User Manual
Contents
1. 3 1 2 3 IP Address Setting Configure the switch managed IP information on this page IP Configuration IP Address 192 168 10 1 IP Mask 255 255 295 0 IP Router 00 0 0 0 0 DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup 16 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM IP Address Assign the IP address that the network is using If DHCP client function is enabling you do not need to assign the IP address The network DHCP server will assign the IP address for the switch and it will be display in this column The default IP is 192 168 10 1 Assign the subnet mask of the IP address If DHCP client function rit eeuen serans IP Router Assign the network gateway for the switch The default gateway mee Seen eenn 4095 SNTP Server SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer Click to save changes Click to undo any changes made locally and revert to previously seset saved values Click to renew DHCP This button is only available if DHCP is enab2. only If the RADIUS server denies a client access or a RADIUS server request times out according to the timeout specified on the aTe Authentication configuration page the client is put on hold in the Unauthorized state In this state frames from the client will not cause the switch to attempt to re authenticate the client The Hold Time which can be set to a number between 10 and 1000000 seconds determines the time after an EAP Failure indication or RADIUS timeout that a client is not allowed access Pot The port number for which the configuration below applies Sets the authentication mode to one of the following options only used when 802 1X or MAC based authentication is globally Admin State enabled Auto Requires an 802 1X aware client supplicant to be 71 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM authorized by the authentication server Clients that are not 802 1X aware will be denied access Authorized Forces the port to grant access to all clients 802 1X aware or not The switch transmits an EAPOL Success frame when the port links up Unauthorized Forces the port to deny access to all clients 802 1X aware or not The switch transmits an EAPOL Failure frame when the port links up MAC Based Enables MAC based authentication on the port The switch doesn t transmit or accept EAPOL frames on the port Flooded frames and bro
3. dotixAuthBackendResponses For MAC based ports this section is embedded in the backend server counter s section Information about the last supplicant client that attempted to Last l l l authenticate S u p pl Ica nt CI le nt Last Supplicant Client Info IEEE Name Description nfo z dotixAuthLastEapolFrameVersion The protocol version number carried in the most recently received EAPOL frame Not applicable Port based dot 1xAuthLastEapolFrameSource roe Source MAC address carried in the most recently received EAPOL frame Not applicable Port based The user name supplicant identity carried in the most recently received Resp ID EAPOL frame ed MAC bas The MAC address of the last client that attempted to authenticate left most table or the MAC address of the currently selected client right most table This table is only available for MAC based ports Each row in the table represents a MAC based client on the port and there are three parameters for each client MAC Address Shows the MAC address of the client which is also used as the password in the authentication process against the backend server Clicking the link causes the client s backend server counters to be Clients attached shown in the right most backend server counters table above If no to this port clients are attached it shows No clients attached State Shows whether the client is authorized or unauthorized As long as the backend server hasn t suc
4. on the port The number of legacy STP Configuration BPDU s received transmitted on the port The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknaum The number of unknown Spanning Tree BPDU s received and discarded on the port The number of illegal Spanning Tree BPDU s received and Discarded Illegal discarded on the port Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals 3 1 6 VLAN 3 1 6 1 VLAN Membership Configuration The VLAN membership configuration for the selected stack switch unit switch can be monitored and modified here Up to 64 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN VLAN Membership Configuration Open in new window Port Members Delete VLAN ID 1 2 34 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 d 1 M MAMMAM AMAM M M M M A A a a a Add new VLAN Delete Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Checkmarks indicate which ports are members of the entry Port Members Check or uncheck as needed to modify the entry KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM
5. KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM prevent bridges external to a core region of the network influencing the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also know as Root Guard If enabled causes the port not to propagate received topology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a Spanning trees active topology as a result of persistent incorrectly Seciacted TCN learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or Point2Point forced either true or false Transition to the forwarding state is faster for point to point LANs than for shared media Click to save changes Click to undo any changes made locally and revert to previously saved values MSTI Ports This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well
6. User name a admin Password eeeee Remember my password cci Login screen Main Interface 13 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Information Message Name Description Location Contact OID 1 3 6 1 4 1 868 27 1240 0 5 68 Hardware Industrial Managed All Gigabit PoE Switch 8 10 100 1000Base TX PoE with 4 Gigabit SFP Ports System Date 1970 01 01 00 00 12 0000 System Uptime Od 00 00 12 Kernel Version v7 10 Software Version v1 00 Software Date 2011 08 17 10 39 17 0800 Auto refresh L Refres Enable Location Alert Main Interface 3 1 2 Basic Settings 3 1 2 1 System Information The switch system information is provided here System Information Configuration System Name System Description Industrial Managed All Gigabit PoE System Location System Contact System Timezone Offset minutes System Information interface System Contact The textual identification of the contact person for this managed 14 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM node together with information on how to contact this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 An administratively assigned name for this managed node By convention this is the node s f
7. Welcome to the QCL Configuration Wizard Please select an action Set up IP Cam High Performance Increase IP Cam performance Set up Port Policies Group ports into several types according to different OCL policies Set up Typical Network Application Rules Set up the specific OCL for different typical network application quality control Set up ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the user priority value 3 bits when receiving VLAN tagged packets To continue click Next Set up Group ports into several types according to different QCL policies Port Policies Set up Typical T l a Set up the specific QCL for different typical network application Network quality control Application Rules Set up ToS Precedence Mapping Set up VLAN Tag Set up the traffic class mapping to the User Priority value 3 bits Priority Mapping when receiving VLAN tagged packets 3 1 9 IGMP Snooping 3 1 9 1 IGMP Snooping This page provides IGMP Snooping related configuration Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets 57 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM IGMP Snooping Configuration Global Configuratio
8. 3 1 18 Power Over E O e 95 3 1 18 1 PoE Configuration Reserved Power determined ccc6 95 3 1 18 2 PoE Configuration Power management Mode c eee 96 3 1 18 3 PoE Configuration Primary backup Power Supply 97 3 1 18 4 PoE Configuration Port Configuration 0 0 ccc ceseeeeees 98 3 1 18 5 Power over Ethernet Status 00000 000 oc ccccccssseeessneeseseeessseeesseeeesseeeess 99 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 18 6 LLDP Power Over Ethernet Neighbor 000000 0 ccccceeeseeeeeeees 99 3 1 19 Factory LS A te siersntt ceterieastectien tele ccenscstteruietindiocetsetiasslectien einecuen ac e 101 3 1 20 BS SOC OR I COO ce sic ee eahce aces sce cand set osc ct namics inch ithe swedsadmutind A eacahieseeees coe 102 Command Line Interface Management cccsssecsesseeeesseeeenseeeeneeseees 103 4I About CLL Management ass cesc pantea stay cateanta cones anes sudusae stausniea a aa 103 COPYRIGHT NOTICE Copyright 2011 KUSA LLC All rights reserved No part of this publication may be reproduced in any form without the prior written consent of KUSA KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM TRADEMARKS KUSA is a registered trademark of KUSA All other trademarks
9. A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global 38 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM MSTI Port Configuration MST2 MSTI Port Configuration MSTI Aggregated Ports Configuration Port Path Cost Priority auto 1289 MSTI Normal Ports Configuration Port Path Cost Priority 1 Auto w 128 Auto heal 125 Auto w 128 Auto w 128 Auto t 128 LLL Auto w 128 Description The switch port number of the corresponding STP CIST and MSTI port Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a Path Cost user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 Controls the port priority This can be used to control priority of 39 KUSA Cyber Secur
10. Add New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack switch unit when you Adding a New Static n click on Save The VLAN is thereafter present on the other stack ntr switch units but with no port members A VLAN without any port members on any stack unit will be deleted when you click Save Delet The button can be used to undo the addition of new VLANs 3 1 6 2 Private VLAN The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs Private VLAN Membership Configuration Open in new window Port Members Delete PVLANID 1 2 3 4 5 6 7 8 9 1011 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Pi 1 M M MMMM MMAM M MM M M M Me MM M Add new Private VLAN Delete Check to delete the entry It will be d
11. Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that VeriPHY is only accurate for cables of length 7 140 meters 10 and 100 Mbps ports will be linked down while running VeriPHY Therefore running VeriPHY on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete Pot The port where you are requesting VeriPHY Cable Diagnostics Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair 3 1 17 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues ICMP Ping IP Address Ping Size After you press 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs PING6 server 10 10 132 20 64 bytes from 10 10 132 20 icmp_seq 0 time Oms 94 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 64 bytes from 10 10 132 20 icmp_seq 1 time Oms 64 bytes from 10 10 132 20 icmp_seq 2 time Oms 64 bytes from 10 10 132 20 icmp_seq 3 time Oms 64 bytes from 10 1
12. Global Counters Neighbor entries Shows the time for when the last entry was last deleted or added were last changed at It is also shows the time elapsed since last change was detected Total Neighbors Entries Added Total Neighbors Shows the number of new entries added since switch reboot Shows the number of new entries deleted since switch reboot Entries Deleted Total Neighbors Shows the number of LLDP frames dropped due to that the entry Entries Dropped table was full Total Neighbors Shows the number of entries deleted due to Time To Live Entries Aged Out expiring Local Counters The number of received LLDP frames containing some kind of error lf an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP Frames Discarded standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links 20 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM down an LLDP shutdown frame is received or when the entry ages out Each LLDP frame can contain multiple pieces of information TLVs Discarded known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and dis
13. Power Priority Power Priority Maximum Power The Type represents whether the device is a Power Sourcing Entity P S E or Power Device PD If the Type is unknown it is represented as Reserved The Source represents the power source being utilized by a P S E or PD device If the device is a P S E device it can either run on its Primary Power Source or its Backup Power Source If it is unknown whether the P S E device is using its Primary Power Source or its Backup Power Source it is indicated as Unknown If the device is a PD device it can either run on its local power supply or it can use the P S E as power source It can also use both its local power supply and the P S E If it is unknown what power supply the PD device is using it is indicated as Unknown The Power Used shows how much current the PD currently is using POE ports Power Priority represents the priority of the PD device or the power priority associated with the P S E type device s port that is sourcing the power There are three levels of power priority The three levels are Critical High and Low If the power priority is unknown it is indicated as Unknown The Power Value contains a numerical value that indicates the maximum power in watts required by a PD device from a P S E device or the minimum power a P S E device is capable of sourcing over a maximum length cable based on its current 100 KUSA Cyber Secure Video
14. There should be one and only one Ring Master in a ring However if there are two or more switches which set Ring ming ASIEN Master to enable the switch with the lowest MAC address will be the actual Ring Master and others will be Backup Masters 1 Ring Port The primary port when this switch is Ring Master gnd Ring Port The backup port when this switch is Ring Master Coupling Ring Mark to enable Coupling Ring Coupling Ring can be used to divide a big ring into two smaller rings to avoid effecting all switches when network topology change Itis a good application for connecting two Rings Coupling Port Link to Coupling Port of the switch in another ring Coupling Ring need four switch to build an active and a backup link Set a port as coupling port The coupled four ports of four switches will be run at active backup mode Dual Homing Mark to enable Dual Homing By selecting Dual Homing mode Ring will be connected to normal switches through two RSTP links ex backbone Switch The two links work as active backup mode and connect each Ring to the normal switches in RSTP mode Apply Click Apply to set the configurations Note We don t suggest you to set one switch as a Ring Master and a Coupling Ring at the 32 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM same time due to heavy load 3 1 5 2 MSTP Bridge Settings This page allows you
15. 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Community Lookup lt index gt User Add lt engineid gt lt user_name gt MD5ISHA lt auth_password gt DES lt priv_password gt User Delete lt index gt User Changekey lt engineid gt lt user_name gt lt auth_password gt lt priv_password gt User Lookup lt index gt Group Add lt security_model gt lt security_name gt lt group_name gt Access Add lt group_name gt lt security_model gt lt security_level gt lt read_view_name gt lt write_view_name gt Access Delete lt index gt Access Lookup lt index gt Firmware Load lt ip_addr_string gt lt file_name gt fault nee Alarm PortLinkDown lt port_list gt enableldisable Alarm PowerFailure pwr1 lpwr2lpwr3 enableldisable SFLOW version v2Iv5 mode enableldisable interval lt integer gt coladdr lt ip_addr gt colport lt integer gt 114 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Technical Specifications Switch Mode OO Physical Ports Gigabit 10 100 1000Base T X RJ 45 Ports Technology IEEE 802 3 for 10Base T IEEE 802 3u for 100Base T X and 100Base FX IEEE 802 3z for 1000Base X IEEE 802 3ab for 1000Base T IEEE 802 3x for Flow control Ethernet Standards IEEE 802 3ad for LACP Link Aggregation Control Protocol IEEE 802 1D fo
16. Disabled Reauthentication Enabled Reauthentication Period 3600 seconds EAP Timeout seconds Age Period 300 seconds Hold Time seconds Port Configuration Port Admin State Port State Max Clients Restart i Disabled 2 Disabled 3 Disabled 4 Disabled 5 Disabled a Deseo Indicates if 802 1X and MAC based authentication is globally elklklElE enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames If checked clients are re authenticated after the interval specified by the Re authentication Period Re authentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port Re authentication For MAC based ports re authentication is only useful if the Enabled RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port see Age Period below Determines the period in seconds after which a connected client Re authentication must be re authenticated This is only active if the Period Re authentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds Determines the time the switch shall wait for the supplicant EAP Timeout response before retransmitting a packet Valid values are in the range 1 to 255 seconds This has no effect for MAC based ports 70 KUSA Cyber Secure Video Sw
17. KY BPPSEIJOWM 118
18. Select which rate limiter to apply to this port The allowed values are Rate Limiter ID Disabled or the values 1 through 15 The default value is Disabled Select which port frames are copied to The allowed values are Port Copy o ee Disabled or a specific port number The default value is Disabled Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Logging Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited 60 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Specify the port shut down operation of this port The allowed values are Enabled If a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled Counts the number of frames that match this ACE 3 1 10 1 2 Rate Limiters Configure the rate limiter for the ACL of the switch ACL Rate Limiter Configuration a m z m Q a m T a n lt E iD 0 h Fh amp W M e e S 4 4 4 4 41 4 m a 61 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Rate Limiter ID The rate limiter ID for the sett
19. The total number of entries is 0 for the given level Start from ID with entries per page ID Level Time Message No system log entries The ID gt 1 of the system log entry The level of the system log entry The following level types are supported Info Information level of the system log Level Warning Warning level of the system log Error Error level of the system log All All levels The time of the system log entry The MAC Address of this switch Check this box to enable an automatic refresh of the page at regular Auto refresh J intervals Updates the system log entries starting from the current entry ID ear Flushes all system log entries Updates the system log entries starting from the first available entry ID Updates the system log entries ending at the last entry currently ae displayed 92 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Updates the system log entries starting from the last entry currently displayed Updates the system log entries ending at the last available entry ID 3 1 16 Cable Diagnostics This page is used for running the Ver1PHY Cable Diagnostics VeriPHY Cable Diagnostics Open in new window CAI Port Pair A Length A Pair B Length B Pair C Length C Pair D Length D 93 KUSA Cyber Secure Video Switch Network Security For The 21
20. Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 802 1X Statistics Port 1 Port 1 Auto refresh E Refresh Receive EAPOL Counters Transmit EAPOL Counters Total Request ID Requests 0 o Total Response ID Responses Start Logoff Invalid Type Invalid Length Receive Backend Server Counters Transmit Backend Server Counters D ooa o a o O Access Challenges 0 Responses o Other Requests o Auth Successes 0 Auth Failures g Last Supplicant Info Version 0 Source Identity fiat oen SS These counters are not available for MAC based ports Supplicant frame counter statistics There are seven receive frame counters and three transmit frame counters EAPOL Counters Direction Name IEEE Name Description EAPO L Co u nte rs Rx Total dotixAuthEapolFramesRx The number of valid EAPOL frames of any type that have been received by the switch Response ID dotixAuthEapolRespIdFramesRx The number of valid EAP Resp ID frames that have been received by the switch The number of valid EAPOL response frames other than Resp ID frames that have been received by the switch Start dotixAuthEapolStartFramesRx The number of EAPOL Start frames that have been received by the switch Logoff dotixAuthEapolLogoffFramesRx The number of valid EAPOL logoff frames that have been received by the switch Responses dotixAuthEapolRespFramesRx The number of EAPOL frames that have been received by
21. caeaieontvceadceusienvcsuutasiaietatecedacayeonsiodvae akaeten an A aise 14 Dil eZ AAV SYS CCM MILO MMMALION aooo i o AEE EEO ATO NO 14 Bh 2 AMAL Oe PASS WOT eena eaa a tween ua taashivadisecams uy aa 15 INIP Address SENE eaa o ntcnusesn sate aantah wanna a E Ar 16 SM A GDP r a N 17 32S Backup Restore Omi eurai Mesas a a a a E E Oa ERSE 21 SAN 2 Oks ith Wale UPd Aee EE EE te EEE EEEE 22 Er NOI SCI VEL E aera T a E E AON 22 3 1 3 1 o eenaa a a N eR 22 3 1 3 2 DHCP Dynamic CllenUList 4 c03 si tenia cee 22 3 133 DHCP Client Elst anpi E A 23 Hla Porse eea a a a a Seas meee Meerrace eee 23 3 1 4 1 PO COME Ol icu a S a S 23 S42 Rale EM pee sac a E E a a 25 SAAR PONTUNK anea sansdversaatoducensinmeanpianaiaa AOE 26 SAS sIRCOUMCANCY soina e A a EA 31 3 1 5 1 Redundant RING ono a A oals 31 SESA MSIE eaea E E Teo 33 EO NEAN e i e o e ea e NMR ORT 42 3 1 6 1 VLAN Membership Configuration 00 cc cccccccsseceeesseeeeesseeeeees 42 3 14 60 2 Privat VLAN ics a acai orcad ca ta clans a hadrenchd Sean bidanes 43 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM IEF SNMP oaa a E A A N 45 3 1 7 1 SNIP aS Sle Men A E ATAS 45 3 1 7 2 SNMP COMMURMUCS oj tecsesiccccnes dvecsscastetdioum aunts wie atdem iia 48 SAS SNMP USES a a ae anata ees ala 48 SLTA ONMP Gro PS eene a EEE EE E EA 50 SETS C ONMP VIEWS osinaren a ee eee 51 276 SNMP ACCESS S oane a E E E E
22. entry It will be deleted during the next save A string identifying the view name that this entry should belong to View Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the view type that this entry should belong to Possible view types are Included An optional flag to indicate that this view sub tree should be included View Type Excluded An optional flag to indicate that this view sub tree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID sub tree overstep the excluded view entry 51 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM The OID defining the root of the sub tree to add to the named view OID Sub tree The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk 3 1 7 6 SNMP Accesses Configure SNMPv3 accesses table on this page The entry index keys are Group Name Security Model and Security Level SNMPv3 Accesses Configuration Delete GroupName Security Model Security Level Read View Name Write View Name F default_ro_group any NoAuth NoPriv default_view L default_rw_group any NoAuth NoPriv default_vi ew default_view Check to delete the entry It will be deleted during the nex
23. fis load a managed Image loaded from 6x00100000 O6x00409c40 RedBoot gt go Username CLI Management by Telnet Users can use TELNET to configure the switches The default value is as below IP Address 192 168 1 77 Subnet Mask 255 255 255 0 105 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Default Gateway 192 168 10 254 User Name root Password root Follow the steps below to access the console via Telnet Step 1 Telnet to the IP address of the switch from the Windows Run command or from the MS DOS prompt as below Run 2 x Type the name of 4 program folder document or Internet resource and Windows will open it for you Open telnet 192 168 1 77 Cancel Browse Step 2 The Login screen will appear Use the keyboard to enter the Username and Password The same with the password for Web Browser and then press Enter CLI Command Groups 106 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM a m System settings and reset options Syslog Server Configuration IP configuration and Ping Authentication Port management Link Aggregation Link Aggregation Control Protocol Spanning Tree Protocol IEEE 882 1 port authentication Internet Group Management Protocol snooping Link Layer Discovery Protocol MAC address ta
24. gt lt policy gt Rate lt rate_limiter_list gt lt packet_rate gt 112 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Add lt ace_id gt lt ace_id_next gt switch port lt port gt policy lt policy gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Delete lt ace_id gt Lookup lt ace_id gt Clear Mirror Configuration lt port_list gt Port lt port gt ldisable Mode lt port_list gt enableldisablelrxltx Save lt ip_server gt lt file_name gt onig Load lt ip_server gt lt file_name gt check SNMP Engine ID lt engineid gt Community Add lt community gt lt ip_addr gt lt ip_mask gt Community Delete lt index gt 113 KUSA Cyber Secure Video Switch Network Security For The
25. input syslog server IP Click to save changes Click to undo any changes made locally and revert to previously saved values 3 1 11 3 Event Selection System Warning Event Selection System Events SYSLOG System Start F Power Status d SNMP Authentication Failure F Redundant Ring Topology Change L Port SYSLOG Port SYSLOG Port 1 Disabled v Port2 Disabled Port 3 Disabled v Port4 Disabled Port 5 Disabled v Port6 Disabled Port 7 Disabled Ports Disabled Port9 Disabled Port 10 Disabled SNMP Authentication Alert when SNMP authentication failure Failure Redundant Ring Alert when Redundant Ring topology changes KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Port Event Disable SYSLOG event Link Up Link Down Link Up amp Link Down Click Apply to activate the configurations Show help file 3 1 12 Monitor and Diagnostics 3 1 12 1 MAC Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here MAC Address Table Configuration Aging Configuration Disable Automatic Aging _ Age Time 300 seconds MAC Table Learning Port Members 32345 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Auto OQ QOQOQ QOQDOQOQOQOQOQDOQOQAOQOQQOQOQOQOO
26. on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported 3 1 10 2 1 Configuration The 802 1X and MAC Based Authentication configuration consists of two sections a system and a port wide 69 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Port Security Configuration System Configuration Mode
27. or telnet to management switch by CLI CLI Management by RS 232 Serial Console 115200 8 none 1 none Before Configuring by RS 232 serial console use an RJ45 to DB9 F cable to connect the Switches RS 232 Console port to your PC s COM port Follow the steps below to access the console via RS 232 serial cable Step 1 From the Windows desktop click on Start gt Programs gt Accessories gt Communications gt Hyper Terminal Fn Accessibility fers Communications a HyperTerminal Tn Network Time Protocol gt Network and Dial up Connections Fn System Tools b En HyperTerminal d A Acrobat Reader 5 0 Address Book E Calculator Command Prompt NetTime iF Notepad W paint amp windows Explorer En Accessories ay WordPad Windows 2000 Professional amp Shut Down lesari ns Step 2 Input a name for new connection 103 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM File Edit View Call Transfer Help Connection Description uy New Connection Enter a name and choose an icon for the connection Name FFF Icon Disconnected Auto detect Auto detect SCROLL CAPS NUM Capture Print echo Step 3 Select to use COM port number termnial HyperTerminal a i loj xj File Edit View Call Transfer Help Dle l3 cls el Connect To D termnial Enter details for the phone number that you want t
28. per port LACP Enabled Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot packet from a partner speak if spoken to Click to save changes Reset Click to undo any changes made locally and revert to previously eset saved values 3 1 4 3 3 LACP System Status This page provides a status overview for all LACP instances 28 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LACP System Status No ports enabled or no existing partners Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC ad
29. power using the class mode In this mode the Maximum Power fields have no effect For all modes If a port uses more power than the reserved power for the port the port is shut down 3 1 18 2 PoE Configuration Power management Mode There are 2 modes for configuring when to the ports 1s shut down Power Over Ethernet Configuration 96 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Actual Consumption In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down Reserved Power In this mode the ports are shut down when total reserved powered exceeds the amount of power that the power supply can deliver In this mode the port power is not turned on if the PD requests more power the available 3 1 18 3 PoE Configuration Primary backup Power Supply A PoE switch can have two power supplies One is used as primary power source and one as backup power source In case that the primary power source fails the backup power source will take over For being able to determine the amount of power the PD may use it must be defined what a
30. received and transmitted good and bad packets Packets The number of received and transmitted good and bad bytes RX and TX Octets Includes FCS but excludes framing bits The number of received and transmitted good and bad unicast Rx and TX Unicast packets RX and TX Multicast RX and TX Broadcast packets A count of the MAC Control frames received or transmitted on this RX and TX Pause l port that have an opcode indicating a PAUSE operation The numbers of frames dropped due to lack of receive buffers or RX Drops egress congestion RX The number of frames received with CRC or alignment errors The number of received and transmitted good and bad multicast packets The number of received and transmitted good and bad broadcast CRC Alignment 90 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM RX Jabber The number of long 2 frames received with invalid CRC RX Filtered The number of received frames filtered by the forwarding process TX Drops The number of frames dropped due to output buffer congestion TX Late Exc Coll The number of frames dropped due to excessive or late collisions 3 1 14 Port Monitoring Configure port Mirroring on this page To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The traffic to be copied
31. users table on this page The entry index keys are Engine ID and User Name 48 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM SNMPv3 Users Configuration r User Security Authentication Authentication Privacy Privacy Delete Engme ID Name Level Protocol Password Protocol Password F 800007e5017f000001 default_user NoAuth NoPriv None None None None Check to delete the entry It will be deleted during the next save An octet string identifying the engine ID that this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed The SNMPv3 architecture uses the User based Security Model USM for message security and the View based Access Control Model VACM for access control For the USM entry the usmUserEnginelD and usmUserName are the entry s keys In a simple agent usmUserEnginelD is always that agent s own snmpEnginelD value The value can also take the value of the snmpEnginelD of a remote SNMP engine with which this user can communicate In othe words if user engine ID equal system engine ID then it is local user otherwize it s remote user A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to
32. which is always active Controls the bridge priority Lower numerical values have better p priority The bridge priority plus the MSTI instance number riority concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Click to save changes Click to undo any changes made locally and revert to previously weset saved values CIST Ports This page allows the user to inspect the current STP CIST port configurations and possibly change them as well This page contains settings for physical and aggregated ports The aggregation settings are stack global 36 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM STP CIST Ports Configuration CIST Aggregated Ports Configuration STP Point to Enabled point Auto am o M Forced True Port Path Cost Priority CIST Normal Ports Configuration STP Admin Auto Restricted BPDU Point to hale Enabled Path Cost Priority Edge Edge Role TCN Guard point 1 Auto 128 Edge v mi o Auto v 2 Auto 1237 Edge Oo a o Auto v 3 Auto 1237 Edge pie o Auto v 4 Auto 1234 Edge Oo oO o Auto v 5 Auto 128 Edge vi d d d Auto vi O Port The switch port number of the logical STP port STP Enabled Controls whether STP is enabled on this switch port Controls the path cost incurred by th
33. your new equipment You can connect the console port to PC via the RS 232 cable with DB 9 female connector and the other end RJ 45 connector connects to the console serial port of the switch PC pin out male assignment RS 232 with DB9 female connector DBY to RJ 45 Pin 2 RD Pin 2 TD Pin 3 TD Pin 3 RD Pin 5 GD Pin 5 GD 11 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM DBY Male Shield DB Female signal Ground l Recawed Line Signal Daeg F mas g Ring Indicator l 1 os DOCE Ready DTE Ready f 4 Trans mitted Data agg g Clear to Send 7 Clear to Send Transmitted Data Received Data 3 lite ierd diese T Request to Send DTE Ready 4 Request to Send amp 5 Received Line Signal Detect en ae DCE Ready sgnal Ground Ring Indicator oa Received by DTE Device t j Received by DCE Device r pee inita from DTE Device tie Transmitted from DCE Device WEB Management While making any establishment and upgrading firmware please remove physical loop connection first DO NOT power off equipment during firmware is upgrading 3 1 Configuration by Web Browser This section introduces the configuration by Web browser 3 1 1 About Web based Management An embedded HTML web site resides in flash memory on the CPU board It contains advanced management features and allows you to manage the switch from anywhere on the ne
34. 0 132 20 icmp_seq 4 time Oms Sent 5 packets received 5 OK 0 bad You can configure the following properties of the issued ICMP packets IP Address The destination IP Address The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes 3 1 18 Power Over Ethernet PoE 3 1 18 1 PoE Configuration Reserved Power determined There are three modes for configuring how the ports PDs may reserve power Power Over Ethernet Configuration Reserved Power determined by class Allocation LLDP MED w Actual Consumption Reserved Power Allocated mode In this mode the user allocates the amount of power that each 95 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields Class mode In this mode each port automatic determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Three different port classes exist and one for 4 7 and 15 4 Watts In this mode the Maximum Power fields have no effect LLDP MED mode This mode is similar to the Class mode expect that each port determine the amount power it reserves by exchanging PoE information using the LLDP protocol and reserves power accordingly If no LLDP information is available for a port the port will reserve
35. 1 LED indicators R M indicator Green indicate system operated in Ring Master mode Ring indicator Green indicate system operated in Ring mode Fault indicator indicator Amber Indicate Amber Indicate unexpected event occurred event occurred E RJ45 port ones Green for port Link Act Amber for Duplex Collision indicator 100 1000Base X Fiber port indicator Green for port Link Act Fault contact Power Physical Characteristic eeo ew x 108 5 D x 154 3 8 x 4 2 7 x 6 06 inch Environmental Storage Temperature Temperature 40 to 85 C 40 to 185 F Operating Temperature 40 to 80 C 40 to 176 F Operating Operating Humidity 5 to 95 Non condensing 116 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Regulatory approvals Clean Code Technology Precision Algorithms to Prevent Viruses Bot s and Hackers Cyber Secure VLAN s CSV Cyber Lock Video amp Data VLAN s FCC Part 15 CISPR EN55022 class A EN61000 4 2 ESD EN61000 4 3 RS EN61000 4 4 EFT EN61000 4 5 Surge EN61000 4 6 CS EN61000 4 8 EN61000 4 11 Shock 1EC60068 2 27 Free Fall EC60068 2 32 m m lt WN Vibration EC60068 2 6 Safety EN60950 1 Warranty 5 years E E Se 117 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM
36. 52 zbo Trame Prorntiz al om esner iE A E E eg avo heads 53 3 1 8 1 SLOE O61 81 0 kozan A A A A 53 3 1 3 2 Poft Conhgu ratl N esiisa A 53 31 83 QOS CONMOlLISU arcs a 54 SkA QOS SIAUSUCS anna a eee E ee 56 SEOS Wa ev RD pn RD nS eT ey 57 Sl IGMP SOONG eee e ea er a S 3 1 9 1 IGMP SNOODINO rosier a E a T eee 57 3 1 9 2 IGMP Snooping Status cc ccccccccsscccesssesesseseeeeeesseeesesseeeeeeaes 59 3 1 10 DC Ua Gaasduas Saarslas E N Iaaaduainatelaniantenstadeace taaateee 59 SVE NOD ACE E I E E AAEE 59 S0 GOE T E AET ENE eee ae 68 SALE Wainin ssrenennnin nen a a aaa 82 SES Event SOLO CON arcani A oe sen eee 84 3 1 12 Monitor and Diagnostics ggondvnacrienade derecho iivcedocsudnedebeumiannbeiinaahesdiieduesedeatuoediewstadinacbontes 85 3 1 12 1 MAC Table Configuration ccccccccccssscccessseceeesseeeeesseeeeenaes 85 3 1 12 2 MAC Table MAC Table 00000 00 0 cc ccccscsssesscseessesseesscsscsesnseseeneesaees 87 3 1 13 POLES AUIS 1CSs 2cda has tasspncasetucesenssSeavesenuctes bois pac ulaes ame nateee woke hah pais AN 88 Dell Set WGATIC OV ORV IC W gece tce cass caceascicecsscesanssnasdeacss snes secsatsanntasdeadlaancean EAN 88 3 1 13 2 Detailed statistics ose cocinattnd ine emtndaolndtintidavenlndnemdimucinns 89 3 1 14 POE Monitorning ennenen a a a ieieidaes 91 3 1 15 System EOS INTOM ON s o a A OER ANEO 92 3 1 16 Cable Diao nOs TCS aier e aa a niece miaadenans 93 3 1 17 PPA E E E E E A E E E E E A ace E E A E A E E tad 94
37. DisableO OOO OO 0O000 00000000 0000000000 Secure QO OO O0000000 000000 00000 00 0000 Static MAC Table Configuration Port Members Delete VLAN ID MAC Address 123456789 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 Aging Configuration By default dynamic entries are removed from the MAC after 300 seconds This removal is also called aging Configure aging time by entering a value here in seconds for example Age imel seconds 85 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM The allowed range is 10 to 1000000 seconds Disable the automatic aging of dynamic entries by checking E Disable automatic aging MAC Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example of such a module is the MAC Based Authentication under 802 1X Each port can do learning based upon the following settings MAC Table Learning Port Members 8 9 10 11 12 13 14151617 18 19 270 71 272 23 274 75 76 727 28 7 OROROORO RORO MOOO RORO RORONOA 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 OOO Qqggo oa goo ao oo qa goo 0 00 123456 Auto Disable OO O OOOO Secure O O OO 0 0 Learning is done automatically as soon as a frame with unknown SMAC is received Only static MAC entries are learned all other frames are dropped Note Make
38. ID specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is O to 7 The Tag Priority value Any means that no tag priority is specified tag priority is don t care 66 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 10 1 4 Wizard This handy wizard helps you set up an ACL quickly Welcome to the ACL Configuration Wizard Please select an action Set up Policy Rules Set up the default policy rules for Client ports Server ports Network ports and Guest ports Set up Port Policies Group ports into several types according to different ACL policies Set up Typical Network Application Rules Set up the specific ACL for different typical network application access control Set up Source MAC and Source IP Binding strictly control the network traffic by only allowing incoming frames that match the source MAC and source IP on specific ports Set up DoS Attack Defense Rules Set up the specific ACL to defend DoS attack To continue click Next Set up Set up the default policy rules for Client ports Server ports Network Policy Rules ports and Guest ports Set up Group ports into several types according to different ACL policies Port Policies Set up Typical
39. KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM bArT Xs KUSA K Y SPSESOWM With CYBER SECURE VIDEO amp CLEAN CODE TECHNOLOGY Power Over Ethernet PoE IEEE 802 3at IEEE 802 3az Industrial Managed Ethernet Switch Universal User s Manual Version 1 7 November 2011 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Table of Contents 1 1 About the P O E SWITCH Industrial Switch 0 eee ceccccsecesecesseeeseceseeesseeeseeeseeenees 7 1 2 SOMW ARC F CAL CS oinei e e deacon deanna dined eea Eae 7 1 3 Hardware Features ooien at sasboucenmntenec suabiunashonebianttackascen eieuaetanue 8 OF 0 CINE R EERE PPE Serr EE EE Er rrr ere nr rrr Err mtr oe rE OP EEE rr three renter er re eter errr ee rr Pert rer rere rrr rrr errr eter 8 2 1 Eerme Cables eiee E A ath Meemenennantatanion 8 211 100BASE TX 10BASE T Pin Assignments cccccsseceececeeececeeeaaeeeessseeeeeeeeeeeeeeenaaas 9 2 2 E E S S E E EE 11 2 3 COM 16 Gre 0 lt rn S E E O eer 11 WEB Management sxcencinn tent a teen ttl 12 3 1 Configuration by Web BrowSe Pl ccccccsssssssscccccceeeccccccesessesssssssneeeeeeeeccceceeeeeeeseeas 12 3 1 1 About Web based Management tasisvcssorscendd apawncotnacdsinessavenoivsaltanel scausial cusueieassiwerotebcwaadt sess 12 32 Basie SCUIMOS ai ct
40. Multicast F Broadcast C There is a unicast storm rate control multicast storm rate control and a broadcast storm rate control These only affect flooded frames i e frames with a VLAN ID DMAC pair not present on the MAC Address table The rate is 2 n where n is equal to or less than 15 or No Limit The unit of the rate can be either pps packets per second or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Note Frames which are sent to the CPU of the switch are always limited to approximately 4 kpps For example broadcasts in the management VLAN are limited to this rate The management VLAN is configured on the IP setup page The settings in a particular row apply to the frame type listed here Frame Type unicast multicast or broadcast Enable or disable the storm control status for the given frame type o Saus The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 3 1 8 2 Port Configuration 53 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM This page allows you to configure QoS settings for each port Frames can be classified by 4 different QoS classes Low Normal Medium and High The c
41. NMPv3 encrypted authentication and access security RSTP 802 1w Quality of Service 802 1p for real time traffic VLAN 802 1q with double tagging and GVRP supported IGMP Snooping for multicast filtering Port configuration status statistics mirroring security Remote Monitoring RMON KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 1 3 Hardware Features Operating Temperature 40 to 80 C Storage Temperature 40 to 85 C 40 to 176 F Operating Humidity 5 to 95 non condensing Casing IP 30 24 X 10 100 1000BaseT X 4 X 100 1000 Base X SFP Sockets Console Port Cables 2 1 Ethernet Cables The P O E switch has standard Ethernet ports According to the link type the switch uses CAT 3 4 5 5e or 6 UTP cables to connect to any other network device PCs servers switches routers or hubs Please refer to the following table for cable specifications KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Cable Types and Specifications 10BASE T Cat 3 4 5 100 ohm UTP 100 m 328 ft RJ 45 100BASE TX Cat 5 100 ohm UTP UTP 100 m 328 ft RJ 45 Cat 5 5e Cat 6 1000BASE TX UTP 100 m 328ft RJ 45 100 ohm UTP 2 1 1 100BASE TX 10BASE T Pin Assignments With 100BASE TX 10BASE T cabling pins 1 and 2 are used for transmitting data and pins 3 and 6 are used for re
42. PDU Guard Port Error Recovery Port Error Recovery Timeout Po Edge Port Control whether a port explicitly configured as Edge will transmit BPDU Filtering and receive BPDUs Control whether a port explicitly configured as Edge will disable Edge Port itself upon reception of a BPDU The port will enter the BPDU Guard error disabled state and will be removed from the active topology Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled Port Error Recovery ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot The time that has to pass before a port in the error disabled state Port Error Recovery can be enabled Valid values are between 30 and 86400 seconds 24 hours Click to save changes Click to undo any changes made locally and revert to previously eset saved values MSTI Mapping This page allows the user to inspect the current STP MSTI bridge instance priority Timeout configurations and possibly change them as well 34 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 00 1 94 ff ff ff Configuration Rev
43. Possible security models are NoAuth NoPriv None authentication and none privacy Security Level Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly Indicates the authentication protocol that this entry should belong to Possible authentication protocols are None None authentication protocol Authentication o MD5 An optional flag to indicate that this user using MD5 Protocol authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol 49 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM The value of security level cannot be modified if entry already exists That means must first ensure that the value is set correctly Authentication Password Privacy Protocol Privacy Password A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 Indicates the privacy protocol that this entry should belong to Possible privacy protocols are None None privacy protocol DES An optional flag to indicate that this user using DES authenticat
44. SAL MANUAL USERS MANUAL FOR KY 8PSE30WM Moves the ACE down the list amp Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type that you selected A frame that hits this ACE matches the configuration that is defined here ACE configuration Frame Type Rate Limiter Disabled Logging Shutdown Counter Select the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number Ingress Port of the switch port Policy n The ACE applies to this policy number where n can range from 1 through 8 Select the frame type for this ACE These frame types are mutually exclusive Any Any frame can match this ACE Ethernet Type Only Ethernet Type frames can match this ACE The IEEE 802 3 descripts the value of Length Type Field specifications Frame Type should be greater than or equal to 1536 decimal equal to 0600 hexadecimal ARP Only ARP frames can match this ACE Notice the ARP frames won t match the ACE with Ethernet type IPv4 Only IPv4 frames can match this ACE Notice the IPv4 fr
45. Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM configuration If the device indicates value higher than maximum allowed value it is represented as reserved Refresh Click to refresh the page immediately Auto refresh L Check this box to enable an automatic refresh of the page at regular intervals 3 1 19 Factory Default You can reset the configuration of the stack switch on this page Only the IP configuration is retained Factory Defaults Are you sure you want to reset the configuration to Factory Defaults Yes Click to reset the configuration to Factory Defaults T Click to return to the Port State page without resetting the No configuration 101 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 20 System Reboot You can reset the stack switch on this page After reset the system will boot normally as if you had powered on the devices Warm Reset Are you sure you want to perform a Warm Restart Yes Click to reboot device No Click to return to the Port State page without rebooting 102 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Command Line Interface Management 4 1 About CLI Management Besides WEB based management KUSA PoE Switches also support CLI management You can use console
46. USERS MANUAL FOR KY 8PSE30WM STP Port Status This page displays the STP CIST port status for port physical ports in the currently selected switch STP Port Status Auto refresh D Refresh Port CIST Role CIST State Uptime 1 Disabled Discarding 2 Disabled Discarding 3 Disabled Discarding 4 Disabled Discarding 2 5 Disabled Discarding 6 Disabled Discarding O Port The switch port number of the logical STP port The current STP port role of the CIST port The port role can be CIST Role one of the following values Alternate Port Backup Port Root Port amp Designated Port The current STP port state of the CIST port The port state can be one of the following values Blocking Learning Forwarding The time since the bridge port was last initialized Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals STP Statistics This page displays the RSTP port statistics counters for bridge ports in the currently selected switch STP Statistics Auto refresh D aA Transmitted Received Discarded MSTP RSTP STP TCN MSTP RSTP STP TCN Unknown Illegal 24 1431 g 0 0 0 g 0 0 0 0 41 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM t a fosen o O Port The switch port number of the logical RSTP port The number of RSTP Configuration BPDU s received transmitted
47. adcast traffic will be transmitted on the port whether or not clients are authenticated on the port whereas unicast traffic against an unsuccessfully authenticated client will be dropped Clients that are not yet successfully authenticated will not be allowed to transmit frames of any kind The current state of the port It can undertake one of the following values Disabled 802 1X and MAC based authentication is globally disabled Link Down 802 1X or MAC based authentication is enabled but there is no link on the port Authorized The port is authorized This is the case when 802 1 X authentications is enabled the port has link and the Admin State is Auto and the supplicant is authenticated or the Admin State is Authorized Port State Unauthorized The port is unauthorized This is the case when 802 1X authentication is enabled the port has link and the Admin State is Auto but the supplicant is not yet authenticated or the Admin State is Unauthorized X Auth Y Unauth X clients are currently authorized and Y is unauthorized This state is shown when 802 1X and MAC based authentication is globally enabled and the Admin State is set to MAC Based This setting applies to ports running MAC based authentication only Max Clients l The maximum number of clients allowed on a given port can be configured through the list box and edit control for this setting T2 KUSA Cyber Secure Video Switch N
48. ames 64 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM wontimatch he ACE wit Etemetype Specify the action to take with a frame that hits this ACE Permit The frame that hits this ACE is granted permission for the ACE operation Deny The frame that hits this ACE is dropped Specify the rate limiter in number of base units The allowed range is 1 to 15 Disabled indicates that the rate limiter operation is disabled Frames that hit the ACE are copied to the port number specified Port Copy here The allowed range is the same as the switch port number range Disabled indicates that the port copy operation is disabled Specify the logging operation of the ACE The allowed values are Enabled Frames matching the ACE are stored in the System Log Logging Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Specify the port shut down operation of the ACE The allowed values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE The counter indicates the number of times the ACE was hit by a Counter frame MAC Parameters a fon S Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE SMAC Filter Any No SMAC filter is specified SMAC filter status is do
49. an be classified by 4 different QoS classes Low Normal Medium and High The classification is controlled by a QoS assigned to each port A QCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port Qos Control List Configuration Ethernet Type Oxttif ae Select a QCL to display a table that lists all the QCEs for that particular QCL Specifies which frame field the QCE processes to determine the QoS class of the frame The following QCE types are supported Ethernet Type The Ethernet Type field If frame is tagged this is the Ethernet Type that follows the tag header VLAN ID VLAN ID Only applicable if the frame is VLAN tagged TCP UDP Port IPv4 TCP UDP source destination port DSCP IPv4 and IPv6 DSCP ToS The 3 precedence bit in the ToS byte of the IPv4 IPv6 header QCE Type also known as DS field Tag Priority User Priority Only applicable if the frame is VLAN tagged or priority tagged Type Value Indicates the value according to its QCE type 55 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Ethernet Type The field shows the Ethernet Type value VLAN ID The field s
50. and link down power savings enabled Total Power Usage Total power usage in board measured in percent eam Save Click to save changes Click to undo any changes made locally and revert to previously eset saved values KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Click to refresh the page Any changes made locally will be undone 3 1 4 2 Rate Limit Configure the switch port rate limit for Policers and Shapers on this page Rate Limit Configuration Policer Shape haper Shaper Enabled Rate Ena Rat Unit D oo 4 in WwW M e MOOUOUOOOOUOOUOO m ee S OO Port The logical port for the settings contained in the same row Policer Enabled Enable or disable the port policer The default value is Disabled Configure the rate for the port policer The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is Policer Rate kbps and it is restricted to 1 1000 when the Policer Unit is Mbps Configure the unit of measure for the port policer rate as kbps or Policer Unit Mbps The default value is kbps Shaper Enabled Enable or disable the port shaper The default value is Disabled Configure the rate for the port shaper The default value is 500 Shaper Rate This value is restricted to 500 1000000 when the Policer Unit is 25 KUSA Cyber Secure Video Switch Network Security Fo
51. ap probe security engine ID mode of operation Indicates the SNMP trap security engine ID SNMPv3 sends traps and informs using USM for authentication and privacy A unique engine ID for these traps and informs is needed When Trap Probe security Engine ID is enabled the ID will be probed automatically Otherwise the ID specified in this field is used The string must contain an even number between 10 and 64 hexadecimal digits but 47 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM I all zeros and all F s are not allowed Indicates the SNMP trap security name SNMPv3 traps and informs Trap Security N using USM for authentication and privacy A unique security name is ame needed when traps and informs are enabled 3 1 7 2 SNMP Communities Configure SNMPv3 communities table on this page The entry index key is Community SNMPv3 Communities Configuration Delete Community Source IP Source Mask E public Add new community Check to delete the entry It will be deleted during the next save Indicates the community access string to permit access to SNMPv3 Community agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 SourcelP Indicates the SNMP access source address Source Mask Indicates the SNMP access source address mask 3 1 7 3 SNMP Users Configure SNMPv3
52. be delivered to a remote device 3 Click to save changes ave Click to undo any changes made locally and revert to previously saved values 3 1 18 5 Power over Ethernet Status This page allows the user to inspect the current status for all PoE ports Power Over Ethernet Status Auto refresh C Refresh ETIE aciari SRR Rested Ere A Rect Stars No PD cee No PD detected No PD detected No PD detected No PD detected No PD detected No PD detected No PD detected This is the logical port number for this row Power Reserved The Power Reserved shows how much the power the PD has reserved Power Used The Power Used shows how much power the PD currently is using Current Used The Power Used shows how much current the PD currently is using POE ports Priority The Priority shows the port s priority configured by the user The Port Status shows the port s status 3 1 18 6 LLDP Power Over Ethernet Neighbor This page provides a status overview for all LLDP PoE neighbors The displayed table contains a row for each port on which an LLDP PoE neighbor is detected The columns hold the following information 99 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LLDP Neighbor Power Over Ethernet Information Auto refresh d Refresh Local Port The port for this switch on which the LLDP frame was received Power Type Power Source
53. belong to their respective owners REGULATORY COMPLIANCE STATEMENT Product s associated with this publication complies comply with all applicable regulations Please refer to the Technical Specifications section for more details WARRANTY KUSA warrants that all KUSA products are free from defects in material and workmanship for a specified warranty period from the invoice date 5 years for most products KUSA will repair or replace products found by KUSA to be defective within this warranty period with shipment expenses apportioned by KUSA and the end user This warranty does not cover product modifications or repairs done by persons other than KUSA approved personnel and this warranty does not apply to KUSA products that are misused abused improperly installed or damaged by accidents Please refer to the Technical Specifications section for the actual warranty period s of the product s associated with this publication DISCLAIMER Information in this publication is intended to be accurate KUSA shall not be responsible for its use or infringements on third parties as a result of its use There may occasionally be unintentional errors in this publication KUSA reserves the right to revise the contents of this publication without notice KUSA CONTACT INFORMATION KUSA 1107 SE Willow PI Blue Springs MO 64014 5248 Website www KUSA1 co Telephone 219 595 2631 816 988 7861 KUSA Cyber Secure Video Switch Networ
54. ble Virtual LAH Private ULAN Quality of Service Access Control List Port mirroring Load Save of configuration via TFIP Simple Network Management Protocol Download of Firmware via TFTP Fault Alarm Configuration S FLOW Timezone lt offset gt Log lt log_id gt alllinfolwarninglerror clear Syslog Syslog gt ServerConfiguration lt ip_addr gt Configuration DHCP enableldisable 107 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Setup lt ip_addr gt lt ip_mask gt lt ip_router gt lt vid gt Ping lt ip_addr_string gt lt ping_length gt SNTP lt ip_addr_string gt Auth Configuration Timeout lt timeout gt Deadtime lt dead_time gt RADIUS lt server_index gt enableldisable lt ip_addr_string gt lt secret gt lt server_port gt ACCT_RADIUS lt server_index gt enableldisable lt ip_addr_string gt lt secret gt lt server_port gt Client consoleltelnetlsshlweb nonellocallradius enableldisable Statistics lt server_index gt Port Configuration lt port_list gt State lt port_list gt enableldisable Aggr Add lt port_list gt lt aggr_id gt Delete lt aggr_id gt Lookup lt aggr_id gt 108 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM E M
55. carded The number of well formed TLVs but with an unknown type TLVs Unrecognized value Org Discarded The number of organizationally TLVs received Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is Age Outs received within the age out time the LLDP information is removed and the Age Out counter is incremented Click to refresh the page immediately Clears the local counters All counters including global counters Clear are cleared upon reboot Check this box to enable an automatic refresh of the page at Auto refresh L regular intervals 3 1 2 5 Backup Restore Configuration You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags Configuration Save Save configuration Configuration Upload 21 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 2 6 Firmware Update This page facilitates an update of the firmware controlling the stack switch Firmware Update 3 1 3 DHCP Server 3 1 3 1 Setting The system provides with DHCP server function Enable the DHCP server function the switch system will be a DHCP server DHCP Server Configuration Start IP Address 192 168 1 100 192 168 1 200 DNS 3 1 3 2 DHCP Dynamic Client List When the DHCP server functio
56. ceiving data 10 100 PSE Base TX RJ 45 Pin Assignments TYPE A BA O pnmum Assignment 1000 Base TX RJ 45 Pin Assignments KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM The P O E switch supports auto MDI MDI X operation You can use a straight through cable to connect PC to switch The following table below shows the 1O0OBASE T 100BASE TX MDI and MDI X port pin outs 10 100 Base TX MDI MDI X Pin Assignments TD transmit RD receive TD transmit RD receive RD receive TD transmit BB RD receive TD transmit o s O o O o 1000 Base TX MDI MDI X Pin Assignments O Pinnum mopon morxpon Note and signs represent the polarity of the wires that make up each wire pair 10 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 2 2 SFP The Switch has small form factor SFP fiber optic port sockets for SFP modules The fiber optic ports are in multi mode 0 to 550M 850 nm with 50 125 um 62 5 125 um fiber and single mode with LC connector Please remember that the TX port of Switch A should be connected to the RX port of Switch B Switch A Switch B a a Me uf ri i L ini i Fiber cord 2 3 Console Cable The P O E SWITCH can be managed from its console port The DB 9 to RJ 45 cable can be found in the packaging of
57. cessfully authenticated a client it is unauthorized Last Authentication Show the date and time of the last authentication of the client This gets updated for every re authentication of the client 3 1 10 2 4 Authentication 76 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Authentication Configuration Client Configuration Chent Authentication Method Fallback telnet local ssh local web local console RADIUS Authentication Server Configuration Enabled IP Address Port Secret in amp Wu N RADIUS Accounting Server Configuration no e w N Client Configuration The table has one row for each Client and a number of columns which are The Client for which the configuration below applies Authentication Authentication Method can be set to one of the following values 77 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM None authentication is disabled and login is not possible Local use the local user database on the switch stack for authentication Radius use a remote RADIUS server for authentication Tacacst use a remote TACACS server for authentication Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authe
58. dress of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last Changed The time since this aggregation changed Last Changed Shows which ports are a part of this aggregation for this switch stack The format is Switch ID Port Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals 3 1 4 3 4 LACP Status This page provides a status overview for LACP status for all ports 29 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LACP Status Auto refresh LJ Refresh pon inc xev Na e No No No No No No No No 50 OA Ho wW N e The switch port number Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled Key The key assigned to this port Only ports with the same key can aggregate together Aggr ID The Aggregation ID assigned to this aggregation group Partner System ID The partners System ID MAC address Partner Port The partners port number connected to this port Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C re
59. e Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Gg ports having identical port cost See above Click to save changes Click to undo any changes made locally and revert to previously CESE saved values STP Bridges This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information STP Bridges Auto refresh cio Root Topology Topology seals sR LE Ue ID Port Cost Flag Change Last CIST 80 00 00 1E 94 96 00 30 80 00 00 1E 94 96 00 3C 0 Steady on The Bridge Instance This is also a link to the STP Detailed Bridge Status Bridge ID The Bridge ID of this Bridge instance Root ID The Bridge ID of the currently elected root bridge Root Port The switch port currently assigned the root port role Root Path Cost For the Root Bridge this is zero For all other Root Cost Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge The current state of the Topology Change Flag for this Bridge Topology Flag l instance Topology Change The time since last Topology Change occurred Last Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh CJ regular intervals 40 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL
60. e port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a Path Cost user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 m Controls the port priority This can be used to control priority of riority ports having identical port cost See above Operational flag describing whether the port is connecting directly OpenEdge to edge devices No Bridges attached Transitioning to the set the flag forwarding state is faster for edge ports having OpenEdge true than for other ports Controls whether the OpenEdge flag should start as being set or AdminEdge cleared The initial OpenEdge state when a port is initialized Controls whether the bridge should enable automatic edge AutoEdge detection on the bridge port This allows OpenEdge to be derived from whether BPDU s are received on the port or not If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority Restricted Role vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to 37
61. e trap destination IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 coff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Indicates the SNMP trap link up and link down mode operation Possible modes are Enabled Enable SNMP trap link up and link down mode operation Disabled Disable SNMP trap link up and link down mode operation Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap inform mode operation Disabled Disable SNMP trap inform mode operation Trap Inform Indicates the SNMP trap inform timeout The allowed range is O to Trap Inform Retry Indicates the SNMP trap informs retry times The allowed range is 0 Trap Probe Indicates the SNMP trap probe security engine ID mode of operation Possible values are Enabled Enable SNMP trap probe security engine ID mode of Security Engine ID operation Trap Security Engine ID Disabled Disable SNMP tr
62. ed Access Responses radiusAuthClientExtMalformedAccessResponses Packet Counters Bad Authenticators radiusAuthClientExtBadAuthenticators Unknown Types radiusAuthClientExtUnknownTypes Packets Dropped radiusAuthClientExtPacketsDropped Access Requests Access Retransmissions radiusAuthClientExtAccessRequests radiusAuthClientExtAccessRetransmissions Pending Requests radiusAuthClientExtPendingRequests radiusAuthClientExtTimeouts This section contains information about the state of the server and the latest round trip time Name RFC4668 Name Description Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access radiusAuthClientExtRoundTripTime Request that matched it from the RADIUS authentication server The g
63. eleted during the next save MAC Address The MAC address for the entry Private VLAN ID Indicates the ID of this particular private VLAN Port Members A row of check boxes for each port is displayed for each private 43 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM VLAN ID To include a port in a Private VLAN check the box To remove or exclude the port from the Private VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked to add a new private VLAN ID An empty row is added to the table and the private VLAN can be configured as needed The allowed range for a private VLAN ID is the same as the switch port number range Adding a New Static Any values outside this range are not accepted and a warning Entry message appears Click OK to discard the incorrect entry or click Cancel to return to the editing and make a correction The Private VLAN is enabled when you click Save The button can be used to undo the addition of new Private VLANs Port Isolation Configuration Open in new window Port Number 1 7 3 4 5 6 7 8 9 10111713 1415 16 17 18 19 20 71 72 23 24 95 76 27 28 i a a a a a a a ee daa w oen S A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port Port Members When unchecked port isolation is disabled for
64. etwork Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Choosing the value All from the list box allows the port to consume up to 48 client state machines Choosing the value Specific from the list box opens up for entering a specific number of maximum clients on the port 1 to 48 The switch is born with a pool of state machines from which all ports draw whenever a new client is seen on the port When a given port s maximum is reached both authorized and unauthorized clients count further new clients are disallowed access Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available state machines Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is Auto or MAC Based Clicking these buttons will not cause settings changed on the page to take effect Re authenticate Schedules a re authentication to whenever the quiet period of the port runs out port based authentication For MAC based authentication re authentication will be attempted immediately The button only has effect for successfully authenticated ports clients and will not cause the port client to get temporarily unauthorized Reinitialize Forces a re initialization of the port clients and thereby a re authentication immediately The port clients will t
65. gular intervals 3 1 4 3 5 LACP Statistics This page provides an overview for LACP statistics for all ports 30 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LACP Statistics 0 0 g 0 0 0 a 0 0 0 a 0 0 0 0 0 0 0 o 0 0 0 0 0 Pot The switch port number LACP Transmitted Shows how many LACP frames have been sent from each port LACP Received Shows how many LACP frames have been received at each port Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Refresh Click to refresh the page immediately Check this box to enable an automatic refresh of the page at Auto refresh C regular intervals Clear Clears the counters for all ports 3 1 5 Redundancy 3 1 5 1 Redundant Ring ERing is the most powerful Ring technology in the world The recovery time of eRing is less than 10 ms It can reduce unexpected damage caused by network topology changes ERing Supports 3 Ring topologies Ring Coupling Ring and Dual Homing 3 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Redundant Ring Configuration Ring Master 029 Coupling Port e 1st Ring Port 500 2nd Ring Port 5002 Homing Port 50 Ring interface The following table describes the labels in this screen Redundant Ring Mark to enable Ring
66. he ACE will match IPv4 frames which are not ICMP UDP TCP Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped Indicates the rate limiter number of the ACE The allowed range is 1 Rate Limiter to 15 When Disabled is displayed the rate limiter operation is disabled Indicates the port copy operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled Port Copy or a specific port number When Disabled is displayed the port copy cme operation is disabled Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Logging Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Indicates the port shut down operation of the ACE Possible values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE The counter indicates the number of times the ACE was hit by a Counter frame You can modify each ACE Access Control Entry in the table using the following buttons Modification Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Buttons 63 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVER
67. hows the VLAN ID TCP UDP Port The field shows the TCP UDP port range DSCP The field shows the IPv4 IPv6 DSCP value Traffic Class The QoS class associated with the QCE You can modify each QCE in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE Modification Buttons The lowest plus sign adds a new entry at the bottom of the list of QCL 3 1 8 4 QoS Statistics This page provides statistics for the different queues for all switch ports Queuing Counters Auto refresh C Refresh Refresh Ci ni i Seseeaqkoesaoeeta Soa qceaqceqeqoes The logical port for the settings contained in the same row There are 4 QoS queues per port with strict or weighted queuing Low Queue n scheduling This is the lowest priority queue This is the normal priority queue of the 4 QoS queues It has Normal Queue Ea higher priority than the Low Queue This is the medium priority queue of the 4 QoS queues It has Medium Queue higher priority than the Normal Queue High Queue This is the highest priority queue of the 4 QoS queues Receive Transmit The number of received and transmitted packets per port 56 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 8 5 Wizard This handy wizard helps you set up a QCL quickly
68. ings contained in the same row The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps 3 1 10 1 3 Configuration This page shows the Access Control List ACL which is made up of the ACEs defined for this switch Each row describes the ACE that is defined The maximum number of ACEs is 128 Click on the lowest plus sign to add a new ACE to the list Auto refresh F Refresh Access Control List Configuration Indicates the ingress port of the ACE Possible values are Any The ACE will match any ingress port Ingress Port l l l l Di l Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port Indicates the frame type of the ACE Possible values are Frame Type Any The ACE will match any frame type 62 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM E Type The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other T
69. ion protocol A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 3 1 7 4 SNMP Groups Configure SNMPv3 groups table on this page The entry index keys are Security Model and Security Name SNMPv3 Groups Configuration Delete Security Model Security Name Group Name a a public 2 v2c public F usm default_user Add new group Check to delete the entry It will be deleted during the next save Security Model Indicates the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c 50 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LT usm User based Security Model USM A string identifying the security name that this entry should belong to Security Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 3 1 7 5 SNMP Views Configure SNMPv3 views table on this page The entry index keys are View Name and OID Sub tree SNMPv3 Views Configuration Delete View Name View Type OID Subtree L default_view 1 Check to delete the
70. ision 0 pT MSTI Mapping MSTI VLANs Mapped MST1 MST2 MST3 MST4 MSTS MST6 MST The name identifying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the Configuration Name VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters Configuration The revision of the MSTI configuration named above This must The bridge instance The CIST is not available for explicit aaa mapping as it will receive the VLANs not explicitly mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space A VLAN can only be VLANS Mapped mapped to one MSTI A unused MSTI should just be left empty l e not having any VLANs mapped to it Click to save changes Click to undo any changes made locally and revert to previously eset saved values MSTI Priorities This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well 35 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM MSTI Configuration MSTI Pronty Configuration MSTI Priority CIST 128 MST1 128 w MST2 128 w MSTS 128 amp MST4 128 w MSTS 128 w MSTO 128 w MST 128 w MISTI The bridge instance The CIST is the default instance
71. itch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM This setting applies to ports running MAC based authentication only Suppose a client is connected to a 3rd party switch or hub which in turn is connected to a port on this switch that runs MAC based authentication and suppose the client gets successfully authenticated Now assume that the client powers down his PC What should make the switch forget about the authenticated client Re authentication will not solve this problem since this doesn t require the client to be present as discussed under Re authentication Enabled above The solution is aging of Age Period authenticated clients The Age Period which can be set to a number between 10 and 1000000 seconds works like this A timer is started when the client gets authenticated After half the age period the switch starts looking for frames sent by the client If another half age period elapses and no frames are seen the client is considered removed from the system and it will have to authenticate again the next time a frame is seen from it If on the other hand the client transmits a frame before the second half of the age period expires the switch will consider the client alive and leave it authenticated Therefore an age period of T will require the client to send frames more frequent than T 2 for him to stay authenticated This setting applies to ports running MAC based authentication
72. k Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM FAX 480 287 8605 Technical Support E mail Sales KUSA1 co Sales Contact E mail Sales KUSA1 co Headquarters KUSA Nae in USA KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Getting to Know Your Switch 1 1 About the P O E SWITCH Industrial Switch The P O E SWITCH is powerful managed industrial switch which has many features The switch can work under a wide range of temperatures environments and humid conditions The switch can be managed by WEB TELNET and Console Command Line or other third party SNMP software 1 2 Software Features World s fastest Redundant Ethernet Ring Recovery time lt 10ms over 300 switches Cyber Secure Video with Clean Code Technology HD Camera Ready Supports Ring Coupling Dual Homing RSTP over Ring IGMP Snooping IGMP v1 v2 v3 Auto DOS DDOS Protection silicon based Supports SNMPv1 v2c v3 amp RMON amp Port base 802 1Q VLAN Network Management Event notification by Email SNMP trap and Relay Output Windows Utility Web based Telnet and Console CLI configuration Enable disable ports MAC based port security Cyber Secure Video CSV with silicon enhancements for HD Video Port based network access control 802 1x VLAN 802 1q to segregate and secure network traffic Radius centralized password management S
73. lassification is controlled by a QCL that is assigned to each port A QCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS class for the port Port Qos Configuration Port QoS Configuration Ingress Configuration Egress Configuration Queue Weighted Port Default Class QCL Tag Priority Queuing Mode iran oma Sete Et A check box is provided for each port of a private VLAN When checked port isolation is enabled for that port When unchecked port isolation is disabled for that port By default port isolation is disabled for all ports Configure the default QoS class for the port that is the QoS class Default Class for frames not matching any of the QCEs in the QCL QCL Select which QCL to use for the port Select the default tag priority for this port when adding a Tag to Tag Priority the untagged frames Queuing Mode Select which Queuing mode for this port Setting Queue weighted Low Normal Medium High if the Queue Weighted Queuing Mode is Weighted 3 1 8 3 QoS Control List 54 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM This page lists the QCEs for a given QCL Frames c
74. led 3 1 2 4 LLDP LLDP Parameters This page allows the user to inspect and configure the current LLDP port settings 17 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM LLDP Configuration LLDP Parameters The switches will periodically transmit LLDP frames to its neighbors in order for the network discovery information to be TX Interval up to date The interval between each LLDP frame is determined by the TX Interval value Valid values are restricted to 5 32768 seconds LLDP Neighbor Information This page provides a status overview for all LLDP neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The columns hold the following information LLDP Neighbor Information eS Ss SS ee ee Port ID ID Description Capabilities Address 18 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Local Port The port on which the LLDP frame was received The Chassis ID is the identification of the neighbor s LLDP Chassis ID frames Remote Port ID The Remote Port ID is the identification of the neighbor port System Name system Name is the name advertised by the neighbor unit Port Description is the port description advertised by the neighbor Port Description unit System Capabilities describes the neighbor unit s capabili
75. mount of power the primary and backup power sources can deliver For KUSA PoE Switches a built in 1000W power supply will guarantee the power for each port External sources may be different Power Over Ethernet Configuration Allocation LLDP MED actual Consumption Reserved Power abled Priority Maximum Power W 97 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 18 4 PoE Configuration Port Configuration User can configuration every port PoE Setting Power Over Ethernet Configuration Reserved Power determined by class Allocation LLDP MED Power Management Mode Actual Consumption Reserved Power Primary Power Supply W PoE Enable The PoE Enabled represents whether the PoE is enable for the ene Priority The Priority represents the ports priority There are three levels of power priority named Low High and Critical The priority is used in the case where the remote devices require to use more power 98 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM than power supply can deliver In this case the port with the lowest priority will be turn off starting from the port with the lowest port number Maximum Power The Maximum Power value contains a numerical value that indicates the maximum power in watts that can
76. n Snooping Enabled F Unregistered IPMC Flooding enabled VLAN ID Snooping Enabled IGMP Querier 1 d 50 a Port Related Configuration Port Router Port Fast Leave 1 C d P C d 3 a d Snooping Enabled Enable the Global IGMP Snooping Unregistered IPMC Flooding Enable unregistered IPMC traffic flooding enabled VLAN ID The VLAN ID of the entry IGMP Snooping Enable the per VLAN IGMP Snooping Enabled Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each IGMP Querier Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from other devices Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or Router Port IGMP querier If an aggregation member port is selected as a router port the whole aggregation will act as a router port Enable the fast leave on the port 58 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 9 2 IGMP Snooping Status IGMP Snooping Status Statistics VLAN Querie Quere Querier V1 Reports V2 Reports V3 Reports V2 Leave ID pail Tra egal Receive Receive Receive Receive Receive PDE IDLE IGMP Groups Mem Port Members Groups 1 2 3 4 5 6 7 a 9 10 11 12 No IGMP groups Ro
77. n is activated the system will collect the DHCP client information and display in here 22 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM DHCP Dynamic Client List Select Clear All Add to static Table 3 1 3 3 DHCP Client List You can assign the specific IP address which is in the assigned dynamic IP range to the specific port When the device is connecting to the port and asks for dynamic IP assigning the system will assign the IP address that has been assigned before in the connected device DHCP Client List MAC Address SSS TP address Add as Static IP Address Surplus Lease 3 1 4 Port Setting 3 1 4 1 Port Control This page displays current port configurations Ports can also be configured here Port Configuration efresh Auto Detect 100 1000 SFP Enabled Port T Speed cement 1 Down x x al 2 vown x x A 3 Down x x LI pO dowr x x D 5 Down x x L 6 Down x x LI TE x x z 8 Down x x d 9 Down x x LI 10 Down x x d 11 Down x x d 12 Down x x d 23 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Port This is the logical port number for this row Hak The current link state is displayed graphically Green indicates the in link is up and red that it is down Current Link Speed Provides the current link speed of
78. n t care Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears 65 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is SMAC Value XX XX XX XX XX XX A frame that hits this ACE matches this SMAC value Specify the destination MAC filter for this ACE Any No DMAC filter is specified DMAC filter status is don t care MC Frame must be multicast BC Frame must be broadcast DMAC Filter UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears When Specific is selected for the DMAC filter you can enter a specific destination MAC address The legal format is DMAC Value XX XX XX XX XX XX A frame that hits this ACE matches this DMAC value VLAN Parameters VLAN ID Filter Tag Priority Specify the VLAN ID filter for this ACE Any No VLAN ID filter is specified VLAN ID filter status is VLAN ID Filter don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears When Specific is selected for the VLAN ID filter you can enter a VLAN
79. nd the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a button click assume the value of the first displayed entry allowing for continuous refresh with the same start address gt gt The will use the last entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the button to start over MAC Address Table Auto refresh D Clear Start from VLAN 1 and MAC address 00 00 00 00 00 0 with 20 entries per page Port Members Type VLAN MAC CPU 1272 3 4 5 6 7 8 9 10 11 12 13 1415 16 17 18 19 20 21 22 23 24 Address Dynamic 00 OF EA F2 E6 4D Ti Static 1 Dynamic 1 O0 1E 94 22 33 44 oe 1 O0 1E 94 96 00 3C y 1 ae EEEE EE 1 1 17 7 4 AAA A AA A AAA AAAA AA N abel Desorption Indicates whether the entry is a static or dynamic entry MAC address The MAC address of the entry VLAN The VLAN ID of the entry 87 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Port Members The ports that are members of the entry Refreshes the displayed
80. ntication This is only possible if the Authentication Method is set to something else than none or local Click to save changes Click to undo any changes made locally and revert to previously saved values Common Server Configuration These setting are common for all of the Authentication Servers The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any Timeout RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous Dead Time request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured 78 KUSA Cyber Secure Video Switch Network Securi
81. o backend servers are enabled and that the server timeout is configured to 68 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM X seconds using the Authentication configuration page and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string
82. o dial Country region Taiwane YS Area code a Phone number _ Connect using Cancel Disconnected Auto detect Auto detect SCROLL CAPs NUM Capture Print echo Z Step 4 The COM port properties setting 115200 for Bits per second 8 for Data bits None for Parity 1 for Stop bits and none for Flow control 104 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM sl nial Hener ermin al 0 x eom Properes a ET a Fort Settings Bits per second Mw Data bits fe l Parity Noe S SY Stop bits 1 Flow control Noe ttt Restore Defaults OF Cancel Apply Disconnected Auto detect Auto detect STROLL CAPS NUM Capture Step 5 The Console login screen will appear Use the keyboard to enter the Username and Password The same with the password for Web Browser then press Enter RedBoot tm bootstrap and debug environment ROHRAH Non certified release version 1_86 Vitesse built 15 15 15 Dec 6 200 Platform LUTON28 system ARM9 178MHz Copyright C 2000 2001 2002 2003 2004 Red Hat Inc Copyright C 2003 2004 2005 2006 eCosCentric Limited RAH 8x86000806 0x64000060 0x0602c366 6x03Td1060 available FLASH Ox86080008 Ox80800080 128 blocks of Ox6008260000 bytes each Executing boot script in 1 000 seconds enter C to abort RedBoot gt
83. ode smacldmacliplport enableldisable LACP Configuration lt port_list gt Mode lt port_list gt enableldisable Key lt port_list gt lt key gt ee Role lt port_list gt activelpassive Status lt port_list gt Statistics lt port_list gt clear Configuration Version lt stp_version gt STP Non certified release v Port Edge lt port_list gt enableldisable Port Mode lt port_list gt enableldisable Port Statistics lt port_list gt Port AutoEdge lt port_list gt enableldisable Port Mcheck lt port_list gt 109 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM E Msti Port Configuration lt msti gt lt port_list gt Msti Port Cost lt msti gt lt port_list gt lt path_cost gt Msti Port Priority lt msti gt lt port_list gt lt priority gt Dot1x Timeout lt eapol_timeout gt IGMP Status lt vid gt LLDP Configuration lt port_list gt Mode lt port_list gt enableldisablelrx tx Optional_TLV lt port_list gt port_descrlsys_namelsys_descrlsys_capalmgmt_addr enableldisable Interval lt interval gt Hold lt hold gt 110 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Delay lt delay gt Info lt port_list gt Statistics l
84. ommunity string will associated with SNMPv3 communities table Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users SNMP Trap Configuration Trap Mode Trap Version Disabled SNMP vi he Trap Destination Address Po Trap Authentication Failure Trap Link up and Link down Trap Inform Mode Trap Inform Timeout seconds ho Trap Inform Retry Times Bo Trap Mode Trap Version Trap Community Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP trap mode operation Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 Indicates the community access string when send SNMP trap packet The allowed string length is O to 255 and the allowed content is the ASCII characters from 33 to 126 46 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Trap Destination Indicates the SNMP trap destination address Address Trap Destination IPv6 Address Trap Destination IPv6 Address Trap Authentication Failure Trap Link up and Link down Trap Inform Mode Provide th
85. r STP Spanning Tree Protocol IEEE 802 1p for COS Class of Service IEEE 802 1Q for VLAN Tagging IEEE 802 1w for RSTP Rapid Spanning Tree Protocol IEEE 802 15 for MSTP Multiple Spanning Tree Protocol 115 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM IEEE 802 1x for Authentication a IEEE 802 1AB for LLDP Link Layer Discovery Protocol fp Poniyquewes Switching latency 6 us Switching bandwidth 24Gbps Switch Properties Max Number of Available VLANs 4096 IGMP multicast groups 128 for each VLAN Port rate limiting User Define IP Police security feature Enable disable ports MAC based port security Port based network access control 802 1x Security Features VLAN 802 1Q to segregate and secure network traffic Radius centralized password management SNMPv3 encrypted authentication and access security STP RSTP MSTP IEEE 802 1D w s Redundant Ring eRing with recovery time less than 20ms over 250 units TOS Diffserv supported Quality of Service 802 1p for real time traffic VLAN 802 1Q with VLAN tagging and GVRP supported Software Features IGMP Snooping IP based bandwidth management Application based QoS management DOS DDOS auto prevention Port configuration status statistics monitoring security DHCP Client Server Redundant Ring Network Redundancy STP RSTP MSTP compatible RS 232 Serial Console Port 115200bps 8 N
86. r The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM kbps and it is restricted to 1 1000 when the Policer Unit is So Mbps Configure the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps Click to save changes eases Click to undo any changes made locally and revert to previously eset saved values 3 1 4 3 Port Trunk 3 1 4 3 1 Trunk Configuration This page is used to configure the Aggregation hash mode and the aggregation group Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address 1 IP Address TCP UDP Port Number Source MAC Address The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled Destination MAC The Destination MAC Address can be used to calculate the Address destination port for the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled TCP UDP Port The TCP UDP port number can be used to calculate the Number destination port for the frame Check to enable the use of the TCP UDP Port Number or
87. ransfer to the unauthorized state while the re authentication is ongoing 3 1 10 2 2 Status 73 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Port Security Status Auto refresh LI Refresh Port State Last Source Last ID Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 12 Disabled 13 Disabled ft me O Description The switch port number Click to navigate to detailed 802 1X Statistics for this port sae The current state of the port Refer to IEEE 802 1X Port State for a description of the individual states The source MAC address carried in the most recently received as arce EAPOL frame for port based authentication and the most recently received frame from a new client for MAC based authentication The user name supplicant identity carried in the most recently received Resp ID EAPOL frame for port based authentication ii and the source MAC address from the most recently received frame from a new client for MAC based authentication 3 1 10 2 3 Statistics This page provides detailed IEEE 802 1X statistics for a specific switch port running port based authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed 74 KUSA Cyber Secure
88. ranularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Other Info Round Trip Ti 81 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM RADIUS Accounting Statistics for Server 1 0 0 0 0 1813 Receive Packets Transmit Packets Responses 0 Requests 0 Malformed Responses 0 Retransmissions 0 Bad Authenticators 0 Pending Requests 0 Unknown Types 0 Timeouts 0 Packets Dropped 0 Other Info State Disabled Round Trip Time Oms RADIUS accounting server packet counter There are five receive and four transmit counters RFC4670 Name Description radiusAccClientExtResponses The number of RADIUS packets valid or invalid received from the server The number of malformed RADIUS packets received from the server Malformed packets include radiusAccClientExtMalformedResponses packets with an invalid length Bad authenticators or or unknown types are not included as malformed access responses Packet Co u nte rs radiusAcctClientExtBadAuthenticators The number of RADIUS packets containing invalid authenticators received from the server The number of RADIUS packets of unknown types that were received from the server on the accounting port The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason radiusAccClientExtRequest
89. re Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Server Status Overview 1 2 3 A J IP Address 0 0 0 0 1813 2 0 0 0 0 1813 0 0 0 0 1813 4 0 0 0 0 1813 0 0 0 0 1813 Status Disabled Disabled Disabled Disabled Disabled 4 The RADIUS server number Click to navigate to detailed statistics for this server The IP address and UDP port number in lt IP Address gt lt UDP IP Address Port gt notation of this server The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting a attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds lef
90. s The number of RADIUS packets sent to the server This does not include retransmissions radiusAccClientExtRetransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received radiusAccClientExtPendingRequests a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up Aretry to the same server is counted as a radiusAccClientExtUnknownTypes radiusAccClientExtPacketsDropped radiusAccClientExtTimeouts retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest RFC4670 Name Description Oth e r l nfo Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled bu
91. set up the specific ACL for different typical network application Network oo access control Application Rules Set up Source MAC and Source IP Binding Strictly control the network traffic by only allowing incoming frames that match the source IP and source MAC on specific port Set up DoS Attack Strictly control the network traffic by only allowing incoming frames Defense Rules that match the source IP and source MAC on specific port 67 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 10 2 802 1x This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Authentication configuration page MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1 X au
92. sure that the link used for managing the switch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Port Members Checkmarks indicate which ports are members of the entry 86 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM TF Check or uncheck as needed to modify the entry Click Add new static entry Adding a New Static to add a new entry to the Entry static MAC table Specify the VLAN ID MAC address and port members for the new entry Click Save 3 1 12 2 MAC Table MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID a
93. t before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled 3 1 10 2 6 RADIUS Statistics The statistics map closely to those specified in RFC4668 RADIUS Authentication Client 80 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM MIB Use the server select box to switch between the backend servers to show details for RADIUS Authentication Statistics for Server 1 0 0 0 0 1812 Auto refresh L _ Refresh Transmit Packets Receive Packets Access Accepts 0 Access Rejects o Access Challenges 0 Access Requests Access Retra nsMm issig nS Pending Requests oooso Malformed Access Responses 0 Bad Authenticators 0 Unknown Types o Packets Dropped i Other Info Timeouts State Round Trip Time Disabled ms Description RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name Access Accepts RFC4668 Name radiusAuthClientExtAccessAccepts Description The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packe
94. t port_list gt clear MAC VLAN PVLAN Configuration lt port_list gt Add lt pvlan_id gt lt port_list gt Delete lt pvlan_id gt Lookup lt pvlan_id gt Isolate lt port_list gt enableldisable QOS Configuration lt port_list gt QoS Classes lt class gt Default lt port_list gt lt class gt 111 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Tagprio lt port_list gt lt tag_prio gt QCL Add lt qcl_id gt lt qce_id gt lt qce_id_next gt etype lt etype gt vid lt vid gt port lt udp_tcp_port gt dscp lt dscp gt tos lt tos_list gt tag_prio lt tag_prio_list gt lt class gt QCL Delete lt qcl_id gt lt qce_id gt QCL Lookup lt qcl_id gt lt qce_id gt Mode lt port_list gt strictlweighted Weight lt port_list gt lt class gt lt weight gt Shaper lt port_list gt enableldisable lt bit_rate gt Storm Unicast enableldisable lt packet_rate gt Storm Multicast enableldisable lt packet_rate gt Storm Broadcast enableldisable lt packet_rate gt Rate Limiter lt port_list gt enableldisable lt bit_rate gt ACL E Configuration lt port_list gt Action lt port_list gt permitldeny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Policy lt port_list
95. t save A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Security Model Indicates the security model that this entry should belong to Possible security models are Security Level NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The name of the MIB view defining the MIB objects for which this Sead View Narnie request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 The name of the MIB view defining the MIB objects for which this Write View Name request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 52 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 8 Traffic Prioritization 3 1 8 1 Storm Control Storm control for the switch is configured on this page Storm Control Configuration Frame Type Status Rate pps Unicast z
96. t will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Response and the Request that matched it from the radiusAccClientExtRoundTripTime RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been Round Trip Time round trip communication with the server yet 3 1 11 Warning 3 1 11 1 Fault Alarm When any selected fault event is happened the Fault LED in switch panel will light up and the electric relay will signal at the same time 82 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Fault Alarm Power Failure CIPwr 1 LIPWR 2 Port Link Down Broken H 2 3 4 J 6 Fi 8 g M e O MS e ee ee S Fault Alarm interface The following table describes the labels in this screen Mark the blank of PWR 1 or PWR 2 to monitor Port Link Down Broken Mark the blank of port 1 to port 12 to monitor Apply Click Apply to set the configurations 3 1 11 2 System warning 3 1 11 2 1 Syslog Setting 83 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Syslog Server IP Address 0 0 0 0 IP Address User can
97. table starting from the Start from MAC address and VLAN input fields Flushes all dynamic entries Updates the table starting from the first entry in the MAC Table Updates the table starting with the entry after the last entry 3 1 13 Port Statistics 3 1 13 1 Traffic Overview This page provides an overview of general traffic statistics for all switch ports Port Statistics Overview Auto refresh C nore Packets Bytes Errors Drops Filtered z Recetve Transmit Receive Transmit Receiwwe Transmit Receiwe Transmit Receive 1 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 3 0 0 0 0 0 0 0 0 0 4 0 0 0 0 0 0 o 0 0 5 0 0 0 0 0 0 0 0 0 6 0 0 0 0 0 0 0 0 0 Fi 0 0 0 0 0 0 0 0 0 a 0 0 0 0 0 0 0 0 0 g 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 0 0 w oen S The logical port for the settings contained in the same row 88 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM The number of received and transmitted packets per port The number of received and transmitted bytes per port The number of frames received in error and the number of Se ae The number of frames discarded due to ingress or egress i lee Filtered The number of received frames filtered by the forwarding process Check this box to enable an automatic refresh of the page at regular Auto efresh L intervals Updates the counters entries starting from the current entry ID Flushes all co
98. that port By default port isolation is disabled for all ports 44 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 7 SNMP 3 1 7 1 SNMP System SNMP System Configuration Version Read Community Write Community EngineID 20000 e501 00001 Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 Version Indicates the community read access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using Read Community 45 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM USM for authentication and privacy and the community string will associated with SNMPv3 communities table Write Community Indicates the community write access string to permit access to SNMP agent The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the c
99. that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend Access Challenges dotixAuthBackendAccessChallenges server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table cae based Counts the number of times that the switch sends an EAP Request packet following the dotixAuthBackendOtherRequestsToSupplicant first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable Port and MAC based dotixAuthBackendAuthSuccesses Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server Port and MAC based dotixAuthBackendAuthFails Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend server Port based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch attempted communication with ihe oe server Possible retransmissions are not counted MAC Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted
100. the port Select any available link speed for the given switch port Configured Link Auto Speed selects the highest speed that is compatible with a Speed link partner Disabled disables the switch port operation When Auto Speed is selected for a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used The Current Rx column indicates whether pause frames on the port Flow Control are obeyed and the Current TX column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed Enter the maximum frame size allowed for the switch port Maximum Frame including FCS The allowed range is 1518 bytes to 9600 bytes Configure port transmit collision behavior Excessive Collision Discard Discard frame after 16 collisions default Mode Restart Restart back off algorithm after 16 collisions The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port Power Control Disabled All power savings mechanisms disabled ActiPHY Link down power savings enabled PerfectReach Link up power savings enabled Enabled Both link up
101. the switch in which the frame type is not recognized Invalid Length dot 1xAuthEapLengthErrorFramesRx Phe number ot EAPOL frames that have been received by the switch in which the Packet Body Length Invalid Type dotixAuthInvalidEapolFramesRx Total dotixAuthEapolFramesTx The number of EAPOL frames of any type that have been transmitted by the switch Request ID dotixAuthEapolReqIdFramesTx The number of EAP initial request frames that have been transmitted by the switch The number of valid EAP Request frames other than initial request frames that have been Requests dotixAuthEapolReqFramesTx transmitted by the switch wx VP RRR AR x Backend server frame counter statistics For MAC based ports there are two tables containing backend server counters The left most shows a summary of all backend server counters on this port The right most shows backend server counters Backend Server for the currently selected client or dashes if no client is selected or Counters available A client can be selected from the list of authorized unauthorized clients below the two counter tables There are slight differences in the interpretation of the counters between port and MAC based authentications as shown below 75 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Backend Server Counters Direction IEEE Name Description Port based Counts the number of times
102. thentications Overview of 802 1X Port Based Authentication In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switches are special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS servers are RADIUS packets RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to Know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose tw
103. ties The possible capabilities are Repeater Bridge WLAN Access Point System Capabilities Router Telephone DOCSIS cable device Station only Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by Management Address is the neighbor unit s address that is used Management for higher layer entities to assist the discovery by the network Address management This could for instance hold the neighbor s IP address LLDP Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local counters refer to counters for the currently selected switch 19 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Auto refresh Fi Global Counters Neighbor entries were last changed at 746 sec ago Total Neighbors Entries Added Total Neighbors Entries Deleted Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP Statistics Local Counters eae Let se Lota aes i Se Discarded Discarded Unrecognized Discarded Outs 0 M s5 ooooqcoo0 co o Copmpoqoqoqcqocda oO ompoqoqoqoqo a c amp oooo0cooq0qcoooqooc9c o opmpoqoqoouona amp oooo0cooo0ocooo0coo0oc c o opmpoqoqoqgoq coc amp oopoqcoqcoqcoc ad
104. to configure RSTP system settings The settings are used by all RSTP Bridge instances in the Switch Stack STP Bridge Configuration Basic Settings Protocol Version MSTP y Forward Delay 15 Max Age 20 Maximum Hop Count 20 Transmit Hold Count 6 and MSTP The delay used by STP Bridges to transition Root and Designated Forward Delay Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds The maximum age of the information transmitted by the Bridge Max Age when it is the Root Bridge Valid values are in the range 6 to 40 seconds and MaxAge must be lt FwdDelay 1 2 This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It Maximum Hop Count defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 4 to 30 seconds and MaxAge must be lt FwdDelay 1 2 The number of BPDU s a bridge port can send per second When Transmit Hold Count exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Click to save changes Click to undo any changes made locally and revert to previously ese saved values Advanced Settings 33 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Advanced Settings Edge Port BPDU Filtering Edge Port B
105. to the mirror port is selected as follows All frames received on a given port also Known as ingress or source mirroring All frames transmitted on a given port also Known as egress or destination mirroring Port to mirror also known as the mirror port Frames from ports that have either source RX or destination TX mirroring enabled are mirrored to this port Disabled disables mirroring Mirror Configuration Port to mirror to Port Mode Disabled Disabled The logical port for the settings contained in the same row amp W M eH Port Select mirror mode RX only Frames received at this port are mirrored to the mirror port Frames transmitted are not mirrored TX only Frames transmitted from this port are mirrored to the mirror port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored to the mirror port 91 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Note For a given port a frame is only transmitted once It is therefore not possible to mirror TX frames for the mirror port Because of this mode for the selected mirror port is limited to Disabled or RX only 3 1 15 System Log Information The switch system log information is provided here System Log Information Auto refresh L Open in new window Level
106. ts include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Request packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout Access Rejects radiusAuthClientExtAccessRejects Access Challenges radiusAuthClientExtAccessChallenges Malform
107. twork through a standard web browser such as Microsoft IE Google Chrome or FireFox The Web Based Management function supports Internet Explorer 5 0 or later Itis based on Java Applets with the aim to reduce network bandwidth consumption enhance access speed and present an easy to use viewing screen Note By default IE5 0 or later version does not allow Java Applets to open sockets You need to explicitly modify the browser setting in order to enable Java Applets to use the network ports 12 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Preparing for Web Management The default values are defined below IP Address 192 168 1 77 Check Your Equipment Label to Insure a Match Subnet Mask 255 255 255 0 Default Gateway 192 168 1 254 User Name root Password root System Login 1 Launch the Internet Explorer 2 Type http and the IP address of the switch Press Enter File Edit View Favorites Tools Help ay Back amp J x E A Ea Search sf Favorites fr ee EA A 3 Address http 192 168 11 77 r 3 The login screen appears 4 Key in the username and password The default username and password is admin 5 Click Enter or OK button then the main interface of the Web based management appears Connect to 192 168 10 1 FP hj hs index htm
108. ty For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 10 2 5 RADIUS Status RADIUS Authentication Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns The RADIUS Authentication Server number for which the which are configuration below applies Enable the RADIUS Authentication Server by checking this box IP Address Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to something else than none or local RADIUS Authentication Server Status Overview Auto refresh C IP Address Status 1 0 0 0 0 18123 Disabled 2 0 0 0 0 1817 Disabled 3 0 0 0 0 1812 Disabled 4 0 0 0 0 1812 Disabled 5 0 0 0 0 1812 Disabled r The RADIUS server number Click to navigate to detailed statistics for this server The IP address and UDP port number in lt IP Address gt lt UDP IP Address Port gt notation of this server The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts 79 KUSA Cyber Secu
109. ully qualified domain name A domain name is a text string drawn from the alphabet A Z a z System Name digits 0 9 minus sign No space characters are permitted as part of aname The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is O to 255 The physical location of this node e g telephone closet 3rd System Location floor The allowed string length is O to 255 and the allowed content is the ASCII characters from 32 to 126 Enter the name of contact person or organization Time one Osai Provide the time zone offset relative to UTC GMT The offset is given in minutes east of GMT The valid range is from 720 to 720 minutes Click to save changes Click to undo any changes made locally and revert to previously saved values 3 1 2 2 Admin amp Password This page allows you to configure the system password required to access the web pages or log in from CLI System Password Username Old Password fs New Password fe Confirm New Password fT f 15 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Old Password Enter the current system password If this is incorrect the new eaten New Password The system password The allowed string length is O to 31 and ror rests cranesch cea ten 5 Confirm password Re type the new password Click to save changes
110. uncheck to disable By default TCP UDP Port Number is enabled 26 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Aggregation Group Configuration Open in new window Port Members Nomal 1 Ooo00000o00 oo 0 Ooo0o0ooocdod0od0do0o0do Ooo0oc0ocd0d0000dd oOooo0o00ceooo0o00 Ooo0oc0ceodo0oo0d0do00cdd Ooo0o0ooc0ocdod0do00do Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Only full duplex ports can join an aggregation and ports must be in the same speed in each group 3 1 4 3 2 LACP Port Configuration 2 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM This page allows the user to inspect the current LACP port configurations and possibly change them as well LACP Port Configuration Open in new window Port LACP Enabled amp iW M e aa PN Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid
111. unters entries 3 1 13 2 Detailed statistics This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit Detailed Statistics Receive amp Transmit Total 89 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM Detailed Port Statistics Port 1 Port i Auto refresh L Refresh Receive Total Transmit Total Rx Packets 0 Tx Packets 0 Rx Octets 0 Tx Octets 0 Rx Unicast 0 Tx Unicast o Rx Multicast 0 Tx Multicast 0 Rx Broadcast 0 Tx Broadcast 0 Rx Pause 0 Tx Pause 0 Receive Size Counters Transmit Size Counters Rx 64 Bytes 0 Tx 64 Bytes 0 Rx 65 127 Bytes Tx 65 127 Bytes 0 Rx 128 255 Bytes 0 Tx 128 255 Bytes 0 Rx 256 511 Bytes 0 Tx 256 511 Bytes 0 Rx 512 1023 Bytes 0 Tx 512 1023 Bytes 0 Rx 1024 1576 Bytes 0 Tx 1024 15276 Bytes 0 Rx 1527 Bytes 0 Tx 1527 Bytes 0 Receive Queue Counters Transmit Queue Counters Rx Low 0 Tx Low 0 Rx Normal Tx Normal 0 Rx Medium 0 Tx Medium o Rx High 0 Tx High 0 Receive Error Counters Transmit Error Counters Rx Drops 0 Tx Drops 0 Rx CRC Alignment Tx Late Exc Coll 0 Rx Undersize o Rx Oversize o Rx Fragments 0 Rx Jabber o Rx Filtered o RX and TX The number of
112. uter Port Me O iD 0 s mon W we V1 Reports The number of Received V1 Reports Receive V2 Reports The number of Received V2 Reports Receive V3 Reports The number of Received V3 Reports Receive V2 Leave Receive The number of Received V2 Leave efrest Click to refresh the page immediately Clears all Statistics counters Check this box to enable an automatic refresh of the page at regular Auto refresh L intervals 3 1 10 Security 3 1 10 1 ACL 59 KUSA Cyber Secure Video Switch Network Security For The 21 Century UNIVERSAL MANUAL USERS MANUAL FOR KY 8PSE30WM 3 1 10 1 1 Ports Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE ACL Ports Configuration isabled isabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled jisabled Disabled Disabled Disabled Disabled Disabled Disabled isabled Disabled Disabled isabled Permi Disabled Disabled 1 2 3 4 J 6 Fi a g jami e O Soo oa ooeretcegeds4 H ho Port The logical port for the settings contained in the same row Select the policy to apply to this port The allowed values are 1 Policy ID through 8 The default value is 1 Select whether forwarding is permitted Permit or denied Deny The default value is Permit
Download Pdf Manuals
Related Search