communication Buttons Retesh J Click to refresh the page immediately Clear Clears all Statistics counters Auto refresh i Automatic refresh occurs every 3 seconds 4 8 8 IGMP Group Information Entries in the IGMP Group Table are shown on this Page The IGMP Group Table is sorted first by VLAN ID and then by group Each page shows up to 99 entries from the IGMP Group table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMP Group Table The Start from VLAN and group input fields allow the user to select the starting point in the IGMP Group Table The IGMP Groups Information screen in Figure 4 8 11 appears IGMP Snooping Group Information Auto refresh L start from VLAN and group Address with ER entries per page Port Members ns elfen No more entries Figure 4 8 9 IGMP Snooping Groups Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Groups Group address of the group displayed e Port Members Ports under this group Buttons Auto refresh Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the input fields kx Updates the table starting with the first entry in the IGMP Group Table gt gt Updates the table starting with the entry after the last entry currently d
124. DOCP pased OOS EE 190 BOS RT CHE Ee WEE 191 49 10 DSCP Ee 192 en leie ie AE Ee E eer rer eee ee err ae eer eer err ore rere err ree 193 4 9 11 1 QoS Control Entry Configuration ccccccccccseeceeceeeeeeeeeeeeeeeeeeeseeeeeeeeeeeeseeeeeeseeeeesseeeeeseaeeeeseeeeesseeeesaaes 195 Ce EE 197 4 9 13 Storm Control COmfiguration AEN 198 LoT NRE EE 199 Eat EEN 202 4 9 16 Voice VLAN COnlQUIAUION EE 202 49 17 Voice VLAN OUI Ce EE 205 4 10 ACCESS COMMU LISIS s rino aa aE aa 206 4 10 1 Access Control List Status 20 0 0 cccccccceceeee cece eee ee eee seen eee eee eae eee eeaeaeeeeeaaaeeeeeaaaaeeeeesaaaeeeesaaaaeeeeeseaeeeeesaaneeeeesaas 206 4 10 2 Access Control List Configuration ME 208 410 3 ACE CON te UE Le EEN 210 4 10 4 ACL Ports Configuration ccccccccccceececceeeeeeeeeeeeseeeeeseeeeeseeeeeeseeeeeseeeeesaaeeeesaueeessaaeeeseausesseaeeessaaeessaaeeessaneeeees 220 4 10 5 ACL Rate Limiter Configuration cccccccccceeceeceeeeeeseeeeeeseeeeeeeeeeeeseeeeeeeeeeeeseeeeeeseeeeeseaeeeeesaeeeeaeeeeesaeeeessaeeeeeas 222 PLAN EI User s Manual of GS 5220 Series Networking amp Communication v i KR E ET d E 223 4 11 1 Understanding IEEE 802 1X Port Based Authentication ccccccccceeeeceeeeeeeeeeseeeeeeeeesseeeeseeeeseeseseeeesseeerseeeess 224 4 11 2 Authentication Configuration ccccccccccseeeceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeeeeeeseaeeeeseeeeesaaeeeeseaeeesaeaeeesaeeeessaeeeeeas 227 4 11 3
125. DP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbours table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbour devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch Note When CDP awareness on a port is disabled the CDP information isn t removed immediately but gets removed when the hold time is exceeded Optional TLV When checked the port description is included in LLDP information transmitted Optional TLV When checked the system name is included in LLDP information transmitted Optional TLV When checked the system description is included in LLDP information transmitted Optional TLV When checked the system capability is included in LLDP information transmitted Optional TLV When checked the management address is included in LLDP information transmitted 292 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDP MED Configuration This page allows you to configure the LLDP MED The LLDPMED Configuration screen in Figure 4 14 2 appears LLDP MED Configuration Fast Start Repeat Count Coordinates Location Civic Address Location Ge SS RSC e men P
126. E 121 AOO PONS le EE 123 4 6 7 VLAN setting ln e 125 4 6 7 1 Two Separate 802 1Q VANS 125 4 6 7 2 VLAN Trunking between two 802 1Q aware switches cccccceseeeeeeseeeeeeeeeeeeeaeeeesseeeeesaeeeeesaaeeeesaeeeesaees 127 WO ee MT 130 4 6 8 MAC based VLAN aca ast cas ates cst nee a na Soe dees dec ne ceeed cates ede ee deca sande nee eager 131 4 6 9 MAC based VLAN Status EE 132 460 10 dente ee e VLAN EE 132 4 6 11 Protocol based VLAN MemberShip aannannennnnnnnnnennsnnnnnnrnnernsnrsnrnrrrrrrsrrsrrnrrrerrsnrnrrnrrrsrrsnrnnrnrrrerrsnrnrrnerrrrrenrnne 134 4 7 SPANNING THC Protool E 136 BPM WMC OLY enee EE 136 AA SIP Reen WEE 142 ATR eS leet 144 4 7 4 CIST Port Contgouraton trt snEtSAEESAEEEAEEEESAEEEAEEEESAEEESEEEE Sn EEE an EEn errereen 145 A MS TIRONU OS oseese eene AE a Er E re Aara rE ESE eer 148 ley o MSEC Oni aO E 149 AT 7 MST POMS e tee E 150 A o PON US eee n E E e e 152 4 7 9 ee 153 AS MUNICAS eege 154 Ao OMP 5 MOO DING E 154 Esk e UE ei 158 BE OS So MEN EE 159 4 8 4 IGMP Snooping Configuration cccceecee cc eeeeeeeeeeeee ae eeees ee eeeea ee eees ee eeees eects sa eeesa a eects ea eeesa assesses eeeesaaeeesaaeeesaaeeeeeas 160 4 8 5 IGMP Snooping VLAN Configuration cccccccccccseeeeeseeeeeeeeeeeeeaeeeeeseeeeeseeeeeeseeeeeeseeeeeseaeeeeseaeeeeseeeeesaeeeesseeeeeeas 162 4 8 6 IGMP Snooping Port Group Filtering cccccceccceceeeeeeseeeeeeeeeeeeseeeeeeseeseeeseeeeeeeeeeeeeeeeeeseaeeesseaeeeese
127. EI User s Manual of GS 5220 Series Networking amp Communication al Mi 802 1Q VLAN Tags The figure below shows the 802 1Q VLAN tag There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority VLAN ID VID 3 bits 1 bit 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes 2 bytes Preamble Destination Source VLAN TAG Ethernet Address Address Type Dest Addr Src Addr E type Length E type New CRC 6 bytes 6 bytes 4 bytes 2 bytes 46 1500 bytes 4 bytes The Ether Type and VLAN ID are inserted after the MAC source address but before the original Ether Type Length or Logical Link Con
128. Entries in the MLD SFM Information Table are shown on this page The MLD SFM Source Filtered Multicast Information Table also contains the SSM Source Specific Multicast information This table is sorted first by VLAN ID then by group and then by Port Different source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the MLD SFM Information table default being 20 selected through the entries per page input field When first visited the web Page will show the first 20 entries from the beginning of the MLD SFM Information Table The Start from VLAN and group input fields allow the user to select the starting point in the MLD SFM Information Table The MLDv2 Information screen in Figure 4 8 18 appears MLD SFM Information Auto refresh L start from WLAN and Group with entries per page VLAN 1D Groun Port Mode Source address Type Hardware Fiter Switch No more entries Mo more entries Figure 4 8 18 MLD SSM Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group address of the group displayed e Port Switch port number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 e Type
129. Firmware Upgrade O m Firmware File Hame D Figure 4 2 20 TFTP Firmware Update Page Screenshot The page includes the following fields Object Description e TFTP Server IP Fill in your TFTP server IP address e Firmware File Name The name of firmware image Maximum length 24 characters Buttons Upgrade Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes 19 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 2 18 Save Startup Config This function allows save the current configuration thereby ensuring that the current active configuration can be used at the next reboot screen in Figure 4 2 22 appears After saving the configuration the screen Figure 4 2 23 will appear Save Running Configuration to startup config Please note The generation of the configuration file may be time consuming depending on the amount of non default configuration Save Configuration Figure 4 2 22 Configuration Save Page Screenshot Save Running Configuration to startup config startup config saved successfully Figure 4 2 23 Finish Saving Page Screenshot 4 2 19 Configuration Download The switch stores its configuration in a numb
130. H H T 2 H H H 0 E 0 H H 0 4 0 H H 0 5 H 0 H H b 0 H 0 H Fi H H H H A 0 H H H m Figure 4 5 7 LACP Statistics Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP Received Shows how many LACP frames have been sent from each port e LACP Transmitted Shows how many LACP frames have been received at each port e Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Auto refresh L Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately Clear Clears the counters for all ports 109 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr 4 6 VLAN 4 6 1 VLAN Overview A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme rather than the physical layout VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently communicate with
131. HM Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields 215 a PLANET Networking amp Communication e DIP Address e DIP Mask IPv6 Parameters Object e Next Header Filter e Next Header Value e SIP Filter e SIP Address e SIP BitMask User s Manual of GS 5220 Series that appear When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation Description Specify the IPv6 next header filter for this ACE HM Any No IPv6 next header filter is specified don t care Mi Specific If you want to filter a specific IPv6 next header filter with this ACE choose this value A field for entering an IPv6 next header filter appears EI ICMP Select ICMP to filter IPv6 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained later in this help file i UDP Select UDP to filter IPv6 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file ICH Select TCP to filter IPv6 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file When Specific
132. IP address Indicates the start IP address for the access management entry e End IP address Indicates the end IP address for the access management entry e HTTP HTTPS Indicates the host can access the switch from HTTP HTTPS interface that the host IP address matched the entry e SNMP Indicates the host can access the switch from SNMP interface that the host IP address matched the entry e Telnet SSH Indicates the host can access the switch from TELNET SSH interface that the host IP address matched the entry Buttons Add New Enty Click to add a new access management entry APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 270 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 12 3 Access Management Statistics This page provides statistics for access management The Access Management Statistics screen in Figure 4 12 3 appears Access Management Statistics Feceived Packets Allowed Packets Discarded Packets HTTP 0 0 0 HTTPS SNMP TELNET SSH Auto refresh LJ Figure 4 12 3 Access Management Statistics Overview Page Screenshot The page includes the following fields Object Description e Interface The interface that allowed remote host can access the switch e Receive Packets The received packets number from the interface under access management mode is enabled e Allow Packets The allowed packets numbe
133. If the capability is disabled the capability is followed by e Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the neighbor s IP address 303 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 14 6 Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole switch while local counters refers to counters for the currently selected switch The LLDP Statistics screen in Figure 4 14 5 appears LLDP Global Counters Global Counters Meighbor entries were last changed 1970 01 01 Thu 00 00 00 00 00 10496 secs agoj Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped H Total Neighbors Entries Aged Out U LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded Tuys Discarded TLYs Unrecognized Org Discarded Age Outs 1 2 E 4 5 F H SSES H oO _ 0 0 Figure 4 14 5 LLDP Statistics Page Screenshot The page includes the following fields Global Counters Object Description e Neighbor
134. Index Falling event index Buttons Retresh Click to refresh the page immediately Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds kx Updates the table starting from the first entry in the Alarm Table i e the entry with the lowest ID gt gt Updates the table starting with the entry after the last entry currently displayed 331 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 18 3 RMON Event Configuration Configure RMON Event table on this page The entry index key is ID screen in Figure 4 18 3 appears RMON Event Configuration Delete 10 bese Tope Community Event Last Time Add New Entry Figure 4 18 4 RMON Event Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Desc Indicates this event the string length is from 0 to 127 default is a null string e Type Indicates the notification of the event the possible types are E none The total number of octets received on the interface including framing characters log The number of uni cast packets delivered to a higher layer protocol snmptrap The number of broad cast and multi cast packets delivered to a higher layer protocol E logandirap The number of inbound pack
135. LAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here 239 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al Buttons Refresh Click to refresh the page immediately Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 4 11 5 Network Access Statistics This page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network Access Statistics screen in Figure 4 11 6 appears NAS Statistics Port 1 Port State Figure 4 11 6 Network Access Statistics Page Screenshot The page includes the following fields Port State Object Description e Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values e Port State The current state of the port Refer to NAS Port State for a description of the individual states e QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned e Port VLAN ID The VLAN ID that NAS has put the port in The fi
136. LANET Networking amp Communication e CDP Aware e Port Description e System Name e System Description e System Capabilities e Management Address User s Manual of GS 5220 Series WR Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information E Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors E Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The switch doesn t transmit CDP frames CDP frames are only decoded if LLDP on the port is enabled Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbours table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics CDP TLVs are mapped onto LLDP neighbours table as shown below CDP TLV Device ID is mapped to the LLDP Chassis ID field CDP TLV Address is mapped to the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbours table CDP TLV Port ID is mapped to the LLDP Port ID field CDP TLV Version and Platform is mapped to the LLDP System Description field Both the CDP and LLDP support system capabilities but the C
137. LDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 14 2 LLDP Configuration This page allows the user to inspect and configure the current LLDP port settings The LLDP Configuration screen in Figure 4 14 1 appears LLDP Configuration LLDP Parameters a Tx Delay 2 seconds LLDP Port Configuration Port Mode CDP Aware Port Description System Name System Description System Capabilities Management Address i wt nooooooo INES A AA AA 9 AAAA RRR LJ ol OF Un Pe tuo BI Holololsolelsls EIEE EEEE SS RE I IKSNKSBIKS CSCS KOK NCS CSKSPKSMKSNKSNCSBICS CSP o KSNKSBICSCSPIKSKSKSNCS Figure 4 14 1 LLDP Configuration Page Screenshot 290 PLANET Networking amp Communication a The page includes the following fields LLDP Parameters Object e Tx Interval e Tx Hold e Tx Delay e Tx Reinit LLDP Port Configuration User s Manual of GS 5220 Series Description The switch is periodically transmitting LLDP frames to its neighbors for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier lt 65536 and Transmission Inte
138. Link mode of the SFP SFP port if the link fails To function with some fiber NICs or Media Converters user has to set the port Link mode to 10G Force 1000M Force or 100M Force E Remove the Transceiver Module 1 Make sure there is no network activity anymore 2 Remove the Fiber Optic Cable gently 40 PLANET User s Manual of GS 5220 Series Melworking amp Communication 3 Lift up the lever of the MGB module and turn it to a horizontal position 4 Pull out the module gently through the lever Figure 2 2 5 How to Pull Out the SFP SFP Transceiver Never pull out the module without lifting up the lever of the module and turning it to a horizontal position Directly pulling out the module could damage the module and the SFP SFP module slot of the Managed Switch 41 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication 3 SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Managed Switch It describes the types of management applications and the communication and management protocols that deliver data between your management device workstation or personal computer and the system It also contains information about port connection options This chapter covers the following topics Requirements Management Access Overview Administration Console Access Web Management Access SNMP Access Standards
139. M module e TX power dBm Display the TX power of current SFP DDM module the TX power value is get SFP DDM Module Only from the SFP DDM module e RX power dBm Display the RX power of current SFP DDM module the RX power value is get SFP DDM Module Only from the SFP DDM module Buttons SFP Monitor Event Alert Li send trap Warning Temperature ooo degrees C Check SFP Monitor Event Alert box it will be in accordance with your warning temperature setting and allows users to record message out via SNMP Trap Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page immediately 4 4 5 Port Mirror Configure port Mirroring on this page This function provide to monitoring network traffic that forwards a copy of each incoming or outgoing packet from one port of a network Switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary e To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow e The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to
140. MPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SNMPv2c community string In addition to community string a particular range of source addresses can be used to restrict source subnet Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Reset Click to undo any changes made locally and revert to previously saved values 83 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 3 3 SNMP Trap Configuration Configure SNMP trap on this page The SNMP Trap Configuration screen in Figure 4 3 2 appears SNMP Trap Configuration O Trap Destination Address Trap Destination Port Trap Probe Security Engine ID Trap Security Engine ID Trap Security Name None o SNMP Trap Event LI Warm Start U Cold Start Ll Enable f none specific
141. Management The GS 5220 series switch not only provides ultra high transmission performance and excellent layer 2 and layer 4 technologies but also layer 3 IPv4 IPv6 VLAN routing feature which allows to cross over different VLANs and different IP addresses for the purpose of having a highly secured flexible management and simpler networking application IPv6 IPv4 Dual Stack Supporting both IPv6 and IPv4 protocols the GS 5220 series helps the SMBs to step in the IPv6 era with the lowest investment as its network facilities need not to be replaced or overhauled if the IPv6 FTTx edge network is set up Robust Layer 2 Features The GS 5220 series can be programmed for advanced switch management functions such as dynamic port link aggregation Q in Q VLAN private VLAN Multiple Spanning Tree protocol MSTP Layer 2 to Layer 4 QoS bandwidth control and IGMP MLD Snooping Via the link aggregation of supporting ports the GS 5220 series allows the operation of a high speed trunk to combine with multiple fiber ports and supports fail over as well fee eel lt 4 L2 L4 L2 L4 i Managed Switch Managed Switch Powerful Security The GS 5220 series offers a comprehensive layer 2 to layer 4 Access Control List ACL for enforcing security to the edge It can be used to restrict network access by denying packets based on source and destination IP address TCP UDP ports or defined typical network applications Its protection mechanism also co
142. P Address e Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes e Egress Interface The VLAN ID VID of the specific egress IPv6 interface which ICMP packet goes The given VID ranges from 1 to 4094 and will be effective only when the corresponding IPv6 interface is valid When the egress interface is not given PING6 finds the best match interface for destination Do not specify egress interface for loopback address Do specify egress interface for link local or multicast address Buttons Start Click to transmit ICMP packets New Ping f Click to re start diagnostics with PING 308 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a 4 15 3 Remote IP Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears Remote IP Ping Test Remote IP Address Figure 4 15 3 Remote IP Ping Test Page Screenshot Ping Size Ping Button Result 00 0 The page includes the following fields Object Description e Port The logical port for the settings e Remote IP Address The destination IP Address e Ping Size
143. P mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care HM Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears HM Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a specific target IP mask in dotted decimal notation Specify whether frames can hit the action according to their sender hardware address field SHA settings 8 0 ARP frames where SHA is not equal to the SMAC address i 1 ARP frames where SHA is equal to the SMAC address HM Any Any value is allowed don t care 213 PLANET Networking amp Communication a e RARP Target MAC Match e IP Ethernet Length e Ethernet E IP Parameters User s Manual of GS 5220 Series Specify whether frames can
144. P message via this port the port range is 1 65535 Indicates the SNMP trap inform mode operation Possible modes are E Enabled Enable SNMP trap authentication failure E Disabled Disable SNMP trap authentication failure Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Indicates the SNMPv3 trap probe security engine ID mode of operation Possible values are E Enabled Enable SNMP trap probe security engine ID mode of operation E Disabled Disable SNMP trap probe security engine ID mode of operation Indicates the SNMP trap security engine ID SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these traps and informs is needed When Trap Probe Security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed Indicates the SNMP trap security name SNMPv3 traps and informs using USM for authentication and privacy A unique security name is needed when traps and informs are enabled Enable disable that the Interface group s traps Possible traps are E Warm Start Enable disable Warm Start trap WR Cold Start Enable disable Cold Start trap Indicates that the Interface group s traps Possible tr
145. Profile4 e Week Day Allows user to set week day for defining PoE function should be enabled on the day e Start Hour Allows user to set at what hour PoE function starts when enabled e Start Min Allows user to set at what minute PoE function starts when enabled e End Hour Allows user to set at what hour PoE function ends when disabled e End Min Allows user to set at what minute PoE function ends when disabled e Reboot Enable Allows user to enable or disable whole PoE port reboot by PoE reboot schedule Please note that if you want PoE schedule and PoE reboot schedule to work at the same time please use this function Don t use Reboot Only function This function offers administrator to reboot PoE device at an indicated time if 323 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i administrator has this kind of requirement e Reboot Only Allows user to reboot PoE function by PoE reboot schedule Please note that if administrator enables this function POE schedule will not set time to profile This function is only for PoE port reset at the indicated time e Reboot Hour Allows user to set at what hour PoE reboots This function is only for PoE reboot schedule e Reboot Min Allows user to set at what minute PoE reboots This function is only for PoE reboot schedule Buttons Add New Rule click to add new rule Apply Click to apply changes Delete Click to delete the entry 324
146. RI Priority of Interface It indicates the IGMP control frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest default interface priority value is O Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is 1 second Refreshes the displayed table starting from the VLAN
147. Rule When the profile is created click the edit button to enter the rule setting page of the designated profile Summary about the designated profile will be shown by clicking the view button You can manage or inspect the rules of the designated profile by using the following buttons Zi ist the rules associated with the designated profile Adjust the rules associated with the designated profile 158 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Buttons Add New IPM Profile Click to add new IPMC profile Specify the name and configure the new entry Click Save APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 3 Address Entry This page provides address range settings used in IPMC profile The address entry is used to specify the address range that will be associated with IPMC Profile It is allowed to create at maximum 128 address entries in the system The Profile Table screen in Figure 4 8 6 appears IPMC Profile Address Configuration Navigate Address Entry Setting in IPMC Profile by entries per page Entry Name Start Address End Address SR ER E Add New Address Range Entry Apply Figure 4 8 6 IPMC Profile Address Configuration Page The page includes the following fields Object Description e Delete Check to delete the entry The designated entry will be deleted during the n
148. System gt Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 19 3 Click the Browse button of the Main page the system would pop up the file selection menu to choose firmware 4 Select on the firmware then click the Software Upload Progress would show the file with upload status 5 Once the software is loaded to the system successfully the following screen appears The system will load the new software after reboot Firmware Upgrade in progess The uploaded firmware image is being transferred to flash The system will reboot after the Upgrade Until then do not reset or power off the device Lei Completed Figure 4 2 20 Software Successfully Loaded Notice Screen DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without pressing the OK button after the image is loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes 74 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 2 17 TFTP Firmware Upgrade The Firmware Upgrade page provides the functions to allow a user to update the Managed Switch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 21 appears TFTP
149. T Re Pb Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized LoreeoAutbornzod Globally Disabled Globally Disabled i Globally Disabled Globally Disabled i Globally Disabled Globally Disabled E Globally Disabled Globallv Disabled i Figure 4 11 5 Network Access Server Switch Status Page Screenshot The page includes the following fields Object Description e Port The switch port number Click to navigate to detailed NAS statistics for this port e Admin State e Port State e Last Source e Last ID e QoS Class e Port VLAN ID The port s current administrative state Refer to NAS Admin State for a description of possible values The current state of the port Refer to NAS Port State for a description of the individual states The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication QoS Class assigned to the port by the RADIUS server if enabled The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the V
150. TP w Bridge Priority 32766 we 15 ifaximum Hop Count Transmit Hold Count 5 Advanced Settings Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout Figure 4 7 4 STP Bridge Configuration Page Screenshot 142 PLANET Networking amp Communication al The page includes the following fields Basic Settings Object e Protocol Version e Bridge Priority e Forward Delay e Max Age e Maximum Hop Count e Transmit Hold Count Advanced Settings Object e Edge Port BPDU Filtering e Edge Port BPDU Guard User s Manual of GS 5220 Series Description The STP protocol version setting Valid values are E STP IEEE 802 1D Spanning Tree Protocol E RSTP IEEE 802 2w Rapid Spanning Tree Protocol E MSTP IEEE 802 1s Multiple Spanning Tree Protocol Controls the bridge priority Lower numeric values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier For MSTP operation this is the priority of the CIST Otherwise this is the priority of the STP RSTP bridge The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 The maximum age of the information transmitted by
151. The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software 223 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported The 802 1X and MAC Based Authentication configuration consists of two sections a system and a port wide Overview of User Authentication It is allowed to configure the Managed Swi
152. This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detecting the modes and speeds both connected devices are capable of Both 10BASE T and 100BASE TX devices can connect with the port in either half or full duplex mode 1000BASE T can be only connected in full duplex mode 340 User s Manual of WGSW 48040HP 6 TROUBLESHOOTING This chapter contains information to help you solve issues If the Managed Switch is not functioning properly make sure the Managed Switch was set up according to instructions in this manual WW The Link LED is not lit Solution Check the cable connection and remove duplex mode of the Managed Switch Mi Some stations cannot talk to other stations located on the other port Solution Please check the VLAN settings trunk settings or port enabled disabled status WW Performance is bad Solution Check the full duplex status of the Managed Switch If the Managed Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port HM Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power agai
153. U UU U D oo ff NA A z Figure 4 9 17 Queuing Counters Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e QO Q7 There are 8 QoS queues per port QO is the lowest priority queue e Rx Tx The number of received and transmitted packets per queue Buttons Refresh Click to refresh the page immediately Clear 1 Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 9 16 Voice VLAN Configuration The Voice VLAN feature enables voice traffic forwarding on the Voice VLAN then the switch can classify and schedule network traffic It is recommended that there be two VLANs on a port one for voice one for data Before connecting the IP device to the switch the IP phone should configure the voice VLAN ID correctly It should be configured through its own GUI The Voice VLAN Configuration screen in Figure 4 9 18 appears 202 PLANET Networking amp Communication e oe 3 Disabled ze 4 Disabled ze dE Wi 6 Disabled ze 7 Disabled ze User s Manual of GS 5220 Series Voice VLAN Configuration x 4 4 4 Figure 4 9 18 Voice VLAN Configuration Page Screenshot The page includes the following fields Object e Mode e VLAN ID e Aging Time Description Indicates the Voice VLAN mode operation We must disable MSTP fea
154. UcastPkts The number of broadcast and multi cast packets that requests to transmit WR OutDiscards The number of outbound packets that is discarded even the packets are normal E OutErrors The number of outbound packets that could not be transmitted because of errors WR OutQLen The length of the output packet queue in packets e Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are RW Absolute Get the sample directly WR Delta Calculate the difference between samples default e Value The value of the statistic during the last sampling period e Startup Alarm The method of sampling the selected variable and calculating the value to be compared against the thresholds possible sample types are E RisingTrigger alarm when the first value is larger than the rising threshold E FallingTrigger alarm when the first value is less than the falling threshold E RisingOrFallingTrigger alarm when the first value is larger than the rising threshold or less than the falling threshold default e Rising Threshold Rising threshold value 2147483648 2147483647 e Rising Index Rising event index 1 65535 e Falling Threshold Falling threshold value 2147483648 2147483647 e Falling Index Falling event index 1 65535 Buttons Add New Entry Click to add a new community entry CDD J Click to apply changes Reset Click to undo any change
155. VVVVVV VV VV VI Auto refresh L Figure 4 13 2 MAC Address Table Status Page Screenshot Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Type Indicates whether the entry is a static or dynamic entry e VLAN The VLAN ID of the entry e MAC Address The MAC address of the entry e Port Members The ports that are members of the entry 288 a PLAN EI User s Manual of GS 5220 Series Motworkin
156. X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one supplicant is connected to a port the one that comes first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance 233 e PLANET Networking amp Communication User s Manual of GS 5220 Series Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC address for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address whi
157. a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group The IGMP Snooping Port Group Filtering Configuration screen in Figure 4 8 9 appears IGMP Snooping Port Filtering Profile Configuration Port Figure 4 8 9 IGMP Snooping Port Filtering Profile Configuration Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings e Filtering Profile Select the IPMC Profile as the filtering condition for the specific port Summary about the designated profile will be shown by clicking the view button Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 164 v i 4 8 7 IGMP Snooping Status PLANET Networking amp Communication User s Manual of GS 5220 Series This page provides IGMP Snooping status The IGMP Snooping Status screen in Figure 4 8 10 appears Auto refres
158. able 4 16 1 The Power Used shows how much power the PD currently is using The Power Used shows how much current the PD currently is using e Priority The Priority shows the port s priority configured by the user e Port Status The Port Status shows the port s status e AF AT Mode Displays per PoE port operating in 802 3af or 802 3at mode e Total Shows the total power and current usage of all PDs Buttons Auto refresh Ll Check this box to enable an automatic refresh of the page at regular intervals Retresh 4 16 7 PoE Schedule Click to refresh the page immediately This page allows the user to define PoE schedule and schedule power recycle PoE Schedule Besides being used as an IP Surveillance the Managed PoE switch is certainly applicable to constructing any PoE network including VoIP and Wireless LAN Under the trend of energy saving worldwide and contributing to the environmental protection on the Earth the Managed PoE switch can effectively control the power supply besides its capability of giving high watts power The PoE schedule function helps you to enable or disable PoE power feeding for each PoE port during specified time intervals and it is a powerful function to help SMBs or enterprises save power and budget 321 PLANET Networking amp Communication User s Manual of GS 5220 Series e hi sh d F Pasar We Kal ee 6 Watts 6 Watts 12 Watts L Watts Power Power Oft O
159. ack please follow the instructions described below Step 1 Place the Managed Switch on a hard flat surface with the front panel positioned towards the front side Step 2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 2 2 shows how to attach brackets to one side of the Managed Switch Figure 2 2 2 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty Step 3 Secure the brackets tightly Step 4 Follow the same steps to attach the second bracket to the opposite side Step 5 After the brackets are attached to the Managed Switch use suitable screws to securely attach the brackets to the rack as shown in Figure 2 2 3 i o0000 Figure 2 2 3 Mounting Managed Switch in a Rack 3 PLANET User s Manual of GS 5220 Series Networking amp Communication amp Step 6 Proceed with Steps 4 and 5 of session 2 2 1 Desktop Installation to connect the network cabling and supply power to the Managed Switch 2 2 3 Installing the SFP SFP Transceiver The sections describe how to insert an SFP SFP transceiver into an SFP SFP slot The SFP SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP SFP port without having to power down the Managed Switch as the
160. action fields Class DPL and DSCP HM Class Classified QoS class E DPL Classified Drop Precedence Level o DSCP Classified DSCP value You can modify each QCE in the table using the following buttons CH Inserts a new QCE before the current row Edits the QCE D Moves the QCE up the list Moves the QCE down the list Gi Deletes the QCE EA The lowest plus sign adds a new entry at the bottom of the list of QCL 194 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 9 11 1 QoS Control Entry Configuration The QCE Configuration screen in Figure 4 9 13 appears QCE Configuration Port Members 1j2 3 4 56 7 8 9 10 11 12131415 16 17 18 19 20 21 22 23 24 25 26 27 28 e M bel bel bel bel kl kl kl Wl A bel bel bel el kl kl wl aaa al bel bel bel bel bk Key Parameters Action Parameters pMAC SMAC Any fay erz Default v E Default VID Any PCP Any ze Any W Frame Type Apply Figure 4 9 13 QCE Configuration Page Screenshot The page includes the following fields Object Description e Port Members Check the checkbox button in case you what to make any port member of the QCL entry By default all ports will be checked e Key Parameters Key configuration are described as below WW jDMAC Type Destination MAC type possible values are unicast UC multicast MC broadcast BC or Any Mi SMAC Source MAC address 24 MS bits OUI or Any Tag Value of T
161. ag field can be Any Untag or Tag HM VID Valid value of VLAN ID can be any value in the range 1 4095 or Am user can enter either a specific value or a range of VIDs HM PCP Priority Code Point Valid value PCP are specific O 1 2 3 4 5 6 7 or range 0 1 2 3 4 5 6 7 0 3 4 7 or Any DEI Drop Eligible Indicator Valid value of DEI can be any of values between 0 1 or Any Mi Frame Type Frame Type can have any of the following values 1 Any 2 Ethernet 195 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 3 LLC 4 SNAP 5 IPv4 6 IPv6 Note all frame types are explained below e Any Allow all types of frames e EtherType Ethernet Type Valid Ethernet type can have value within Ox600 OxFFFF or Any but excluding 0x800 IPv4 and Ox86DD IPv6 default value is Amy e LLC SSAP Address Valid SSAP Source Service Access Point can vary from 0x00 to OxFF or Any the default value is Amy j DSAP Address Valid DSAP Destination Service Access Point can vary from 0x00 to OxFF or Amy the default value is Any WW Control Address Valid Control Address can vary from 0x00 to OxFF or Any the default value is Am e SNAP PID Valid PID a k a Ethernet type can have value within 0x00 0xF FFF or Any default value is Any e IPv4 WW Protocol IP protocol number 0 255 TCP or UDP or Any MH Source IP Specific Source IP address in value mask format or Any IP
162. agging e Priority e LLQI e Interface Channel Setting e Port e Port Role User s Manual of GS 5220 Series given it should contain at least one alphabet MVR VLAN name can be edited for the existing MVR VLAN entries or it can be added to the new entries Define the IPv4 address as source address used in IP header for IGMP control frames The default IGMP address is not set 0 0 0 0 When the IGMP address is not set system uses IPv4 management address of the IP interface associated with this VLAN When the IPv4 management address is not set system uses the first available IPv4 management address Otherwise system uses a pre defined value By default this value will be 192 0 2 1 Specify the MVR mode of operation In Dynamic mode MVR allows dynamic MVR membership reports on source ports In Compatible mode MVR membership reports are forbidden on source ports The default is Dynamic mode Specify whether the traversed IGMP MLD control frames will be sent as Untagged or Tagged with MVR VID The default is Tagged Specify how the traversed IGMP MLD control frames will be sent in prioritized manner The default Priority is O Define the maximum time to wait for IGMP MLD report memberships on a receiver port before removing the port from multicast group membership The value is in units of tenths of a seconds The range is from 0 to 31744 The default LLQI is 5 tenths or one half second When the MVR VLAN is created select
163. ain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 6 3 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of the Switch DW IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged e Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions e Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used int
164. al of GS 5220 Series PoE Splitter PoE Splitter split the PoE 56V DC over the Ethernet cable into 5 12V DC power output It frees the device deployment from restrictions due to power outlet locations which eliminate the costs for additional AC wiring and reduces the installation time High Power PoE Splitter High PoE Splitter split the PoE 56V DC over the Ethernet cable into 24 12V DC power output It frees the device deployment from restrictions due to power outlet locations which eliminate the costs for additional AC wiring and reduces the installation time High Power Speed Dome Its state of the art design fits in various network environments like traffic centers shopping malls railway stations warehouses airports and production facilities for the most demanding outdoor surveillance applications No electricians are needed to install AC sockets Since the PoE port of GS 5220 8P2T2S series supports 54V DC PoE power output please check and assure the powered device s PD acceptable DC power range is from 54V DC otherwise it will 313 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr 4 16 2 System Configuration In a power over Ethernet system operating power is applied from a power source PSU or power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports Under some conditions the total output power required by PDs can exceed the maximum avai
165. alue If Its system Threshold temperature is over the threshold the system will lower total POE power budget automatically e PoE Usage Threshold Allows setting how much PoE power budget could be limited Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values PD Classifications APD may be classified by the PSE based on the classification information provided by the PD The intent of PD classification is to provide information about the maximum power required by the PD during operation However to improve power management at the PSE the PD provides a signature about Class level The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes APD will return to Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 Class Usage Range of maximum power used by the PD Class SE Optional 0 44 to 3 84 watts Verylowpower low power SR Optional 3 84 to 6 49 watts a Optional 6 49 to 12 95 watts or to 15 4 watts 4 Optional 12 95 to 25 50 watts or to 30 8 watts High power Table 4 16 1 Device Class 316 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i 4 16 4 Port Sequential This page allows the user to configure the PoE Ports started up interval time The PoE Port will start up one by one
166. amp Communication Gr Lights up to indicate the port is running at 10Gbps speed and successfully established Blinks to indicate that the switch is actively sending or receiving data over that port Lights up to indicate the port is running at 1Gbps speed and successfully established Blinks to indicate that the switch is actively sending or receiving data over that port GS 5220 48T4X LED Indication Figure 2 1 12 Front Panel LEDs of GS 5220 48T4X gt System ED Color Function Lights up to indicate the system is working PWR Green Lights up to indicate that the Switch has power gt Alert LED Color Function FAN1 2 Green Lights up to indicate fan1 2 has failed gt Per 10 100 1000Mbps RJ45 port Color Function 1000 Lights up to indicate the port is running at 1000Mbps speed and successfully established LNK ACT Blinks to indicate that the switch is actively sending or receiving data over that port 10 100 Gnani Lights up to indicate the port is running at 10 100Mbps speed and successfully established LNK ACT g Blinks to indicate that the switch is actively sending or receiving data over that port gt Per 100 1000BASE X SFP Interface Port 45 to Port 48 LED Color Function Lights up to indicate the port is successfully established LNK ACT Blinks to indicate that the Switch is actively sending or receiving data over that port gt Per 10G SFP Interface LED O70 oli Fun
167. anagement Protocol It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol for network management SNMP allow diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SSIDs and can choose one to connect to based on pre configuration or by displaying a list of SSIDs in range and asking the user to select one wikipedia SSH is an acronym for Secure SHell It is a network protocol that allows data to be exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was
168. and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time 4 13 1 MAC Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here The MAC Address Table Configuration screen in Figure 4 13 1 appears MAC Address Table Configuration Aging Configuration Disable Automatic Aging F Aging Time seconds MAC Table Learning Port Members Ji z a3 4 5 6 7 s 9 1oj 11 12 13j14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 Atoe MO OODOEOGODADTOOHOOSOOEOHOAOOOOEOODOOSGOAHSEO DisableO CO CO OOO0OOoO0O0OO0OO0OOo0OoOo0OOoO0O0OOOo0OOOo0D OC secure O O O O Ree bRe be ebe ebe eebe e ebe eebe eh ebe ebe eb ebe VLAN MAC SS pee Pa lt Eeee Tek Add New Static Entry E Figure 4 13 1 MAC Address Table Configuration Page Screenshot The page includes the following fields Aging Configuration By default dynamic entries are removed from the MAC ta
169. anual of GS 5220 Series Networking amp Communication software Image Selection Active Image Image managed Version 1 0b140116 Date 2074 01 16717 15 414 0000 Alternate Image Image managed bk Version Beta3 401401061756 Date 2014 01 00717 55 56 06000 _ Activate Alternate Image Figure 4 2 28 Software Image Selection Page Screenshot The page includes the following fields Object Description e Image The flash index name of the firmware image The name of primary preferred image is image the alternate image is named made bk e Version The version of the firmware image e Date The date where the firmware was produced Buttons Activate Altemate Image Click to use the alternate image This button may be disabled depending on system state 4 2 24 Factory Default You can reset the configuration of the Managed Switch on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary The Factory Default screen in Figure 4 2 29 appears Factory Defaults Are you sure you want to reset the configuration to Factory Defaults The default configuration here doesnt involve IP address You can reset configuration included IP by means of pushing the reset button on the machine Figure 4 2 29 Factory Default Page Screenshot Buttons 19 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Yes
170. aps are E Link Up Enable disable Link up trap E Link Down Enable disable Link down trap WR LLDP Enable disable LLDP trap Indicates that the AAA group s traps Possible traps are Authentication Fail Enable disable SNMP trap authentication failure trap 85 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e Switch Indicates that the Switch group s traps Possible traps are WR STP Enable disable STP trap E RMON Enable disable RMON trap Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 4 SNMP System Information The switch system information is provided here The SNMP System Information screen in Figure 4 3 3 appears System Information Configuration Cre Se E Figure 4 3 3 System Information Configuration Page Screenshot System Name System Location System Contact The page includes the following fields Object Description e System Contact The textual identification of the contact person for this managed node together with information on how to contact this person The allowed string length is O to 255 and the allowed content is the ASCII characters from 32 to 126 e System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus
171. at regular intervals 95 e 4 4 3 Port Statistics Detail PLANET Networking amp Communication User s Manual of GS 5220 Series This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Port Statistics Detail screen in Figure 4 4 3 appears Detailed Port Statistics Port 1 Pott Auto refresh O Receive Total Transmit Total The page includes the following fields Receive Total and Transmit Total Rx Packets Rx Octets Rx Unicast Rx Multicast Rx Broadcast Rx Pause Rx 64 Bytes Rx 65 1277 Bytes Rx 128 255 Bytes Rx 256 511 Bytes Rx 512 1023 Bytes Rx 1024 1526 Bytes Rx 1527 Bytes Rx Drops Rx CRC Alignment Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered Tx Packets 2066 Tx Octets 1531131 Tx Unicast 2050 Tx Multicast Tx Broadcast Tx Pause Tx 64 Bytes Tx 65 127 Bytes Tx 128 255 Bytes Tx 256 511 Bytes Tx 512 1023 Bytes Tx 1024 1526 Bytes Tx 1527 Bytes Tx Drops Tx Late Exc Coll Figure 4 4 3 Detailed Port Statistics Port 1 Page Screenshot Object Rx and Tx Packets Rx and Tx Octets Rx and Tx Unicast Rx and Tx Multicast Rx and Tx Broadcast Rx and Tx Pause Description The number of received and transmitted good and
172. ated configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears ARP Inspection Configuration Model Datel Translate Dynamic to Static Port Mode Configuration Check VLAN Log Type hl Port FEEEEEE SS 4 4 S 4 4 44 41 4 4 A AA EISE GN oo GN SR oo GR SH A A A LAS ILA IS j 4 Lw Di mm P WwW he y y Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode of ARP Inspection Enable the Global ARP Inspection or disable the Global ARP Inspection Configuration e Port Mode Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Possible modes are E Enabled Enable ARP Inspection operation E Disabled Disable ARP Inspection operation If you want to inspect the VLAN configuration you have to enable the setting 282 PLAN ET User s Manual of GS 5220 Series Networking amp Communication al of Check VLAN The default setting of Check VLAN is disabled When the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting And the setting of Check VLAN is enabled the log type of ARP Inspection will refer to the VLAN setting Possible setting of Check VLAN are E Enabled Enable check VLAN operation E Disab
173. ater than zero must not be able to match this entry MH non zero IPv6 frames with a hop limit field greater than zero must be able to match this entry WW Any Any value is allowed don t care Description Specify the ICMP filter for this ACE BW Any No ICMP filter is specified ICMP filter status is don t care Mi Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value Specify the ICMP code filter for this ACE BW Any No ICMP code filter is specified ICMP code filter status is don t care Mi Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Description Specify the TCP UDP source filter for this ACE HM Any No TCP UDP source filter is specified TCP UDP source filter status is don t care WW Specific If you want to filter a specific TCP UDP source filter with this ACE you can enter a specific TCP UDP source value A field for entering a TCP UDP s
174. ation e Object Description e Mode Indicates the NTP mode operation Possible modes are E Enabled Enable NTP mode operation When enable NTP mode operation the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain E Disabled Disable NTP mode operation e Server Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 7 Time Configuration Configure Time Zone on this page A Time Zone is a region that has a uniform standard time for legal commercial and social purposes It is convenient for areas in close commercial or other communication to keep the same time so time zones tend to follow the boundaries of countries and their subdivisions The Time Zone Configuration screen in Figure 4 2 9 appears 62 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Time Zone Configuration Ti
175. atures Toss Toss is an acronym for Type of Service It is implemented as the IPv4 Toss priority control It is fully decoded to determine the priority from the 6 bit Toss field in the IP header The most significant 6 bits of the Toss field are fully decoded into 64 possibilities and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 TLV 358 wi TKIP UDP UPnP PLAN EI User s Manual of GS 5220 Series Networking amp Communication TLV is an acronym for Type Length Value ALLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV TKIP is an acronym for Temporal Key Integrity Protocol It used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet UDP is an acronym for User Datagram Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers UDP is an alternative to the Transmission Control Protocol TCP that uses the Internet Protocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure t
176. ay per port description 310 PLAN EI User s Manual of GS 5220 Series Networking amp Communication v i e Cable Status Port Port number Pair The status of the cable pair OK Correctly terminated pair Open Open pair Short Shorted pair Short A Cross pair short to pair A Short B Cross pair short to pair B Short C Cross pair short to pair C Short D Cross pair short to pair D Cross A Abnormal cross pair coupling with pair A Cross B Abnormal cross pair coupling with pair B Cross C Abnormal cross pair coupling with pair C Cross D Abnormal cross pair coupling with pair D Length The length in meters of the cable pair The resolution is 3 meters Buttons ze Click to run the diagnostics 311 User s Manual of GS 5220 Series PLANET Networking amp Communication 4 16 Power over Ethernet GS 5220 8P2T2S only Providing up to 8 PoE in line power interfaces the GS 5220 8P2T2S PoE Switch can easily build a power that centrally controls IP phone system IP Camera system AP group for the enterprise For instance 8 cameras APs can be easily installed around the corners of the company for surveillance demands or a wireless roaming environment in the office can be built Without the power socket limitation the GS 5220 8P2T2S PoE Switch makes the installation of cameras or WLAN AP easier and more efficient system b SNMP Port Management PoE System Status Link Aggrega
177. binding IP Source Guard prevents IP spoofing attacks IP address access management to prevent unauthorized intruder gt Management E Pv4 and IPv6 dual stack management WR Switch Management Interfaces Console Telnet Command Line Interface Web switch management SNMP v1 v2c and v3 switch management SSH SSL secure access IPv6 Address NTP management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment System Maintenance Firmware upload download via HTTP TFTP Reset button for system reboot or reset to factory default Dual Images DHCP Relay and Option 82 User Privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLDP and LLDP MED Network Diagnostic SFP DDM Digital Diagnostic Monitor Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues ICMPv6 ICMPv4 Remote Ping SMTP Syslog remote alarm Four RMON groups history statistics alarms and events SNMP trap for interface Link Up and Link Down notification System Log PLANET Smart Discovery Utility for deploy management gt Redundant Power System GS 5220 16S8CR HM 100 240V AC 36 60V DC Dual power redundant 16 PLANET User s Manual of GS 5220 Series Melworking amp Communication Mi Active active redundant power failure protection Mi Backup of catastrophic power failure on one supply Mi Fault tolerance and resi
178. ble after 300 seconds This removal is also called aging Object Description e Disable Automatic Enables disables the automatic aging of dynamic entries Aging e Aging Time The time after which a learned entry is discarded By default dynamic entries are removed from the MAC after 300 seconds This removal is also called aging 286 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e Range 10 10000000 seconds Default 300 seconds MAC Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Object Description e Auto Learning is done automatically as soon as a frame with unknown SMAC is received e Disable No learning is done e Secure Only static MAC entries are learned all other frames are dropped Note Make sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC table is sorted first by VLAN ID and then by MAC address Object Description e Delete Check to delete t
179. bove This must be an integer between 0 and 65535 149 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e MSTI Mapping Object Description e MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped e VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be mapped to one MSTI A unused MSTI should just be left empty l e not having any VLANs mapped to it Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are global The MSTI Port Configuration screen in Figure 4 7 9 amp Figure 4 7 10 appears MSTI Port Configuration select MSTI Figure 4 7 9 MSTI Port Configuration Page Screenshot The page includes the following fields MSTI Port Configuration Object Description e Select MSTI S
180. cators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the PLANET Networking amp Communication O PLANET Tx Tx Tx TX Access Requests Access Retransmissio ns Pending Requests Timeouts User s Manual of GS 5220 Series radiusAuthClientExtA ccessRequests radiusAuthClientExtA ccessRetransmission S radiusAuthClientExtP endingRequests radiusAuthClientExtT imeouts authentication port and dropped for some other reason The number of RADIUS Access Request packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a di
181. ce supports the following Aggregation links E Static LAGs Port Trunk Force aggregared selected ports to be a trunk group E Link Aggregation Control Protocol LACP LAGs LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Link Aggregation DT P Link Aggregation 4 Port Link Aggregation Up to 4 Gbps Figure 4 5 1 Link Aggregation 102 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e The Link Aggregation Control Protocol LACP provides a standardized means for exchanging information between Partner Systems that require high speed redundant links Link aggregation lets you group up to eight consecutive ports into a single dedicated connection This feature can expand bandwidth to a device on the network LACP operation requires full duplex mode more detail information refer to the IEEE 802 3ad standard Port link aggregations can be used to increase the bandwidth of a network connection or to ensure fault recovery Link aggregation lets you group up to 4 consecutive ports into a single dedicated connection between any two the Switch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggrega
182. ces Console Telnet Web browser SNMP v1 v2c Secure Management Interfaces SSH SSL SNMP v3 RFC 1213 MIB II RFC 2618 RADIUS Client MIB RFC 1493 Bridge MIB RFC 2863 IF MIB RFC 1643 Ethernet MIB RFC 2933 IGMP STD MIB RFC 2863 Interface MIB RFC 3411 SNMP Frameworks MIB RFC 2665 Ether Like MIB RFC 4292 IP Forward MIB RFC 2819 RMON MIB Group 1 2 3 RFC 4293 IP MIB and 9 RFC 4836 MAU MIB RFC 2737 Entity MIB IEEE 802 1X PAE LLDP Standards Conformance Regulation Compliance FCC Part 15 Class A CE IEEE 802 3 10BASE T IEEE 802 1Q VLAN tagging IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 1X Port Authentication Network IEEE 802 3z Gigabit SX LX Control Standards Compliance IEEE 802 3ab Gigabit 1000T IEEE 802 1ab LLDP IEEE 802 3ae 10Gb s Ethernet RFC 768 UDP IEEE 802 3x flow control and back RFC 793 TFTP pressure RFC 791 IP 25 PLANET User s Manual of GS 5220 Series PL amp Communication IEEE 802 3ad port trunk with LACP RFC 792 ICMP IEEE 802 1D Spanning Tree Protocol RFC 2068 HTTP IEEE 802 1w Rapid Spanning Tree RFC 1112 IGMP version 1 Protocol RFC 2236 IGMP version 2 IEEE 802 1s Multiple Spanning Tree RFC 3376 IGMP version 3 Protocol RFC 2710 MLD version 1 IEEE 802 1p Class of service FRC 3810 MLD version 2 Environment D Temperature 0 50 degrees C perating Relative Humidity 5 95 non condensing e Temperature 10 70 degrees C orage Relative Humidity 5 95 non condensing 26 PLAN ET User
183. ch implements the Rapid Spanning Protocol as the default spanning tree protocol When selecting Compatibles mode the system uses the RSTP 802 1w to be compatible and to co work with another STP 802 1D s BPDU control packet Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information The Bridge Status screen in Figure 4 7 5 appears STP Bridges Root Topolo Topolo CST o0 00 00 30 4F 11 24 55 0 00 00 30 4F 11 22 55 0 Steady Auto refresh LJ Figure 4 7 5 STP Bridge Status Page Screenshot The page includes the following fields Object Description e MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status e Bridge ID The Bridge ID of this Bridge instance e Root ID The Bridge ID of the currently elected root bridge e Root Port The switch port currently assigned the root port role e Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge 144 PLANET User s Manual of GS 5220 Series Metworking amp Communication e Topology Flag The current state of the Topology Change Flag for this Bridge
184. ch is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx XX XX XX XX that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the
185. change and memorize the new password after this first setup Only accept command in lowercase letter under web interface 4 1 Main Web Page The Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Managed Switch using the Web browser of your choice This chapter describes how to use the Managed Switch s Web browser interface to configure and manage it Main Functions Menu Copper Port Link Status SFP SFP Port Link pmm mmm wm RENE ds a 2 4 6 6 10 12 14 15 18 20 22 24 26 26 30 32 34 36 Q PLANET Ae amp Coereeeicatics 1 3 5 H 9 11 13 15 17 19 21 23 25 27 29 31 33 35 System gt SNMP Port Management gt Lin k Ag grega tion VLANS Spanning Tree a on Welcome to PLANET gt Multicast Control List GS 5 220 48T4X fication 38 40 42 4 46 48 dp 48 a 1 43 45 47 45 47 49 5 Je hl 1 af GE d GS 5220 48T4xX 48 Port 10 100 1000Mbps with 4 Shared SFP 4 x 10G port p MAC Address Table LLDP Management Switch Diagnostics am PLANET Technology Corporation gt RMON 10F No 96 Minguan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528 Email Support planet com tw Copyright 2014 PLANET Technology Corporation All rights reserved Figure 4 1 4 Web Main Page Help Button Main Screen Panel Display The web agent displays an image of the Managed Switch s
186. cific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is XX XX XX XX XX XX Or XX XX XX XX XX XX Or XXXXXXXXXXXX X IS a hexadecimal digit A frame that hits this ACE matches this SMAC value Specify the destination MAC filter for this ACE BW Any No DMAC filter is specified DMAC filter status is don t care MC Frame must be multicast BC Frame must be broadcast UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is XX XX XX XX XX XX Or XX XX XX XX XX XX Or XXXXXXXXXXXX X IS a hexadecimal digit A frame that hits this ACE matches this DMAC value Description Specify the VLAN ID filter for this ACE HM Any No VLAN ID filter is specified VLAN ID filter status is don t care MH Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Specify th
187. ck to undo any changes made locally and revert to previously saved values By default the system automatically detects the speed and duplex mode used on each port and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to 65 535 Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 50 600 200 000 20 000 000 10 60 20 000 2 000 000 Half Duplex 2 000 000 Full Duplex 1 999 999 Trunk 1 000 000 Half Duplex 200 000 Full Duplex 100 000 Trunk 50 000 Full Duplex 10 000 Trunk 5 000 Table 4 7 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1w 2001 Half Duplex 2 000 000 Full Duplex 1 000 000 Trunk 500 000 Half Duplex 200 000 Full Duplex 100 000 Trunk 50 000 Full Duplex 10 000 Trunk 5 000 Table 4 7 3 Default STP Path Costs 147 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 7 5 MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Priority screen in Figure 4 7 7 appears MSTI Configuration MSTI Priority Configuration Figure 4 7 7 MSTI Priority Page Screenshot The page includes the following fields Object Description e MSTI The bridge instance
188. ck to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Any changes made locally will be undone 94 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 4 2 Port Statistics Overview This page provides an overview of general traffic statistics for all switch ports The Port Statistics Overview screen in Figure 4 4 2 appears Port Statistics Overview 1 1076 1047 1569772 ob2465 0 a H H H H i S H E 0 0 D 0 0 D 0 U 0 4 0 0 D 0 0 D 0 0 0 5 0 0 D 0 0 D 0 0 0 E 0 0 D 0 0 D 0 0 0 Z 0 0 D 0 0 D 0 0 0 e BR U D 0 e Oo 0 U H Figure 4 4 2 Port Statistics Overview Page Screenshot The displayed counters are Object Description e Port The logical port for the settings contained in the same row e Packets The number of received and transmitted packets per port e Bytes The number of received and transmitted bytes per port e Errors The number of frames received in error and the number of incomplete transmissions per port e Drops The number of frames discarded due to ingress or egress congestion e Filtered The number of received frames filtered by the forwarding process Buttons _ Download Download the Port Statistics Overview result as EXECL file Refresh Click to refresh the page immediately Clears the counters for all ports Print the Port Statistics Overview result Auto refresh L Check this box to enable an automatic refresh of the page
189. ction LNK ACT Lights up to indicate the port is successfully established Blinks to indicate that the Switch is actively sending or receiving data over that port 33 PLANET Networking amp Communication User s Manual of GS 5220 Series 2 1 3 Switch Rear Panel The rear panel of the Managed Switch consists of the AC DC inlet power socket show the rear panel of the Managed Switch Figure 2 1 13 Rear Panel of GS 5220 8P2T2S Figure 2 1 14 Rear Panel of GS 5220 16S8C Figure 2 1 15 Rear Panel of GS 5220 16S8CR Figure 2 1 16 Rear Panel of GS 5220 44S4C Figure 2 1 17 Rear Panel of GS 5220 46S2C4X Figure 2 1 18 Rear Panel of GS 5220 48T4X 34 a PLAN EI User s Manual of GS 5220 Series lt Networking amp Communication Mi 10 Gigabit SFP slot 10GBASE SR LR mini GBIC slot SFP Transceiver module supports from 300 meters multi mode fiber to 60 kilometers single mode fiber Mi AC Power Receptacle For compatibility with electrical voltages in most areas of the world the Managed Switch s power supply can automatically adjust line power in the range of 100 240V AC and 50 60 Hz Plug the female end of the power cord firmly into the receptacle on the rear panel of the Managed Switch and the other end of the power cord into an electrical outlet and the power will be ready The device is a power required device which means it will not work till it is powered If
190. ctions permit and deny The ACE also contains many detailed different parameter options that are available for individual application ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hiton one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a policy 1 ingress port or any ingress port the whole switch If an ACE Policy is cr
191. d on a Draft 3 of the IEEE 802 111 standard Wikipedia WPA Radius WPS WRED WTR WPA Radius is an acronym for Wi Fi Protected Access Radius 802 1X authentication server WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 111 standard Wikipedia WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WRED is an acronym for Weighted Random Early Detection It is an active queue management mechanism that provides preferential treatment of higher priority frames when traffic builds up within a queue A frame s DP level is used as input to WRED A higher DP level assigned to a frame results in a higher probability that the frame is dropped during times of congestion WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously
192. des port mirror many to 1 E Port mirroring to monitor the incoming or outgoing traffic on a particular port WR Loop protection to avoid broadcast loops gt Layer 3 IP Routing Features E Supports maximum 32 static routes and route summarization gt Quality of Service Ingress Shaper and Egress Rate Limit per port bandwidth control 8 priority queues on all switch ports x Traffic classification IEEE 802 1p CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict priority and Weighted Round Robin WRR CoS policies Traffic policing policies on the switch port E DSCP remarking gt Multicast Supports IGMP Snooping v1 v2 and v3 Supports MLD Snooping v1 and v2 Querier mode support IGMP Snooping port filtering MLD Snooping port filtering MVR Multicast VLAN Registration gt Security WR Authentication IEEE 802 1x Port based MAC based network access authentication IEEE 802 1x Authentication with Guest VLAN 15 PLAN EI User s Manual of GS 5220 Series Networking amp Communication Gr Built in RADIUS client to cooperate with the RADIUS servers RADIUS TACACS users access authentication WR Access Control List IP based Access Control List ACL MAC based Access Control List ACL Source MAC IP address binding DHCP Snooping to filter distrusted DHCP messages Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address
193. dicate that this view subtree should be included WR excluded An optional flag to indicate that this view subtree should be excluded In general if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry e OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Add Neve Enty Click to add a new view entry APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 5 5 SNMPv3 Access Configure SNMPv3 accesses table on this page The entry index keys are Group Name Security Model and Security Level The SNMPv3 Access screen in Figure 4 3 8 appears SNMPv3 Access Configuration Security Model Security Level Read View Name Write View Name aT default_ro group any WoAuth NoPriv default view ze E default_rw_aroup any WNoAuth NoFriv default view default view Figure 4 3 8 SNMPv3 Accesses Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save 91 a Buttons PLANET Networking amp Communication e Group Name e Security Model e Security Level e Read View Name e Write View Name
194. dicates the VLAN ID e Port Members A row of check boxes for each port is displayed for each MAC based VLAN entry To include a port in a MAC based VLAN check the box To remove or exclude the port from the MAC based VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked e Adding a New Click Add New Entry to add a new MAC based VLAN entry An empty row is MAC based VLAN added to the table and the MAC based VLAN entry can be configured as needed Any unicast MAC address can be configured for the MAC based VLAN entry No broadcast or multicast MAC addresses are allowed Legal values for a VLAN ID are 1 through 4095 The MAC based VLAN entry is enabled when you click on Save A MAC based VLAN without any port members will be deleted when you click Save The Delete button can be used to undo the addition of new MAC based VLANs Buttons Add Hew Entry Click to add a new MAC based VLAN entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 131 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Retesh Click to refresh the page immediately e Updates the table starting from the first entry in the MAC based VLAN Table gt gt Updates the table starti
195. ding or receiving data over that port GS 5220 44S4C LED Indication Figure 2 1 10 Front Panel LEDs of GS 5220 44S4C gt System LED Gelle Function ee Lights to indicate that the Switch has power SYS Green L Lights to indicate the system is working gt Alert LED O70 fo g Function FAN1 Red Lights to indicate that the FAN1 Group failure FAN2 Red Lights to indicate that the FAN2 Group failure gt Per 10 100 1 T RJ45 Interfaces Port 1 to Port 4 Color Function em a Lights Indicates the link through that port is successfully established at 1000Mbps Blinks indicates that the Switch is actively sending or receiving data over that port Blinks indicates that the Switch is actively sending or receiving data over that port LNK ACT Lights Indicates the link through that port is successfully established at 100Mbps ane Blinks ot indicate the link through that port is successfully established at 10Mbps 31 a PLANET User s Manual of GS 5220 Series Networking amp Communication gt Per 100 1 COOMBPS or Combo Interface Port 1 to Port 48 Color Function am EPE Lights Indicates the link through that port is successfully established at 1000Mbps LNK ACT Blinks indicates that the Switch is actively sending or receiving data over that port Lights Indicates the link through that port is successfully established at 100Mbps nae Blinks Blinks indicates that the
196. dress Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS is an acronym for Remote Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network 355 PLANET User s Manual of GS 5220 Series Networking amp Communication service RDI is an acronym for Remote Defect Indication It is an OAM functionality that is used by a MEP to indicate defect detected to the remote peer MEP A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device In 1998 the IEEE with document 802 1w introduced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP S Samba is a program running under UNIX like operating systems that provides seamless integration between UNIX and Microsoft Windows machines Samba acts as file and print servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking
197. dule and Shapers PLANET Networking amp Communication User s Manual of GS 5220 Series The Port Scheduler and Shapers for a specific port are configured on this page The QoS Egress Port Schedule and Shaper screen in Figure 4 9 5 appears Queue Shaper BW The page includes the following fields TREE QoS Egress Port Scheduler and Shapers Port 1 Strict Priority Port Shaper enable nate Unit Figure 4 9 5 QoS Egress Port Schedule and Shapers Page Screenshot Object e Schedule Mode e Queue Shaper Enable e Queue Shaper Rate e Queue Shaper Unit e Queue Shaper Excess e Queue Scheduler Description Controls whether the scheduler mode is Strict Priority or Weighted on this switch port Controls whether the queue shaper is enabled for this queue on this switch port Controls the rate for the queue shaper This value is restricted to 100 1000000 when the Unit is kbps and it is restricted to 1 13200 when the Unit is Mbps The default value is 500 Controls the unit of measure for the queue shaper rate as kbps or Mbps The default value is kbps Controls whether the queue is allowed to use excess bandwidth Controls the weight for this queue 186 PLANET Networking amp Communication Weight e Queue Scheduler Percent e Port Shaper Enable e Port Shaper Rate e Port Shaper Unit User s Manual of GS 5220 Series This value is restricted to 1 100
198. e 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated For this example add Port 7 to be VLAN 2 and VLAN 3 member port 5 Specify Port 7 to be the 802 1Q VLAN Trunk port and the Trunking port must be a Tagged port while egress The Port 7 configuration is shown in Figure 4 6 14 Global VLAN Configuration Allowed Access VLANs E 3 Ethertype for Custom ports 5348 l Fort VLAN Configuration i Port Ingress Ingress Egress Allowed Forbidden ar Jar iO Access CF Tagged and Untagged v UntagPort VLAN 2 Access 4 2 3 Access 4 Access 5 Access w 6 Access Fi ind gger tac d Je trunk icon Taggedony a E E Access RNI H E ml KE lt H Figure 4 6 14 VLAN Overlap Port Setting amp VLAN 1 The Public Area Member Assign That is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets form VLAN 2 or VLAN 3 is not able to access to the other VLAN 129 PLANET User s Manual of GS 5220 Series Networking amp Communication Y 6 Repeat Steps 1 to 6 set up the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeat Steps 1 to 3 to assign the Trunk port to the VLANs 4 6 7 3 Port Isola
199. e C Voltage Current mA TX poweri dBm RX poweri dBm SFF Moniter Event Alert L send tra Warning Temperature mS Degree C Auto refresh Il Figure 4 4 4 SFP Module Information for Switch Page Screenshot The page includes the following fields Object Description e Type Display the type of current SFP module the possible types are E 10GBASE SR E 10GBASE LR M 1000BASE SX M 1000BASE LX W 100BASE FX e Speed Display the speed of current SFP module the speed value or description is get from the SFP module Different vendors SFP modules might shows different speed information e Wave Length nm Display the wavelength of current SFP module the wavelength value is get from the SFP module Use this column to check if the wavelength values of two nodes are the matched while the fiber connection is failed Distance m Display the supports distance of current SFP module the distance value is get from the SFP module e Temperature C Display the temperature of current SFP DDM module the temperature value is SFP DDM Module Only get from the SFP DDM module 98 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Voltage V Display the voltage of current SFP DDM module the voltage value is get from the SFP DDM Module Only SFP DDM module e Current mA Display the Ampere of current SFP DDM module the Ampere value is get from SFP DDM Module Only the SFP DD
200. e starting with the entry after the last entry currently displayed 4 18 7 RMON Statistics Configuration Configure RMON Statistics table on this page The entry index key is ID screen in Figure 4 18 8 appears RMON Statistics Configuration Delete 1D Data Source Add New Entry Figure 4 18 8 RMON Statistics Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e ID Indicates the index of the entry The range is from 1 to 65535 e Data Source Indicates the port ID which wants to be monitored Buttons Add New Entry Click to add a new community entry _APBIY Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 336 PLANET Networking amp Communication e 4 18 8 RMON Statistics Status This page provides an overview of RMON Statistics entries Each page shows up to 99 entries from the Statistics table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Statistics table The first displayed will be the one with the lowest ID found in the Statistics table screen in Figure 4 18 9 appears No more entnes User s Manual of GS 5220 Series RMON Statistics Status Overview start from Control Index o with entries per page are Drop
201. e Aging Period Port Configuration Description Indicates if Limit Control is globally enabled or disabled on the switch If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled If checked secured MAC addresses are subject to aging as discussed under Aging Period If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it wasn t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable aging With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Agi
202. e Mode Shows the scheduling mode for this port e QO Q5 Shows the weight for this queue and port 184 PLANET Networking amp Communication User s Manual of GS 5220 Series v i 4 9 5 Port Shaping This page provides an overview of QoS Egress Port Shapers for all switch ports The Port Shaper screen in Figure 4 9 4 appears QoS Egress Port Shapers SS es os ge 1 0 LTT e Disabled Disabled Disabled Disabled Disabled Disabled Ol LA Os Ak Os Port Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Toe idad Disahled Disabled Disabled Disabled Disabled Figure 4 9 4 QoS Egress Port Shapers Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure the shapers For more details please refer to chapter 4 9 5 1 e Q0 Q7 Shows disabled or actual queue shaper rate e g 800 Mbps e Port Shows disabled or actual port shaper rate e g 800 Mbps 185 vi 4 9 5 1 QoS Egress Port Sche
203. e Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out Each LLDP frame can contain multiple pieces of information Known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded The number of well formed TLVs but with an unknown type value The number of organizationally TLVs received Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Click to refresh the page immediately ear Gear Clears the local counters All counters including global counters are cleared upon reboot Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 305 PLAN EI User s Manual of GS 5220 Series Networking amp Communication v i 4 15 Network Diagnostics This section provide the Physical layer and IP layer network diagnostics tools for troubleshoot The diagnostic tools are designed for network manager to help them quickly diagnose problems between point to point and better service customers Use the Diagnostics menu items to display and configure basic administrative details of the Managed Switch Under System the following topics ar
204. e and destination stations in a switched network might not be ideal For instance connecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propagate throughout the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states a Blocking the port is blocked from forwarding or receiving packets Listening the port is waiting to receive BPDU packets that may tell the port to go back to the blocking state _ Learning the port is adding addresses to its forwarding database but not yet forwarding packets Forwarding the port is forwarding packets Disabled the port only responds to network management messages and must return to the blocking state fi
205. e broadcast address e Multicast The total number of good packets received that were directed to a multicast address CRC Errors The total number of packets received that had a length excluding framing bits but including FCS octets of between 64 and 1518 octets inclusive but had either a bad Frame Check Sequence FCS with an integral number of octets FCS Error or a bad FCS with a non integral number of octets Alignment Error e Undersize The total number of packets received that were less than 64 octets e Oversize The total number of packets received that were longer than 1518 octets e Frag The number of frames whose size is less than 64 octets received with invalid CRC e Jabb The number of frames whose size is larger than 64 octets received with invalid CRC e Coll The best estimate of the total number of collisions in this Ethernet segment 335 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a e Utilization The best estimate of the mean physical layer network utilization on this interface during this sampling interval in hundredths of a percent Buttons Refresh Click to refresh the page immediately Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds e Updates the table starting from the first entry in the History table i e the entry with the lowest History Index and Sample Index gt gt Updates the tabl
206. e frames that are longer than the configured maximum frame length for this port 1 Short frames are frames that are smaller than 64 bytes 2 Long frames are frames that are longer than the configured maximum frame length for this port Transmit Error Counters Object Description e Tx Drops The number of frames dropped due to output buffer congestion e Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Refresh Click to refresh the page immediately Clear Clears the counters for all ports Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 97 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 4 4 SFP Module Information The WGSW 48040HP has supported the SFP module with digital diagnostics monitoring DDM function this feature is also known as digital optical monitoring DOM You can check the physical or operational status of an SFP module via the SFP Module Information page This page shows the operational status such as the transceiver type speed wavelength optical output power optical input power temperature laser bias current and transceiver supply voltage in real time You can also use the hyperlink of port no to check the statistics on a specific interface The SFP Module Information screen in Figure 4 4 4 appears SFP Module Information Wave Lengthi nm Distance m Temperatur
207. e in Ingress or Egress The DSCP Translation screen in Figure 4 9 10 appears DSCP Translation Translate Classify pM DU g D u V 4 SS a Fe ae t 5 it Vs VS VS Vs OST a CS Lal LU CO A OI On amp Ww bi za CC IE io ABT ze Figure 4 9 10 DSCP Translation Page Screenshot The page includes the following fields Object Description 191 PLANET Networking amp Communication Y e DSCP e Ingress e Translate e Classify e Egress e Remap DP Buttons Apply J Click to apply changes User s Manual of GS 5220 Series Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63 Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map There are two configuration parameters for DSCP Translation WW Translate W Classify DSCP at Ingress side can be translated to any of 0 63 DSCP values Click to enable Classification at Ingress side There is following configurable parameter for Egress side Mm Remap Select the DSCP value from select menu to which you want to remap DSCP value ranges form 0 to 63 Reset Click to undo any changes made locally and revert to previously saved values 4 9 10 DSCP Classification This page allows you to map DSCP value to a QoS Class and DPL value The DSCP Classification screen in Figure 4 9 11 appears DSCP Classifica
208. e maximum VLAN limit of 4096 VLAN 1 20 nh Backbone 9 in Tunnel Core Switch OO Tine y Ee am 1000Base T UTP m 1000Base SX LX Fiber optic The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous independent customer LANs into the MAN Metro Access Network space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs This is accomplished by adding a VLAN tag with a MAN related VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use Ether Type 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports This way the MAC table requirements is reduced 115 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Y Global VLAN Configuration The Global VLAN Configuration
209. e of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes Le 236 V PLAN EI User s Manual of GS 5220 Series Melworking amp Communication E Port based 802 1X E Single 802 1X WM Multi 802 1X For trouble shooting VLAN assignments use the Monitor gt VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received meanwhile the switch considers entering the Guest VLAN The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the p
210. e provided to configure and view the system information This section has the following items WH Ping WR IPv6 Ping m Remote IP Ping E Cable Diagnostics PING The ping and IPv6 ping allow you to issue ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmit ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow m if the link is established on the twisted pair interface in 1000BASE T mode the Cable Diagnostics can run without disruption of the link or of any data transfer m if the link is established in 1OOBASE TX or 10BASE T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available WR Coupling between cable pairs WR Cable pair termination WR Cable Length 306 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 15 1 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Start 5 ICMP packets are transmitted and the sequence number and roundtri
211. e resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network 352 a PLANET User s Manual of GS 5220 Series lt Melworking amp Communication NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagrams as transport layer O OAM is an acronym for Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier Ethernet functionality MEP functionality like CC and RDI is based on this An LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch includes the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLV is disabled the corresponding information is not included in the LLDP frame OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of an MAC address P PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority PD is an acronym for Powered Device In a PoE gt system the power is delivered from a PSE power sou
212. e saved in the RMON Buttons Add New Entry Click to add a new community entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 334 PLANET Networking amp Communication User s Manual of GS 5220 Series e 4 18 6 RMON History Status This page provides an detail of RMON history entries screen in Figure 4 18 7 appears RMON History Overview Autoreesh E start from Control Index lo and Sample Index o with entries per page History Sample Sample Broad Multi CRC Under Ower We eee Drop Octets Pkts nee pet eee dee See Jabb Coll Utilization No more entnes Figure 4 18 7 RMON History Overview Page Screenshot The page includes the following fields Object History Index Sample Index Sample Start Description Indicates the index of History control entry Indicates the index of the data entry associated with the control entry The value of sysUpTime at the start of the interval over which this sample was measured e Drop The total number of events in which packets were dropped by the probe due to lack of resources e Octets The total number of octets of data including those in bad packets received on the network e Pkts The total number of packets including bad packets broadcast packets and multicast packets received e Broadcast The total number of good packets received that were directed to th
213. e tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care 212 PLANET Networking amp Communication al E ARP Parameters User s Manual of GS 5220 Series The ARP parameters can be configured when Frame Type ARP is selected Object e ARP RARP e Request Reply e Sender IP Filter e Sender IP Address e Sender IP Mask e Target IP Filter e Target IP Address e Target IP Mask e ARP Sender MAC Match Description Specify the available ARP RARP opcode OP flag for this ACE BW Any NoARP RARP OP flag is specified OP is don t care HM ARP Frame must have ARP RARP opcode set to ARP Hi RARP Frame must have ARP RARP opcode set to RARP WW Other Frame has unknown ARP RARP Opcode flag Specify the available ARP RARP opcode OP flag for this ACE BW Any NoARP RARP OP flag is specified OP is don t care HM Request Frame must have ARP Request or RARP Request OP flag set HM Reply Frame must have ARP Reply or RARP Reply OP flag Specify the sender IP filter for this ACE HM 8 Any No sender IP filter is specified Sender IP filter is don t care HM Host Sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears HM Network Sender IP filter is set to Network Specify the sender IP address and sender I
214. eat certain types of traffic Rules are associated with a QoS Profile see above To implement QoS on your network you need to carry out the following actions 1 Define a service level to determine the priority that will be applied to traffic 2 Apply a classifier to determine how the incoming traffic will be classified and thus treated by the Switch 3 Create a QoS profile which associates a service level and a classifier 4 Apply a QoS profile to a port s 181 4 9 2 Port Policing PLANET lt lt Networking amp Communication User s Manual of GS 5220 Series This page allows you to configure the Policer settings for all switch ports The Port Policing screen in Figure 4 9 1 appears The page includes the following fields Object Buttons APPIY Click to apply changes Port Enable Rate Unit Flow Control Enabled Rate QoS Ingress Port Policers Flow Control Rate C R F500 Sr O mm gesi 0 Rer O 00 kes Ww O 0 gesi D O mes O 0 gesi O eal khe w O Figure 4 9 1 QoS Ingress Port Policers Page Screenshot Description The port number for which the configuration below applies Controls whether the policer is enabled on this switch port Controls the rate for the policer This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 3300 when the Unit is Mbps or kfps The default value is 500 Con
215. eated then that policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Port configuration is used to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Traffic Policy is created under the Access Control List You can you also set up specific traffic properties Action Rate Limiter Port copy etc for each ingress port They will though only apply if the frame gets past the ACE matching without getting matched In that case a counter associated with that port is incremented See the web page help text for each specific port property 344 j PLANET User s Manual of GS 5220 Series Networking amp Communication ACL Rate Limiters On this page you can configure the rate limiters There can be 15 different rate limiters each ranging from 1 to 1024K packets per second Under Ports and Access Control List you can assign a Rate Limiter ID to the ACE s or ingress port s AES is an acronym for Advanced Encryption Standard The encryption key protocol is applied in 802 1x standard to improve WLAN security It is an encryption standard by the U S government which will replace DES and 3DES AES has a fixed block size of 128 bits and a key size of 128 192 or 256 bits
216. eceived are not mirrored WW Disabled Neither frames transmitted or frames received are mirrored HM Both Frames received and frames transmitted are mirrored to the mirror port For a given port a frame is only transmitted once It is therefore not possible to mirror Tx frames on the mirror port Because of this mode for the selected mirror port is limited to Disabled or Rx only Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 101 PLANET User s Manual of GS 5220 Series Networking amp Communication e 4 5 Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups LAGs Port Aggregation multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The devi
217. ected switch The STP Port Status screen in Figure 4 7 11 appears The page includes the following fields Object e Port e CIST Role e CIST State e Uptime Buttons Retresh STP Port Status Port CST Rote IST State Uptime Non STP Forwarding Non STP Forwarding Mon STP Forwarding Mon STP Forwarding Mon STP Forwarding Mon STP Forwarding Mon STP Forwarding cling 3 DI On e tuo ba Figure 4 7 11 STP Port Status Page Screenshot Description The switch port number of the logical STP port The current STP port role of the ICST port The port role can be one of the following values WW Altermatebort BackupPort RootPort DesignatedPort Disable The current STP port state of the CIST port The port state can be one of the following values Disabled Learning Forwarding The time since the bridge port was last initialized Click to refresh the page immediately Auto refresh Li Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds 152 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 7 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen in Figure 4 7 12 appears STP Statistics SN ste ste ste Ten mst eem ste Ten Unknown megar No pons enabled OOo O oO Do pots
218. edia Wi Fi is an acronym for Wireless Fidelity It is meant to be used generically when referring of any type of 802 11 network whether 802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA is an acronym for Wi Fi Protected Access It was created in response to several serious weaknesses researchers had found in the previous system Wired Equivalent Privacy WEP WPA implements the majority of the IEEE 802 11i standard and was intended as an intermediate measure to take the place of WEP while 802 111 was prepared WPA is specifically designed to also work with pre WPA wireless network interface cards through firmware upgrades but not necessarily with first generation wireless access points WPA2 implements the full standard but will not work with some older network cards Wikipedia WPA PSK WPA PSK is an acronym for Wi Fi Protected_Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable 360 al PLAN EI User s Manual of GS 5220 Series Networking amp Communication pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is base
219. eeeeseeeeessaeeeeeas 164 ke OMP Snooping Stal enee dE 165 Gr PLAN EI User s Manual of GS 5220 Series Networking amp Communication 48 6 IGMP Ee te Ale tel el DEE 166 A8 IVI Euren e D 167 4 8 10 MLD Snooping Contfguraton rrenan rrene een 168 4 8 11 MLD Snooping VLAN Contgouraton nenen 169 4 8 12 MLD Snooping POM Group ET Le E 171 4 8 13 MLD Snooping StatUS E 172 4 8 14 MLD Group Information cseccccsecetecnscsececesectaaeec5ncreecectheaeeedeente act eanteontneseetdcexthocteneaecieeaistexteciectdaectbeeancteenteeaeehis 173 4 8 15 MLDv2 Information EE 174 4 8 16 MVR Multicaset VLAN Heotstratnon 175 EE Eege 178 4 8 18 MVR Groups Information cccccecccceeccceecceaeeceeeeeeceeeeeaeeeeeeeeeseeeeseeeeaeeeeeeeeeseeeseeeesseeeeeaeeeseeeessueessaeeeseeeseeesaas 179 4 8 19 MVR SFM Information eee eeeee eee e cece ee aeeeeeeeeaeee eee saaeeeeeesaaaeeeeesaaaeeeeesaeeeeeeesaaeeesesaeneeeeesaneeeeeeess 179 Ao OUa OF SOP ICC EEEE E E E E E 181 4 9 1 Understanding QOS ce sacie sacs caren ce lnardnssis deni h Ser nagdnnd nti ibe nad nlesaroeld Sata be Slcarncalb ices a SS loan nied sce tladoadinaald dacins Se tenewe neds 181 A OM 1 OIC ING EE 182 49 3 F OM ClaSSiNCAlOM TE 182 AOA Pon EE 184 SS POE NaN E 185 4 9 5 1 QoS Egress Port Schedule and Shapers ccccccseccecceeeeeeeeeeeeeeeeeeeseeeeeseeeeeeseaeeesseeeeeseaeeeesaeeeeseeeeesaees 186 AO FPO TOR oMa ln Le ER 187 4 9 6 1 QoS Egress Port Tag Hemarking 188 Ge Ee 189 49 6
220. eft most table or client right most table PLAN EI User s Manual of GS 5220 Series Networking amp Communication e Rx Other dot1xAuthBackendOther 802 1X based Requests Requests ToSupplicant Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Rx Auth dot1xAuthBackendAuth 802 1X and MAC based Successes Successes Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Rx Auth dot1xAuthBackendAuth 802 1X and MAC based Failures Fails Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server TX Responses dot1xAuthBackendResp 802 1X based onses Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server 243 PLANET Networking amp Communication e e Last Supplicant Client Info Selected Counters Object e Selected Counters User s Manual of GS 5220 Series for
221. egal Signature PLANET TECHNOLOGY CORPORATION e mail sales planet com tw http www planet com tw 10F No 96 Minquan Rd Xindian Dist New Taipei City Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528 gt PLANET Networking amp Communication EC Declaration of Confomi For the following equipment Type of Product L2 44 Port 100 1000BASE X SFP 4 Port Gigabit TP SFP Managed Switch Model Number gt GS 5220 44S4C Produced by Manufacturer s Name Planet Technology Corp Manufacturer s Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive on 2004 108 EC and Low Voltage Directive 2006 95 EC For the evaluation regarding the EMC the following standards were applied EN 55022 2010 AC 2011 EN 61000 3 2 2006 A 1 2009 A2 2009 EN 61000 3 3 2008 EN 55024 2010 EN 61000 4 2 2009 EN 61000 4 3 2006 A2 2010 EN 61000 4 4 2012 EN 61000 4 5 2006 EN 61000 4 6 2009 EN 61000 4 8 2010 EN 61000 4 11 2004 EN60950 1 2006 A 11 2009 A 1 2010 A12 2011 A2 2013 Responsible for marking this declaration if the Manufacturer C Authorized representative established within the EU Authorized representative established within the EU if applicable Company Name Plane
222. ege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Buttons Add New User Click to add a new user Add Edit User This page configures a user add edit or delete user 57 vi The page includes the following fields Buttons f gji PLANET Networking amp Communication User s Manual of GS 5220 Series Add User Password again Privilege Level Object e Username e Password e Password again e Privilege Level Et Click to apply changes Aprl Figure 4 2 5 Add Edit User Configuration Page Screenshot Description A string identifying the user name that this entry should belong to The allowed string length is 1 to 31 The valid user name is a combination of letters numbers and underscores The password of the user The allowed string length is 1 to 31 Please enter the user s new password here again to confirm The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write acce
223. either Allow or Deny e Hardware Filter Indicates whether data plane destined to the specific group address from the Switch source IPv4 IPv6 address could be handled by chip or not Buttons Auto refresh Li Automatic refresh occurs every 3 seconds Retresh Refreshes the displayed table starting from the input fields ke Updates the table starting from the first entry in the MVR SFM Information Table 180 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 9 Quality of Service 4 9 1 Understanding QoS Quality of Service QoS is an advanced traffic prioritization feature that allows you to establish control over network traffic QoS enables you to assign various grades of network service to different types of traffic such as multi media video protocol specific time critical and file backup traffic QoS reduces bandwidth limitations delay loss and jitter It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network You can define exactly how you want the switch to treat selected applications and types of traffic You can use QoS on your system to e Control a wide variety of network traffic by e Classifying traffic based on packet attributes e Assigning priorities to traffic for example to set higher priorities to time critical or business critical applications e Applying security policy through traffic filter
224. eld is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here 240 PLANET Networking amp Communication wi Port Counters Object e EAPOL Counters Direction Rx Rx Rx Rx Rx Description Force Authorized User s Manual of GS 5220 Series Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X Name Total Response ID Responses Start Logoff Invalid Type Invalid Length 241 IEEE Name dot1xAuthEapolFrames Rx dot1xAuthEapolRespld FramesRx dot1xAuthEapolRespFr amesRx dot1xAuthEapolStartFra mesRx dot1xAuthEapolLogoffFr amesRx dot1 xAuthInvalidEapolF ramesRx dot1xAuthEapLengthErr orFramesRx These supplicant frame counters are available for the following administrative states Description The number of valid EAPOL frames of any type that have been received by the switch The number of valid EAPOL Response Identity frames that have been received by the switch The number of valid EAPOL response frames other than Response Identity frames that have been received by the switch The number of EAPOL Start frames that have been received by the switch The number of valid
225. elect the bridge instance and set more detail configuration 150 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e MST1 MSTI Port Configuration MSTI Aggregated Ports Configuration Port Path Cost MSTI Normal Ports Configuration Path Cost Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot The page includes the following fields MSTx MSTI Port Configuration Object Description e Port The switch port number of the corresponding STP CIST and MSTI port e Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 e Priority Controls the port priority This can be used to control priority of ports having identical port cost Buttons cet Click to set MSTx configuration APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 151 PLANET Networking amp Communication al 4 7 8 Port Status User s Manual of GS 5220 Series This page displays the STP CIST port status for port physical ports in the currently sel
226. emember my password Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as shown in Figure 4 1 3 Ce 2 4 6 P 10 12 Er 16 18 20 22 24 26 28 30 32 ES 36 1 3 5 7 9 11 13 15 PE 19 21 23 25 27 29 31 33 35 H S S tem 3 3 z 40 42 we 44 46 48 46 46 ae a Rm 43 45 47 45 47 50 49 51 37 39 41 GS 5220 48T4X Port Management Link Aggregation Welcome to PLANET GS 5220 48T4X 48 Port 10 100 1000Mbps with 4 Shared SFP 4 x 10G port Management Switch PLANET Technology Corporation 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax BeG 2 22 13 9528 Email Support planet com tw Copyright 2014 PLANET Technology Corporation All rights reserved Figure 4 1 3 Web Main Page 49 PLANET User s Manual of GS 5220 Series Networking amp Communication Now you can use the Web management interface to continue the switch management or manage the Managed Switch by Web interface The Switch Menu on the left of the web page lets you access all the commands and statistics the Managed Switch provides It is recommended to use Internet Explore 7 0 or above to access Managed Switch The changed IP address takes effect immediately after clicking on the Save button You need to use the new IP address to access the Web interface For security reason please
227. ement Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine if multicast packets should be forwarded to a given sub network or not The router can check using IGMP to see if there is at least one member of a multicast group on a given subnet work If there are no members on a sub network packets will not be forwarded to that sub network Multicast Receiver Multicast Transmitter Ch Mlullicasi i F Receiver 2 Figure 4 8 1 Multicast Service 154 PLANET a User s Manual of GS 5220 Series e Networking amp Communication Multicast Receiver Multicast Transmitter Multicast Receiver Multicast Receiver Figure 4 8 2 Multicast Flooding B Multicast Receiver Multicast IGMP Snooping Transmitter Switch Router IGMP Snooping Switch IGMP Snooping Switch IGMP Snooping Mult
228. en the actual default CoS is shown in parentheses after the configured default CoS e DPL Controls the default drop precedence level All frames are classified to a drop precedence level If the port is VLAN aware and the frame is tagged then the frame is classified to a DPL that is equal to the DEI value in the tag Otherwise the frame is classified to the default DPL The classified DPL can be overruled by a QCL entry e DSCP Based Click to Enable DSCP Based QoS Ingress Port Classification Buttons 183 PLAN ET User s Manual of GS 5220 Series Networking amp Communication APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 4 Port Scheduler This page provides an overview of QoS Egress Port Schedulers for all switch ports The Port Scheduler screen in Figure 4 9 3 appears QoS Egress Port Schedulers 90 01 92 03 04 05 Strict Priority Strict Priority Strict Priority Strict Priority o Strict Priority Strict Priority o Strict Priority zl JO On Be lo h Figure 4 9 3 QoS Egress Port Schedule Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row Click on the port number in order to configure the schedulers For more detail please refer to chapter 4 9 5 1
229. er eeng Multicast Server _ Layer 3 Multicast Router 5 MVR 2 Switch This page provides MVR related configuration The MVR screen in Figure 4 8 19 appears a Lang Box 175 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi MVR Configurations MA VLAN Interface Setting Role lInactive S Source R Receiver PIETE ame ress agging rIority nctermrace anne rore Add New MVE VLAN Immediate Leave Setting Immediate Leave 1 Z 3 4 5 b H Thsahled Figure 4 8 19 MVR Configuration Page Screenshot The page includes the following fields Object Description e MVR Mode Enable Disable the Global MVR The Unregistered Flooding control depends on the current configuration in IGMP MLD Snooping It is suggested to enable Unregistered Flooding control when the MVR group table is full e Delete Check to delete the entry The designated entry will be deleted during the next save e MVR VID Specify the Multicast VLAN ID Be Caution MVR source ports are not recommended to be overlapped with management VLAN ports e MVR Name MVR Name is an optional attribute to indicate the name of the specific MVR VLAN Maximum length of the MVR VLAN Name string is 16 MVR VLAN Name can only contain alphabets or numbers When the optional MVR VLAN name is 176 PLANET Networking amp Communication al e IGMP Address e Mode e T
230. er of text files in CLI format The files are either virtual RAM based or stored in flash on the switch There are three system files e running config A virtual file that represents the currently active configuration on the switch This file is volatile e startup config The startup configuration for the switch read at boot time e default config A read only file with vendor specific configuration This file is read when the system is restored to default settings It is also possible to store up to two other files and apply them to running config thereby switching configuration Configuration Download page allows the download the running config startup config and default config on the switch Please refer to the Figure 4 2 24 shown below Download Configuration select configuration file to save Please note running config may take a while to prepare for download running config default config startup confic Download Configuration Figure 4 2 24 Configuration Download Page Screenshot 76 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 2 20 Configuration Upload Configuration Upload page allows the upload the running config and startup config on the switch Please refer to the Figure 4 2 25 shown below Upload Configuration File To Upload OoOo ee Destination File running config Replace Merge startup config Create new file Upload Configuratio
231. ere selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 20 000 on switch A are connected to one optional Gigabit port on both switch B and C The redundant link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP System Configuration This page allows you to configure STP system settings The settings are used by all STP Bridge instances in the Switch The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops Extension Multiple Spanning Tree Protocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree The STP System Configuration screen in Figure 4 7 4 appears STP Bridge Configuration Basic Settings Protocol Version MS
232. erface address as provided by the DHCP server IPv4 Address Provide the IP address of this Managed Switch in dotted decimal notation Mask Length The IPv4 network mask in number of bits prefix length Valid values are between 0 and 30 bits for a IPv4 address IPv6 Address Provide the IP address of this Managed Switch A IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field Mask Length The IPv6 network mask in number of bits prefix length Valid values are between 1 and 128 bits for a IPv6 address e IP Routes Delete Select this option to delete an existing IP route The destination IP network or host address of this route Valid format is dotted decimal notationor a valid IPv6 notation A default route can use the value 0 0 0 0or IPv6 notation Mask Length The destination IP network or host mask in number of bits prefix length Gateway The IP address of the IP gateway Valid format is dotted decimal notation or a valid IPv6 notation Gateway and Network must be of the same type Next Hop VLAN The VLAN ID VID of the specific IPv6 interface associated with the gateway Buttons Add Interface Click to add a new IP interface A maximum of 128 interfaces is supported aoe oe Click to add a new IP route A maximum of 32 routes is supported Apply J Click to apply changes Reset Click to undo any changes made locally and revert to pre
233. ermitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen in Figure 4 9 15 appears 198 OF Mm e DI BI JO0000o000 Add PLANET Networking amp Communication QoS Port Storm Control ort de 2 i 18 P User s Manual of GS 5220 Series WE L kers v ao ao Re v Di 500 tes vv 500 Bez ee D 0 Bes OI mes D 0 Bez o ms D mm Bez Me Di am ges D mm ss tes 500 Wee D 500 Bes Bei 500 R Figure 4 9 15 Storm Control Configuration Page Screenshot The page includes the following fields Object e Port e Enable e Rate e Unit Buttons Description The port number for which the configuration below applies Controls whether the storm control is enabled on this switch port Controls the rate for the storm control The default value is 500 This value is restricted to 100 1000000 when the Unit is kbps or fps and it is restricted to 1 13200 when the Unit is Mbps or kfps Controls the unit of measure for the storm control rate as kbps Mbps fps or kfps The default value is kbps Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 14 WRED This page allows you to configure
234. ernally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Frame Income Income Frame is tagged Income Frame is untagged Frame Leave Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Frame remain untagged Table 4 6 1 Ingress Egress Port with VLAN VID Tag Untag Table 114 PLANET User s Manual of GS 5220 Series Networking amp Communication E IEEE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling Q in Q is designed for service providers carrying traffic for multiple customers across their networks Q in Q tunneling is used to maintain customer specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could easily exceed th
235. es a Disabled The server is disabled D Not Ready The server is enabled but IP communication is not yet up and running a Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts a Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview Object Description e The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e Status The current state of the server This field takes one of the following values E Disabled The server is disabled a Not Ready The server is enabled but IP communication is not yet up and running E Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this
236. es the following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description e User Module Name The full name of a module that may request Port Security services e Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port on the selected switch in the switch and a number of columns which are Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port 274 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al e Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter has enabled port security e State Shows the current state of the port It can take one of four values E Disabled No user modules are currently using the Port Security service E Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive E Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in RW S
237. ess processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded Shows whether the port accepts all frames or only tagged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Shows the PVID setting for the port Shows egress filtering frame status whether tagged or untagged Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side e Conflicts Shows status of Conflicts whether exists or Not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur E Functional Conflicts between feature WR Conflicts due to hardware limitation M Direct conflict between user modules Buttons tatic Select VLAN Users from this drop down list Auto refresh i Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 122 PLANET User s Manual of GS 5220 Series Networking amp Communication e 4 6 6 Port Isolation Overview When a VLAN is configured to be a private VLAN communication between ports within that VLAN can be prevented Two application examples are provided in this section e Customers connected to an ISP can be members of the same VLAN but they are not allowed to c
238. ethod being used Figure 4 11 2 shows a message exchange initiated by the client using the One Time Password OTP authentication method with a RADIUS server Authentication Server Client 802 1X Switch RADIUS ey EAPOL Start p EAP Request Identity EAP Response Identity RADIUS Access Request d EAP Request OTP RADIUS Access Challenge a EAP Response OTP RADIUS Access Request e FAP Success RADIUS Access Accept ____ Port Authorized EAPOL Logoff Port Unauthorized Figure 4 11 2 EAP Message Exchange 226 PLAN ET User s Manual of GS 5220 Series Networking amp Communication ry E Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network The port starts in the unauthorized state While in this state the port disallows all ingress and egress traffic except for 802 1X protocol packets When a client is successfully authenticated the port transitions to the authorized state allowing all traffic for the client to flow normally If a client that does not support 802 1X is connected to an unauthorized 802 1X port the switch requests the client s identity In this situation the client does not respond to the request the port remains in the unauthorized state and the client is not granted access to the network In contrast when an 802 1X enabled client connects to a port that is not running the 802 1X pr
239. ets that are discarded even the packets are normal e Community Specify the community when trap is sent the string length is from 0 to 127 default is public e Event Last Time Indicates the value of sysUpTime at the time this event entry last generated an event Buttons Add New Enty Click to add a new community entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 332 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 18 4 RMON Event Status This page provides an overview of RMON Event table entries Each page shows up to 99 entries from the Event table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Event table The first displayed will be the one with the lowest Event Index and Log Index found in the Event table screen in Figure 4 18 5 appears RMON Event Overview start from Control Index o and sample Index lo with 20 entries per page LogIndex LogDescription No morg antes Figure 4 18 5 RMON Event Overview Page Screenshot The page includes the following fields Object Description e Event Index Indicates the index of the event entry e Log Index Indicates the index of the log entry e Longtime Indicates Event log time e Log Description Indicates the Event description Buttons Refresh
240. ext save e Entry Name The name used for indexing the address entry table Each entry has the unique name which is composed of at maximum 16 alphabetic and numeric characters At least one alphabet must be present e Start Address The starting IPv4 IPv6 Multicast Group Address that will be used as an address range e End Address The ending IPv4 IPv6 Multicast Group Address that will be used as an address range Buttons Add New Address Range Enty Click to add new address range Specify the name and configure the addresses Click Save 159 PLAN ET User s Manual of GS 5220 Series Networking amp Communication APPIY J Click to apply changes _Reset_ Click to undo any changes made locally and revert to previously saved values Refresh Refreshes the displayed table starting from the input fields Liss J Updates the table starting from the first entry in the IPMC Profile Address Configuration Updates the table starting with the entry after the last entry currently displayed 4 8 4 IGMP Snooping Configuration This page provides IGMP Snooping related configuration The IGMP Snooping Configuration screen in Figure 4 8 7 appears IGMP Snooping Configuration Global Configuration Snooping Enabled Unregistered IPMCyv4 Flooding Enabled IGMP SSM Range 232 0 0 0 re Leave Proxy Enabled L Proxy Enabled LI Port Related Configuration Router Port Throttling gq ited
241. failing resource is done 361 gt PLANET Networking amp Communication EC Declaration of Confomi For the following equipment Type of Product 24 100 1000X SFP Slots with 8 Shared TP Managed Switch Model Number gt GS 5220 16S8C GS 5220 16S8CR Produced by Manufacturer s Name Planet Technology Corp Manufacturer s Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximation of the Laws of the Member States relating to Electromagnetic Compatibility Directive on 2004 108 EC For the evaluation regarding the EMC the following standards were applied EN 55022 2010 AC 2011 EN 61000 3 2 2006 A 1 2009 A2 2009 EN 61000 3 3 2013 EN 55024 2010 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A 1 2007 A2 2010 IEC 61000 4 4 2012 IEC 61000 4 5 2005 IEC 61000 4 6 2013 IEC 61000 4 8 2009 IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer C Authorized representative established within the EU Authorized representative established within the EU if applicable Company Name Planet Technology Corp Company Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Person responsible for making this declaration Name Surname Kent Kang Position Title Product Manager Taiwan SI Aug 2014 i Place Date L
242. fferent server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name IP Address RFC4668 Name 254 Description IP address and UDP port for the authentication server PLAN EI User s Manual of GS 5220 Series Networking amp Communication e in question State Shows the state of the server It takes one of the following values E Disabled The selected server is disabled E Not Ready The server is enabled but IP communication is not yet up and running E Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts E Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip radiusAuthClient The time interval measured in milliseconds between Time ExtRoundTripTim the most recent Access Reply Access Challenge and e the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS
243. fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm 351 PLANET User s Manual of GS 5220 Series Networking amp Communication For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to the mirror port MLD is an acronym for Multicast Listener Discovery for IPv6 MLD is used by IPv6 routers to discover multicast listeners on a directly attached link much as IGMP is used in IPv4 The protocol is embedded in ICMPv 6 instead of using a separate
244. from analyzer is remapped and frame is remarked with remapped DSCP value Depending on the DP level of the frame the remapped DSCP value is either taken from the DSCP Translation gt Egress Remap DO table or from the DSCP Translation gt Egress Remap DP1 table Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 8 DSCP based QoS This page allows you to configure the basic QOS DSCP based QoS Ingress Classification settings for all switches The DSCP based QoS screen in Figure 4 9 9 appears DSCP Based QoS Ingress Classification DSCP Trust Qos Class DPL S 0 BE a S 2 S S S e S e S 7 m Bcs O e S CS ECH Figure 4 9 9 DSCP based QoS Ingress Classification Page Screenshot 190 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e The page includes the following fields Object Description e DSCP Maximum number of supported DSCP values are 64 e Trust Controls whether a specific DSCP value is trusted Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level Frames with untrusted DSCP values are treated as a non IP frame e QoS Class QoS Class value can be any of 0 7 e DPL Drop Precedence Level 0 1 4 9 9 DSCP Translation This page allows you to configure the basic QoS DSCP Translation settings for all switches DSCP translation can be don
245. ft D Watts amp Watts 12 Watts 12 Watts Save 24 watts hr during off business hours Tope cones ees ae ae a Total Saved 10800 Watts month 1000BaseT UTP with PoE Scheduled Power Recycling The Managed PoE switch allows each of the connected PoE IP cameras to reboot in a specific time each week Therefore it will reduce the chance of IP camera crash resulting from buffer overflow Automatically Reboot Every Friday 23 00 RR Ke EEEE PoE gt gt gt gt gt gt ON OFF ON PoE PT Camera The screen in Figure 4 16 6 appears 322 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i Power Over Ethernet Schedule Prete Pete a Week Day Start Hour Start Min End Hour End Min Reboot Enable Reboot Only Reboot Hour Reboot Min Add New Rule W PoE Schedule PoE Reboot 00h Oh OFh OSh OF Oh h Oh O8h h Woh Wh Wh Wh 44h Wh 1h 47h Wh Wh 2Oh 2th 22h 23h OOh Figure 4 16 6 PoE Schedule Screenshot Please press Add New Rule button to start settingPoE Schedule function You have to set PoE schedule via profile and then go back to PoE Port Configuration and select Schedule mode from per port PoE Mode option and then you can indicate which schedule profile could be apply to the PoE port The page includes the following fields Object Description e Profile Set the schedule profile mode Possible profiles are Profile1 Profile2 Profile3
246. g amp Communication Buttons Auto refresh Automatic refresh occurs every 3 seconds Refresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields ear Flushes all dynamic entries e Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address gt gt Updates the table starting with the entry after the last entry currently displayed 289 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 14 LLDP 4 14 1 Link Layer Discovery Protocol Link Layer Discovery Protocol LLDP is used to discover basic information about neighboring devices on the local broadcast domain LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details L
247. g systems Secure Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Communicates with switch functions at the MIB level Based on open standards Disadvantages Must be near the switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need only know the community name Table 3 1 Comparison of Management Methods 43 PLANET User s Manual of GS 5220 Series Networking amp Communication vi 3 3 Administration Console The administration console is an internal character oriented and command line user interface for performing system administration such as displaying statistics or changing option settings Using this method you can view the administration console from a terminal personal computer Apple Macintosh or workstation connected to the Managed Switch s console serial port PC Workstation with Terminal Emulation Software Managed Switch C Sege i Figure 3 1 1 Console Management Direct Access Direct access to the administration console is achieved by directly connectin
248. g a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following parameters The default parameters are 115200 bps COM Properties 8 data bits Port Settings E No parity 1 stop bit Bits per second apes Data bits Parity Stop bits Flow contral NES EENS Figure 3 1 2 Terminal Parameter Settings 44 a PLANET User s Manual of GS 5220 Series A Metworking amp Communication You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed S
249. g remarking For more detail please refer to chapter 4 9 6 1 e Mode Shows the tag remarking mode for this port M Classified Use classified PCP DEI values HM Default Use default PCP DEI values WW Mapped Use mapped versions of QoS class and DP level 4 9 6 1 QoS Egress Port Tag Remarking The QoS Egress Port Tag Remarking for a specific port are configured on this page The QoS Egress Port Tag Remarking screen in Figure 4 9 7 appears Qos Egress Port Tag Remarking Port 1 Figure 4 9 7 QoS Egress Port Tag Remarking Page Screenshot The page includes the following fields Object Description e Mode Controls the tag remarking mode for this port MM Classified Use classified PCP DEI values Default Use default PCP DEI values Mapped Use mapped versions of QoS class and DP level e PCP DEI Configuration Controls the default PCP and DEI values used when the mode is set to Default e QoS class DP level Controls the mapping of the classified QoS class DP level to PCP DEI values to PCP DEI Mapping when the mode is set to Mapped Buttons _Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 188 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 9 7 Port DSCP This page allows you to configure the basic QoS Port DSCP Configuration settings for all switch ports The Port DSCP screen in Figure
250. g with TPID 0x8100 get classified to the VLAN ID embedded in the tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with a C tag E S Port On ingress frames with a VLAN tag with TPID 0x8100 or 0x88A8 get classified to the VLAN ID embedded in the tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with an S tag WE s Custom Port On ingress frames with a VLAN tag with a TPID 0x8100 or equal to the Ethertype configured for Custom S ports get classified to the VLAN ID embedded in the tag If a frame is untagged or priority tagged the frame gets classified to the Port VLAN If frames must be tagged on egress they will be tagged with the custom S tag Hybrid ports allow for changing ingress filtering Access and Trunk ports always have ingress filtering enabled MH Ifingress filtering is enabled checkbox is checked frames classified to a VLAN that the port is not a member of get discarded Mi Ifingress filtering is disabled frames classified to a VLAN that the port is not a member of are accepted and forwarded to the switch engine However the port will never transmit frames classified to VLANs that it is not a member of Hybrid ports allow for changing the type of frames that are accepted on ingress MM Tagged and Untagged Both tagged and
251. ge includes the following fields Object Description e Port This is the logical port number for this row e Mode Access ports are normally used to connect to end stations Dynamic features like Voice VLAN may add the port to more VLANs behind the scenes Access ports have the following characteristics Member of exactly one VLAN the Port VLAN Access VLAN which by default is 1 Accepts untagged and C tagged frames Discards all frames that are not classified to the Access VLAN On egress all frames classified to the Access VLAN are transmitted untagged Other dynamically added VLANs are transmitted tagged Trunk Trunk ports can carry traffic on multiple VLANs simultaneously and are normally used to connect to other switches Trunk ports have the following characteristics By default a trunk port is member of all VLANs 1 4095 The VLANs that a trunk port is member of may be limited by the use of Allowed VLANs Frames classified to a VLAN that the port is not a member of are discarded By default all frames but frames classified to the Port VLAN a k a Native VLAN get tagged on egress Frames classified to the Port VLAN do not get C tagged on egress Egress tagging can be changed to tag all frames in which case only tagged frames are accepted on ingress Hybrid Hybrid ports resemble trunk ports in many ways but adds additional port configuration features In addition to the characteristics described for trunk ports
252. ged Switch always uses the specified port as an IGMP Router port Use this mode when you connect an IGMP multicast server or IP camera which applied with multicast protocol to the port a None The Managed Switch will not use the specified port as an IGMP Router port The Managed Switch will not keep any record of an IGMP router being connected to this port Use this mode when you connect other IGMP multicast servers directly on the non querier Managed Switch and don t want the multicast stream to be flooded by uplinking switch through the port that is connected to the IGMP querier e Fast Leave Enable the fast leave on the port e Throtting Enable to limit the number of multicast groups to which a switch port can belong Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 161 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 8 5 IGMP Snooping VLAN Configuration Each page shows up to 99 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The IGMP Snooping VLAN Configuration screen in Figure 4 8 8 appears
253. gral part of the IP multicast specification like ICMP for unicast connections IGMP can be used for online video and gaming and allows more efficient use of resources when supporting these USES IGMP Querier A router sends IGMP Query messages onto a particular link This router is called the Querier 349 wi IMAP IPMC PLAN EI User s Manual of GS 5220 Series Networking amp Communication IMAP is an acronym for Internet Message Access Protocol It is a protocol for email clients to retrieve email messages from a mail server IMAP is the protocol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to generate local folders copy messages to your local hard drive and then delete and expunge the messages from the server IP is an acronym for Internet Protocol It is a protocol used for communicating data across a internet network IP is a best effort system which means that no packet of information sent over it is assured to reach its destination in the same condition it was
254. h L IGMP Snooping Status Statistics LAWN Querier Querier Queries Queries Y1 Reports 2 Reports Y3 Reports Y2 Leaves ID ersion Status Transmitted Received Received Received Received Received The page includes the following fields Object VLAN ID Querier Version Host Version Querier Status Querier Transmitted Querier Received V1 Reports Received V2 Reports Received V3 Reports Received V2 Leave Received Router Port Port Status Router Port 2 J 4 5 S SG H D 4 Figure 4 8 10 IGMP Snooping Status Page Screenshot Description The VLAN ID of the entry Working Querier Version currently Working Host Version currently Show the Querier status is ACTIVE or IDLE The number of Transmitted Querier The number of Received Querier The number of Received V1 Reports The number of Received V2 Reports The number of Received V3 Reports The number of Received V2 Leave Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port Switch port number Indicate whether specific port is a router port or not 165 PLAN ET User s Manual of GS 5220 Series Networking amp
255. hat an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP Bl IPv6 The ACE will match all IPv6 standard frames e Action Indicates the forwarding action of the ACE HM Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped 208 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled e Port Redirect Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled e Counter The counter indicates the number of times the ACE was hit by a frame Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons Inserts a new ACE before the current row Edits the ACE row D Moves the ACE up the list Gi Moves the ACE down the lis
256. hat the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components User Priority VLAN User Priority is a 3 bit field storing the priority level for the 802 1Q frame A method to restrict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags 359 e VLAN ID PLAN EI User s Manual of GS 5220 Series Networking amp Communication VLAN aware switching This i
257. he IGMP Snooping Status screen in Figure 4 8 16 appears Auto refresh LJ MLD Snooping Status Statistics Figure 4 8 16 MLD Snooping Status Page Screenshot The page includes the following fields Object Description e VLAN ID The VLAN ID of the entry e Querier Version Working Querier Version currently e Host Version Working Host Version currently e Querier Status Shows the Querier status is ACTIVE or IDLE DISABLE denotes the specific interface is administratively disabled e Querier Transmitted The number of Transmitted Querier e Querier Received The number of Received Querier e V1 Reports Received The number of Received V1 Reports e V2 Reports Received The number of Received V2 Reports e V1 Leave Received The number of Received V1 Leaves e Router Port Display which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier Static denotes the specific port is configured to be a router port Dynamic denotes the specific port is learnt to be a router port Both denote the specific port is configured or learnt to be a router port 172 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e e Port Switch port number e Status Indicates whether specific port is a router port or not Buttons Retresh Click to refresh the page immediately Clear Clears all Statistics counters Auto refresh
258. he RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration Security AAA page the client is put on hold in the Unauthorized state The hold timer does not count during an on going authentication 230 al PLANET Networking amp Communication e RADIUS Assigned QoS Enabled e RADIUS Assigned VLAN Enabled e Guest VLAN Enabled e Guest VLAN ID e Max Reauth Count User s Manual of GS 5220 Series In MAC based Auth mode the switch will ignore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RAD IUS server assigned QoS Class functionality When checked the individual porte ditto setting determines whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming t
259. he circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is van d module_id port_no The parameter of vian_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping DNS DoS DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For example the domain name www example com might translate to 192 168 0 1 DoS is an acronym for Denial of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Dotted Decimal Notation 347 j PLANET User s Manual of GS 5220 Series Networki
260. he entry It will be deleted during the next save e VLAN ID The VLAN ID of the entry e MAC Address The MAC address of the entry e Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry e Adding a New Static Add New Static Entry Click Specify the VLAN ID MAC address and port members for the new entry Click to add a new entry to the static MAC table Entry Save Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 287 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 13 2 MAC Address Table Status Dynamic MAC Table Entries in the MAC Table are shown on this page The MAC Table contains up to 8192 entries and is sorted first by VLAN ID then by MAC address The MAC Address Table screen in Figure 4 13 2 appears MAC Address Table Start from WYLAN 1 and MAC Address 00 00 00 00 00 00 with 20 entries per page Query by CPU e L VLAN C MAC Address Port Members DER 1 2 3 4 s5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 2e Static 1 33 33 00 00 00 01 VVVVVVVVVVVVVVVVVVV VV VV VV wv vd Static 1 EE W Ak A MANSANAS ASAAN NNN AAN SAN ANNM NX static 1 33 33 FF AB CD EF VY wv wv vw wv vw vw vw vw wv wv wv vw vw VV VV wv Dynamic 1 40 61 86 04 18 69 wv Static 1 FF FF FF FF FF FF VY f VVVVVVVVVVVVVV
261. hich are Object Description e Delete To delete a RADIUS server entry check this box The entry will be deleted during the next Save e Hostname The IP address or hostname of the RADIUS server e Auth Port The UDP port to use on the RADIUS server for authentication e Acct Port The UDP port to use on the RADIUS server for accounting e Timeout This optional setting overrides the global timeout value Leaving it blank will use the global timeout value e Retransmit This optional setting overrides the global retransmit value Leaving it blank will use the global retransmit value e Key This optional setting overrides the global key Leaving it blank will use the global key Buttons Add New Server Click to add a new RADIUS server An empty row is added to the table and the RADIUS server can be configured as needed Up to 5 servers are supported Click to undo the addition of the new server Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 248 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication 4 11 7 TACACS This page allows you to configure the TACACS Servers The TACACS Configuration screen in Figure 4 11 8 appears TACACS Server Configuration Global Configuration Timeout seconds Deadtime minutes Server Configuration Add New Server Figure 4 11 8 TACACS Server Configuratio
262. hit the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address Hi 1 RARP frames where THA is equal to the SMAC address Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 HM 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 1 ARP RARP frames where the HLD is equal to Ethernet 1 WW Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings HM 0 ARP RARP frames where the PRO is equal to IP 0x800 HM 1 ARP RARP frames where the PRO is equal to IP 0x800 WW Any Any value is allowed don t care The IP parameters can be configured when Frame Type IPv4 is selected Object e IP Protocol Filter Description Specify the IP protocol filter for this ACE BW Any No IP protocol filter is specified don t care HM Specific If you want to filte
263. horized e Globally Disabled j ka l ka hai Force Authorized Globally Disabled Force Authorized Globally Disabled Force Authorized pee Globally Disabled Globally Disabled Figure 4 11 4 Network Access Server Configuration Page Screenshot The page includes the following fields System Configuration Object Description e Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames e Reauthentication If checked successfully authenticated supplicants clients are reauthenticated Enabled after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the 229 al PLANET Networking amp Communication e Reauthentication Period e EAPOL Timeout e Aging Period e Hold Time User s Manual of GS 5220 Series switch and the client and therefore doesn t imply that a client is still present on a port Determines the period in seconds after which a connected client must be reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds Determines the time for
264. hutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration web page e MAC Count The two columns indicate the number of currently learned MAC addresses Current Limit forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 275 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 12 7 Port Security Detail This page shows the MAC addresses secured by the Port Security module Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC add
265. hybrid ports have these abilities Can be configured to be VLAN tag unaware C tag aware S tag aware or S custom tag aware Ingress filtering can be controlled Ingress acceptance of frames and configuration of egress tagging can be configured independently e Port VLAN Determines the port s VLAN ID PVID Allowed VLANs are in the range 1 through 4095 default being 1 Mi On ingress frames get classified to the Port VLAN if the port is configured as VLAN unaware the frame is untagged or VLAN awareness is enabled on the port but the frame is priority tagged VLAN ID 0 Mi On egress frames classified to the Port VLAN do not get tagged if Egress 117 vi PLANET Networking amp Communication e Port Type e Ingress Filtering e Ingress Acceptance User s Manual of GS 5220 Series Tagging configuration is set to untag Port VLAN The Port VLAN is called an Access VLAN for ports in Access mode and Native VLAN for ports in Trunk or Hybrid mode Ports in hybrid mode allow for changing the port type that is whether a frame s VLAN tag is used to classify the frame on ingress to a particular VLAN and if so which TPID it reacts on Likewise on egress the Port Type determines the TPID of the tag if a tag is required Mm Unaware On ingress all frames whether carrying a VLAN tag or not get classified to the Port VLAN and possible tags are not removed on egress Mm C Port On ingress frames with a VLAN ta
266. icast Switch Receiver Multicast Receiver D Figure 4 8 3 IGMP Snooping Multicast Stream Control 155 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below pe eaning mn Membership Query if Group Address is 0 0 0 0 Specific Group Membership Query if Group Address is Present me Membership Report version 2 Leave a Group version 2 o on Membership Report version 1 IGMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodicall
267. ication a e Allow Guest VLAN if EAPOL Seen Port Configuration User s Manual of GS 5220 Series this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 The switch remembers if an EAPOL frame has been received on the port for the life time of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the life time of the port The value can only be changed if the Guest VLAN option is globally enabled The table has one row for each port and a number of columns which are Object e Port e Admin State Description The port number for which the configuration below applies If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up
268. ication action taken on ingress frame if parameters configured are matched with the frame s content There are three action fields Class DPL and DSCP HM Class Classified QoS class if a frame matches the QCE it will be put in the queue DPL Drop Precedence Level if a frame matches the QCE then DP level will set to value displayed under DPL column DSCP If a frame matches the QCE then DSCP will be classified with the value displayed under DSCP column e Conflict Displays Conflict status of QCL entries As H W resources are shared by multiple applications It may happen that resources required to add a QCE may not be available in that case it shows conflict status as Yes otherwise it is always No Please note that conflict can be resolved by releasing the H W resources required to add OCL entry on pressing Resolve Conflict button Buttons Combined Select the QCL status from this drop down list Resolve Conflict Click to release the resources required to add QCL entry in case the conflict status for any QCL entry is yes Refresh Click to refresh the page 4 9 13 Storm Control Configuration Storm control for the switch is configured on this page There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The configuration indicates the p
269. ies Membership 110 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 6 2 IEEE 802 1Q VLAN In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R amp D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features a Up to 255 VLANs based on the IEEE 802 1Q
270. igure 4 11 14 Windows Server RADIUS Server Setting 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration RADIUS Assigned RADIUS Assigned Guest i Admin State SCH Enabled VLAN Enabled V LANEnabled Pt State E Port based 8021X ze Globally Disabled Reauthenticate Reinitialize 2 Port based 802 1 e Globally Disabled Reauthenticate Figure 4 11 15 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then 260 PLANET User s Manual of GS 5220 Series Networking amp Communication DZ security Shortcut to Active Directory Domains and Trusts Configurati Network Active Directory Sites and Services Z Active Directory Users and Computers m Certification Authority Adminisirator Cluster Administrator Manage Tour Server ES Command Prompt t Component Services Computer Management ig Control 4 Configure Your Server Wizard ee Data Sources ODBC rm em ETE Adminis wl Distributed File System P Printers ci CNS EN Domain Controller Security Policy Si Help an EN Domain Security Policy Event Viewer HyperTerminal Internet Authentication Service Ethereal Windows Catalog Windows Update Internet Information Services 115 Manager Licensing Accessories b
271. igure the rate limiter for the ACL of the switch The ACL Rate Limiter Configuration screen in Figure 4 10 5 appears ACL Rate Limiter Configuration Rate Limiter ID Rate pps Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The page includes the following fields Object Description e Rate Limiter ID The rate limiter ID for the settings contained in the same row e Rate pps The allowed values are 0 3276700 in pps or 0 100 200 300 1000000 in kbps Buttons APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 222 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 11 Authentication This section is to control the access of the Managed Switch includes the user access and management control The Authentication section contains links to the following main topics m IEEE 802 1X Port Based Network Access Control E MAC Based Authentication m User Authentication Overview of 802 1X Port Based Authentication In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frame
272. ill be sent but with Aging enabled new SNMP traps will be sent every time the limit gets exceeded E Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port and no new will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Boot the switch 2 Disable and re enable Limit Control on the port or the switch 3 Click the Reopen button E Trap amp Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values E Disabled Limit Control is either globally disabled or disabled on the port E Ready The limit is not yet reached This can be shown for all actions E Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap RW Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap amp 268 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Shutdown e Re open Button If a port is shutdown by this module you ma
273. in assignment MDI MDI X Media Dependent Interface Media Dependent Interface Cross 1 el o O O Tel oo a o 342 User s Manual of WGSW 48040HP The standard cable RJ45 pin assignment ki The standard RJ45 receptacle connector There are 8 wires on a standard UTP STP cable and each wire is color coded The following shows the pin allocation and color of straight through cable and crossover cable connection Straight Cable SIDE SIE 6 7 8 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Figure A 1 Straight through and Crossover Cable 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Please make sure your connected cables are with the same pin assignment and color as the above picture before deploying the cables into your network 343 e PLAN EI User s Manual of GS 5220 Series Networking amp Communication APPENDIX B GLOSSARY A ACE ACL ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE a
274. ine ID equal system engine ID then it is local user otherwise it s remote user e User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 e Security Level Indicates the security model that this entry should belong to Possible security models are E NodAuth NoPriv None authentication and none privacy RW Auth NoPriv Authentication and none privacy WR Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly e Authentication Indicates the authentication protocol that this entry should belong to Possible Protocol authentication protocol are E None None authentication protocol 88 a PLAN EI User s Manual of GS 5220 Series il Networking amp Communication E MDB5 An optional flag to indicate that this user using MD5 authentication protocol WR SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly e Authentication A string identifying the authentication pass phrase For MD5 authentication Password protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is
275. ing e Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter e Improve performance for specific types of traffic and preserve performance as the amount of traffic grows e Reduce the need to constantly add bandwidth to the network e Manage network congestion QoS Terminology e Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level e DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded by certain applications and or devices to indicate the level of service required by the packet across a network e Service Level defines the priority that will be given to a set of classified traffic You can create and modify service levels e Policy comprises a set of rules that are applied to a network so that a network meets the needs of the business That is traffic can be prioritized across a network according to its importance to that particular business type e QoS Profile consists of multiple sets of rules classifier plus service level combinations The QoS profile is assigned to a port s e Rules comprises a service level and a classifier to define how the Switch will tr
276. instance e Topology Change Last The time since last Topology Change occurred Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page immediately 4 7 4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well The CIST Port Configuration screen in Figure 4 7 6 appears STP CIST Port Configuration CIST Aggregated Port Configuration Po STP Path Cost Priority Admin Edge Auto Edge pea USL BPDU Guard Point to Enabled g g Role TCN Point C Fowed Tue ze D a 128 Nome CIST Normal Port Configuration STP KC Restricted Point to Port Enabled Path Cost Admin Edge Auto Edge ae BPDU Guard Point Role TCN D a gt kee zs O OO OQ 1 O ae ell 1284 NonBage O0 oO C Auto v 2 D Aw _ 128 Now Edge e 0 0 a 3 D ae sii Om Noe v oO o E 4 O Auto _ 128 4 Noe v oo S 5 DO auto m 128 Noe s Oo o S 56 oO Auto v 128 v NoE O0 oO O 7 O Auto M 128 Nome v CO o R 5 C Auto wl E sei Non Edge ze Il F F Ante w em m Onn Figure 4 7 6 STP CIST Port Configuration Page Screenshot The page includes the following fields Object Description e Port The switch port number of the logical STP port e STP Enabled Controls whether RSTP is enabled on this switch port 145 al
277. ions for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create connections to one another It is known as a connection oriented protocol which means that a connection is established and maintained until such time as the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an acronym for Teletype Network It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through the Telnet program just as if they were entering commands directly on the server console TFTP TFTP is an acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Protocol UDP and provides file writing and reading but it does not provides directory service and security fe
278. is selected for the IPv6 next header value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IPv6 protocol value Specify the source IPv6 filter for this ACE HM Any No source IPv6 filter is specified Source IPv6 filter is don t care HM Specific Source IPv6 filter is set to Network Specify the source IPv6 address and source IPv6 mask in the SIP Address fields that appear When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 address The field only supported last 32 bits for IPv6 address When Specific is selected for the source IPv6 filter you can enter a specific SIPv6 mask The field only supported last 32 bits for IPv6 address Notice the usage of bitmask if the binary bit value is 0 it means this bit is don t care The real matched pattern is sipv6_ address amp sipv6_bitmask last 32 bits For example if the SIPv6 address is 2001 3 and the SIPv 6 bitmask is OxFFFFFFFE bit 0 is don t care bit then SIPv6 address 2001 2 and 2001 3 are applied to this rule 216 a PLANET Networking amp Communication e Hop Limit ICMP Parameters Object e ICMP Type Filter e ICMP Type Value e ICMP Code Filter e ICMP Code Value TCP UDP Parameters Object e TCP UDP Source Filter User s Manual of GS 5220 Series Specify the hop limit settings for this ACE Mi zero IPv6 frames with a hop limit field gre
279. isplayed 166 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 8 9 IGMPv3 Information Entries in the IGMP SSM Information Table are shown on this page The IGMP SSM Information Table is sorted first by VLAN ID then by group and then by Port No Diffrent source addresses belong to the same group are treated as single entry Each page shows up to 99 entries from the IGMP SSM Source Specific Multicast Information table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the IGMP SSM Information Table The Start from VLAN and Group input fields allow the user to select the starting point in the IGMP SSM Information Table The IGMPv3 Information screen in Figure 4 8 12 appears IGMP SFM Information Auto refresh L start from WLAN and Group with 2 entries per page VLAN 1D Groun Port Mode Source address Type Hardware Fiter Switch No more entries Mo more entries Figure 4 8 12 IGMP SSM Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group address of the group displayed e Port Switch port number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system li
280. itch A broadcasts a packet to switch C then switch C will drop the packet at port 2 and the broadcast will end there Setting up STP using values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward 140 PLANET User s Manual of GS 5220 Series Metworking amp Communication A LAN1 _ gt Port cost 200 000 A C Bridge ID 15 Port cost 20 000 Port cost 20 000 Port cost 20 000 Port cost 20 000 B C Bridge ID 30 Bridge ID 20 Port cost 200 000 Port cost 200 000 Port cost 200 000 A LAN 2 _ gt A LAN 3 gt Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used a C Root Bridge Designated Port Designated Port Root Port Root Port de Designated Bridge aJtH _ LAN2 gt ln LAN3 _ gt Figure 4 7 3 After Applying the STA Rules 141 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a The switch with the lowest Bridge ID switch C was elected the root bridge and the ports w
281. lable power provided by the PSU The system may come with a PSU capable of supplying less power than the total potential power consumption of all the PoE ports in the system In order to maintain the activity of the majority of ports power management is implemented The PSU input power consumption is monitored by measuring voltage and current The input power consumption is equal to the system s aggregated power consumption The power management concept allows all ports to be active and activates additional ports as long as the aggregated power of the system is lower than the power level at which additional PDs cannot be connected When this value is exceeded ports will be deactivated according to user defined priorities The power budget is managed according to the following user definable parameters maximum available power ports priority maximum allowable power per port Reserved Power determined by There are five modes for configuring how the ports PDs may reserve power and when to shut down ports E Classification mode In this mode each port automatically determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exist and one for 4 7 15 4 and 30 8 watts Class Usage Range of maximum power used by the PD Class Description 0 Default 0 44 to 12 95 watts Classification unimplemented nu Optional 0 44 to 3 84 watts Very low power 2 Op
282. lass If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e E Port based 802 1X E Single 802 1X RADIUS attributes used in identifying a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 7 which translates into the desired QoS Class in the range 0 7 When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS 235 p PLANET Networking amp Communication e Guest VLAN Enabled User s Manual of GS 5220 Series Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be f
283. lay DHCP Relay Statistics CPU Load System Log Detailed Log Remote Syslog SMTP Configuration Web Firmware Upgrade TFTP Firmware Upgrade Save Startup Config Configuration Download Configuration Upload Configuration Activate Configuration Delete Image Select Factory Default System Reboot The Managed Switch system information is provided here Configures the Managed Switch managed Pv4 IPv 6 interface and IP routes on this page This page displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbour cache ARP cache status This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser This page provides an overview of the privilege levels Configure NTP server on this page Configure time parameter on this page Configure UPnP on this page Configure DHCP Relay on this page This page provides statistics for DHCP relay This page displays the CPU load using an SVG graph The Managed Switch system log information is provided here The Managed Switch system detailed log information is provided here Configure remote syslog on this page Configuration SMTP parameters on this page This page facilitates an update of the firmware controlling the Managed Switch Upgrade the firmware via TFTP server This copies running config to startup config thereby ensu
284. le Network Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbour has been detected in order share LLDP MED information as fast as possible to new neighbours Because there is a risk of an LLDP frame being lost during transmission between neighbours it is recommended to repeat the fast start transmission multiple times to increase the possibility of the neighbours receiving the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission would be repeated The recommended value is 4 times given that 4 LLDP frames with a 1 second interval will be transmitted when an LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including Network Connectivity Devices or other types of links Description Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North of the equator or South of the equator Longitude SHOULD be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the
285. led Disable check VLAN operation Only the Global Mode and Port Mode on a given port are enabled and the setting of Check VLAN is disabled the log type of ARP Inspection will refer to the port setting There are four log types and possible types are E None Log nothing mM Deny Log denied entries E Permit Log permitted entries a ALL Log all entries Buttons Translate Dynamic to Static Click to translate all dynamic entries to static entries APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 13 ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears static ARP Inspection Table VLAN ID MAC Address IP Address Add New Entry Figure 4 12 13 Static ARP Inspection Table Screen Page Screenshot The page includes the following fields Object Description 283 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The VLAN ID for the settings e MAC Address Allowed Source MAC address in ARP request packets e IP Address Allowed Source IP address in ARP request packets Buttons Add New Entry Click to add a new entry to the Static ARP Inspection table Apply J Click to apply changes
286. lience 17 PLANET Networking amp Communication User s Manual of GS 5220 Series 1 5 Product Specifications Product GS 5220 8P2T2S Hardware Specifications Copper Ports 10 10 100 1000BASE T RJ45 Auto MDI MDI X ports SFP mini GBIC Slots 2 x 100 1000BASE X SFP interfaces with Port 11 to Port 12 Supports 100 1000Mbps dual mode and DDM PoE Injector Port 8 ports with 802 3at af PoE injector function with Port 1 to Port 8 Console 1 x RJ45 serial port 115200 8 N 1 Switch Architecture Store and Forward Switch Fabric 24Gbps non blocking Throughput 17 76Mpps 64 bytes Address Table 8K entries automatic source address learning and aging Shared Data Buffer 1392KB Flow Control IEEE 802 3x pause frame for full duplex Back pressure for half duplex Jumbo Frame 9KB Reset Button lt 5 sec System reboot gt 5 sec Factory default LED System Fan Alert Green SYS Green PWR Green 10 100 1000T RJ45 Interfaces Port 1 to Port 8 10 100 1000Mbps LNK ACT Green PoE in Use Orange 10 100 1000T RJ45 Interfaces Port 9 to Port 10 LNK ACT Green 1000Mbps Orange 100 1000Mbps SFP Combo Interfaces Port 11 to Port 12 LNK ACT Green 1000Mbps Orange Power Requirements 100 240V AC 50 60Hz Power Consumption Full Loading 320 watts 1091 9 BTU max ESD Protection 6KV DC Dimensions W x D x
287. log entries starting from the last entry currently displayed gt Updates the system log entries ending at the last available entry ID 4 2 13 Detailed Log The Managed Switch system detailed log information is provided here The Detailed Log screen in Figure 4 2 16 appears Detailed System Log Information doj 1 Message Level Info Time 1970 01 01 Thu 00 00 09 00 00 Message Switch just made a cold boot Figure 4 2 15 Detailed Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system log entry e Message The message of the system log entry Buttons Download Download the system log entry to the current entry ID Refresh Updates the system log entry to the current entry ID kx Updates the system log entry to the first available entry ID EA Updates the system log entry to the previous available entry ID Updates the system log entry to the next available entry ID gt Updates the system log entry to the last available entry ID Pin Print the system log entry to the current entry ID 71 PLAN EI User s Manual of GS 5220 Series Networking amp Communication Gr 4 2 14 Remote Syslog Configure remote syslog on this page The Remote Syslog screen in Figure 4 2 17 appears system Log Configuration r Address Syslog Level oo Ee Syslog ty Figure 4 2 17 Remote Syslog Page Screenshot The page includes the f
288. low control status auto negotiation status trunk status TX RX Both Port Mi i Many to 1 monitor 802 1Q tagged based VLAN Q in Q tunneling Private VLAN Edge PVE MAC based VLAN VLAN Protocol based VLAN Voice VLAN IP Subnet based VLAN MVR Multicast VLAN registration Up to 255 VLAN groups out of 4094 VLAN IDs 24 a PLANET User s Manual of GS 5220 Series Networking amp Communication IEEE 802 3ad LACP static trunk GS 5220 44S4C Link Aggregation 24 groups of 8 port trunk supported GS 5220 46S2C4X GS 5220 48T4X 26 groups of 8 port trunk supported STP IEEE 802 1D Spanning Tree Protocol Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol Traffic classification based Strict priority and WRR 8 Level priority for switching Port Number 802 1p priority 802 1Q VLAN tag DSCP TOS field in IP packet IGMP v1 v2 v3 snooping up to 255 multicast groups IGMP S SSES IGMP querier mode support MLD v1 v2 snooping up to 255 multicast groups MLD MLD querier mode support Gegen IP based ACLIMAC based ACL Up to 256 entries Per port bandwidth control Bandwidth Control Ingress 100Kbps 1000Mbps Egress 100Kbps 1000Mbps Layer 3 Functions IP Interfaces Max 128 VLAN interfaces Routing Table Max 32 routing entries S IPv4 hardware static routing Routing Pr IPv6 hardware static routing Management Basic Management Interfa
289. lue of OUI field is 00 00 00 then value of PID will be etype 0x0600 0xffff and if value of OUI is other than 00 00 00 then valid value of PID will be any value from 0x0000 to Oxffff e Group Name A valid Group Name is a unique 16 character long string for every entry which consists of a combination of alphabets a z or A Z and integers 0 9 Note special character and underscore _ are not allowed e Adding a New Group to Click Add New Entry to add a new entry in mapping table An empty row is VLAN mapping entry added to the table Frame Type Value and the Group Name can be configured as needed The Delete button can be used to undo the addition of new entry Buttons New Entry j Click to add a new entry in mapping table APBIY J Click to apply changes Hi Et Click to undo any changes made locally and revert to previously saved values Auto refresh Li Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately 4 6 11 Protocol based VLAN Membership This page allows you to map a already configured Group Name to a VLAN for the switch The Group Name to VLAN Mapping Table screen in Figure 4 6 21 appears Group Name to VLAN Mapping Table Port Members Eeee eee ke Mo Group entries Auto refresh LJ Figure 4 6 21 Group Name to VLAN Mapping Table Page Screenshot The page includes the following fields Object Descriptio
290. mage Geert 78 d ane aC O Kz EE 79 A 22 yS leM FRED OE EE 80 4 3 Simple Network Management Protocol cccccsessseeeseeeesseeeseeenseeeeseenseeeeeeoesseeeeeoeesseeeseoeenseeeseonseeessooaas 81 GEES 81 4 3 2 SNMP System Configuration ccccccsccccssscccceecccceseecceuseecseuececsuueeecssecseueeecsueeesseceeseuecessseeessueeeesaueeesseneeeseges 82 4 3 3 SNMP Irap COMMQUIANION issii siirinsesi arianen Ri eadein kaa aSa SAAANA kerien ARA inddabavedaaieedScadaheosdentaneinedes 84 4 3 4 SNMP System Information 00 0 cece cc eee cece eee e cece e cece eee eee a eee AAA EEE EASA SEES EE EE SAAS eE AAG s Sees saa Seesa GS eees aa eeesa ae eeesaaeeesaaaeeeeaaas 86 Aao SNMPY 3 COMIC UN AU ON EE 87 AOA SNMPYV3 COMMUNIIES E 87 e oe IN e EE 88 ET ee EE 89 We ASO NIM EE 90 BF Oy IN EE 91 44 GE entree 93 4 4 1 Port Configuration eee 93 442 Port Statistices e 95 ie TEE 96 4 4 4 SFP Module Information E 98 AAO EN te E 99 PLAN EI User s Manual of GS 5220 Series Networking amp Communication Gr 4S LI AggregalON EE 102 lope Ee eier 16 E 104 ve ECH Gen te ELLE 105 4 5 3 LACP System Status ccccccceccccsseccccseeecceeseeeceececseueeecsegeeeseeeeseueeesseuseesseeeeseeeessugeeessaecesseueeessgeeesseesesessaaeees 107 E KEE eebe Eege 108 EP EE e 109 AO NEA N eases occa su eaioe ete e cae E 110 GE VLAN e 110 AN EEE BO PIN E 111 46 3 VLAN Port Configuratio E 114 4 6 4 VLAN Membership Gtatus 120 40o VLAN Por
291. me Zone Configuration TimeZone Daylight Saving Time Configuration Daylight Saving Time Mode Daylight Saving Time Disabled wl Offset Offset Settings ORS 1220 rites Figure 4 2 9 Time Configuration Page Screenshot The page includes the following fields Object Description e Time Zone Lists various Time Zones world wide Select appropriate Time Zone from the drop down and click Save to set e Acronym User can set the acronym of the time zone This is a User configurable acronym to identify the time zone Range Up to 16 characters e Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration Select Disable to disable the Daylight Saving Time configuration Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year Select Non Recurring and configure the Daylight Saving Time duration for single time configuration Default Disabled e Start Time Settings e Week Select the starting week number e Day Select the starting day 63 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e Month Select the starting month e Hours Select the starting hour e Minutes Select the starting minute e End Time Settings e Week Select the ending week number e Day Select the ending day e Month Select the ending month
292. mits the total number of IP source addresses for filtering to be 128 e Type Indicates the Type It can be either Allow or Deny e Hardware Filter Switch Indicates whether data plane destined to the specific group address from the source IPv4 address could be handled by chip or not Buttons Auto refresh E Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately k Updates the table starting with the first entry in the IGMP Group Table gt ER Updates the table starting with the entry after the last entry currently displayed 167 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 8 10 MLD Snooping Configuration This page provides MLD Snooping related configuration The MLD Snooping Configuration screen in Figure 4 8 13 appears MLD Snooping Configuration Global Configuration Snooping Enabled Unregistered IPMCy6 Flooding Enabled MLD SSM Range Leave Proxy Enabled L Proxy Enabled LI Port Related Configuration Router Port Throttling R 1 Unlimited v 2 C Unlimited 3 Unliraited 4 C Unlimited S e 2 7 2 e 2 z d Unlimited Figure 4 8 13 MLD Snooping Configuration Page Screenshot The page includes the following fields Object Description e Snooping Enabled Enable the Global MLD Snooping e Unregistered IPMCv6 Enable unregistered IPMCv6 traffic flooding Flooding
293. mprises 802 1X Port based and MAC based user and device authentication With the private VLAN function communication between edge ports can be prevented to ensure user privacy The GS 5220 series also provides DHCP Snooping IP Source Guard and Dynamic ARP Inspection functions to prevent IP snooping from attack and discard ARP packets with invalid MAC address The network administrators can now construct highly secured corporate networks with considerably less time and effort than before Excellent Traffic Control The GS 5220 series is loaded with powerful traffic management and QoS features to enhance connection services by SMBs The QoS features include wire speed Layer 4 traffic classifiers and bandwidth limit that are particular useful for multi tenant unit multi business unit Telco or Network Service Provider s applications It also empowers the enterprises to take full advantages of the limited network resources and guarantees the best performance in VoIP and video conferencing transmission 11 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e Efficient and Secure Management The GS 5220 series Managed Switch is equipped with console Web and SNMP management interfaces With the built in Web based management interface the GS 5220 series offers an easy to use platform independent management and configuration facility The GS 5220 series supports standard Simple Network Management Protocol SNMP and can
294. n Figure 4 2 25 Configuration Upload Page Screenshot If the destination is running config the file will be applied to the switch configuration This can be done in two ways e Replace mode The current configuration is fully replaced with the configuration in the uploaded file e Merge mode The uploaded file is merged into running config If the file system is full i e contains the three system files mentioned above plus two other files it is not possible to create new files but an existing file must be overwritten or another deleted first 4 2 21 Configuration Activate Configuration Activate page allows to activate the startup config and default config files present on the switch Please refer to the Figure 4 2 26 shown below Activate Configuration Select configuration file to activate The previous configuration will be completely replaced potentially leading ta loss of management connectivity Please note The activated configuration file will not be saved to startup config automatically default co nfig startup config Activate Configuration Figure 4 2 26 Configuration Activate Page Screenshot I PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr It is possible to activate any of the configuration files present on the switch except for running config which represents the currently active configuration Select the file to activate and click Activate Config
295. n 1000BASE T port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting Mi Switch does not power up Solution 1 AC power cord is not inserted or faulty 2 Check that the AC power cord is inserted correctly 3 Replace the power cord if the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 4 If that device works refer to the next step 5 If that device does not work check the AC power 341 User s Manual of WGSW 48040HP APPENDIX A Networking Connection A 1 Switch s Data RJ45 Pin Assignments 1000Mbps 1000BASE T 8 BI_DD BI_DC Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard A 2 10 100Mbps 10 100BASE TX When connecting your Switch to another Fast Ethernet switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ45 receptacle connector and their pin assignments RJ45 Connector p
296. n 134 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a e Delete To delete a Group Name to VLAN map entry check this box The entry will be deleted on the switch during the next Save e Group Name A valid Group Name is a string of almost 16 characters which consists of a combination of alphabets a z or A Z and integers 0 9 no special character is allowed Whichever Group name you try map to a VLAN must be present in Protocol to Group mapping table and must not be preused by any other existing mapping entry on this page e VLAN ID Indicates the ID to which Group Name will be mapped A valid VLAN ID ranges from 1 4095 e Port Members A row of check boxes for each port is displayed for each Group Name to VLAN ID mapping To include a port in a mapping check the box To remove or exclude the port from the mapping make sure the box is unchecked By default no ports are members and all boxes are unchecked e Adding a New Group to Click Add New Entry to add a new entry in mapping table An empty row is VLAN mapping entry added to the table the Group Name VLAN ID and port members can be configured as needed Legal values for a VLAN ID are 1 through 4095 The Delete button can be used to undo the addition of new entry Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Auto refresh Check this box to
297. n IPv4 frame a No Pv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry it Yes IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry BW Any Any value is allowed don t care Specify the options flag setting for this ACE Mi No IPv4 frames where the options flag is set must not be able to match this entry HM Yes IPv4 frames where the options flag is set must be able to match this entry Mm Any Any value is allowed don t care Specify the source IP filter for this ACE HM Any No source IP filter is specified Source IP filter is don t care Mi Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears HM Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation When Network is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation Specify the destination IP filter for this ACE ES Any No destination IP filter is specified Destination IP filter is don t care Host Destination IP filter is set to Host Specify the destination IP address in the DIP Address field that appears
298. n Page Screenshot The page includes the following fields Global Configuration These setting are common for all of the TACACS Servers Object Description e Timeout Timeout is the number of seconds in the range 1 to 1000 to wait for a reply from a TACACS server before it is considered to be dead e Dead Time The Dead Time which can be set to a number between 0 to 1440 minutes is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured e Key The secret key up to 63 characters long shared between the TACACS server and the switch Server Configuration The table has one row for each TACACS server and a number of columns which are 249 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Object Description e Delete To delete a TACACS server entry check this box The entry will be deleted during the next Save e Hostname The IP address or hostname of the TACACS server e Port The TCP port to use on the TACACS server for authentication e Timeout This optional setting overrides the global timeout value Leaving it blank will use the global timeout value e Key This
299. n em mm mm mm em mm sm em en mm mm mm mm mm em em mm mm mm mg PC 4 Untagged l d l l l l l d l l l l l i d l l l l d I l l l l d i l l l l d d l l l l i d l l l l d V i I I D Setup steps 1 Add VLAN Group Add two VLANs VLAN 2 and VLAN 3 Type 1 3 in Allowed Access VLANs column the 1 3 is including VLAN1 and 2 and 3 Global VLAN Configuration alowed Access vins 3 RS Ethertype for Custom S ports 2270 Figure 4 6 12 Add VLAN 2 and VLAN 3 2 Assign VLAN Member and PVID for each port VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 52 128 3 j PLANET User s Manual of GS 5220 Series Networking amp Communication e Global VLAN Configuration Allowed Access VLANs 2 1 3 Ethertype for Custom S ports 5848 Port VLAN Configuration Sas ar sf Jr O mw war wp 2 access wf gt ES 3 rt 6 access ai co Boo o SO 7 Access gi 1 Booo a Accessi 27 HH o Less 27 a0 acress wll Ac i ff Figure 4 6 13 Changes Port VLAN of Port 1 3 to be VLAN2 and Port VLAN of Port 4 6 to be VLAN3 For the VLAN ports connecting to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk port configuration 1 Specify Port 7 to be the 802 1Q VLAN Trunk port 2 Assign Port 7 to both VLAN 2 and VLAN 3 at the VLAN Member configuration pag
300. n he neds sai Serset baie cine ees der da baie dense ee ening Fee inca deat Kaleem dc eteeic be a nc ete ee Selene 333 4 18 5 RMON History Configuration cccccccceecceeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeseeeeeeseeeeeseaeeeeseeeeeseeueesseaeeeeaeeeeesaeeeessaeeeeeas 334 4 16 65 IRWION Re tele EE TEE 335 4 18 7 RMON Statistics Configuration cece cceecce ce eeeeeeeeeeeeceeeeeeseeeeeeaeeeeeseeeeeeeeeeeeeaaeeeeseaeeeseaeeessaaeeesaeeeeesaeeeesseeeeeeas 336 4 18 8 RMON Statistics 0 0c eee ene een ee er ee oe ae eae eee 337 ECO ee Or LOIN DE 339 GN SHANG oo suet occas senseeuqctautancsines ceisuct spiaiemocscissuunseeneaeetace A aunaedtenscneuce 339 Die LE Ten ee BE 339 5 3 F rwarding amp FOOTING BE 339 JA rean FOW ard o E AE E nne ee ian ee ree enter een r 339 yD UO Ee Let E e ME 340 6 TROUBLESHOOTING GE 341 APPENDIX A Networking Connection cccccsssccsesseeeneeseeneeeeeneesonseesenseesenseesenseeseasesees 342 PLAN ET User s Manual of GS 5220 Series Networking amp Communication ry A 1 Switch s Data RJ45 Pin Assignments 1000Mbps 1000BASE T ccccccceeesseeeeeeeeeeeeeeeenneeeeeeeennns 342 A 210 100Mpps Lola GO ng E 342 APPENDIX Be OGLOSSARY egener 344 PLANET Networking amp Communication 1 INTRODUCTION Thanks you for purchasing PLANET GS 5220 Managed Switch series which comes with multiple Gigabit Ethernet copper and SFP SFP fiber optic connectibility and robust layer 2
301. n water sea ocean IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Object e Country code e State e County e City e City district e Block Neighborhood e Street e Leading street direction e Trailing street suffix e Street suffix e House no e House no suffix e Landmark e Additional location info e Name Description The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US National subdivisions state canton region province prefecture County parish gun Japan district City township shi Japan Example Copenhagen City division borough city district ward chou Japan Neighborhood block Street Example Poppelve j Leading street direction Example N Trailing street suffix Example SW Street suffix Example Ave Platz House number Example 21 House number suffix Example A 1 2 Landmark or vanity address Example Columbia University Additional location info Example South Wing Name residence and office occupant Example Flemming Jahn 295 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e Zip code Postal zip code Example 2791 e Building Building structure Example Low Library e Apartment Unit Apartment suite Example Apt 42 e Floor Floor Example 4 e Room no Room number Example 450F e Place type Place type Example Office
302. nable authentication on a port by using the dot1x port control auto interface configuration command the switch must initiate authentication when it determines that the port link state transitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication the client transmits frames as if the port is in the authorized state A port in the authorized state effectively means that the client has been successfully authenticated When the client supplies its identity the switch begins its role as the intermediary passing EAP frames between the client and the authentication server until authentication succeeds or fails If the authentication succeeds the switch port becomes authorized The specific exchange of EAP frames depends on the authentication m
303. negotiation is the process where two different devices establish the mode of operation and the speed settings that can be shared by those devices for a link C CC is an acronym for Continuity Check It is a MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP CCM is an acronym for Continuity Check Message It is a OAM frame transmitted from a MEP to its peer MEP and used to implement CC functionality CDP is an acronym for Cisco Discovery Protocol D DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server 346 e PLAN ET User
304. ng Period the end host is assumed to be disconnected and the corresponding resources are freed on the switch The table has one row for each port and a number of columns which are Object e Port e Mode Description The port number for which the configuration below applies Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit 267 a PLANET Networking amp Communication e Limit e Action e State User s Manual of GS 5220 Series Control on a given port The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses If Limit is reached the switch can take one of the following actions E None Do not allow more than Limit MAC addresses on the port but take no further action E Trap If Limit 1 MAC addresses is seen on the port send an SNMP trap If Aging is disabled only one SNMP trap w
305. ng amp Communication Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 DSCP is an acronym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes E EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame F FTP is an acronym for File Transfer Protocol It is a transfer protocol that uses the Transmission Control Protocol TCP and provides file writing and reading It also provides directory service and security features IGMP snooping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously HTTP is an acr
306. ng before transmission Therefore no error packets occur it is the best choice when a network needs efficiency and stability The Managed Switch scans the destination address from the packet header searches the routing table provided for the incoming port and forwards the packet only if required The fast forwarding makes the switch attractive for connecting servers directly to the network thereby increasing throughput and availability However the switch is most commonly used to segment existence hubs which nearly always improves the overall performance An Ethernet switching can be easily configured in any Ethernet network environment to significantly boost bandwidth using the conventional cabling and adapters Due to the learning function of the Managed Switch the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is in the same segment as the source address This confines network traffic to its respective domain and reduce the overall load on the network The Managed Switch performs Store and Fforward therefore no error packets occur More reliably it reduces the re transmission rate No packet loss will occur 339 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 5 5 Auto Negotiation The STP ports on the Switch have built in Auto negotiation
307. ng with the entry after the last entry currently displayed 4 6 9 MAC based VLAN Status This page shows MAC based VLAN entries configured by various MAC based VLAN users The MAC based VLAN Status screen in Figure 4 6 19 appears MAC based VLAN Membership Status for User Static Static ze Auto refresh d Port Members MAC LAN Mo data exists for the user Figure 4 6 19 MAC based VLAN Membership Configuration for User Static Page Screenshot The page includes the following fields Object Description e MAC Address Indicates the MAC address e VLAN ID Indicates the VLAN ID e Port Members Port members of the MAC based VLAN entry Buttons Auto refresh Lt Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately 4 6 10 Protocol based VLAN This page allows you to add new protocols to Group Name unique for each Group mapping entries as well as allow you to see and delete already mapped entries for the switch The Protocol based VLAN screen in Figure 4 6 20 appears 132 PLANET Networking amp Communication e User s Manual of GS 5220 Series Protocol to Group Mapping Table No Group entry found Add New Entry Auto refresh L Figure 4 6 20 Protocol to Group Mapping Table Page Screenshot The page includes the following fields Object e Delete e Frame Type e Value Description To delete a Protocol to
308. ning Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the RADIUS accounting server a PLAN EI User s Manual of GS 5220 Series Networking amp Communication The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Glick to refresh the page immediately Clear Clears the counters for the selected server The Pending Requests counter will not be cleared by this operation 4 11 10 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at
309. ntrollers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class II The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III 300 e PLANET Networking amp Communication e LLDP MED Capabilities e Application Type User s Manual of GS 5220 Series The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class and Media Endpoint Class ll classes and are extended to include aspects related to end user devices Example pr
310. ock peighbornood EE O street direction Trailing street suffix Staf Houwseno Bascnsg Emergency Call Service Emergeney casero Policies Policy ID Application Type VLAN ID L2 Priority DSCP No entries present Figure 4 14 2 LLDPMED Configuration Page Screenshot The page includes the following fields Fast start repeat count Object Description e Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice network policy to permitted voice capable devices both in order to conserve the limited LLDPU space and to reduce security and system integrity issues that can 293 PLANET Networking amp Communication a Coordinates Location Object e Latitude e Longitude e Altitude User s Manual of GS 5220 Series come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capab
311. od Configuration Page Screenshot 227 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e The page includes the following fields Object Description e Client The management client for which the configuration below applies e Authentication Method Authentication Method can be set to one of the following values 8 None authentication is disabled and login is not possible Local use the local user database on the switch for authentication ES RADIUS use a remote RADIUS server for authentication TACACS use a remote TACACS server for authentication Methods that involve remote servers are timed out if the remote servers are offline In this case the next method is tried Each method is tried from left to right and continues until a method either approves or rejects a user If a remote server is used for primary authentication it is recommended to configure secondary authentication as local This will enable the management client to login via the local user database if none of the configured authentication servers are alive Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 3 Network Access Server Configuration This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents
312. oduct categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities Network Policy Location Identification 2 3 4 Extended Power via MDI PSE 5 Extended Power via MDI PD 6 Inventory 7 Reserved Application Type indicating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The possible application types are shown below M Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications M Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media WR Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive v
313. oice services M Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media M Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops RW Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services E Streaming Video for use by broadcast or multicast based video content 301 PLANET Networking amp Communication al e Policy e TAG e VLAN ID e Priority e DSCP e Auto negotiation e Auto negotiation status e Auto negotiation Capabilities Buttons Retresh User s Manual of GS 5220 Series distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type M Video Signaling for use in network topologies that require a separate policy for the video signaling than for the video media Policy indicates that an Endpoint Device wants to explicitly advertise that the policy is required by the device Can be either Defined or Unknown E Unknown The network policy for the specified application type is currently unknown M Defined The network policy is defined TAG is indicating whether the specified application
314. ollowing fields Object Description e Mode Indicates the server mode operation When the mode operation is enabled the syslog message will send out to syslog server The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back sender since UDP is a connectionless protocol and it does not provide acknowledgments The syslog packet will always send out even if the syslog server does not exist Possible modes are E Enabled Enable remote syslog mode operation E Disabled Disable remote syslog mode operation e Syslog Server IP Indicates the IPv4 host address of syslog server If the switch provides DNS feature it also can be a host name e Syslog Level Indicates what kind of message will send to syslog server Possible modes are E Info Send information warnings and errors E Warning Send warnings and errors E Error Send errors Buttons Apply J Click to apply changes Reset 1 Click to undo any changes made locally and revert to previously saved values 72 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 2 15 SMTP Configuration This page facilitates an SMTP Configuration on the switch The SMTP Configure screen in Figure 4 2 18 appears SMTP Configuration SMTP Mode Enable SMTP Server ug mm Ire 128 Digits SMTP Authentication Enable Authentication User Hame lt b4 Digits Authentication Password l
315. ommunicate with each other within that VLAN e Servers in a farm of web servers in a Demilitarized Zone DMZ are allowed to communicate with the outside world and with database servers on the inside segment but are not allowed to communicate with each other 5 Promiscuous Public Servers Promiscuous lt gt Access Denied Access Denied Access Denied Private VLAN For private VLANs to be applied the switch must first be configured for standard VLAN operation When this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups a Promiscuous ports Ports from which traffic can be forwarded to all ports in the private VLAN Ports which can receive traffic from all ports in the private VLAN a Isolated ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN 123 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to which forwarding
316. on EE 293 EE Ee Ee 299 AA WN ICID OM EE 303 BL el EE 304 4A 15 Network RTE e Ile Ed 306 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e e EN Rn e E A A ee ee E E errno 307 Ee P I e A E een EES 308 4 15 3 Remote IP Ping NOS E 309 4 15 4 Cable 15 Daonostce e eceee 310 4 16 Power over Ethernet GS 5220 8P2T2S Omly cccccsessseeeeccensseeesecenseeeseeaseeeesooasseeeseooanseeeseooanseeesees 312 4 16 1 Power over Ethernet Powered Device ccccccsscccesececesceseueecesecessececeueeseueeseecensusessueessuecsseetensesensueesseetens 312 4 16 2 System SOMMOUN ANON EE 314 4 16 3 Power Over Ethernet Configuration ccccccsccccsssecccsseecceeececceuscecsegeeecsuececsaueeesseseeessuecesseueeesseseeesseesesseneeeeas 315 ARNG e ege E 317 A16 SPON OH 0 tte 6 ce 11 2 sses ee toe teen eae ee a a ee eae eee eae 318 PG EE 320 AIET POR CGN eeben een eegene 321 A 16 6 LLDP POE Ee tee 325 A 17 LOOP POU CUO In EE 326 4 17 1 Configuration ee eee 326 Aol 2 LOOD PIOlCGHOl Stalls EEN 327 A18 EMON ME 329 4 18 1 RMON Alarm Configuration ccccccccccceeeeeeeeeeeeseeeeeeeeeeeeeeeeeeeeeeeeeseaeeeeaeeeeesaaeeeeseeeeeseeeeesseaeeesseeeeesseeeesseeeeeas 329 416 2 RMON Alarm SU EEN 331 4 18 3 RMON Event Configuration cccccccccsseecccescecceescecceneecceuseeesauecessegeeeceuesesseaeeesseueeessaucesseueeessegeeesegesessegeeesas 332 4 18 4 RMON Event Sta sic tic a actceis Sawic
317. on is MLD Auto Forced MLDv1 Forced MLDv2 default compatibility value is MLD Auto PRI Priority of Interface It indicates the MLD control frame priority level generated by the system These values can be used to prioritize different classes of traffic The allowed range is 0 best effort to 7 highest default interface priority value is O Robustness Variable The Robustness Variable allows tuning for the expected packet loss on a network The allowed range is 1 to 255 default robustness variable value is 2 Query Interval The Query Interval is the interval between General Queries sent by the Querier The allowed range is 1 to 31744 seconds default query interval is 125 seconds Query Response Interval The Max Response Time used to calculate the Max Resp Code inserted into the periodic General Queries The allowed range is 0 to 31744 in tenths of seconds default query response interval is 100 in tenths of seconds 10 seconds Last Member Query Interval The Last Member Query Time is the time value represented by the Last Member Query Interval multiplied by the Last Member Query Count The allowed range is 0 to 31744 in tenths of seconds default last member query interval is 10 in tenths of seconds 1 second Unsolicited Report Interval The Unsolicited Report Interval is the time between repetitions of a host s initial report of membership in a group The allowed range is 0 to 31744 seconds default unsolicited report interval is
318. on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are the two most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail clients and servers support both PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia In a private VLAN communication between ports in that private VLAN is not permitted AVLAN can be configured as a private VLAN PTP is an acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer systems QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID 354 j PLANET User s Manual of GS 5220 Series Networking amp Communication There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal
319. onfiguration E Trusted Configures the port as trusted sources of the DHCP message E Untrusted Configures the port as untrusted sources of the DHCP message Buttons APBIY J Click to apply changes Reset 1 Click to undo any changes made locally and revert to previously saved values 2 8 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 12 9 Snooping Table This page display the dynamic IP assigned information after DHCP Snooping mode is disabled All DHCP clients obtained the dynamic IP address from the DHCP server will be listed in this table except for local VLAN interface IP addresses Entries in the Dynamic DHCP snooping Table are shown on this page The Dynamic DHCP Snooping Table screen in Figure 4 12 9 appears Dynamic DHCP Snooping Table Start from MAC address 00 00 00 00 00 00 VLAN with entries per page Figure 4 12 9 Dynamic DHCP Snooping Table Screen Page Screenshot Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds gt It will use the last entry of the currently displayed table as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table et Is To start over 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table
320. ons and corporate logons HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size for the RC4 stream encryption algorithm which is considered an adequate degree of encryption for commercial exchange ICMP is an acronym for Internet Control Message Protocol It is a protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X IGMP IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an inte
321. onym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example when you enter a URL in your browser this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested web page The other main standard that controls how the World Wide Web works is HTML which covers how web pages are formatted and displayed 348 e HTTPS ICMP PLAN EI User s Manual of GS 5220 Series Networking amp Communication Any Web server machine contains in addition to the web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishing a Transmission Control Protocol TCP connection to a particular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transacti
322. optional setting overrides the global key Leaving it blank will use the global key Buttons Add New Server Click to add anew TACACS server An empty row is added to the table and the TACACS server can be configured as needed Up to 5 servers are supported Delete 1 Click to undo the addition of the new server APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values i 4 11 8 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the authentication configuration page The RADIUS Authentication Accounting Server Overview screen in Figure 4 11 9 appears RADIUS Authentication Server Status Overview ST Ee Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Auto retresh CO Refresh Refresh Figure 4 11 9 RADIUS Authentication Accounting Server Overview Page Screenshot 1 2 4 2 250 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a The page includes the following fields RADIUS Authentication Server Status Overview Object Description e The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e Status The current state of the server This field takes one of the following valu
323. or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Source Guard related configuration The IP Source Guard Configuration screen in Figure 4 12 10 appears 279 vi PLAN ET User s Manual of GS 5220 Series Networking amp Communication IP Source Guard Configuration Mode Dissticd vy Translate Dynamic to Static Port Mode Configuration Port Mode Max Dynamic Clients _ i VK lt V ot D OD P DA Ny c 4 41 4 lt d Figure 4 12 10 IP Source Guard Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode of IP Source Enable the Global IP Source Guard or disable the Global IP Source Guard All Guard Configuration configured ACEs will be lost when the mode is enabled e Port Mode Specify IP Source Guard is enabled on which ports Only when both Global Mode Configuration and Port Mode on a given port are enabled IP Source Guard is enabled on this given port e Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports Buttons This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Translate Dynamic to static Click to transla
324. orced into VLAN unaware mode Once assigned all traffic arriving on the port will be classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e E Port based 802 1X E Single 802 1X For troubleshooting VLAN assignments refer to the Monitor gt VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag value and fulfil the following requirements if Tag 0 is used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Valu
325. ort level STP sets the Root Port and the Designated Ports 138 PLANET Networking amp Communication e The following are the user configurable STP parameters for the switch level Parameter Description User s Manual of GS 5220 Series Default Value Bridge Identifier Not user A combination of the User set priority and 32768 MAC configurable the switch s MAC address except by setting priority The Bridge Identifier consists of two parts below a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC Priority A relative priority for each switch lower 32768 numbers give a higher priority and a greater chance of a given switch being elected as the root bridge Hello Time The length of time between broadcasts of 2 seconds the hello message by the switch Maximum Age Timer Measures the age of a received BPDU fora 20 seconds port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer Forward Delay Timer The amount time spent by a port in the 15 seconds learning and listening states waiting for a BPDU that may return the port to the blocking state The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each 128 port lower numbers give a higher priority and a greater chance of a given port being elected as the root port Port Cost A
326. ort link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled e Port State The current state of the port It can undertake one of the following values HM Globally Disabled NAS is globally disabled EA Link Down NAS is globally enabled but there is no link on the port HM 8 Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized HM 8 Unauthorized The port is in Force Unauthorized or a single supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized 237 PLAN EI User
327. orts This section has the following items E Port Configuration Configures port connection settings E Port Statistics Overview Lists Ethernet and RMON port statistics a Port Statistics Detail Lists Ethernet and RMON port statistics E SFP Module Information Display SFP information E Port Mirror Sets the source and target ports for mirroring 4 4 1 Port Configuration This page displays current port configurations Ports can also be configured here The Port Configuration screen in Figure 4 4 1 appears Port Configuration Port Description Maximum Excessive S KS Ion x x m 10086 2 oon S x S 10056 3 Dom Anto v x x Oo 10056 4 oon x x m 10056 5 Dom x x RS 10056 E Down Au v x x O 10056 Discard ze 7 Dom x x RS 10056 Down Avto wei x d C 10056 Discard Figure 4 4 1 Port Configuration Page Screenshot The page includes the following fields Object Description e Port This is the logical port number for this row e Port Description Indicates the per port description e Link The current link state is displayed graphically Green indicates the link is up and red that it is down e Current Link Speed Provides the current link speed of the port 93 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e e Configured Link Speed Select any available link speed for the given switch port Draw the menu bar to select the mode a Auto Setup Auto negotiation for copper inte
328. otocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but authentication can be retried If the authentication server cannot be reached the switch can retransmit the request If no response is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL logoff frame is received the port returns to the unauthorized state 4 11 2 Authentication Configuration This page allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces The Authentication Method Configuration screen in Figure 4 11 3 appears Authentication Method Configuration Methods console telnet ssh http Figure 4 11 3 Authentication Meth
329. oup Configuration Page Screenshot The page includes the following fields Object Description e Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port e Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons HI Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACH ports located on a 105 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG This page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP Configuration screen in Figure 4 5 4 appears LACP Port Configuration Timeout Priority Port LACH Enabled 0 w aby me i F Auto scil Active iw Fast v 32768 2 DO e m Active Ww Fast we Ze 3 D Antoiv _ Active si Fast iw 32768 4 OF m sii Joes sl 32768 5 F Auto Active Fast 32
330. ource value appears 217 PLANET Networking amp Communication TCP UDP Source No TCP UDP Source Range TCP UDP Destination Filter TCP UDP Destination Number TCP UDP Destination Range TCP FIN TCP SYN TCP RST User s Manual of GS 5220 Series BW Range If you want to filter a specific TCP UDP source range filter with this ACE you can enter a specific TCP UDP source range value A field for entering a TCP UDP source value appears When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value Specify the TCP UDP destination filter for this ACE HM Any No TCP UDP destination filter is specified TCP UDP destination filter status is don t care WW Specific If you want to filter a specific TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears BW Range If you want to filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination range value A field for entering a TCP UDP destination value appears When Specific is
331. overview for LACP status for all ports The LACP Port Status screen in Figure 4 5 6 appears LACP Status port tace kev ngor 10 system io ore priory No No No No No Na No blo 3 2 S D Jl OI Om SS DO bh Figure 4 5 6 LACP Status Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP es means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled e Key The key assigned to this port Only ports with the same key can aggregate together e Aggr ID The Aggregation ID assigned to this aggregation group e Partner System ID The partner s System ID MAC address e Partner Port The partner s port number connected to this port e Partner Priority The partner s port priority Buttons Retresh Click to refresh the page immediately Auto refresh L Automatic refresh occurs every 3 seconds 108 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 5 5 LACP Port Statistics This page provides an overview for LACP statistics for all ports The LACP Port Statistics screen in Figure 4 5 7 appears LACP Statistics Received Transmitted Unknown Illegal 1 T
332. p time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 1 appears ICMP Ping IP Address 0 0 0 0 Ping Length Figure 4 15 1 ICMP Ping Page Screenshot The page includes the following fields Object Description e IP Address The destination IP Address e Ping Length The payload size of the ICMP packet Values range from 2 bytes to 1452 bytes Be sure the target IP Address is within the same network subnet of the Managed Switch or you had setup the correct gateway IP address Buttons Start Click to transmit ICMP packets New Ping f Click to re start diagnostics with PING 307 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv 6 Ping screen in Figure 4 15 2 appears ICMPv6 Ping a IP Address eg Gees Length Egress Interface Interface Figure 4 15 2 ICMPv6 Ping Page Screenshot The page includes the following fields Object Description e IP Address The destination I
333. perform traffic analysis and verify connection integrity 99 PLANET User s Manual of GS 5220 Series Networking amp Communication Port Mirror Application Port Mirroring o Target Port N E Tx 101010 Tx 101010 Rx 111000 RX 111000 Monitor Client With Ethereal or Sniffer Pro Figure 4 4 7 Port Mirror Application The traffic to be copied to the mirror port is selected as follows e All frames received on a given port also known as ingress or source mirroring e All frames transmitted on a given port also known as egress or destination mirroring Mirror Port Configuration The Port Mirror screen in Figure 4 4 8 appears Mirror Configuration Fort to mirror to Mirror Port Configuration i EEE s E E Jl OF On B l hI GO Figure 4 4 8 Mirror Configuration Page Screenshot The page includes the following fields Object Description e Port to mirror on Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this port Disabled disables mirroring 100 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e e Port The logical port for the settings contained in the same row e Mode Select mirror mode Mi Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored HM 1x only Frames transmitted from this port are mirrored to the mirroring port Frames r
334. plicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1
335. protocol Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the VLANs where hosts have requested it them Wikipedia NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS is an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model NFS is an acronym for Network File System It allows hosts to mount partitions on a remote system and use them as though they are local file systems NFS allows the system administrator to stor
336. ptual information e Device Roles e Authentication Initiation and Message Exchange e Ports in Authorized and Unauthorized States a Device Roles With 802 1X port based authentication the devices in the network have specific roles as shown below 224 v i PLANET User s Manual of GS 5220 Series Networking amp Communication Authentication server RADIUS Server Authentication server TACACS Server Internet Intranet Authenticator S PLANET 802 1 aware Switch supplicant Client with 802 1 authentication Figure 4 11 1 Client the device workstation that requests access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specification Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial ln User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server it is available in Cisco Secu
337. r s Manual is structured as follows Section 2 INSTALLATION The section explains the functions of the Managed Switch and how to physically install the Managed Switch Section 3 SWITCH MANAGEMENT The section contains the information about the software function of the Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 SWITCH OPERATION The chapter explains how to do the switch operation of the Managed Switch Section 6 POWER over ETHERNET OVERVIEW The chapter introduces the IEEE 802 3af 802 3at PoE standard and PoE provision of the Managed Switch Section 7 TROUBLESHOOTING The chapter explains how to do troubleshooting of the Managed Switch Appendix A The section contains cable information of the Managed Switch 13 PLANET Networking amp Communication 1 4 Product Features gt Physical Port WR 10 100 1000BASE T Gigabit RJ45 copper m 100 1000BASE X mini GBIC SFP slots m 1000BASE X 10GBASE X mini GBIC SFP slots For GS 5220 46S2C4X GS 5220 48T4X a RJ45 console interface for switch basic management and setup gt Power over Ethernet GS 5220 8P2T2S WR Complies with IEEE 802 3at High Power over Ethernet end span PSE Complies with IEEE 802 3af Power over Ethernet end span PSE Up to 8 ports of IEEE 802 3af 802 3at devices powered Supports PoE Power up to 30 8 watts for each PoE port Auto detects powered device PD Circuit protection pre
338. r a specific port number and it can t be set when action is permitted The default value is Disabled Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log BW Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate are limited Specify the port shut down operation of this port The allowed values are HM Enabled If a frame is received on the port the port will be disabled 220 PLAN EI User s Manual of GS 5220 Series Networking amp Communication WW Disabled Port shut down is disabled The default value is Disabled e State Specify the port state of this port The allowed values are HM Enabled To reopen ports by changing the volatile port configuration of the ACL user module Disabled To close ports by changing the volatile port configuration of the ACL user module The default value is Enabled e Counter Counts the number of frames that match this ACE Buttons Apply J Click to apply changes EJ Click to undo any changes made locally and revert to previously saved values Click to refresh the page any changes made locally will be undone ej el ee Click to clear the counters 221 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 10 5 ACL Rate Limiter Configuration Conf
339. r a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears H ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained later in this help file UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file 214 al PLANET Networking amp Communication e IP Protocol Value e IP TTL e IP Fragment e IP Option e SIP Filter e SIP Address e SIP Mask e DIP Filter User s Manual of GS 5220 Series When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IP protocol value Specify the Time to Live settings for this ACE Mi zero Pv4 frames with a Time to Live field greater than zero must not be able to match this entry ES non zero Pv4 frames with a Time to Live field greater than zero must be able to match this entry BW Any Any value is allowed don t care Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for a
340. r example a TCP connection are always forwarded on the same link aggregation member port Recording of frames within a flow is therefore not possible The aggregation code is based on the following information e Source MAC e Destination MAC e Source and destination IPv4 address e Source and destination TCP UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may consist of up to 10 member ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed 103 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a 4 5 1 Static Aggregation This page is used to configure the Aggregation hash mode and the aggregation group The aggregation hash mode settings are global Hash Code Contributors The Static Aggregation screen in Figure 4 5 2 appears Aggregation Mode Configuration Hash Code Contributors source MAC Address Destination MAC Address IP Address TCPVUDP Port Number Figure 4 5 2 Aggregation Mode Configuration Page Screenshot The page includes the following fields Object Description e Source MAC Address The Source MAC address can be used to calculate the des
341. r from the interface under access management mode is enabled e Discard Packets The discarded packets number from the interface under access management mode is enabled Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately Clear Clears all statistics 271 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr 4 12 4 HTTPs Configure HTTPS on this page The HTTPS Configuration screen in Figure 4 12 4 appears HTTPS Configuration Figure 4 12 4 HTTPS Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the HTTPS mode operation When the current connection is HTTPS to apply HTTPS disabled mode operation will automatically redirect web browser to an HTTP connection Possible modes are E Enabled Enable HTTPS mode operation kil Disabled Disable HTTPS mode operation e Automatic Redirect Indicates the HTTPS redirect mode operation It only significant if HTTPS mode Enabled is selected Automatically redirects web browser to an HTTPS connection when both HTTPS mode and Automatic Redirect are enabled or redirects web browser to an HTTP connection when both are disabled Possible modes are a Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Apply J Click
342. raffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature The RADIUS Assigned VLAN Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned VLAN functionality When checked the individual ports ditto setting determines whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled for all ports This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with 231 PLANET Networking amp Commun
343. range is 1 to 16 Disabled indicates that the rate limiter operation is disabled Frames that hit the ACE are redirected to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port redirect operation is disabled Specify the logging operation of the ACE The allowed values are HM Enabled Frames matching the ACE are stored in the System Log Mi Disabled Frames matching the ACE are not logged Note The logging feature only works when the packet length is less than 1518 without VLAN tags and the System Log memory size and logging rate is limited Specify the port shut down operation of the ACE The allowed values are m Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE Note The shutdown feature only works when the packet length is less than 1518 without VLAN tags The counter indicates the number of times the ACE was hit by a frame 211 e PLANET Networking amp Communication MAC Parameters Object e SMAC Filter e SMAC Value e DMAC Filter e DMAC Value VLAN Parameters Object e VLAN ID Filter e VLAN ID e Tag Priority User s Manual of GS 5220 Series Description Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE BW Any No SMAC filter is specified SMAC filter status is don t care MH Spe
344. rcing equipment to a remote device The remote device is called a PD PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 Ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgment that it received the 353 j PLANET User s Manual of GS 5220 Series Networking amp Communication packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected Ping uses Internet Control Message Protocol ICMP packets The Ping Request is the packet from the origin computer and the Ping Reply is the packet response from the target A policer can limit the bandwidth of received frames It is located in front of the ingress queue POP3 is an acronym for Post Office Protocol version 3 It is a protocol for email clients to retrieve email messages from a mail server POP3 is designed to delete mail on the server as soon as the user has downloaded it However some implementations allow users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail
345. re Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information from the client verifying that information with the authentication server and relaying a response to the client The switch includes the RADIUS client which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol EAP frames and interacting with the authentication server When the switch receives EAPOL frames and relays them to the authentication server the Ethernet header is stripped and the remaining EAP frame is re encapsulated in the RADIUS format The EAP frames are not modified or examined during encapsulation and the authentication server must support EAP within the native frame format When the switch receives frames from the 225 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet and sent to the client a Authentication Initiation and Message Exchange The switch or the client can initiate authentication If you e
346. refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 328 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 18 RMON RMON is the most important expansion of the standard SNMP RMON is a set of MIB definitions used to define standard network monitor functions and interfaces enabling the communication between SNMP management terminals and remote monitors RMON provides a highly efficient method to monitor actions inside the subnets MID of RMON consists of 10 groups The switch supports the most frequently used groups 1 2 3 and 9 MM Statistics Maintain basic usage and error statistics for each subnet monitored by the agent M History Record periodical statistic samples available from statistics E Alarm Allow management console users to set any count or integer for sample intervals and alert thresholds for RMON agent records M Event A list of all events generated by RMON agent Alarm depends on the implementation of Event Statistics and History display some current or history subnet statistics Alarm and Event provide a method to monitor any integer data change in the network and provide some alerts upon abnormal events sending Trap or record in logs 4 18 1 RMON Alarm Configuration Configure RMON Alarm table on this page The entry index key is ID screen in Figure 4 18 1 appears RMON Alarm Configuration
347. ress information of some nodes in the network including MAC address port no etc This information comes from the learning process of Managed Switch 5 2 Learning When one packet comes in from any port the Managed Switch will record the source address port no and the other related information in address table This information will be used to decide either forwarding or filtering for future packets 5 3 Forwarding amp Filtering When one packet comes from some port of the Managed Switch it will also check the destination address besides the source address learning The Managed Switch will look up the address table for the destination address If not found this packet will be forwarded to all the other ports except the port which this packet comes in And these ports will transmit this packet to the network it connected If found and the destination address is located at a different port from this packet comes in the Managed Switch will forward this packet to the port where this destination address is located according to the information from address table But if the destination address is located at the same port with this packet comes in then this packet will be filtered thereby increasing the network throughput and availability 5 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Managed Switch stores the incoming frame in an internal buffer and do the complete error checki
348. ress to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The Port Security Detail screen in Figure 4 12 7 appears Port Security Port Status Port 1 MAC Address VLAN ID Time of Addition age Hold No MAC addresses attached Auto refresh LJ Figure 4 12 7 Port Security Detail Screen Page Screenshot The page includes the following fields Object Description e MAC Address amp VLAN The MAC address and VLAN ID that is seen on this port If no MAC addresses ID are learned a single row stating No MAC addresses attached is displayed e State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic e Time of Addition Shows the date and time when this MAC address was first seen on the port e Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a ne
349. retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 65535 seconds This has no effect for MAC based ports This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X WW 8 Multi 802 1X WW MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in a 802 1X based mode this is not so critical since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication doesn t cause direct communication between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses HM Single 802 1X WW Multi 802 1X WW MAC Based Auth If a client is denied access either because t
350. rface 10Mbps HDX Force sets 10Mbps Half Duplex mode 10Mbps FDX Force sets 10Mbps Full Duplex mode 100Mbps HDX Force sets 100Mbps Half Duplex mode 100Mbps FDX Force sets 100Mbps Full Duplex mode 1Gbps FDX Force sets 10000Mbps Full Duplex mode Auto Fiber 10G Setup 10G fiber port for negotiation automatically E Disable Shutdown the port manually e Flow Control When Auto Speed is selected on a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port are obeyed and the Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed e Maximum Frame Size Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 10056 bytes e Excessive Collision Configure port transmit collision behavior Mode a Discard Discard frame after 16 collisions default m Restart Restart back off algorithm after 16 collisions When set each port to run at 100M Full 100M Half 10M Full and 10M Half speed modes The Z Auto MDIX function will disable Note Buttons APPIY J Click to apply changes Fe 1 Cli
351. ring that the currently active configuration will be used at the next reboot You can download the files on the switch You can upload the files to the switch You can activate the configuration file present on the switch You can delete the writable files which stored in flash Configuration active or alternate firmware on this page You can reset the configuration of the Managed Switch on this page Only the IP configuration is retained You can restart the Managed Switch on this page After restarting the Managed Switch will boot normally 52 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 2 1 System Information The System Infomation page provides information for the current device information System Information page helps a switch administrator to identify the hardware MAC address software version and system uptime The screen in Figure 4 2 1 appears System Information Contact Name 65 5220 4652C4x Location Hardware MAC Address 00 30 4f ab cd ef Temperature 1 b650 C 149 0 F Temperature 510 C 1230F System Date 1970 01 01 Thu 00 45 28 00 00 System Upti Ud 00 45 25 Software Software Version 1 340b140615 Software Date 2014 08 15 709 49 00 0800 Auto refresh 1 Figure 4 2 1 System Information Page Screenshot The page includes the following fields Object Description e Contact The system contact configured in SNMP System Information System Contact e
352. rity page contains links to the following main topics a Port Limit Control Access Management HTTPs SSH DHCP Snooping IP Source Guard ARP Inspection 4 12 1 Port Limit Control This page allows you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given port A user is identified by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of the four different actions as described below The Limit Control module utilizes a lower layer module and Port Security module which manage MAC addresses learnt on the port The Limit Control configuration consists of two sections a system and a port wide The Port Limit Control Configuration screen in Figure 4 12 1 appears Port Security Limit Control Configuration System Configuration Re open O ee Disab 2 Diaa 7 Ned Disabled 3 Dima 7 Nine Disabled Je 1 Disabled 5 Deitz 7 Nie Disabled S Diay O O 1 Disabled 7 ee Disables Dati OO ie Disabled 9 Deitz 7 Ne Disabled 266 PLANET Networking amp Communication vi User s Manual of GS 5220 Series Figure 4 12 1 Port Limit Control Configuration Overview Page Screenshot The page includes the following fields System Configuration Object e Mode e Aging Enabled
353. rk Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default getting and setting community strings for the Managed Switch is public MRTG Index Page Siti e PC Workstation with Managed Switch SNMP application SNMP Agent Status Enabled eege Kass Lnternet A IP Address IP Address 192 168 0 100 192 168 0 x Figure 3 1 5 SNMP Management 3 6 PLANET Smart Discovery Utility For easily listing the Managed Switch in your Ethernet environment the Planet Smart Discovery Utility from user s manual CD ROM is an ideal solution The following installation instructions are to guide you to running the Planet Smart Discovery Utility 1 Deposit the Planet Smart Discovery Utility in administrator PC 2 Run this utility as the following screen appears eb PLANET Smart Discovery Lite File Option Help wat Aes dr ie select Adapter 192 169 0123 00 30 4F 91 E6 45 Control Packet Force Broadcast Update Multi Update All 7 Device Wis W 48040HP 00 30 4F
354. rmation in this manual that is incorrect misleading or incomplete we would appreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense CE Mark Warning This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Energy Saving Note of the Device This power required device does not support Standby mode operation For energy saving please remove the power cable to disconnect the device from the power circuit In view of saving the energy and reducing the unnecessary power consumption it is strongly suggested to remove the power connection for the device if this device is not intended to be active WEEE Warning To avoid the potential effects on the environment and human health as a result of the pre
355. rom 1 to 1000 a RADIUS request is retransmitted to a server that is not responding If the server has not responded after the last retransmit it is considered to be dead The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured 247 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al e Key The secret key up to 63 characters long shared between the RADIUS server and the switch e NAS IP Address The IPv4 address to be used as attribute 4 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used e NAS IPv6 Address The IPv6 address to be used as attribute 95 in RADIUS Access Request packets If this field is left blank the IP address of the outgoing interface is used e NAS Identifier The identifier up to 253 characters long to be used as attribute 32 in RADIUS Access Request packets If this field is left blank the NAS Identifier is not included in the packet Server Configuration The table has one row for each RADIUS Server and a number of columns w
356. rough the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The MLD Snooping VLAN Configuration screen in Figure 4 8 14 appears MLD Snooping VLAN Configuration start from VLAN with entries per page Delete VLAN 1D Snooping Enabled Querier Election Compatibility PRI RV QI sec QRT 0 1 sec LLQI 0 1 sec URI sec Add New MLD VLAN Apply Figure 4 8 14 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry The designated entry will be deleted during the next save e VLAN ID The VLAN ID of the entry e MLD Snooping Enable Enable the per VLAN MLD Snooping Up to 32 VLANs can be selected for MLD Snooping 169 PLANET Networking amp Communication a e Querier Election e Compatibility e PRI e QRI e LLQI LMAQI for IGMP e URI Buttons Retresh User s Manual of GS 5220 Series Enable to join MLD Querier election in the VLAN Disable to act as a MLD Non Querier Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network The allowed selecti
357. rst A port transitions from one state to another as follows From initialization switch boot to blocking From blocking to listening or to disabled From listening to learning or to disabled From learning to forwarding or to disabled 137 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a From forwarding to disabled E From disabled to blocking Switch Blocking Listening gt Disable Leaming Forwarding Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up If properly configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the p
358. rt Different source addresses belong to the same group are treated as single entry 179 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Each page shows up to 99 entries from the MVR SFM Information Table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MVR SFM Information Table The Start from VLAN and Group Address input fields allow the user to select the starting point in the MVR SFM Information Table The MVR SFM Information screen in Figure 4 8 22 appears MVR SFM Information Auto refresh L start fram WLAN and Group Address SF with 20 entries per page VLAN 1b Group Port Mode Source address Type Hardware Filter Switch Mo more entries O No morge antes Figure 4 8 22 MVR SFM Information Page Screenshot The page includes the following fields Object Description e VLAN ID VLAN ID of the group e Group Group address of the group displayed e Port Switch port number e Mode Indicates the filtering mode maintained per VLAN ID port number Group Address basis It can be either Include or Exclude e Source Address IP Address of the source Currently system limits the total number of IP source addresses for filtering to be 128 When there is no any source filtering address the text None is shown in the Source Address field e Type Indicates the Type It can be
359. rval gt 4 Delay Interval Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier lt 65536 Therefore the default TTL is 4 30 120 seconds If some configuration is changed e g the IP address a new LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval lt Transmission Interval When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds The LLDP port settings relate to the switch as reflected by the page header Object e Port e Mode Description The switch port number of the logical LLDP port Select LLDP mode WR Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed 291 wd P
360. rved for SNMPv1 M vice Reserved for SNMPv2c E usm User based Security Model USM e Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add New Entry Click to add a new group entry CDD J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 5 4 SNMPv3 Views Configure SNMPv3 views table on this page The entry index keys are View Name and OID Subtree The SNMPv3 Views screen in Figure 4 3 7 appears ONMPvs View Configuration default view Figure 4 3 7 SNMPv3 Views Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save 90 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Y e View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e View Type Indicates the view type that this entry should belong to Possible view type are WR included An optional flag to in
361. s Add New Entry Click to add a new community entry APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 87 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Y 4 3 5 2 SNMPv3 Users Configure SNMPv3 users table on this page The entry index keys are Engine ID and User Name The SNMPv3 Users screen in Figure 4 3 5 appears SNMPv3 User Configuration Security Authentication Authentication Privacy oe SOOO Fe507 77000001 default_user NoAuth NoPriv None None Figure 4 3 5 SNMPv3 Users Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Engine ID An octet string identifying the engine ID that this entry should belong to The string must contain an even number in hexadecimal format with number of digits between 10 and 64 but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName are the entry s keys In a simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In other words if user eng
362. s Manual of GS 5220 Series Networking amp Communication The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to a second client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of t
363. s based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN WEP Wi Fi WPA Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality WEP is an acronym for Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802 11 wireless networks Wireless networks broadcast messages using radio so are more susceptible to eavesdropping than wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional wired network Wikip
364. s encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server
365. s identical to the syntax used in the Enabled VLANs field By default the field is left blank which means that the port may become a member of all possible VLANs The port must be a member of the same VLAN as the Port VLAN ID Buttons APPIY Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 119 PLAN ET User s Manual of GS 5220 Series Networking amp Communication al 4 6 4 VLAN Membership Status This page provides an overview of membership status for VLAN users The VLAN Membership Status screen in Figure 4 6 4 appears VLAN Membership Status for Combined users Combined Auto refresh LJ start from LAN 1 wi 0 entries per page Port Members EEI e fallen flee 1 7a kA kl kl kl kl kl kad kA kl ki kl kl kl kl kad ka kl kl kl ki kl kl ke Figure 4 6 4 VLAN Membership Status for Static User Page Screenshot The page includes the following fields Object Description e VLAN User A VLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN Admin This is referred as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server GVRP GVRP GARP VLAN Registration Protocol or Generic VLAN Registration
366. s made locally and revert to previously saved values 330 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 18 2 RMON Alarm Status This page provides an overview of RMON Alarm entries Each page shows up to 99 entries from the Alarm table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Alarm table The first displayed will be the one with the lowest ID found in the Alarm table screen in Figure 4 18 2 appears RMON Alarm Overview Auto refresh L Start from Control Index oo o with entries per page Sample Startup Rising Falling Falling No more entres Figure 4 18 2 RMON Alarm Overview Page Screenshot The page includes the following fields Object Description e ID Indicates the index of Alarm control entry e Interval Indicates the interval in seconds for sampling and comparing the rising and falling threshold e Variable Indicates the particular variable to be sampled e Sample Type The method of sampling the selected variable and calculating the value to be compared against the thresholds e Value The value of the statistic during the last sampling period e Startup Alarm The alarm that may be sent when this entry is first set to valid e Rising Threshold Rising threshold value e Rising Index Rising event index e Falling Threshold Falling threshold value e Falling
367. screen in Figure 4 6 1 appears Global VLAN Configuration Figure 4 6 1 Global VLAN Configuration Screenshot The page includes the following fields Object Description e Allowed Access This field shows the allowed Access VLANs it only affects ports configured as VLANs Access ports Ports in other modes are members of all VLANs specified in the Allowed VLANs field By default only VLAN 1 is enabled More VLANs may be created by using a list syntax where the individual elements are separated by commas Ranges are specified with a dash separating the lower and upper bound The following example will create VLANs 1 10 11 12 13 200 and 300 1 10 13 200 300 Spaces are allowed in between the delimiters e Ethertype for Custom This field specifies the ethertype TPID specified in hexadecimal used for S ports Custom S ports The setting is in force for all ports whose Port Type is set to S Custom Port Port VLAN Configuration The VLAN Port Configuration screen in Figure 4 6 2 appears Port VLAN Configuration Port Port Type Ingress Ingress Egress Alloyed Forbidden VL AN YP Filtering Acceptance Tagging LANS Bee o Uke e Dob i Tagged and Untagged v Untg Pot VLAN v fi Tagged and Untagged v Untag Pot VLAN THe LUL Z DI o ww Up x 116 PLANET Networking amp Communication e User s Manual of GS 5220 Series Figure 4 6 2 Port VLAN Configuration Screenshot The pa
368. security mode operation Mi Disabled Disable Voice VLAN security mode operation Indicates the Voice VLAN port discovery protocol It will only work when auto detect mode is enabled We should enable LLDP feature before configuring discovery protocol to LLDP or Both Changing the discovery protocol to OUI or LLDP will restart auto detect process Possible discovery protocols are OUI Detect telephony device by OUI address LLDP Detect telephony device by LLDP WW Both Both OUI and LLDP 204 PLAN ET User s Manual of GS 5220 Series Networking amp Communication ry 4 9 17 Voice VLAN OUI Table Configure VOICE VLAN OUI table on this page The maximum entry number is 16 Modifying the OUI table will restart auto detection of OUI process The Voice VLAN OUI Table screen in Figure 4 9 19 appears Voice VLAN QUI Table 00 30 4f PLANET phones 00 03 6b Cisco phones UU UG H3C phones 00 60 b9 Fhilips and NEC AG phones 00 d0 1e Fingtel phones 00 e 75 Folycom phones 00 e0 bb 3Com phones 00 01 e3 Siemens AG phones d Pi LI d LI L LI Add New Entry Figure 4 9 19 Voice VLAN OUI Table Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is
369. selected for the TCP UDP destination filter you can enter a specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value When Range is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value Specify the TCP No more data from sender FIN value for this ACE Mi 0 TCP frames where the FIN field is set must not be able to match this entry HM 1 TCP frames where the FIN field is set must be able to match this entry BW Any Any value is allowed don t care Specify the TCP Synchronize sequence numbers SYN value for this ACE Mi 0 TCP frames where the SYN field is set must not be able to match this entry HM 1 TCP frames where the SYN field is set must be able to match this entry WW Any Any value is allowed don t care Specify the TCP Reset the connection RST value for this ACE Mi 0 TCP frames where the RST field is set must not be able to match this entry HM 1 TCP frames where the RST field is set must be able to match this entry BW Any Any value is allowed don t care 218 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e e TCP PSH Specify the TCP Push Function PSH value for this ACE Mi 0 TCP frames where the PSH field is set must not be able
370. sence of hazardous substances in electrical and electronic equipment end users of electrical and electronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision PLANET GS 5220 Series User s Manual Model GS 5220 Series Revision 1 2 August 2015 Part No EM GS 5220 series _v1 2 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a TABLE OF CONTENTS LINTRODUC HON ernn ES EE 10 TI Packer COMENTS EE 10 1 2 Product Descriptio E 11 13 HOW tOo Use THIS Manahi EE EE 13 kA te e te dE 14 1 5 Product SP SCUIG e E 18 IC LECH Eu HON E 2 21 Hardware EELER KENE 27 Pll OMIT PRONE QING EN 27 2 1 2 LED Indications eoseeeneeeenenerrnsrerrerererrnrerrrrnrrrrnrerrrn tert rrn turent r rure rEAEeEEEEREEEEAEREEEEAEREEEERESEEAEREEEEEEREEEEREEEEEEERE EEEE REEE ni 29 LIS WCRE EEN 34 2 2 stalling he SWIER u E cle deemed cuneate oes eene 36 2 2 1 Desktop EE TEE 36 Bee RAE VIOLIN O EE E 37 2 2 3 Installing the SFP SFP Transceiver cccccccsssccccescecceeececceuseecseuececsscecseueeesseuseessuseeesauececseueeessseeesegesesseneeesas 38 3 SWITCH MANAGEMENT 0 cccccsecneeneeceeeeeeesnnseesensensensensesenseuseuseneeuseneeeeeneseuseaseasensenees 42 E e nu 42 3 2 Management ACCESS OV CE VICW issnin a A a etn es wanenewesbawmeeticnaeanes 43 3 3 Administration CONSOLE
371. sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 e System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 86 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Y 4 3 5 SNMPv3 Configuration 4 3 5 1 SNMPv3 Communities Configure SNMPv3 communities table on this page The entry index key is Community The SNMPv3 Communities screen in Figure 4 3 4 appears SNMPv3 Community Configuration Add New Entry Figure 4 3 4 SNMPv3 Communities Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is ASCII characters from 33 to 126 The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string e Source IP Indicates the SNMP access source address A particular range of source addresses can be used to restrict source subnet when combined with source mask e Source Mask Indicates the SNMP access source address mask Button
372. ss And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privilege level 15 can be used for an administrator account privilege level 10 for a standard user account and privilege level 5 for a guest account Click to undo any changes made locally and revert to previously saved values Click to undo any changes made locally and return to the Users Delete User Delete the current user This button is not available for new configurations Add new user 58 a PLANET User s Manual of GS 5220 Series WMetworking amp Communication Once the new user is added the new user entry shown on the Users Configuration page Users Configuration User Name Privilege Level Add New User Figure 4 2 6 User Configuration Page Screenshot If you forget the new password after changing the default password please press the Reset button on the front panel of the Managed Switch for over 10 seconds and then release it The current setting including VLAN will be lost and the Managed Switch will restore to the default mode 59 PLANET User s Manual of GS 5220 Series Networking amp Communication vi 4 2 5 Privilege Levels This page provides an overview of the privilege levels After setup is completed please press the Apply button to take effect Please login web interface with new user name and password and the screen in Figure 4 2
373. st Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page 56 PLAN ET User s Manual of GS 5220 Series Networking amp Communication al 4 2 4 Users Configuration This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser After setup is completed press Apply button to take effect Please login web interface with new user name and password the screen in Figure 4 2 4 appears Users Configuration Privilege Level o admin A8 Figure 4 2 4 Users Configuration Page Screenshot The page includes the following fields Object Description e User Name The name identifying the user This is also a link to Add Edit User e Privilege Level The privilege level of the user The allowed range is 1 to 15 If the privilege level value is 15 it can access all groups i e that is granted the fully control of the device But others value need to refer to each group privilege level User s privilege should be same or greater than the group privilege level to have the access of that group By default setting most groups privilege level 5 has the read only access and privilege level 10 has the read write access And the system maintenance software upload factory defaults and etc need user privilege level 15 Generally the privil
374. t Gi Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Click to refresh the page any changes made locally will be undone Click to clear the counters Remove All Click to remove all ACEs 209 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 10 3 ACE Configuration Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type selected A frame that hits this ACE matches the configuration that is defined here The ACE Configuration screen in Figure 4 10 3 appears ACE Configuration Rate Limiter Disabled Disabled Logging Disabled MAC Parameters VLAN Parameters Figure 4 10 3 ACE Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port Select the ingress port for which this ACE applies Mi Any The ACE applies to any port HM Portn The ACE applies to this port number where n is the number of the switch port e Policy Filter Specify the policy number filter for this ACE Any No policy filter is specified policy filter status is don t care WW Specific If you want to filter a specific policy with this A
375. t means that the default classified value is not modified by this QCE Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Return to the previous page without saving the configuration change 4 9 12 QCL Status This page shows the QCL status by different QCL users Each row describes the QCE that is defined It is a conflict if a specific QCE is not applied to the hardware due to hardware limitations The maximum number of QCEs is 256 on each switch The QoS Control List Status screen in Figure 4 9 14 appears QoS Control List Status OCE Port Frame Action Conflict 0 oni Mo entries Figure 4 9 14 QoS Control List Status Page Screenshot The page includes the following fields Object Description e User Indicates the QCL user e QCE Indicates the index of QCE e Port Indicates the list of ports configured with the QCE e Frame Type Indicates the type of frame to look for incoming frames Possible frame types are WW Any The QCE will match all frame types HM Ethernet Only Ethernet frames with Ether Type 0x600 OxFFFF are allowed LLC Only LLC frames are allowed 197 PLAN EI User s Manual of GS 5220 Series Networking amp Communication al HM SNAP Only SNAP frames are allowed leg IPv4 The QCE will match only IPV4 frames E IPv6 The QCE will match only IPV6 frames e Action Indicates the classif
376. t 21 Digits Figure 4 2 18 SMTP Configuration Page Screenshot The page includes the following fields Object Description e SMTP Mode Controls whether SMTP is enabled on this switch e SMTP Server Type the SMTP server name or the IP address of the SMTP server e SMTP Port Set port number of SMTP service e SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent e Authentication User Type the user name for the SMTP server if Authentication is Enable Name e Authentication Type the password for the SMTP server if Authentication is Enable Password e E mail From Type the sender s E mail address This address is used for reply e mails e E mail Subject Type the subject title of the e mail e E mail 1 To Type the receiver s e mail address e E mail 2 To Buttons el Send a test mail to mail server to check this account is available or not Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 73 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 2 16 Web Firmware Upgrade This page facilitates an update of the firmware controlling the switch The Web Firmware Upgrade screen in Figure 4 2 19 appears Firmware Upload Browse oaa Figure 4 2 19 Web Firmware Upgrade Page Screenshot To open Firmware Upgrade screen perform the following 1 Click
377. t Technology Corp Company Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Person responsible for making this declaration Name Surname Kent Kang Position Title Product Manager Taiwan 21 May 2015 ally Place Date Legal Signature PLANET TECHNOLOGY CORPORATION e mail sales planet com tw http www planet com tw 10F No 96 Minquan Rd Xindian Dist New Taipei City Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528
378. t the time of a primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning Tree is incorrectly configured Please read the following before making any changes from the default values The Switch STP performs the following functions a Creates a single spanning tree from any combination of switching or bridging elements RS Creates multiple spanning trees from any combination of ports contained within a single switch in user specified groups Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree RS Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used a The unique switch identifier a The path cost to the root associated with each switch port a The port identifier STP communicates between switches on the network using Bridge Protocol Data Units BPDUs Each BPDU contains the following information a The unique identifier of the switch that the transmitting switch currently believes is the root switch
379. table below Description Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module The client can either be authenticated or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other reason the client will remain in the unauthenticated state for Hold Time seconds Shows the date and time of the last authentication of the client successful as well as unsuccessful Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Click to refresh the page immediately
380. tains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance E Debug Only present in CLI e Privilege Level Every privilege level group has an authorization level for the following sub groups E Configuration read only E Configuration execute read write E Status statistics read only a Status statistics read write e g for clearing of statistics Buttons Apply J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 6 NTP Configuration Configure NTP on this page NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP data grams as transport layer You can specify NTP Servers The NTP Configuration screen in Figure 4 2 8 appears NTP Configuration Disabled y Semer T pool ntp org europe pool ntp org noth america pool ntp org asia pool ntp org Server 5 joceania pool ntp org Figure 4 2 8 NTP Configuration Page Screenshot The page includes the following fields 61 PLAN EI User s Manual of GS 5220 Series Networking amp Communic
381. tations Buttons Auto refresh Lt Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Refresh Click to refresh the page 207 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 10 2 Access Control List Configuration This page shows the Access Control List ACL which is made up of the ACEs defined on this switch Each row describes the ACE that is defined The maximum number of ACEs is 512 on each switch Click on the lowest plus sign to add a new ACE to the list The reserved ACEs used for internal protocol cannot be edited or deleted the order sequence cannot be changed and the priority is highest The Access Control List Configuration screen in Figure 4 10 2 appears Access Control List Configuration Ingress Port Policy Bitmask Frame Type Rate Limiter Port Redirect Counter Auto refresh LI Remove All Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port Indicates the ingress port of the ACE Possible values are HM All The ACE will match all ingress port BW Port The ACE will match a specific ingress port e Policy Bitmask Indicates the policy number and bitmask of the ACE e Frame Type Indicates the frame type of the ACE Possible values are BW Any The ACE will match any frame type Mi EType The ACE will match Ethernet Type frames Note t
382. tch ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP E IPv6 The ACE will match all IPv6 standard frames Indicates the forwarding action of the ACE HM Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Indicates the rate limiter number of the ACE The allowed range is 1 to 16 When Disabled is displayed the rate limiter operation is disabled Indicates the port redirect operation of the ACE Frames matching the ACE are redirected to the port number The allowed values are Disabled or a specific port number When Disabled is displayed the port redirect operation is disabled e Mirror Specify the mirror operation of this port The allowed values are WW Enabled Frames received on the port are mirrored Mi Disabled Frames received on the port are not mirrored The default value is Disabled e CPU Forward packet that matched the specific ACE to CPU e CPU Once Forward first packet that matched the specific ACE to CPU e Counter The counter indicates the number of times the ACE was hit by a frame e Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limi
383. tch to authenticate users logging into the system for management access using local or remote authentication methods such as telnet and Web browser This Managed Switch provides secure network management access using the following options WH Remote Authentication Dial in User Service RADIUS E Terminal Access Controller Access Control System Plus TACACS WR Local user name and Privilege Level control RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN Until the client is authenticated 802 1X access control allows only Extensible Authentication Protocol over LAN EAPOL traffic through the port to which the client is connected After authentication is successful normal traffic can pass through the port This section includes this conce
384. te The diagram shows how the Managed Switch handles isolated and promiscuous ports and the each PC is not able to access the isolated port of each other s PCs But they all need to access with the same server AP Printer This section will show you how to configure the port for the server that could be accessed by each isolated port Promiscuous Public Servers Pi or liscuous VLAN 1 Private VLAN 2Ot lt i VLAANN 2 Private VLAN Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 in Promiscuous port The screen in Figure 4 6 17 appears aMMMOOoOor Figure 4 6 17 The Configuration of Isolated and Promiscuous Port 130 PLAN ET User s Manual of GS 5220 Series Networking amp Communication 4 6 8 MAC based VLAN The MAC based VLAN entries can be configured here This page allows for adding and deleting MAC based VLAN entries and assigning the entries to different ports This page shows only static entries The MAC based VLAN screen in Figure 4 6 18 appears MAC based VLAN Membership Configuration Auto refresh LJ Port Members EE EE EES Currently no entries present Figure 4 6 18 MAC based VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description e Delete To delete a MAC based VLAN entry check this box and press save e MAC Address Indicates the MAC address e VLAN ID In
385. te all dynamic entries to static entries Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 280 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 12 11 IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Source Guard Table screen in Figure 4 12 11 appears Static IP Source Guard Table Add New Entry Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The VLAN ID for the settings e IP Address Allowed Source IP address e MAC Address Allowed Source MAC address Buttons Add New Entry Click to add a new entry to the Static IP Source Guard table APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 281 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication 4 12 12 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection rel
386. terfaces Console Telnet Web browser SNMP v1 v2c Secure Management Interfaces SSH SSL SNMP v3 RFC 1213 MIB II RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 2 3 and 9 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2863 IF MIB RFC 2933 IGMP STD MIB RFC 3411 SNMP Frameworks MIB RFC 4292 IP Forward MIB RFC 4293 IP MIB RFC 4836 MAU MIB IEEE 802 1X PAE LLDP Standards Conformance Regulation Compliance FCC Part 15 Class A CE IEEE 802 3 10BASE T IEEE 802 3u 100BASE TX 100BASE FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x flow control and back pressure IEEE 802 3ad port trunk with LACP IEEE 802 1D Spanning Tree Protocol IEEE 802 1w Rapid Spanning Tree Protocol IEEE 802 1s Multiple Spanning Tree Protocol IEEE 802 1p Class of Service Standards Compliance 22 i PLAN ET User s Manual of GS 5220 Series Networking amp Communication IEEE 802 1Q VLAN tagging IEEE 802 1X Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 RFC 3376 IGMP version 3 RFC 2710 MLD version 1 FRC 3810 MLD version 2 Environment poe Temperature 0 50 degrees C perating Relative Humidity 5 95 non condensing S Temperature 10 70 degrees C orage Relative Humidity 5 95 non condensing
387. the ASCII characters from 33 to 126 e Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are E None None privacy protocol E DES An optional flag to indicate that this user using DES authentication protocol E AES An optional flag to indicate that this user uses AES authentication protocol e Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add New Entry Click to add a new user entry APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 5 3 SNMPv3 Groups Configure SNMPv3 groups table on this page The entry index keys are Security Model and Security Name The SNMPv3 Groups screen in Figure 4 3 6 appears SNMPv3 Group Configuration public default_ro_aroup private default_rw_oroup public default_ro_aroup private default rv_group default_user default rw _aroup Figure 4 3 6 SNMPv3 Groups Configuration Page Screenshot 89 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Security Model Indicates the security model that this entry should belong to Possible security models are M vi Rese
388. the DHCP relay mode operation Possible modes are E Enabled Enable DHCP relay mode operation When enabling DHCP relay mode operation the agent forwards and transfers DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered E Disabled Disable DHCP relay mode operation e Relay Server Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not on the same subnet domain 66 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi e Relay Information Indicates the DHCP relay information mode option operation Possible modes Mode are E Enabled Enable DHCP relay information mode operation When enabling DHCP relay information mode operation the agent inserts specific information option82 into a DHCP message when forwarding to DHCP server and removing it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled E Disabled Disable DHCP relay information mode operation e Relay Information Indicates the DHCP relay information option policy When enabling DHCP relay Policy information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under DHCP relay information operation
389. the Random Early Detection RED settings for queue 0 to 5 RED cannot be applied to queue 6 and 7 Through different RED configuration for the queues QoS classes it is possible to obtain Weighted Random Early Detection WRED operation between queues The settings are global for all ports in the switch The WRED screen in Figure 4 9 16 appears 199 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi Weighted Random Early Detection Configuration Min DP 1 DP 2 Max DP 3 EE Figure 4 9 16 WRED Page Screenshot The page includes the following fields Object Description e Queue The queue number QoS class for which the configuration below applies e Enable Controls whether RED is enabled for this queue e Min Threshold Controls the lower RED threshold If the average queue filling level is below this threshold the drop probability is zero This value is restricted to 0 100 e Max DP 1 Controls the drop probability for frames marked with Drop Precedence Level 1 when the average queue filling level is 100 This value is restricted to 0 100 e Max DP2 Controls the drop probability for frames marked with Drop Precedence Level 2 when the average queue filling level is 100 This value is restricted to 0 100 e Max DP3 Controls the drop probability for frames marked with Drop Precedence Level 3 when the average queue filling level is 100 This value is restricted to
390. tination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled e Destination MAC The Destination MAC Address can be used to calculate the destination port for Address the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled e IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled e TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Static Aggregation Group Configuration The Aggregation Group Configuration screen in Figure 4 5 3 appears 104 PLANET User s Manual of GS 5220 Series Melworking amp Communication Aggregation Group Configuration Port Members 2 2 4 5 6 7 0 solsscjssjuass E GGG o Gi 00 Gi 000000 OO OOO OoO0000000 OO COOC 00000000 OO OOO Oo000o000 00 OO COOC 00 0000o OO Oo OoO0000000 OO V O O 00 0000o okoki TO O 00000000C O O OO 000000 o o OO mee OO He 7 CO SS UU Utoe LI DUDU UD OD ec 4 OOOOOOO0OOOOO OO og O SO UCD aa 6 O00 000 OO OO OO OO OO A OC Figure 4 5 3 Aggregation Gr
391. tion Object Description e IP Configurations Configure whether the IP stack should act as a Host or a Router In Host mode IP traffic between interfaces will not be routed In Router mode traffic is routed between all interfaces DNS Server This setting controls the DNS name resolution done by the switch The following modes are supported E From any DHCP interfaces The first DNS server offered from a DHCP lease to a DHCP enabled interface will be used m No DNS server No DNS server will be used Configured Explicitly provide the IP address of the DNS Server in dotted decimal notation E From this DHCP interface 54 PLAN EI User s Manual of GS 5220 Series Networking amp Communication a Specify from which DHCP enabled interface a provided DNS server should be preferred DNS Proxy When DNS proxy is enabled system will relay DNS requests to the currently configured DNS server and reply as a DNS resolver to the client devices on the network e IP Address Delete Select this option to delete an existing IP interface VLAN The VLAN associated with the IP interface Only ports in this VLAN will be able to access the IP interface This field is only available for input when creating an new interface IPv4 DHCP Enabled Enable the DHCP client by checking this box The number of seconds for trying to obtain a DHCP lease Current Lease For DHCP interfaces with an active lease this column show the current int
392. tion VLANs Spanning Tree p Multicast p QoS Access Control List Authentication p Security p MAC Address Table LLDP Diagnostics we POE System Configuration Power Over Ethernet Status equential Power On Enable ystem Power Budget 240 Watts i allocation consumption urrent Budget 240 Watts urrent ports in used Class 1 ports OO Class 2 ports OO Class 3 ports Class 4 ports oF ower Consumption Reserved Power Resered mode Port Sequential oE Temperature SSS Port Configuration Port 1 6 37 C 1 99 F Status Status graphic 1 8 de Curent Power Consumption ED 5 1 240 w LLDP PoE Neighbors PoE Alive Check Configuration PoE Port Status gt Lie e D Protectio n Local Port PD Class E 1 3 Di 145 High PoE ON AT Figure 4 16 1 Power over Ethernet Status 4 16 1 Power over Ethernet Powered Device Voice over IP phones Enterprises can install PoE VoIP phones ATA sand other Ethernet non Ethernet end devices in the center where UPS is installed for 3 5 watts un interruptible power system and power control system Wireless LAN Access Points Access points can be installed at museums sightseeing sites airports hotels campuses factories warehouses etc 6 12 watts IP Surveillance IP cameras can be installed at enterprises museums campuses hospitals banks etc without worrying about electrical outlets 10 12 watts 312 30 watts damage the PD User s Manu
393. tion Ge Class DSCP i 1 5 d 4 5 6 D Figure 4 9 11 DSCP Classification Page Screenshot 192 PLAN ET User s Manual of GS 5220 Series Networking amp Communication v i The page includes the following fields Object Description e QoS Class Available QoS Class value ranges from 0 to 7 QoS Class 0 7 can be mapped to followed parameters e DPL Actual Drop Precedence Level e DSCP Select DSCP value 0 63 from DSCP menu to map DSCP to corresponding QoS Class and DPL value Buttons APPIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 11 QoS Control List This page shows the QoS Control List QCL which is made up of the QCEs Each row describes a QCE that is defined The maximum number of QCEs is 256 on each switch Click on the lowest plus sign to add a new QCE to the list The QoS Control List screen in Figure 4 9 12 appears Qos Control List Configuration QCE Port DMAC smac _ 29 vip pcp Frame Action DSCP Figure 4 9 12 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description e QCE Indicates the index of QCE e Port Indicates the list of ports configured with the QCE e DMAC Specify the type of Destination MAC addresses for incoming frame Possible values are BW Any All types of Destination MAC addresses are allowed HM Unicast Only Unicast MAC
394. tion note that e The ports used in a link aggregation must all be of the same media type RJ45 100 Mbps fiber e The ports that can be assigned to the same link aggregation have certain other restrictions see below e Ports can only be assigned to one link aggregation e The ports at both ends of a connection must be configured as link aggregation ports e None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port e All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN e The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole e Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop e Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of 10 ports to be aggregated at the same time The Managed Switch support Gigabit Ethernet ports up to 5 groups If the group is defined as a LACP static link aggregation group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregation group then the number of ports must be the same as the group member ports The aggregation code ensures that frames belonging to the same frame flow fo
395. tional 3 84 to 6 49 watts a Optional 6 49 to 12 95 watts or to 15 4 watts 4 Optional 12 95 to 25 50 watts or to 30 8 watts High power 1 In this mode the Maximum Power fields have no effect 2 The PoE chip of PD69008 has been designed to Class level 0 meaning it will be assigned to 15 4 watts in AF mode and 30 8 watts in AT mode under the power limit classification It is hardware limited 314 PLAN ET User s Manual of GS 5220 Series Networking amp Communication a a Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields The ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver In this mode the port power will not be turned on if the PD requests more available power E LLDP mode In this mode the ports of PoE power are managed and determined by LLDP Media Protocol 4 16 3 Power Over Ethernet Configuration This section allows the user to inspect and configure the current PoE configuration settings as Figure 4 16 2 appears Power Over Ethernet Configuration System PoE Admin Mode Enable PoE Management Mode allocation consumption PoE Legacy Mode Disable Power Supply Budget W 240 Temperature Threshold fu Degrees C PoE Usage Threshold 55 to Apply Reset PoE Temperature Protection Enable
396. to apply changes Reset Click to undo any changes made locally and revert to previously saved values 2 2 PLAN EI User s Manual of GS 5220 Series Networking amp Communication e 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status The SSH Configuration screen in Figure 4 12 5 appears SSH Configuration ege Enabled Figure 4 12 5 SSH Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the SSH mode operation Possible modes are E Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Apply J Click to apply changes Reset Click
397. to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less than one half of the advertising duration In the implementation the switch sends SSDP messages periodically at the interval one half of the advertising duration minus 30 seconds Valid values are in the range 100 to 86400 Apply Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values My File Network Places Edit View Favorites Tools Help gt C PS Search j Folders Hab Address a My Network Places Network Tasks zz GS 52720 487 4x Ki 1 T5 F Cl Local Network Add a network place d View network connections Setup a home or small office network Set up a wireless network for a home or small ofice View workgroup computers Hide icons for networked UPnP MW devices Figure 4 2 11 UPnP devices show on Windows My Network Place 65 PLAN EI User s Manual of GS 5220 Series Networking amp Communication v i 4 2 9 DHCP Relay Configure DHCP Relay on this page DHCP Relay is used to forward and to transfer DHCP messages between the clients and
398. top Installation To install the Managed Switch on desktop or shelf please follow these steps Step 1 Attach the rubber feet to the recessed areas on the bottom of the Managed Switch Step 2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 2 1 Figure 2 2 1 Place the Managed Switch on the Desktop Step 3 Keep enough ventilation space between the Managed Switch and the surrounding objects AD When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and specifications Step 4 Connect the Managed Switch to network devices Connect one end of a standard network cable to the 10 100 1000 RJ45 ports on the front of the Managed Switch Connect the other end of the cable to the network devices such as printer server workstation or router SC Connection to the Managed Switch requires UTP Category 5e network cabling with RJ45 tips For more information please see the Cabling Specification in Appendix A Note Step 5 Supply power to the Managed Switch Connect one end of the power cable to the Managed Switch Connect the power plug of the power cable to a standard wall outlet When the Managed Switch receives power the Power LED should remain solid Green 36 PLAN ET User s Manual of GS 5220 Series Melworking amp Communication 2 2 2 Rack Mounting To install the Managed Switch in a 19 inch standard r
399. trol Because the packet is now a bit longer than it was originally the Cyclic Redundancy Check CRC must be recalculated Adding an IEEE802 1Q Tag Dest Addr Src Addr Length E type Old CRC Original Ethernet New Tagged Packet Port VLAN ID Packets that are tagged are carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to another with the VLAN information intact This allows 802 1Q VLAN to span network devices and indeed the entire network if all network devices are 802 1Q compliant 112 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e Every physical port on a switch has a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLAN are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLAN are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets are also assigned a PVID but the PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the
400. trols the unit of measure for the policer rate as kbps Mbps fps or kfps The default value is kbps If flow control is enabled and the port is in flow control mode then pause frames are sent instead of discarding frames Reset Click to undo any changes made locally and revert to previously saved values 4 9 3 Port Classification This page allows you to configure the basic QoS Ingress Classification settings for all switch ports The Port Classification screen in Figure 4 9 2 appears 182 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e QoS Ingress Port Classification D JA D th amp w hI Slol eh eh ca G il o 4 4 4 LI LI d d s F LI LI LI d Figure 4 9 2 QoS Ingress Port Classification Page Screenshot The page includes the following fields Object Description e Port The port number for which the configuration below applies e CoS Controls the default class of service All frames are classified to a CoS There is a one to one mapping between CoS queue and priority A CoS of 0 zero has the lowest priority If the port is VLAN aware and the frame is tagged then the frame is classified to a CoS that is based on the PCP value in the tag as shown below Otherwise the frame is classified to the default CoS PCP value 0 1234567 CoS value 102345 6 7 The classified CoS can be overruled by a QCL entry Note If the default CoS has been dynamically changed th
401. try of the currently displayed as a basis for the next lookup When the end is reached the text No 284 a PLAN EI User s Manual of GS 5220 Series Networking amp Communication more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port e VLAN ID The VLAN ID of the entry e MAC Address The MAC address of the entry e IP Address The IP address of the entry Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Retresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields des Flushes all dynamic entries BS Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address gt gt Updates the table starting with the entry after the last entry currently displayed 285 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 13 Address Table Switching of frames is based upon the DMAC address contained in the frame The Managed Switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static
402. ture before we enable Voice VLAN It can avoid the conflict of ingress filter Possible modes are KH Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed range is 1 to 4095 Indicates the Voice VLAN secure learning age time The allowed range is 10 to 10000000 seconds It used when security mode or auto detect mode is enabled In other cases it will based hardware age time The actual age time will be situated in the age_time 2 age_time interval 203 PLANET Networking amp Communication a e Traffic Class e Mode e Port Security e Port Discovery Protocol User s Manual of GS 5220 Series Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Indicates the Voice VLAN port mode Possible port modes are Disabled Disjoin from Voice VLAN HM Auto Enable auto detect mode It detects whether there is VoIP phone attached to the specific port and configures the Voice VLAN members automatically Mi Forced Force join to Voice VLAN Indicates the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Possible port modes are Di Enabled Enable Voice VLAN
403. unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Configuration Security gt AAA Page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1X authentication The NAS configuration consists of two sections a system and a port wide The Network Access Server Configuration screen in Figure 4 11 4 appears 228 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication Network Access Server Configuration System Configuration Reauthentication Enabled RADIUS Assigned QoS Enabled RADIUS Assigned VLAN Enabled Allow Guest VLAN if EAPOL Seen Port Configuration RADIUS Assigned RADIUS Assigned Guest i C S S Pore Authorized ze Globally Disabled Force Authorizel e Globally Disabled Force Authorized Globally Disabled Force Aut
404. untagged frames are accepted Tagged Only Only tagged frames are accepted on ingress Untagged frames are discarded 118 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e W Untagged Only Only untagged frames are accepted on ingress Tagged frames are discarded Egress Tagging This option is only available for ports in Hybrid mode Ports in Trunk and Hybrid mode may control the tagging of frames on egress W Untag Port VLAN Frames classified to the Port VLAN are transmitted untagged Other frames are transmitted with the relevant tag WE tag All All frames whether classified to the Port VLAN or not are transmitted with a tag Mm Untag All All frames whether classified to the Port VLAN or not are transmitted without a tag e Allowed VLANs Ports in Trunk and Hybrid mode may control which VLANs they are allowed to become members of The field s syntax is identical to the syntax used in the Enabled VLANs field By default a Trunk or Hybrid port will become member of all VLANs and is therefore set to 1 4095 The field may be left empty which means that the port will not become member of any VLANs e Forbidden VLANs A port may be configured to never be member of one or more VLANs This is particularly useful when dynamic VLAN protocols like MVRP and GVRP must be prevented from dynamically adding ports to VLANs The trick is to mark such VLANs as forbidden on the port in question The syntax i
405. up 3 are separated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 7 appears and Table 4 6 8 describes the port configuration of the Managed Switches VLAN Overview I I l l i Er I S A l I E GE l I j l I l i i i I l 7 3 i i I l i Io l l i i PC 1 PC 2 PC 3 I PC 4 PCS PC 6 l Untagged Untagged Tagged Untagged Untagged Tagged i i I t i VLAN 2 E VLAN 3 l J Dn en en pm pm em pm wm pm pm mm pm zm mm mm em mm em mm em em pm pm mm mm mm wm r ven zm em wm wm zm em em em em mm mm pm mm pm wm SSS pm mm mm en mm mn es Figure 4 6 7 Two Separate VLANs Diagram VLAN Group 1 Port 7 Port 52 N A Table 4 1 VLAN and Port Configuration The scenario is described as follows Untagged packet entering VLAN 2 125 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away it tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 m Tagged packet entering VLAN 2 5 While PC 3 transmit a tagged packet with VLAN Tag 2
406. ups Configure SNMPv3 groups table on this page a SNMPv3 Views Configure SNMPv3 views table on this page E SNMPv3 Access Configure SNMPv3 accesses table on this page 4 3 2 SNMP System Configuration Configure SNMP on this page The SNMP System Configuration screen in Figure 4 3 1 appears SNMP System Configuration Enabled s SNMP v2c g Write Community E 00007e5017000001 Figure 4 3 1 SNMP System Configuration Page Screenshot The page includes the following fields Object Description e Mode Indicates the SNMP mode operation Possible modes are E Enabled Enable SNMP mode operation E Disabled Disable SNMP mode operation e Version Indicates the SNMP supported version Possible versions are E SNMP v1 Set SNMP supported version 1 E SNMP v2c Set SNMP supported version 2c E SNMP v3 Set SNMP supported version 3 82 a Buttons Apply Click to apply changes PLANET Networking amp Communication e Read Community e Write Community e Engine ID User s Manual of GS 5220 Series Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field is applicable only when SNMP version is SNMPv1 or SNMPv2c If SNMP version is SNMPv3 the community string will be associated with SNMPv3 communities table It provides more flexibility to configure security name than a SNMPv1 or SN
407. uration This will initiate the process of completely replacing the existing configuration with that of the selected file 4 2 22 Configuration Delete Configuration Delete page allows to delete the startup config and default config files which stored in FLASH If this is done and the switch is rebooted without a prior Save operation this effectively resets the switch to default configuration Please refer to the Figure 4 2 27 shown below Delete Configuration File select configuration file to delete Delete Configuration File Figure 4 2 27 Configuration Delete Page Screenshot 4 2 23 Image Select This page provides information about the active and alternate backup firmware images in the device and allows you to revert to the alternate image The web page displays two tables with information about the active and alternate firmware images The Image Select screen in Figure 4 2 28 appears In case the active firmware image is the alternate image only the Active Image table is shown In this case the Activate Alternate Image button is also disabled 1 If the alternate image is active due to a corruption of the primary image or by manual intervention uploading a new firmware image to the device will automatically use the primary image slot and activate this 2 The firmware version and date information may be empty for older firmware releases This does not constitute an error 78 ci PLAN EI User s M
408. us to Force Authorized if the port is connected to the RADIUS server or the port is an uplink port that is connected to another switch Or once the 802 1X starts to work the switch might not be able to access the RADIUS server 262 PLAN ET User s Manual of GS 5220 Series Networking amp Communication Gr 4 11 11 802 1X Client Configuration Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Goto Start gt Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window A JCOM 3C940 Status General e upport Connector Status Connected Duration 03 38 37 Speed 100 0 Mbps Activity a ull ke d Recenved P E eent 146 938 760 110 212 126 Figure 4 11 19 4 Select Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the
409. uto refresh Transmit to Client Transmit Error Receive from Client Receive Agent Option Replace Agent Option Keep Agent Option Drop Agent Option Retresh User s Manual of GS 5220 Series Description The packets number that relayed from client to server The packets number that errors sending packets to clients The packets number that received packets from server The packets number that received packets without agent information options The packets number that received packets which the Circuit ID option was missing The packets number that received packets which Remote ID option was missing The packets number that the Circuit ID option did not match known circuit ID The packets number that the Remote ID option did not match known Remote ID Description The packets number that relayed packets from server to client The packets number that erroneously sent packets to servers The packets number that received packets from server The packets number that received packets with relay agent information option The packets number that replaced received packets with relay agent information option The packets number that kept received packets with relay agent information option The packets number that dropped received packets with relay agent information option Check this box to refresh the page automatically Automatic refresh occurs every 3 seconds Click to refresh the page immediately Clear
410. value used by STP to evaluate paths 200 000 100Mbps Fast Ethernet ports STP calculates path costs and selects the 20 000 1000Mbps Gigabit Ethernet path with the minimum cost as the active ports path Default Spanning Tree Configuration Feature Enable state Port priority Port cost Bridge Priority 0 Auto Default Value STP disabled for all ports 128 0 32 768 139 PLAN ET User s Manual of GS 5220 Series lt lt Networking amp Communication User Changeable STA Parameters The Switch s factory default setting should cover the majority of installations However it is advisable to keep the default settings as set at the factory unless it is absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge If you set a Hello Time for your Switch and it is not the Root Bridge the set Hello Time will be used if and when your Switch becomes the Root Bridge Max Age The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the Root Bridge your Switch will start sending its own BPDU to all other Switches for permission to become
411. vents power interference between ports Remote power feeding up to 100 meters PoE Management Total PoE power budget control Per port PoE function enable disable PoE Port Power feeding priority Per PoE port power limitation PD classification detection PD alive check PoE schedule PD power recycling schedule gt Layer 2 Features WR Prevents packet loss with back pressure half duplex and IEEE 802 3x pause frame flow control full duplex WR High performance of Store and Forward architecture and runt CRC filtering eliminates erroneous packets to optimize the network bandwidth WR Storm Control support Broadcast Unicast Unknown unicast WR Supports VLAN IEEE 802 1Q tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Protocol based VLAN MAC based VLAN IP Subnet based VLAN Voice VLAN 14 User s Manual of GS 5220 Series a PLAN EI User s Manual of GS 5220 Series Networking amp Communication E Supports Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard WR Supports Link Aggregation 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel Static Trunk Up to 8 ports per trunk group Up to 16Gbps bandwidth full duplex mode m Provi
412. viously saved values 55 PLAN ET User s Manual of GS 5220 Series Networking amp Communication vi 4 2 3 IP Status IP Status displays the status of the IP protocol layer The status is defined by the IP interfaces the IP routes and the neighbour cache ARP cache status The screen in Figure 4 2 3 appears IP Interfaces O00 00 00 00 00 00 SUD LOOPBACK RUNNING MULTICAST 127 0 0 1 8 feso 1 1 64 1 128 00 30 4f 11 22 33 UIP BROADCAST RUNNING MULTICAST 192 168 0 100 20 feso 2 230 4fffe11 2233 54 IP Routes Network Gateway Status 127 0 0 1 32 127 0 0 1 lt UPHOST gt 192 168 0 0 24 WLAN UP HW_RT gt 192 166 0 0 20 WLAN UP HW_RT gt 224 0 0 0 4 127 0 0 1 ls 128 1 UP HOST Neighbour cache 192 168 0 123 WLAN 00 30 4f7 91 e6 45 fes0 20230 4ffie11 2233 VLAN1 00 30 4f 11 22 33 Figure 4 2 3 IP Status Page Screenshot The page includes the following fields Object Description e IP Interfaces The name of the interface Type The address type of the entry This may be LINK or IPv4 Address The current address of the interface of the given type The status flags of the interface and or address e IP Routes The destination IP network or host address of this route Gateway The gateway address of this route The status flags of the route e Neighbor Cache IP Address The IP address of the entry Link Address The Link MAC address for which a binding to the IP address given exi
413. voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy WR Guest Voice support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services WR Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy E Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged 297 al PLANET Networking amp Communication e Tag e VLAN ID e L2 Priority e DSCP e Adding a new policy User s Manual of GS 5220
414. w age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown 2 6 E PLANET User s Manual of GS 5220 Series lt lt Networking amp Communication 4 12 8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server VLAN ID IP Address MAC Address 1 192 168 0 1 00 30 4F 11 22 33 DHCP Client DHCP Server E Configure DHCP Snooping on this page The DHCP Snooping Configuration screen in Figure 4 12 8 appears 21 1 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e DHCP Snooping Configuration Shooping Mode Disnei v Port Mode Configuration d z F lt alale la lal LEIE AA IAAI d 3 V Figure 4 12 8 DHCP Snooping Configuration Screen Page Screenshot The page includes the following fields Object Description e Snooping Mode Indicates the DHCP snooping mode operation Possible modes are E Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports E Disabled Disable DHCP snooping mode operation e Port Mode Indicates the DHCP snooping port mode Possible port modes are C
415. witch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch PC Workstation with Web Browser 192 168 0 x Managed Switch wm Sec gn RJ45 UTP Cable IP Address 192 168 0 100 Figure 3 1 3 Web Management You can then use your Web browser to list and manage the Managed Switch configuration parameters from one central location just as if you were directly connected to the Managed Switch s console port Web Management requires either Microsoft Internet Explorer 7 0 or later Safari or Mozilla Firefox 1 5 or later Q PLANET Retworkisg amp Coerteeicotion GS 5220 48T4xX System gt SNMP Port Management Link Aggregation p VLANs Spanning Tree Spanning Tr Welcome to PLANET gt Multicast Control List G S 5 2 20 48T4X fication 48 Port 10 100 1000Mbps with 4 Shared SFP 4 x 10G port Management Switch PLANET Technology Corporation 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax 666 2 2219 9526 Email Support planet com tw Copyright 2014 PLANET Technology Corporation All rights reserved Figure 3 1 4 Web Main Screen of Managed Switch 45 P PLANET User s Manual of GS 5220 Series Networking amp Communication 3 5 SNMP based Network Management You can use an external SNMP based application to configure and manage the Managed Switch such as SNMP Netwo
416. y reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section Note that clicking the reopen button causes the page to be refreshed so non committed changes will be lost Buttons APBIY J Click to apply changes Reset Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Note that non committed changes will be lost 269 PLAN ET User s Manual of GS 5220 Series Networking amp Communication e 4 12 2 Access Management Configure access management table on this page The maximum entry number is 16 If the application s type match any one of the access management entries it will allow access to the switch The Access Management Configuration screen in Figure 4 12 2 appears Access Management Configuration VLAN ID Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH Add New Entry Apply Figure 4 12 2 Access Management Configuration Overview Page Screenshot The page includes the following fields Object Description e Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation e Delete Check to delete the entry It will be deleted during the next apply e VLAN ID Indicates the VLAN ID for the access management entry e Start
417. y to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN an explicit leave message and query messages that are specific to a given group 156 3 9 PLANET User s Manual of GS 5220 Series Networking amp Communication The states a computer will go through to join or to leave a multicast group are shown below Non Member Leave Group Send Report Start Timer Leave Group Query Received Start Timer Delaying Member Report Received Idle Member Stop Timer Timer Expried Send report Figure 4 8 4 IGMP State Transitions a IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It then propagates the service requests on to any upstream multicast switch router to ensure that it will continue to receive the multicast service Multicast routers use this information along with a multicast routing protocol such as
418. ys the current sequential power on mode e System Power Budget Displays the maximum PoE power budget e Operation Mode Displays the current PoE operation mode e Current Budget Displays the current maximum PoE budget e Current Ports in Use Displays the current PoE ports in use 320 v i PLANET Networking amp Communication Class 1 4 ports Power Consumption Reserved Power Reserved mode PoE Temperature Current Power Consumption Total Power Reserved Temperature 1 Temperature 2 Local Port PD Class Power Used W Current Used mA User s Manual of GS 5220 Series Displays the current PoE class 1 4 ports Displays the current power consumption total watts and percentage Shows how much the total power is reserved for all PDs Displays the current operating temperature of the first PoE chip unit Shows the total watts usage of Managed PoE Switch Shows how much the total power is reserved for all PDs Displays the current operating temperature of the first PoE chip unit Displays the current operating temperature of the second PoE chip unit This is the logical port number for this row Displays the class of the PD attached to the port as established by the classification process Class 0 is the default for PDs The PD is powered based on PoE Class level if system is working in Classification mode A PD will return Class to 0 to 4 in accordance with the maximum power drawn as specified by T
Download Pdf Manuals
Related Search