User`s Manual - PLANET Technology Corporation.
Contents
1. o y a c e a e c a S E S a S a S a N e S a a SPR SS SS SS SSCS ACEC SSCS KS SS E SS SESS KS SSS SKS KS SSS SSK KS KS E EKEKA RAKAR AREAREN AKERA KS E EKEKA RAKARE KENARA NERAK E E AKEKE NAKA RAKERA ASE SSS SNS NSN SSNS ISSN SSNS NSN SNS EIEI EI EIE Figure 4 14 1 LLDP Configuration Page Screenshot The page includes the following fields LLDP Parameters Object Description e Tx Interval The switch is periodically transmitting LLDP frames to its neighbors for having the network discovery information up to date The interval between each LLDP frame is determined by the Tx Interval value Valid values are restricted to 5 32768 seconds Default 30 seconds This attribute must comply with the following rule Transmission Interval Hold Time Multiplier lt 65536 and Transmission Interval 278 User s Manual of MGSW 24160F gt 4 Delay Interval e Tx Hold Each LLDP frame contains information about how long the information in the LLDP frame shall be considered valid The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times TTL in seconds is based on the following rule Transmission Interval Holdtime Multiplier lt 65536 Therefore the default TTL is 4 30 120 seconds e Tx Delay If some configuration is changed e g the IP address a new2. Figure 4 11 7 Authentication Server Configuration Page Screenshot The page includes the following fields Port State These setting are common for all of the Authentication Servers Object Description e Timeout The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server User s Manual of MGSW 24160F If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any RADIUS servers are using the UDP protocol which is unreliable by design In order to cope with lost frames the timeout interval is divided into 3 subintervals of equal length If a reply is not received within the subinterval the request is transmitted again This algorithm causes the RADIUS server to be queried up to 3 times before it is considered to be dead e Dead Time The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured RADIUS Authentication Server Configuration The table has one
3. oont ont WON o _ b Qu mn h mn J _ co wo i MN _ M ho Ny Sy S SSS NS SS SSS SNS SS SSN SS SSS IES M to SHS SS SI SES SS EIEI HS Se SSIES IIS ho E Figure 4 12 10 IP Source Guard Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode of IP Source Enable the Global IP Source Guard or disable the Global IP Source Guard All Guard Configuration configured ACEs will be lost when the mode is enabled 264 User s Manual of MGSW 24160F e Port Mode Specify IP Source Guard is enabled on which ports Only when both Global Mode Configuration and Port Mode on a given port are enabled IP Source Guard is enabled on this given port e Max Dynamic Clients Specify the maximum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited If the port mode is enabled and the value of max dynamic client is equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Buttons Save Click to save changes Rese J Click to undo any changes made locally and revert to previously saved values 4 12 11 IP Source Guard Static Table This page provides Static IP Source Guard Table The Static IP Sourc
4. ho Figure 4 12 12 ARP Inspection Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode of ARP Enable the Global ARP Inspection or disable the Global ARP Inspection Inspection Configuration e Port Mode Specify ARP Inspection is enabled on which ports Only when both Global Mode 267 User s Manual of MGSW 24160F Configuration and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 13 ARP Inspection Static Table This page provides Static ARP Inspection Table The Static ARP Inspection Table screen in Figure 4 12 13 appears Static ARP Inspection Table Figure 4 12 13 Static ARP Inspection TableScreen Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The VLAN ID for the settings e MAC Address Allowed Source MAC address in ARP request packets e IP Address Allowed Source IP address in ARP request packets Buttons Add new entry Click to add a new entry save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 268 User s Manual of MGSW 24160F 4 1
5. AEE Figure 4 11 4 Network Access Server Configuration Page Screenshot 214 User s Manual of MGSW 24160F The page includes the following fields System Configuration Object Description e Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames e Reauthentication If checked successfully authenticated supplicants clients are reauthenticated Enabled after the interval specified by the Reauthentication Period Reauthentication for 802 1X enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached For MAC based ports reauthentication is only useful if the RADIUS server configuration has changed It does not involve communication between the switch and the client and therefore doesn t imply that a client is still present on a port e Reauthentication Determines the period in seconds after which a connected client must be Period reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 1 to 3600 seconds e EAPOL Timeout Determines the time between retransmission of Request Identity EAPOL frames Valid values are in the range 1 to 255 seconds This has no effect for MAC based ports e Age Period This setting applies to the following modes i e modes using the Port Security functionality to s
6. Object Description e Delete To delete a VLAN entry check this box The entry will be deleted on all switch units during the next Save e VLAN ID Indicates the ID of this particular VLAN e Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked e Adding a New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected switch unit when you click on Save TA The button can be used to undo the addition of new VLANs 128 User s Manual of MGSW 24160F Buttons Add new Private VLAN Crick to add new VLAN Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 6 10 VLAN setting example Separate VLAN 802 1Q VLAN Trunk Port Isolate 4 6 10 1 Two separate 802 1Q VLAN The diagram shows how the Managed Switch handles Tagged and Untagged traffic flow for two VLANs VLAN Group 2 and VLAN Group 3 are separated VLAN Each VLAN isolate network traffic so only members of the VLAN receive traffic from the same VLAN members The screen in Figure 4 6 8 appears and Table 4 6 2 describes the port configuration of the
7. Default Setting disable Example Enable the IGMP snooping querier mode for VLAN SWITCH gt igmp querier 1 enable IGMP Fastleave Description Set or show the IGMP snooping fast leave port mode Syntax IGMP Fastleave lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IGMP fast leave disable Disable IGMP fast leave default Show IGMP fast leave mode 432 User s Manual of MGSW 24160F Default Setting disable Example Enable the IGMP snooping fast leave port mode SWITCH gt igmp fastleave 1 enable IGMP Throttling Description Set or show the IGMP port throttling status Syntax IGMP Throttling lt port_list gt limit group number Parameters lt port_list gt Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IGMP Port Throttling Default Setting unlimited Example Set the IGMP port throttling status for port 1 SWITCH gt igmp throttling 1 10 IGMP Filtering Description Set or show the IGMP port group filtering list Syntax IGMP Filtering lt port_list gt add del group_addr 433 User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports add Add new port group filtering entry del Del existing port group filtering entry default Show IGMP port group filtering list IP multicast gro
8. Figure 4 2 18 Web Firmware Upgrade Page Screenshot To open Firmware Upgrade screen perform the folling 1 Click System gt Web Firmware Upgrade 2 The Firmware Upgrade screen is displayed as in Figure 4 2 18 3 Click the ome button of the main page the system would pop up the file selection menu to choose firmware Upload 4 Select on the firmware then click Unoa the Software Upload Progress would show the file upload status 5 Once the software be loaded to the system successfully The following screen appears The system will load the new software after reboot Firmware Upgrade in progess The uploaded firmware image is being transferred to flash The system will reboot after the Upgrade Until then do not reset or power off the device v Completed Figure 4 2 19 Software successfully Loaded Notice Screen DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without press the OK button after the image be loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes again 69 User s Manual of MGSW 24160F 4 2 16 TFTP Firmware Upgrade The Firmware Upgrade page provides the functions to allow a user to update the Managed Switch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is
9. The Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state Observe the following formulas when setting the above parameters Max Age _ 2 x Forward Delay 1 second Max Age _ 2 x Hello Time 1 second Port Priority A Port Priority can be from 0 to 240 The lower the number the greater the probability the port will be chosen as the Root Port Port Cost A Port Cost can be set from 0 to 200000000 The lower the number the greater the probability the port will be chosen to forward packets 3 Illustration of STP A simple illustration of three switches connected in a loop is depicted in the below diagram In this example you can anticipate some major network problems if the STP assistance is not applied If switch A broadcasts a packet to switch B switch B will broadcast it to switch C and switch C will broadcast it to back to switch A and so on The broadcast packet will be passed indefinitely in a loop potentially causing a network failure In this example STP breaks the loop by blocking the connection between switch B and C The decision to block a particular connection is based on the STP calculation of the most current Bridge and Port settings Now if switch A broadcasts a packet to switch C then switch C will drop the packet at port 2 and the broadcast will end there Setting up STP usi
10. auto Example Set MSTI2 in port1 2 SWITCH gt stp msti port configuration 2 1 2 MSTI Port Path Cost Priority MST2 Aggr Auto MSTI Port Path Cost Priority Auto Auto STP MSTI Port Cost Description Set or show the STP CIST MSTI port path cost Syntax STP Msti Port Cost lt msti gt lt port_list gt lt path_cost gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt path_cost gt STP port path cost 1 200000000 or auto Default auto Example Set MSTI7 in port1 SWITCH gt stp msti port cost 7 1 Port Path Cost 428 User s Manual of MGSW 24160F MST7 1 Auto STP MSTI Port Priority Description Set or show the STP CIST MSTI port priority Syntax STP Msti Port Priority lt msti gt lt port_list gt lt priority gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt priority gt STP port priority 0 16 32 48 224 240 Default 128 429 6 9 Multicast Configuration Command IGMP Configuration Description Show IGMP snooping configuration Syntax IGMP Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show IGMP snooping configuration User s Manual of MGSW 2416
11. Click to refresh the page immediately cea Clears the counters for all ports Auto refresh haa a Check this box to enable an automatic refresh of the page at regular intervals 4 4 4 SFP Module Information You can check the physical or operational status of an SFP module via the SFP Module Information page This page shows the operational status such as the transceiver type speed and wavelength and supports distance of SFP module on a specific interface You can also use the hyperlink of port no to check the statistics on a speficic interface The SFP Module Information screen in Figure 4 4 4 appears SFP Module Information pon woe spect wave tenga 1000Base T 1000 Base 1000Base T 1000 Base Auto Refresh O Figure 4 4 4 SFP Module Information for Switch Page Screenshot The page includes the following fields 96 User s Manual of MGSW 24160F Object Description e Type Display the type of current SFP module the possible types are M 1000Base SX MN 1000Base LX NW 100Base FX e Speed Display the spedd of current SFP module the speed value or description is get from the SFP module Different vendors SFP modules might shows different speed information e Wave Length nm Display the wavelength of current SFP module the wavelength value is get from the SFP module Use this column to check if the wavelength values of two nodes are the matched while the fiber connection is failed e Dis
12. Default Setting disable Example Enable HTTPs function 350 User s Manual of MGSW 24160F User s Manual of MGSW 24160F SWITCH gt security switch https mode enable Security Switch HTTPs Redirect Description Set or show HTTPS redirect mode Automatic redirect web browser to HTTPS during HTTPS mode enabled Syntax Security Switch HTTPS Redirect enable disable Parameters enable Enable HTTPs redirect disable Disable HTTPs redirect default Show HTTPs redirect mode Default Setting disable Example Enable HTTPs redirect function SWITCH gt security switch https redirect enable Security Switch Access Configuration Description Show access management configuration Syntax Security Switch Access Configuration Example Show access management configuration SWITCH gt security switch access configuration Access Mgmt Configuration 351 User s Manual of MGSW 24160F System Access Mode Disabled System Access number of entries 0 Security Switch Access Mode Description Set or show the access management mode Syntax Security Switch Access Mode enable disable Parameters enable Enable access management disable Disable access management default Show access management mode Default Setting disable Example Enable access management function SWITCH gt security switch access mode enable Security Switch Access Add Descrip
13. Private VLAN For private VLANs to be applied the switch must first be configured for standard VLAN operation when this is in place one or more of the configured VLANs can be configured as private VLANs Ports in a private VLAN fall into one of these two groups E Promiscuous ports Ports from which traffic can be forwarded to all ports in the private VLAN Ports which can receive traffic from all ports in the private VLAN a Isolated ports Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to which forwarding can be done to just the promiscuous ports within the private VLAN 126 User s Manual of MGSW 24160F The port settings relate to the currently selected unit as reflected by the page header The Port Isolation Configuration screen in Figure 4 6 6 appears Port Isolation Configuration 0 10M whee v v vw v v v v v v v v v IEMET lt lt lt lt lt lt lt lt lt Figure 4 6 6 Port Isolation Configuration Page Screenshot The page
14. Security Network NAS RADIUS VLAN Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned VLAN Syntax Security Network NAS RADIUS_VLAN global lt port_list gt enable disable Parameters global Select the global RADIUS assigned VLAN setting lt port_list gt Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globally or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting disable Example Enable NAS RADIUS VLAN SWITCH gt security network nas radius_vlan enable Security Network NAS Guest_VLAN Description 387 User s Manual of MGSW 24160F Set or show either global enabledness and parameters use the global keyword or per port enabledness of Guest VLAN Unless the global keyword is used the lt reauth_max gt and lt allow_if_eapol_seen gt parameters will not be unused Syntax Security Network NAS Guest_VLAN global lt port_list gt enable disable lt vid gt lt reauth_max gt lt allow_if_eapol_seen gt Parameters global Select the global Guest VLAN setting lt port_list gt Select the per port Guest VLAN setting default Show current per port Guest VLAN enabledness enable disable enable
15. Source Mask 255 255 255 0 0 0 0 0 The entry index key are lt engineid gt and lt user_name gt and it doesn t allow modify Syntax Security Switch SNMP User Add lt engineid gt lt user_name gt MD5 SHA lt auth_password gt DES lt priv_password gt Parameters lt engineid gt lt user_name gt Engine ID the format may not be all zeros or all ffH and is restricted to 5 32 octet string A string identifying the user name that this entry should belong to md5 An optional flag to indicate that this user using MD5 authentication protocol sha An optional flag to indicate that this user using SHA authentication protocol lt auth_password gt A string identifying the authentication pass phrase des An optional flag to indicate that this user using DES privacy protocol privacy protocol should belong to lt priv_password gt A string identifying the privacy pass phrase Example Add SNMPv3 user entry SWITCH gt security switch snmp user add 800007e5017f000003 admin_snmpv3 md5 12345678 des abcdefgh 368 User s Manual of MGSW 24160F Security Switch SNMP User Delete Description Delete SNMPv3 user entry Syntax Security Switch SNMP User Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 user entry SWITCH gt security switch snmp user delete 1 Security Switch SNMP User Changekey Description Change SNMPv3 user password Synt
16. Timeouts The number of RADIUS packets containing invalid authenticators received from the server The number of RADIUS packets of unknown types that were received from the server on the accounting port The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason The number of RADIUS packets sent to the server This does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a 241 User s Manual of MGSW 24160F different server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name RFC4670 Name Description State 7 Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Re
17. User s Manual of MGSW 24160F Each accessible traffic object contains an identifier to its QCL The privileges determine specific traffic object to specific QoS class QL In SyncE this is the Quality Level of a given clock source This is received on a port in a SSM indicating the quality of the clock received in the port QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must provide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS is an acronym for Remote Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network service RDI is an acronym for Remote Defect Indication It is a OAM functionallity that is used by a MEP to indicate defect detected to the r
18. global whereas the aggregation group relate to the currently selected unit as reflected by the page header Hash Code Contributors The Aggeration Mode COnfiguration screen in Figure 4 5 2 appears Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address IP Address TCP UDP Port Number Figure 4 5 2 Aggregation Mode Configuration Page Screenshot The page includes the following fields Object Description e Source MAC Address The Source MAC address can be used to calculate the destination port for the frame Check to enable the use of the Source MAC address or uncheck to disable By default Source MAC Address is enabled e Destination MAC The Destination MAC Address can be used to calculate the destination port for Address the frame Check to enable the use of the Destination MAC Address or uncheck to disable By default Destination MAC Address is disabled e IP Address The IP address can be used to calculate the destination port for the frame Check to enable the use of the IP Address or uncheck to disable By default IP Address is enabled e TCP UDP Port Number The TCP UDP port number can be used to calculate the destination port for the frame Check to enable the use of the TCP UDP Port Number or uncheck to disable By default TCP UDP Port Number is enabled Static Aggregation Group Configuration The Aggregation Group Configuration s
19. lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt Parameters lt ace_id gt ACE ID 1 128 default Next available ID lt ace_id_next gt Next ACE ID 1 128 default Add ACE last switch Switch ACE keyword port Port ACE keyword lt port gt Port number policy Policy ACE keyword lt policy gt Policy number 1 8 lt vid gt VLAN ID 1 4095 or any lt tag_prio gt VLAN tag priority 0 7 or any lt dmac_type gt DMAC type any unicast multicast broadcast etype Ethernet Type keyword lt etype gt Ethernet Type or any lt smac gt Source MAC address xx xx XX XX XX Xx or any lt dmac gt Destination MAC address xx xx Xxx xX Xx Xx or any arp ARP keyword lt sip gt Source IP address a b c d n or any lt dip gt Destination IP address a b c d n or any lt arp_opcode gt ARP operation code anylarp rarp other lt arp_flags gt ARP flags request smac tmac len ip ether 0 1 any ip IP keyword lt protocol gt IP protocol number 0 255 or any lt ip_flags gt IP flags ttlloptions fragment 0 1 any icmp ICMP keyword lt icmp_type gt ICMP type number 0 255 or any lt icmp_code gt ICMP code number 0 255 or any udp UDP keyword lt sport gt Source UDP TCP port range 0 65535 or any lt dport gt Destination UDP TCP port range 0 65535 or any tcp TCP keyword lt tcp_flags
20. the time elapsed since last change was detected Total Neighbors Entries Added Shows the number of new entries added since switch reboot Total Neighbors Entries Deleted Shows the number of new entries deleted since switch reboot Total Neighbors Entries Dropped Shows the number of LLDP frames dropped due to that the entry table was full Total Neighbors Entries Aged Out Shows the number of entries deleted due to Time To Live expiring 292 Local Counters User s Manual of MGSW 24160F The displayed table contains a row for each port The columns hold the following information Object Description e Local Port The port on which LLDP frames are received or transmitted e Tx Frames The number of LLDP frames transmitted on the port e Rx Frames The number of LLDP frames received on the port e Rx Errors The number of received LLDP frames containing some kind of error Frames Discarded If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbors in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out TLVs Discarded Each LLDP frame can contain mul
21. Coordinates Location Civic Address Location cnn El et Leading street direction House no Raina location into tame ing A el Room no CCT Emergency Call Service Emergency Call Serice Policies Policy Port Configuration Figure 4 14 2 LLDPMED Configuration p Page Screenshot The page includes the following fields Fast start repeat count Object Description e Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general In addition it is best to advertise only those pieces of information which are specifically relevant to particular endpoint types for example only advertise the voice network policy to permitted voice capable devices both in order to conserve the 281 Coordinates Location User s Manual of MGSW 24160F limited LLDPU space and to reduce security and system integrity issues that can come with inappropriate knowledge of the network policy With this in mind LLDP MED defines an LLDP MED Fast Start interaction between the protocol and the application layers on top of the protocol in order to achieve these related properties Initially a Network Connectivity Device will only transmit LLDP TLVs in an LLDPDU Only after an LLDP MED Endpoint Device is detected will an LLDP MED capable Netw
22. Enable Guest VLAN either globally or on one or more ports disable Disable Guest VLAN either globally or on one or more ports default Show current Guest VLAN enabledness lt vid gt Guest VLAN ID used when entering the Guest VLAN Use the global keyword to change it default Show current Guest VLAN ID lt reauth_max gt The value can only be set if you use the global keyword in the beginning of the command The number of times a Request Identity EAPOL frame is sent without reasponse before considering entering the Guest VLAN default Show current Maximum Reauth Count value lt allow_if_eapol_seen gt The value can only be set if you use the global keyword in the beginning of the command disable The Guest VLAN can only be entered if no EAPOL frames have been received on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show current setting Default Setting disable Example Enable NAS guest VLAN SWITCH gt security network nas guest_vlan enable Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Syntax Security Network NAS Authenticate lt port_list gt now 388 User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports now Force reauthentication immediately Example Start NAS authentication
23. Keep Keep the original relay information when receive a DHCP message that already contains it Drop Drop the package when receive a DHCP message that already contains relay information Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 9 DHCP Relay Statistics This page provides statistics for DHCP relay The DHCP Relay Statistics screen in Figure 4 2 12 appears DHCP Relay Statistics Server Statistics Transmit to Transmit Receive from Receive Missing Agent Receive Missing Receive Missing Receive Bad Receive Bad Server Error Server Option Circuit ID Remote ID Circuit ID Remote ID Auto Refresh Refresh Clear Figure 4 2 12 DHCP Relay Statistics Page Screenshot The page includes the following fields Server Statistics Object Description e Transmit to Server The packets number that relayed from client to server e Transmit Error The packets number that packet of error sent packets to client e Receive form Server The packets number that received packets from server e Receive Missing Agent The packets number that received packets without agent information options Option e Receive Missing The packets number that received packets which the Circuit ID option was Circuit ID missing 62 Receive Missing Remote ID User s Manual of MGSW 24160F The packets number that received packets which R
24. Lo tet es Y Add new user Figure 4 2 6 User Configuration Page Screenshot After change the default password if you forget the password Please press the Reset button in the front panel of the Managed Switch over 10 seconds and then release the current setting includes VLAN will be lost and the Managed Switch will restore to the default mode 55 User s Manual of MGSW 24160F 4 2 5 Users Privilege Levels This page provides an overview of the privilege levels After setup completed please press Save button to take effect Please login web interface with new user name and password the screen in Figure 4 2 7 appears Privilege Levels Configuration gramo Privilege Levels Read only Read write Read only Read write Aggregation 5 Ml 10 w 5 m 10 w Diagnostics 5 m IGMP_Snooping IP E Sl Si SSS METETE LLDP LLDP MED MAC_Table MVR Maintenance BH S SiS IEICE Mirroring PoE Port_Security Ports Private_VLANs QoS SNMP Security Sl SISI SISI SH Slo S SS SISSIES Spanning_Tree Stack o o lt lt System UPnP VLANs Voice_VLAN Sl S lt lt S lt Figure 4 2 7 Privilege Levels Configuration Page Screenshot t 56 User s Manual of MGSW 24160F The page includes the following fields Object Description e Group Name The name identifying the privilege group In most cases a privilege level group consists of a singl
25. Port list or all default All ports untagged VLAN Link Type Tagged tagged VLAN Link Type Untagged default Show VLAN link type Default Setting Un tagged Example Enable tagged frame for port2 SWITCH gt vlan linktype 2 tagged VLAN Q in Q Mode Description Set or show the port Q in Q mode Syntax VLAN Qinqmode lt port_list gt disable man customer Parameters lt port_list gt Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode default Show VLAN QinQ Mode Example Set port2 in man port 335 User s Manual of MGSW 24160F SWITCH gt vlan qinq 2 man VLAN Ethernet Type Description Set or show out layer VLAN tag ether type in Q in Q VLAN mode Syntax VLAN Ethtype lt port_list gt man dot1q Parameters lt port_list gt Port list or all default All ports man Set out layer VLAN tag ether type MAN dotiq Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Default Setting N A Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type SWITCH gt vlan ethtype 10 man VLAN Add Description Add or modify VLAN entry Syntax VLAN Add lt vid gt lt port_list gt Parameters lt vid gt VLAN ID 1 4095 lt port_list gt Port list or all default All ports Default Setting 1 336 Us
26. Protected EAP PEAP MD5 Challenge Protected EAP PEAP Smart Card or other Certificate Authenticate as computer when computer information is available C Authenticate as quest when user or computer information is unavailable Figure 4 11 19 7 Click OK 8 When client has associated with the Managed Switch a user authentication notice appears in system tray Click on the notice to continue 248 User s Manual of MGSW 24160F Local Area Connection 3 x Click here to enter your user name and password for the network Figure 4 11 20 Windows Client Popup Login Request Message 9 Enter the user name password and the logon domain that your account belongs 10 Click OK to complete the validation process Local Area Connection 3 User name test Password co o o Logon domain Figure 4 11 21 249 User s Manual of MGSW 24160F 4 12 Security This section is to control the access of the Managed Switch includes the user access and management control The Security page contains links to the following main topics E Port Limit Control E Access Management E HTTPs SSH E DHCP Snooping E IP Source Guard a ARP Inspection 4 12 1 Port Limit Control This page allows you to configure the Port Security Limit Control system and port settings Limit Control allows for limiting the number of users on a given port A user is identified
27. QoS Shaper lt port_list gt enable disable lt bit_rate gt 461 User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports enable Enable shaper disable Disable shaper default Show shaper mode lt bit_rate gt Rate in 1000 bits per second 500 1000000 kbps Default Setting Disabled 500kbps Example Set 1000kbps shaper for port 9 16 SWITCH gt qos shaper 9 16 enable 1000 QoS Storm Unicast Description Set or show the unicast storm rate limiter Syntax QoS Storm Unicast enable disable lt packet_rate gt Parameters enable Enable unicast storm control disable Disable unicast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable unicast storm rate limiter in 1kpps SWITCH gt qos storm unicast enable 1k QoS Strom Multicast Description 462 Set or show the multicast storm rate limiter Syntax QoS Storm Multicast enable disable lt packet_rate gt Parameters enable Enable multicast storm control disable Disable multicast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k Default Setting Disabled 1pps Example Enable multicast storm rate limiter in 1kpps User s Manual of MGSW 24160F 1024k SWITCH gt qos storm multicast enable 1k QoS Strom Broadcast Description Set or s
28. SP Terminal Services Manager id Computers Administrator i Windows Explorer Y Paint e HyperTerminal Ethereal an Accessories Internet Explor E Startup 8 Internet Explorer S Outlook Express r Remote Assistance fa Administrative Tools I IxChariot Ethereal All Programs we 9 13PM Figure 4 11 15 Windows 2003 AD server Setting Path 245 User s Manual of MGSW 24160F 5 Enter Active Directory Users and Computers create legal user data the next right click a user what you created to enter properties and what to be noticed New Object User xi e Create in ca test pc Users First name test Initials Last name Full name test User logon name test ca test pe v User logon name pre Windows 2000 Figure 4 11 16 Add User Properties Screen New Object User Create in ca test pcLlsers Password eseses Confirm password eseees User must change password at next logon JV User cannot change password JV Password never expires Account is disabled lt Back Cancel Figure 4 11 17 Add User Properties Screen 246 User s Manual of MGSW 24160F Set the Ports Authenticate Status to Force Authorized if the port is connected to the RADIUS server or the port is a uplink port that is connected to another switch Or once the 802 1X stat to work the switch
29. Security Network DHCP Relay Server lt ip_addr gt Parameters lt ip_addr gt IP address a b c d default Show IP address Default Setting null Example Set DHCP relay server in 192 168 0 20 SWITCH gt security network dhcp relay server 192 168 0 20 Security Network DHCP Relay Information Mode Description Set or show DHCP relay agent information option mode When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remote it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Syntax Security Network DHCP Relay Information Mode enable disable Parameters enable Enable DHCP relay agent information option mode disable Disable DHCP relay agent information option mode default Show DHCP relay agent information option mode Default Setting disable Example Enable DHCP relay agent information option mode SWITCH gt security network dhcp relay information mode enable 398 User s Manual of MGSW 24160F Security Network DHCP Relay Information Policy Description Set or show the DHCP relay mode When enable DHCP relay information mode operation if agent received a DHCP message that already contains relay agent information It will enforce the policy Syntax Security Network DHCP Relay Information Policy replace keep drop Paramet
30. Security Network Limit Action lt port_list gt none trap shut trap_shut Parameters lt port_list gt Port list or all default All ports none trap shut trap_shut Action to be taken in case the number of MAC addresses exceeds the limit none Don t do anything trap Send an SNMP trap shut Shutdown the port trap_shut Send an SNMP trap and shutdown the port default Show current action Default Setting none Example Set trap mode for limit action for port 1 SWITCH gt security network limit action 1 trap Security Network Limit Reopen Description Reopen one or more ports whose limit is exceeded and shut down Syntax Security Network Limit Reopen lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Reopen port 1 SWITCH gt security network limit reopen 1 381 Security Network NAS Configuration Description Show 802 1X configuration Syntax Security Network NAS Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show 802 1X configuration of port 1 SWITCH gt security network nas configuration 1 802 1X Configuration Disabled Disabled 3600 EAPOL Timeout 30 Reauth Period 10 Disabled Disabled Disabled 71 User s Manual of MGSW 24160F Allow Guest VLAN if EAPOL Frame Seen Disabled Port Admin State Port State Force Au
31. Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears e Ethernet Type Value When Specific is selected for the EtherType filter you can enter a specific EtherType value The allowed range is 0x600 to OxFFFF A frame that hits this ACE matches this EtherType value Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Return to the previous page 4 10 4 ACL Ports Configuration Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The settings relate to the currently selected unit as reflected by the page header The ACL Ports Configuration screen in Figure 4 10 4 appears 204 User s Manual of MGSW 24160F ACL Ports Configuration Port Poticy 10 Action Rate Limiter 10 Port Copy Logging shutdown Counter 1 ell Lx li h mb 2000340002 WN i w N ae _ D el me Y 0 m lt co wo le NN N N O ell No N E to Lal el v lt lt lt lt lt 414 lt lt lt lt lt lt lt Disable v Disable v Disable v Disable v Disable v Disable v Di
32. Status Statistics read only privilege level 1 15 346 User s Manual of MGSW 24160F lt srw gt Status Statistics read write privilege level 1 15 Example Change privilege level of MVR group SWITCH gt security switch privilege level group mvr 15 15 15 15 Security Switch Privilege Level Current Description Show the current privilege level Syntax Security Switch Privilege Level Current Default Setting 15 Security Switch Auth Configuration Description Show Auth configuration Syntax Security Switch Auth Configuration Default Setting Authentication Method local Fallback disable Example Show authentication configuration SWITCH gt security switch auth configuration Auth Configuration Authentication Method Local Authentication Fallback 347 User s Manual of MGSW 24160F Disabled Disabled Disabled Disabled Security Switch Auth Method Description Set or show Auth method Syntax Security Switch Auth Method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authentication default Show client authentication method enable Enable local authentication if remote authenticati
33. Syntax IP DNS lt ip_addr gt Parameters lt ip_addr gt IP address a b c d default Show IP address Default Setting 0 0 0 0 Example Set DNS IP address 313 User s Manual of MGSW 24160F SWITCH gt ip dns 168 95 1 1 IP DNS Proxy Description Set or show the IP DNS Proxy mode Syntax IP DNS_Proxy enable disable Parameters enable Enable DNS Proxy disable Disable DNS Proxy Default Setting disable Example Enable DNS proxy function SWITCH gt ip dns_proxy enable IPv6 AUTOCINFIG Description Set or show the IPv6 AUTOCONFIG mode Syntax IP IPv6 AUTOCONFIG enable disable Parameters enable Enable IPv6 AUTOCONFIG mode disable Disable IPv6 AUTOCONFIG mode Default Setting disable Example 314 User s Manual of MGSW 24160F Enable IPv6 autoconfig function SWITCH gt ip ipv6 autoconfig enable IPv6 Setup Description Set or show the IPv6 setup Syntax IP IPv6 Setup lt ipv6_addr gt lt ipv6_prefix gt lt ipv6_router gt lt vid gt Parameters lt ipv6_addr gt IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous ze
34. VLAN 1 Port 1 Port 2 Port 5 and Port 3 VLAN 2 Port 3 Port 6 The screen in Figure 4 6 16 appears Port Members Figure 4 6 16 Private VLAN Port Setting 136 User s Manual of MGSW 24160F 4 7 Spanning Tree Protocol 4 7 1 Theory The Spanning Tree protocol can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions E STP Spanning Tree Protocol IEEE 802 1D E RSTP Rapid Spanning Tree Protocol IEEE 802 1w a MSTP Multiple Spanning Tree Protocol IEEE 802 1s The IEEE 802 1D Spanning Tree Protocol and IEEE 802 1W Rapid Spanning Tree Protocol allow for the blocking of links between switches that form loops within the network When multiple links between switches are detected a primary link is established Duplicated links are blocked from use and become standby links The protocol allows for the duplicate links to be used in the event of a failure of the primary link Once the Spanning Tree Protocol is configured and enabled primary links are established and duplicated links are blocked automatically The reactivation of the blocked links at the time of a
35. defined by LLDP MED 1 10 LLDPMED Info Description Show up LLDP MED neighbor device information Syntax LLDPMED Info lt port_list gt Parameters lt port_list gt Port list or all default All ports LLDPMED Debuge_med_transmit_var Description Set or show if the current value of the global medTansmitEnable variable Section Section 11 2 1 TIA 1057 Syntax LLDPMED debug_med_transmit_var lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Set medTansmitEnable variable to true disable Disable Set medTansmitEnable variable to false default Show medTansmitEnable variable value 455 6 14 Quality of Service Command QoS Configuration Description Show QoS Configuration Syntax QoS Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show QoS Configuration of port 1 4 SWITCH gt qos configuration 1 4 QoS Configuration Storm Multicast Disabled 1 pps Storm Broadcast Disabled 1 pps Storm Unicast Disabled 1 pps Port Default Tag Priority QCLID Rate Limiter Disabled Disabled Disabled Disabled QoS Classes Description Set or show the number of traffic classes 456 Disabled Disabled Disabled Disabled Strict Strict Strict Strict User s Manual of MGSW 24160F Weight 1 2 4 8 1 2 4 8 1 2 4 8 1 2 4 8 U
36. e Postal community Postal community name Example Leonia name e P O Box Post office box P O BOX Example 12345 e Additional code Additional code Example 1320300003 Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Object Description e Emergency Call Emergency Call Service ELIN identifier data format is defined to carry the ELIN Service identifier as used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Improper network policy configurations are a very significant issue in VoIP environments that frequently result in voice quality degradation or loss of service Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are 1 Layer 2 VLAN ID IEEE 802 1Q 2003 2 Layer 2 priority value IEEE 802 1D 2004 3 Layer 3 Diffserv code point DSCP value IETF RFC 2474 284 User s Manual of MGSW 24160F This network pol
37. e VLAN ID The VLAN ID of the entry e IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 64 VLANs can be selected e IGMP Querier Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from other devices 163 User s Manual of MGSW 24160F Buttons Refresh Refreshes the displayed table starting from the VLAN input fields Lk lt Updates the table starting from the first entry in the VLAN Table e the entry with the lowest VLAN ID a gt gt e Updates the table starting with the entry after the last entry currently displayed Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 5 Port Group Filtering In certain switch applications the administrator may want to control the multicast services that are available to end user For example is about IP TV service based on a specific subscription plan The IGMP filtering feature fulfills this requirement by restricting access to specified multicast services on a switch port and IGMP throttling limits the number of simultaneous multicast groups a port can join IGMP filtering enables you to assign a profile to a switch port that specifies multicast groups that are permitted or denied on the por
38. Basic Settings Object User s Manual of MGSW 24160F Description e Protocol Version The STP protocol version setting Valid values are STP RSTP and MSTP e Forward Delay The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Default 15 Minimum The higher of 4 or Max Message Age 2 1 Maximum 30 e Max Age The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 200 seconds Default 20 Minimum The higher of 6 or 2 x Hello Time 1 Maximum The lower of 40 or 2 x Forward Delay 1 e Maximum Hop Count This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region It defines how many bridges a root bridge can distribute its BPDU information Valid values are in the range 6 to 40 hops e Transmit Hold Count Advanced Settings Object The number of BPDU s a bridge port can send per second When exceeded transmission of the next BPDU will be delayed Valid values are in the range 1 to 10 BPDU s per second Description e Edge Port BPDU Filtering Control whether a port configures explicitly as Edge will transmit and receive BPDUs e Edge Port BPDU Guard Control whether a port configures explicitly as Edge will disable itself u
39. CS5 DSCP 40 CS6 DSCP 48 CS7 DSCP 56 Expedite Forward DSCP 46 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 9 Voice VLAN Configuration The Voice VLAN feature enables the voice traffic forwarding on the Voice VLAN then the switch can classifying and scheduling to network traffic It is recommands there are two VLANSs on a port one for voice one for data Before connect the IP device to the switch The IP phone should configure the voice VLAN ID correctly It should be configure through its own GUI The Voice VLAN Configuration screen in Figure 4 9 14 appears 189 User s Manual of MGSW 24160F Voice VLAN Configuration 2 4 o 8 50 4 12 i i i 17 i i 20 21 2 23 24 Figure 4 9 14 Voice VLAN Configuration Page Screenshot 190 The page includes the following fields Object User s Manual of MGSW 24160F Description e Mode Indicates the Voice VLAN mode operation We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible modes are Enabled Enable Voice VLAN mode operation Disabled Disable Voice VLAN mode operation VLAN ID Indicates the Voice VLAN ID It should be a unique VLAN ID in the system and cannot equal each port PVID It is conflict configuration if the value equal management VID MVR VID PVID etc The allowed
40. City division borough city district ward chou JP Neighborhood block Street leading_street_direction Leading street direction trailing_street_suffix str_suf house_no house_no_ suffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o box additional_code Trailing street suffix Street Suffix House Number House number suffix Landmark or vanity address Additional location information Bame residence and office occupant Postal zip code Building structure Unit apartment suite Floor Room number Placetype Postal community name Post office box P O Box Addtional code default Show Civic Address Location configuration lt civic_value gt lldpmed The value for the Civic Address Location entry LLDPMED ECS Description Set or show LLDP MED Emergency Call Service 451 Syntax LLDPMED ecs lt ecs_value gt Parameters lt ecs_value gt lldpmed The value for the Emergency Call Service LLDPMED Policy Delete Description Delete the selected policy Syntax LLDPMED policy delete lt policy_list gt Parameters lt policy_list gt List of policies to delete Example Delete the policy 1 User s Manual of MGSW 24160F SWITCH gt Ildpmed policy delete 1 LLDPMED Policy Add Description Adds a policy to the list of polices Syntax LLDPMED policy add
41. Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 6 IGMP Snooping Status This page provides IGMP Snooping status The status relate to the currently selected unit as reflected by the page header The IGMP Snooping Status screen in Figure 4 8 9 appears IGMP Snooping Status Auto Refresh O Statistics VLAN ID Querier Status 1 Reports Receive 2 Reports Receive 3 Reports Receive 2 Leave Receive IGMP Groups Port Members VLAN ID Groups 1 2 3 4 5 6 7 e o 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 No IGMP Router Port Figure 4 8 9 IGMP Snooping Status Page Screenshot 165 User s Manual of MGSW 24160F The page includes the following fields Object Description e VLAN ID The VLAN ID of the entry e Groups The present IGMP groups Max are 128 groups for each VLAN e Port Members The ports that are members of the entry e Querier Status Show the Querier status is ACTIVE or IDLE e Querier Transmit The number of Transmitted Querier e Querier Receive The number of Received Querier e V1 Reports Receive The number of Received V1 Reports e V2 Reports Receive The number of Received V2 Reports e V3 Reports Receive The number of Received V3 Reports e V2 Leave Receive The number of Received V2 Leave Buttons Refresh Click to refresh the page immediately c J Clears all Sta
42. PLANET L Networking amp Communication h 16 Port 100 1000Base X SFP pec 8 Port 10 100 1000Base T W L2 L4 Managed Metro Ethernet Switch NA A Aag Ne q S tt w NA NS User s Manual of MGSW 24160F Trademarks Copyright PLANET Technology Corp 2012 Contents subject to which revision without prior notice PLANET is a registered trademark of PLANET Technology Corp All other trademarks belong to their respective owners Disclaimer PLANET Technology does not warrant that the hardware will work properly in all environments and applications and makes no warranty and representation either implied or expressed with respect to the quality performance merchantability or fitness for a particular purpose PLANET has made every effort to ensure that this User s Manual is accurate PLANET disclaims liability for any inaccuracies or omissions that may have occurred Information in this User s Manual is subject to change without notice and does not represent a commitment on the part of PLANET PLANET assumes no responsibility for any inaccuracies that may be contained in this User s Manual PLANET makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find information in this manual that is incorrect misleading or incomplete we would a
43. Possible security models are NoAuth NoPriv None authentication and none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy e Read View Name The name of the MIB is view defining the MIB objects for which this request may request the current values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Write View Name The name of the MIB is view defining the MIB objects for which this request may potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 89 User s Manual of MGSW 24160F Buttons Add new access Click to add a new access entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 90 4 4 Port Management User s Manual of MGSW 24160F Use the Port Menu to display or configure the Managed Switch s ports This section has the following items a Port Configuration a Port Statistics Overview a Port Statistics Detail a SFP Module Information a Port Mirror 4 4 1 Port Configuration Configures port connection settings Lists Ethernet and RMON port statistics Display SFP information Sets the source and target ports for mirroring This page displays current port configurations Ports can also be configured here The port settings relate to the currently
44. Refer to NAS Port State for a description of the individual states e Last Source The source MAC address carried in the most recently received EAPOL frame for EAPOL based authentication and the most recently received frame from a new client for MAC based authentication 224 User s Manual of MGSW 24160F e LastID The user name supplicant identity carried in the most recently received Response Identity EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication e Port VLAN ID The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Buttons Refresh Click to refresh the page immediately Auto refresh i i Check this box to enable an automatic refresh of the page at regular intervals 4 11 5 Network Access Statistics This page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed The Network
45. SWITCH gt security network limit configuration Port Security Limit Control Configuration Disabled Disabled Action Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled a BP Bp BP A BP PB O BP BP BP A 377 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 4 4 4 4 4 4 4 4 4 4 4 4 Security Network Limit Mode Description Set or show global enabledness Syntax Security Network Limit Mode enable disable Parameters enable Globally enable port security disable Globally disable port security default Show current global enabledness of port security limit control Default Setting disable Example Enable the limit mode User s Manual of MGSW 24160F SWITCH gt security network limit mode enable Security Network Limit Aging Description Set or show aging enabledness 378 User s Manual of MGSW 24160F Syntax Security Network Limit Aging enable disable Parameters enable Enable aging disable Disable aging default Show current enabledness of aging Default Setting disable Example Enable limit aging SWITCH gt security network limit aging enable Security Network Limit Agetime Description Time in second between check for activity on learned MAC addresses Syntax Security Network Limit Agetime
46. Show ports which are down default Show all ports Port VeriPHY Description Run cable diagnostics Syntax Port VeriPHY lt port_list gt Parameters lt port_list gt Port list or all default All ports 325 User s Manual of MGSW 24160F 6 4 MAC Address Table Command Description Show MAC address table configuration Syntax MAC Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show Mac address state User s Manual of MGSW 24160F 326 User s Manual of MGSW 24160F MAC Add Description Add MAC address table entry Syntax MAC Add lt mac_addr gt lt port_list gt lt vid gt Parameters lt mac_addr gt MAC address xx xx Xx XX XX XX lt port_list gt Port list or all or none lt vid gt VLAN ID 1 4095 default 1 Example Add Mac address 00 30 4F 01 01 02 in port1 and vid1 SWITCH gt mac add 00 30 4f 01 01 02 1 1 MAC Delete Description Delete MAC address entry Syntax MAC Delete lt mac_addr gt lt vid gt Parameters lt mac_addr gt MAC address xx xx xXx XX XX XX lt vid gt VLAN ID 1 4095 default 1 327 User s Manual of MGSW 24160F Example Delete Mac address 00 30 4F 01 01 02 in vid1 SWITCH gt mac delete 00 30 4f 01 01 02 1 MAC Look up Description Look up MAC address entry Syntax MAC Look up lt mac_addr gt lt vid
47. The screen in Figure 4 2 2 appears IP Configuration DHCP Client O IP Address 192 168 0 100 192 168 0 100 IP Mask 255 255 255 0 255 255 255 0 IP Router 192 168 0 1 192 168 0 1 VLANID E 0 0 0 0 0 0 0 0 IP DNS Proxy Configuration Figure 4 2 2 IP Configuration Page Screenshot The Current column is used to show the active IP configuration Object Description e DHCP Client Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname to provide DNS lookup e IP Address Provide the IP address of this switch in dotted decimal notation e IP Mask Provide the IP mask of this switch dotted decimal notation 51 User s Manual of MGSW 24160F e IP Router Provide the IP address of the router in dotted decimal notation e VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 e DNS Server Provide the IP address of the DNS Server in dotted decimal notation e DNS Proxy When DNS proxy is enabled DUT will relay DNS requests to the current configured DNS server on DUT and reply as a DNS resolver to the client device on the network Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to
48. Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact Default Setting empty 306 User s Manual of MGSW 24160F Example To set device location Switch gt System location 9F LAB System Timezone Description Set or show the system timezone offset Syntax System Timezone lt offset gt Parameters lt offset gt Time zone offset in minutes 720 to 720 relative to UTC Default Setting 0 Example To set timezone Switch gt system timezone 0 System Prompt Description Set the CLI prompt string Syntax System Prompt lt prompt gt Parameters lt prompt gt CLI prompt string Default Setting SWITCH Example 307 User s Manual of MGSW 24160F To change CLI title Switch gt system prompt MGSW 24160F MGSW 24160F gt System Reboot Description Reboot the system Syntax System Reboot Example To reboot device without changing any of the settings Switch gt system reboot System Restore Default Description Restore factory default configuration Syntax System Restore Default keep_ip Parameters keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address Switch gt system restore default keep_ip System Load Description Show current CPU load 100ms 1s and 10s running average in percent zero
49. User s Manual of MGSW 24160F 4 7 8 Port Status This page displays the STP CIST port status for port physical ports in the currently selected switch The STP Port Status screen in Figure 4 7 11 appears STP Port Status Por cist Rore cist state uptime DesignatedPort Forwarding Od 01 56 44 Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding DesignatedPort Forwarding Od 00 32 05 Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Auto Refresh O Figure 4 7 11 STP Port Status Page Screenshot 1 1 1 1 1 1 1 1 1 1 2 a 4 5 6 Z B 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1 1 11 1 ik 1 ile 1 ile 1 ile 1 i 1 le The page includes the following fields Object Description e Port The switch port number of the logical STP port e CIST Role The current STP port role of the ICST port The port role can be one of the following values AlternatePort BackupPort RootPort DesignatedPort e State The current STP port state of the CIST port The port state can be one of the following values 154 User
50. Valid values are in the range 1 to 200000000 Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Default 128 Range 0 240 in steps of 16 operEdge state flag Operational flag describing whether the port is connecting directly to edge devices No Bridges attached Transitioning to the forwarding state is faster for edge ports having operEdge true than for other ports e AdminEdge Controls whether the operEdge flag should start as beeing set or cleared The initial operEdge state when a port is initialized e AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port This allows operEdge to be derived from whether BPDU s are received on the port or not Restricted Role If enabled causes the port not to be selected as Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector Such a port will be selected as an Alternate Port after the Root Port has been selected If set it can cause lack of spanning tree connectivity It can be set by a network administrator to prevent bridges external to a core region of the network influencing the spanning tree active topology possibly because those bridges are not under the full control of the administrator This feature is also known as Root Guard e Restricted TCN If enabled causes the port not to propagate received t
51. and configures the path cost according to the values shown below Path cost 0 is used to indicate auto configuration mode When the short path cost method is selected and the default path cost recommended by the IEEE 8021w standard exceeds 65 535 the default is set to Port Type IEEE 802 1D 1998 IEEE 802 1w 2001 50 600 200 000 20 000 000 65 535 10 60 20 000 2 000 000 Table 4 7 1 Recommended STP Path Cost Range Port Type Link Type IEEE 802 1D 1998 IEEE 802 1w 2001 Half Duplex Full Duplex Trunk Half Duplex Full Duplex Trunk Full Duplex Trunk 2 000 000 1 999 999 1 000 000 200 000 100 000 50 000 Table 4 7 2 Recommended STP Path Costs Port Type Link Type IEEE 802 1w 2001 Half Duplex 2 000 000 Full Duplex 1 000 000 Trunk 500 000 148 4 7 5 MSTI Priorities User s Manual of MGSW 24160F Half Duplex 200 000 Full Duplex 100 000 Trunk 50 000 Full Duplex Trunk Table 4 7 3 Default STP Path Costs This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Priority screen in Figure 4 7 7 appears The page includes the following fields MSTI Configuration MSTI Priority Configuration CIST 32768 v MSTI1 32768 v MSTI2 32768 v MSTIS 32768 v MSTI4 32768 vw MSTI5 32768 v MSTIB 32768 v MSTI 32768 v Figure 4 7 7 MSTI Priority Page Screenshot Object Descripti
52. and the Trunking port must be a Tagged port while egress The Port 8 configuration as the following screen in Figure 4 6 13 o A O ma mea ha J mT Figure 4 6 13 The Configuration of VLAN Trunk port That is although the VLAN 2 members Port 1 to Port 3 and VLAN 3 members Port 4 to Port 6 also belongs to VLAN 1 But with different PVID settings packets form VLAN 2 or VLAN 3 is not able to access to the other VLAN 6 Repeats Step 1 to 5 setup the VLAN Trunk port at the partner switch and add more VLANs to join the VLAN trunk repeats Step 1 to 3 to assign the Trunk port to the VLANs 4 6 10 3 Port Isolate The diagram shows how the Managed Switch handles isolate and promiscuous ports and the each PCs are not able to access 134 User s Manual of MGSW 24160F each other PCs of each isolate port But they all need to access with the same server AP Printer The screen in Figure 4 6 14 appears This section will show you how to configure the port for the server that could be accessed by each isolate port Promiscuous Public Server MG SW 24160F Promiscuous VLAN 1 Private VLAN VLAN 2 Private VLAN Setup steps 1 Assign Port Mode Set Port 1 Port 4 in Isolate port Set Port5 and Port 6 are to Promiscuous port The screen in Figure 4 6 15 appears 135 User s Manual of MGSW 24160F Figure 4 6 15 The Configuration of Isolate and Promiscuous Port 2 Assign VLAN Member
53. cea ihe Ra with cay SNMP application IP Address 192 168 0 100 C IP Address 192 168 0 x Figure 3 5 SNMP Management Diagram 43 User s Manual of MGSW 24160F 4 WEB CONFIGURATION This section introduces the configuration and functions of the Web Based management About Web based Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer The Web Based Management supports Internet Explorer 7 0 It is based on Java Applets with an aim to reduce network bandwidth consumption enhance access speed and present an easy viewing screen By default IE7 0 or later version does not allow Java Applets to open sockets The user has to explicitly modify the browser setting to enable Java Applets to use network ports The Managed Switch can be configured through an Ethernet connection make sure the manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the Managed Switch is 192 168 0 100 then the manager PC should be set at 192 168 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 If you have changed the default IP address of the Managed Switch to 192 168 1 1 with subnet mask 255 255 255 0 via console then the manager PC should be set at 192 168 1 x
54. e Policer Enabled Enable or disable the port policer The default value is Disabled e Policer Rate Configure the rate for the port policer The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps e Policer Unit Configure the unit of measure for the port policer rate as kbps or Mbps The 184 User s Manual of MGSW 24160F default value is kbps e Shaper Enabled Enable or disable the port shaper The default value is Disabled e Shaper Rate Configure the rate for the port shaper The default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps e Shaper Unit Configure the unit of measure for the port shaper rate as kbps or Mbps The default value is kbps 4 9 6 Storm Control Configuration Storm control for the switch is configured on this page There three types of storm rate control E Unicast storm rate control E Multicast storm rate control E Broadcast storm rate control The rate is 2 n where n is equal to or less than 15 or No Limit The unit of the rate can be either pps packets per second or kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch The Storm Control Configuration screen i
55. e Type Specify the MVR port type on the port e Immediate Leave Enable the fast leave on the port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 8 MVR Status This page provides MVR status The MVR Status screen in Figure 4 8 11 appears MYR Status Auto Refresh O Statistics VLAN 1 Reports 2 Reports 3 Reports 2 Leave ID Receive Receive Receive Receive Multicast Groups co ro ssa aa s4 x5 s6 17 a0 xo o0 2a 2 2a a 2s 20 No muticast groups Figure 4 8 11 MVR Status Page Screenshot The page includes the following fields Object Description e Group The present multicast groups Maximum are 128 groups in the multicast VLAN e Port Members The ports that are members of the entry e V1 Reports Receive The number of Received V1 Reports e V2 Reports Receive The number of Received V2 Reports e V3 Reports Receive The number of Received V3 Reports e V2 Leave Receive The number of Received V2 Leave 168 User s Manual of MGSW 24160F Buttons Save Click to refresh the page immediately Reset Clears all Statistics counters Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 169 User s Manual of MGSW 24160F 4 9 Quality of Service 4 9 1 Understand QOS Quality of Service QoS is an advanced traffic prioritization feature th
56. gt vlan pvid 20 2 VLAN Frame Type Description Set or show the port VLAN frame type Syntax VLAN FrameType lt port_list gt all tagged Parameters lt port_list gt Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show accepted frame types Default Setting All Example Set port20 to allow tagged frames only SWITCH gt vlan frametype 20 tagged VLAN Ingress Filter Description Set or show the port VLAN ingress filter 333 Syntax VLAN IngressFilter lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable VLAN ingress filtering disable Disable VLAN ingress filtering default Show VLAN ingress filtering Default Setting Disable Example Enable VLAN ingress filtering for port20 User s Manual of MGSW 24160F SWITCH gt vlan ingressfilter 20 enable VLAN Mode Description Set or show the VLAN Mode Syntax VLAN Mode portbased dot1q Parameters portbased Port Based VLAN Mode dot1q 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base SWITCH gt vlan mode portbased 334 User s Manual of MGSW 24160F VLAN Link Type Description Set or show the port VLAN link type Syntax VLAN LinkType lt port_list gt untagged tagged Parameters lt port_list gt
57. s Manual of MGSW 24160F Disabled Blocking Learning Forwarding Non STP e Uptime The time since the bridge port was last initialized Buttons Refresh Click to refresh the page immediately Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals 4 7 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the currently selected switch The STP Port Statistics screen in Figure 4 7 12 appears STP Statistics e i TCN MSTP RSTP STP TCN Unknown Tllegal 1 0 0 o 0 0 0 0 21 3571 D 0 1 16 1032 D 0 0 0 0 D 0 0 0 Auto Refresh L Figure 4 7 12 STP Statistics Page Screenshot The page includes the following fields Object Description e Port The switch port number of the logical RSTP port e RSTP The number of RSTP Configuration BPDU s received transmitted on the port e STP The number of legacy STP Configuration BPDU s received transmitted on the port e TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port e Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port e Discarded Illegal The number of illegal Spanning Tree BPDU s received and discarded on the 155 User s Manual of MGSW 24160F port Buttons Refresh Click to refresh the page immediately Auto refresh Check this box to enable an automatic ref
58. selected unit as reflected by the page header The table has one row for each port on the selected switch in the and a number of columns which are The Port Configuration screen in Figure 4 4 1 appears ial 00 0042 UNa Speed Port Configuration Flow Control Configured Current Rx Current Tx Configured Maximum Frame Excessive Collision Mode Power Control Auto Anto Auto Auto Discard v Discard v Discard v Discard v Auto Auto Anto Discard v Discard v Discard v Auto S SIS SISSIES Discard v Auto Auto Auto Anto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto KKKKK KKK KK KKK KKK KKK KKKK XK KKK KKK KKK KKK KK KKK KK KKK KK E o a o N e a e a a a e a S a R a N N MEIE IE IEI EIEI EIE IEI EIEI EIEI EIE IEI EI EIEI EIEI EIE Reich Figure 4 4 1 Port Configuration Page Screenshot 91 The page includes the following fields User s Manual of MGSW 24160F Object Description e Port This is the logical port number for this row e Description Indicates the per port description e Link The current link state is displayed graphically Green indicates the link is up and red that it is down Current Link Speed Provides the current link speed of the port Configured Link Speed Select any available link speed for th
59. 00 02 44 Software Version 1 0b120321 Software Date 2012 03 21 00 00 03 0800 Auto Refresh O Figure 4 2 1 System Information Page Screenshot The page includes the following fields Object Description e Contact The system contact configured in Configuration System Information System Contact e Name The system name configured in Configuration System Information System Name e Location The system location configured in Configuration System Information System Location e MAC Address The MAC Address of this switch e Power Status Indicate AC DC power supply input of this switch e Temperature Indicate main chipset temperature e System Date The current GMT system time and date The system time is obtained through the configured SNTP Server if any e System Uptime The period of time the device has been operational e Software Version The software version of the switch 50 User s Manual of MGSW 24160F e Software Date The software version date of the switch Buttons Auto refresh mi Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone 4 2 2 IP Configuration The IP Configuration includes the IP Address Subnet Mask and Gateway The Configured column is used to view or change the IP configuration Fill up the IP Address Subnet Mask and Gateway for the device
60. 1 4 auto Voice VLAN Security Description Set or show the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Syntax Voice VLAN Security lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Voice VLAN security mode disable Disable Voice VLAN security mode default Show flow Voice VLAN security mode Default Setting disable Example Enable the Voice VLAN port security mode for port 1 4 SWITCH gt voice vian security 1 4 enable 483 6 21 SMTP Command SMTP Configuration Description Shows SMTP configure Syntax SMTP Configuration Default Setting disable SMTP Mode Description Enable or disable SMTP configure Syntax SMTP Mode enable disable Parameters enable Enable SMTP mode disable Disable SMTP mode default Show SMTP mode Default Setting disable SMTP Server Description Set or show SMTP server configure Syntax SMTP Server lt server gt lt port gt Parameters 484 User s Manual of MGSW 24160F lt server gt SMTP server address lt port gt SMTP server port Default Setting disable SMTP Auth Description Enable or disable SMTP authentication configure Syntax SMTP Auth enable disable Parameters enable Enable SMTP Authentication disable Disable SMTP Authent
61. 22 55 00 30 4f 24 04 d1 33 33 ff 24 04 d1 33 33 ff a8 00 64 40 61 86 04 18 69 ff ff ff ff ff ff MAC Statistics Description Show MAC address table statistics Syntax MAC Statistics lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Set all of MAC statistics SWITCH gt mac statistics Port Dynamic Addresses 0 0 0 0 0 0 0 0 0 1 None CPU None CPU None CPU 10 1 24 CPU 330 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Description Flush all learned entries Syntax MAC Flush 331 6 5 VLAN Configuration Command VLAN Configuration Description Show VLAN configuration Syntax VLAN Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show VLAN status of port1 SWITCH gt vlan configuration 1 VLAN Configuration Mode IEEE 802 1Q Port PVID IngrFilter FrameType LinkType Q in Q Mode Eth type Disable N A VLAV PVID Description Set or show the port VLAN ID Syntax VLAN PVID lt port_list gt lt vid gt none 332 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports lt vid gt none Port VLAN ID 1 4095 or none default Show port VLAN ID Default Setting 1 Example Set PVID2 for port20 SWITCH
62. 25 Windows File Selection Menu Popup Upload 2 Select on the configuration file then click Unoa the bottom of the browser shows the upload status 3 After down the main screen appears Transfer Completed 73 User s Manual of MGSW 24160F 4 2 19 Digital input output Digital Input allows user can log external device such as industrial cooler dead or alive or something else system will logs a user cistomize message into system log syslog issue SNMP trap or issue an alarm E mail Digital Output allows user to monitor the switc port and power and let system issues a high or low signal to an external device such as alarm when the monitor port or power has been failed The Configuration screen in Figure 4 2 26 appears Digital Input Output Control Configuration Digital Ing CJ Enable C Enable System Log Syslog System Log Syslog SNMP Trap SMTP SNMP Trap SMTP Ol Enable Dl Enable Power Fail Port Fail DI Power Fail Port Fail DI DI2 High to Low DC1 DC2 AC Power DC1 DC2 AC Power 00 1629 5 E ES OS E S E 629 5 643 Ed KO EE ES 9 10 T T2 Ea H 15 GS 91 20 LA T2 eS A S 6 Port Fail Alarm Port Fail Alarm 17 18 19 20 21 22 23 24 17 18 19 20 21 22 23 24 Figure 4 2 26 Windows File Selection Menu Popup The page includes the following fields Object Description e Enable Checks the Enable checkbox will enable Digital Input output function Unchecks the Enable c
63. 8 wires on a standard UTP STP cable and each wire is color coded The following shows the pin allocation and color of straight cable and crossover cable connection Straight Cable SIDE 1 SIDE2 1 2 3 4 5 67 8 SIDE 1 1 White Orange 1 White Orange 2 Orange 2 Orange 3 White Green 3 White Green 4 Blue 4 Blue 5 White Blue 5 White Blue 6 Green 6 Green Di ae pe DE E ER 7 White Brown 7 White Brown SIDE 2 8 Brown 8 Brown Crossover Cable SIDE 1 SIDE2 1 2 3 4 5 6 7 8 SIDE 1 1 White Orange 1 White Green 2 Orange 2 Green 3 White Green 3 White Orange 4 Blue 4 Blue 5 White Blue 5 White Blue 6 Green 6 Orange E Nie Se E 7 White Brown 7 White Brown SIDE 2 8 Brown 8 Brown Figure A 1 Straight Through and Crossover Cable Please make sure your connected cables are with same pin assignment and color as above picture before deploying the cables into your network 504 ACE ACL User s Manual of MGSW 24160F APPENDEX B GLOSSARY ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application ACL is an acronym for Access Control List It is the list table of ACEs containing ac
64. 80 00 00 30 4F 24 04 D1 20 Steady Pri PathCost Edge P2P Uptime DesignatedPort Forwarding 128 20000 Yes Yes 0d 00 10 32 420 User s Manual of MGSW 24160F STP MSTI Priority Description Set or show the CIST MSTI bridge priority Syntax STP Msti Priority lt msti gt lt priority gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt priority gt STP bridge priority 0 16 32 48 224 240 Default MSTI CIST MST1 MST2 MST3 MST4 MST5 MST6 MST7 Example Bridge Priority 128 128 128 128 128 128 128 128 Set MST1 priority value in 48 SWITCH gt stp msti priority 1 48 STP MSTI Map Description Show up or clear MSTP MSTI VLAN mapping configuration Syntax STP Msti Map lt msti gt clear Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 Clear Clear VID to MSTI mapping 421 User s Manual of MGSW 24160F Example Add MST1 priority value in 48 SWITCH gt stp msti priority 1 48 STP MSTI Add Description Add a VLAN to a MSTI Syntax STP Msti Add lt msti gt lt vid gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt vid gt VLAN ID 1 4095 Example Add MST1 in vlan1 SWITCH gt stp msti add 1 1 STP Port Configuration Description Show up STP Port configuration Syntax STP Port Configuration lt port_list gt Par
65. Adding an IEEE802 1Q Tag Dest Addr Src Addr Length E type Data Old CRC Original Ethernet Dest Addr Src Addr E type Tag Length E type Data New CRC New Tagged Packet Priority CFI VLAN ID M Port VLAN ID Packets that are tagged are carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to another with the VLAN information intact This allows 802 1Q VLAN to span network devices and indeed the entire network if all network devices are 802 1Q compliant Every physical port on a switch has a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLAN are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Untagged packets are assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLAN are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets are also assigned a PVID but the 114 User s Manual of MGSW 24160F PVID is not used to make packet forwarding decisions the VID is Tag aware switches must keep a table to relate PVID within the switch to VID on the network The switch will compare the VID of a packet to be transmitted to the VID of the port that is to transmit the packet If the two VID are different the switch will drop the packet Be
66. Click to cancel the wizard Back Click to go back to the previous wizard step The QCL configuration wizard is finished and the new configuration is ready for use 176 User s Manual of MGSW 24160F QoS Control List Configuration ly QCE Type Type Value Traffic Class O 4 9 2 4 Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the User Priority value 3 bits when receiving VLAN tagged packets The Set up VLAN Tag Priority Mapping screen in Figure 4 9 6 appears Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the user priority value 3 bits when receiving VLAN tagged packets Tag Priority0 Class Tag Priority1 Class Tag Priority2 Class Tag Priority3 Class Tag Priority4 Class Tag Priority5 Class Tag Priority6 Class Tag Priority Class nce Wi Figure 4 9 6 Set up VLAN Tag Priority Mapping Page Screenshot The page includes the following fields Object Description e QCLID Select the QCL ID to which this QCE applies e VLAN Priority Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step 177 User s Manual of MGSW 24160F Next Click to continue the wizard The QCL configuration wizard is finished and the new configuration is ready for use QoS Control List Configuration QCE Type T
67. Client Disabled IP Address 192 168 0 100 IP Mask 259 259 259 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN w 1 DNS Pro Disabled IPv6 AUT CONFIG meda Disabled IPv6 Link Local Address fe80 230 4fff fe88 645e IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IPv6 VLAN ID SWITCH gt The screen displays the current IP address Subnet Mask and Gateway As show in Figure 5 2 Dor Connected 00 13 46 ANSIW 115200 8 N 1 Figure 5 2 Show IP Information Screen Configure IP address Switch gt ip setup 192 168 1 100 255 255 255 0 192 168 1 1 1 The previous command would apply the follow settings for the Switch 301 On Switch gt prompt enter the following command and press lt Enter gt As show in Figure 5 3 User s Manual of MGSW 24160F IP 192 168 1 100 Subnet Mask 255 255 255 0 Gateway 192 168 1 1 VLAN ID 1 COM1_ HyperTerminal File Edit Yiew Call Transfer Help DOS 253 28 Username admin Password Login in progress SWITCH gt show ip IP Configuration Disabled 192 168 080 100 259 255 259 0 192 168 0 1 cen sabled Disabled IPv6 Link Local Address fe80 230 4fff fe88 645e IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IPv6 VLAN ID i SWITCH gt ip setup 192 168 1 100 255 255 255 0 192 168 1 1 SWITCH gt _ Connected 00 13 46 ANSIW 115200 8 N 1 Figure 5 3 Set IP Address Screen 4 Repeat Step 1 to
68. Default Setting Disable Example Disable DHCP sever SWITCH gt ip dhep disable IP Setup Description Set or show the IP setup Syntax IP Setup lt ip_addr gt lt ip_mask gt lt ip_router gt lt vid gt Parameters lt ip_addr gt IP address a b c d default Show IP address lt ip_mask gt IP subnet mask a b c d default Show IP mask lt ip_router gt IP router a b c d default Show IP router lt vid gt VLAN ID 1 4095 default Show VLAN ID Default Setting IP Address 192 168 0 100 IP Mask 255 255 255 0 IP Router 192 168 0 1 DNS Server 0 0 0 0 VLAN ID 21 Example Set IP address SWITCH gt ip setup 192 168 0 100 255 255 255 0 312 User s Manual of MGSW 24160F IP Ping Description Ping IP address ICMP echo Syntax IP Ping lt ip_addr_string gt lt ping_length gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string lt ping_length gt Ping data length 8 1400 excluding MAC IP and ICMP headers Example SWITCH gt ip ping 192 168 0 21 PING server 192 168 0 21 60 bytes from 192 168 0 21 icmp_seq 0 time 0ms 60 bytes from 192 168 0 21 icmp_seq 1 time 0ms 60 bytes from 192 168 0 21 icmp_seq 2 time 0ms 60 bytes from 192 168 0 21 icmp_seq 3 time 10ms 60 bytes from 192 168 0 21 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP DNS Description Set or show the DNS server address
69. Example Enable LACP for port1 4 SWITCH gt lacp mode 1 4 enable LACP Key Description Set or show the LACP key Syntax LACP Key lt port_list gt lt key gt Parameters lt port_list gt Port list or all default All ports lt key gt LACP key 1 65535 or auto 441 User s Manual of MGSW 24160F Default Setting auto Example Set key1 for port1 4 SWITCH gt lacp key 1 4 1 LACP Role Description Set or show the LACP role Syntax LACP Role lt port_list gt active passive Parameters lt port_list gt Port list or all default All ports active Initiate LACP negotiation passive Listen for LACP packets default Show LACP role Default Setting active Example Set passive for port1 4 SWITCH gt lacp role 1 4 passive LACP Status Description Show LACP Status Syntax LACP Status lt port_list gt Parameters 442 lt port_list gt Port list or all default All ports Example Show LACP status of port1 4 SWITCH gt lacp status 1 4 Port Mode Key Partner System ID Partner Port Disabled Disabled Disabled Disabled LACP Statistics Description Show LACP Statistics Syntax LACP Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 SWITCH gt lacp statistics 1 4 Port Rx Frame
70. Inform Mode enable disab Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting enable Example Disable SNMP trap inform mode le SWITCH gt security switch snmp trap inform mode disable 363 Security Switch SNMP Trap Inform Timeout Description Set or shows the SNMP trap inform timeout usecs Syntax Security Switch SNMP Trap Inform Timeout lt timeout gt Parameters lt timeout gt SNMP trap inform timeout 0 2147 seconds default Show SNMP trap inform timeout Default Setting 1 Example Set SNMP trap inform timeout in 20sec User s Manual of MGSW 24160F SWITCH gt security switch snmp trap inform timeout 20 Security Switch SNMP Trap Inform Retry Times Description Set to or show up the SNMP trap information retry times Syntax Security Switch SNMP Trap Inform Retry Times lt retries gt Parameters lt retries gt SNMP trap inform retransmited times 0 255 default Show SNMP trap inform retry times Default Setting 5 Example Set SNMP trap inform retry times in 10 SWITCH gt security switch snmp trap inform retry times 10 364 User s Manual of MGSW 24160F Security Switch SNMP Trap Probe Security Engine ID Description Show SNMP trap security engine ID probe mode Syntax Security Switch SNMP Trap Probe Security Engine ID enable disable Parameters enable E
71. Managed Switches Y o ost Sea o A ME 1 e TO DA Ma l 1 y i i i i l i l i i I i l l D y l i i l I l l I l l l i i l i i i y 1 l i i i gt l I i I l I PC 1 PC 2 PC 3 i PC 4 PC 5 PC 6 1 Untagged Untagged Tagged i Untagged Untagged Tagged l I I i VLAN 2 1 VLAN 3 i s af 4 P n Figure 4 6 8 two separate VLAN Diagram 129 User s Manual of MGSW 24160F VLAN Group VID Untagged Members Tagged Members VLAN Group 1 1 Port 7 Port 24 N A VLAN Group 2 2 Port 1 Port 2 Port 3 VLAN Group 3 3 Port 4 Port 5 Port 6 The scenario described as follow Table 4 6 2 VLAN and Port Configuration E Untagged packet entering VLAN 2 1 While PC 1 transmit an untagged packet enters Port 1 the Managed Switch will tag it with a VLAN Tag 2 PC 2 and PC 3 will be received the packet through Port 2 and Port 3 2 PC 4 PC 5 and PC 6 received no packet 3 While the packet leaves Port 2 it will be stripped away it tag becoming an untagged packet 4 While the packet leaves Port 3 it will keep as a tagged packet with VLAN Tag 2 a Tagged packet entering VLAN 2 5 While PC 3 transmit a tagged packet with VLAN Tag 2 enters Port 3 PC 1 and PC 2 will received the packet through Port 1 and Port 2 6 While the packet leaves Port 1 and Port 2 it will be stripped away it tag becoming an untagged packet a Untagged packet enter
72. Pv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care e IP Fragment Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes Pv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any Any value is allowed don t care e IP Option Specify the options flag setting for this ACE No IPv4 frames where the options flag is set must not be able to match this entry Yes Pv4 frames where the options flag is set must be able to match this entry Any Any value is allowed don t care e SIP Filter Specify the source IP filter for this ACE Any No source IP filter is specified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear e SIP Address When Host or Network is selected for the source IP filter you can enter a specific SIP address in dotted decimal notation e SIP Mask When Net
73. SNMP function This section has the following items a System Configuration Configure SNMP on this page a System Information The system information is provides here a Trap Configuration Configure SNMP trap on this page 79 a SNMPv3 Communities SNMPv3 Users E SNMPv3 Groups E SNMPv3 Views E SNMPv3 Accesses User s Manual of MGSW 24160F Configure SNMPv3 communities table on this page Configure SNMPv3 users table on this page Configure SNMPv3 groups table on this page Configure SNMPv3 views table on this page Configure SNMPv3 accesses table on this page 4 3 2 SNMP System Configuration Configure SNMP on this page The SNMP System Configuration screen in Figure 4 3 1 appears Read Community Write Community SNMP System Configuration Figure 4 3 1 SNMP System Configuration Page Screenshot The page includes the following fields Object Description e Mode Indicates the SNMP mode operation Possible modes are Enabled Enable SNMP mode operation Disabled Disable SNMP mode operation e Version Indicates the SNMP supported version Possible versions are SNMP v1 Set SNMP supported version 1 SNMP v2c Set SNMP supported version 2c SNMP v3 Set SNMP supported version 3 e Read Community Indicates the community read access string to permit access to SNMP agent The allowed string length is O to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMP
74. Security Switch HTTPs Configuration oooocccnnonccnnococonononnncnonancnnnnrn cn nono n nn nnnnn cnn ran n rra rre 350 Security Switch HTTPS Mode cui A ibas 350 Security Switch HI TPs Redirect ooo e dci da ode 351 Security Switch Access Configuration ooooocccnonicononcccnononcnononannnn nono tnnt no nn rr nana 351 User s Manual of MGSW 24160F Security Switch Access MOE ccoo AE 352 security Switch Access Add incio a ici 352 Security Switch Access IPVG AdG cecicccesstecedictaeias dete a a e uote De bed ha a aia eais 353 Security Switch Access Delete is is aeeie isie e reta 354 Security Switch Access LOOK UD civic betis 354 Security Switch Access Clear ivi A a ia 354 Security Switch Access Statistics miro dioses 355 Security Switch SNMP Configuration 00 0 0 eeeccceecceeeeeneeeceenaeeeceeeeeeeseaeeeeeeaaeeeseeeaeeeseaeeeeseaeeeseeeaeesieeeesenaeeeeeenaeees 355 Security Switch SNMP Mode 0 cc0 ce sceseceeseecgees atic iite eiee adadda acess tbeeeensaneeese 357 Security Switch SNMP Version sissien A 358 Security Switch SNMP Read Community c cccooocccccoccccconaonnncnono nano nononnnnnonn nn nano cnn non n nn rana rre 358 Security Switch SNMP Write Community oocooocccnnnccccnonoccnononancno nono ncnnno nn nn nnnn cnn ran nn rra rr rre 359 Security Switch SNMP Trap Mode bicis 359 Security Switch SNMP Trap VersiON vicio A dei aaa 360 Security Switch SNMP Trap Community ccccoooccnnnoccccnononcncnnnnoncnn non nn nono nn nn non cn
75. Server TCP port Use 0 to use the default TACACS port 49 Example Set TACACS authentication server configuration SWITCH gt security aaa tacacs 1 enable 192 168 0 20 12345678 49 Security AAA Statistics Description Show RADIUS statistics Syntax Security AAA Statistics lt server_index gt Parameters The server index 1 5 default Show statistics for all servers 413 User s Manual of MGSW 24160F Example Show RADIUS statistics SWITCH gt security aaa statistics 414 6 8 Spanning Tree Protocol Command STP Configuration Description Show STP configuration Syntax STP Configuration Example Show STP configuration SWITCH gt stp cofiguration STP Configuration Tx Hold Count 6 Max Hop Count 20 STP Version Description Set or show the STP Bridge protocol version Syntax STP Version lt stp_version gt Parameters lt stp_version gt mstp rstp stp Default Setting MSTP 415 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Example Set the STP Bridge protocol version SWITCH gt stp version rstp STP Tx Hold Description Set or show the STP Bridge Transmit Hold Count parameter Syntax STP Txhold lt holdcount gt Parameters lt holdcount gt STP Transmit Hold Count 1 10 Default Setting 6 Example Set STP Tx hold in 10 SWITCH gt stp txhold 10 STP MaxHops Description Set or sh
76. Switch s power supply automatically adjusts to line power in the range 100 240VAC and 50 60 Hz Plug the female end of the power cord firmly into the receptalbe on the rear panel of the Managed Switch Plug the other end of the power cord into an electric service outlet then the power will be ready 29 User s Manual of MGSW 24160F There is a power switch that is for AC power input using only As DC power input has no power switch The device is a power required device it means it will not work till it is powered If your networks should active all the time please consider using UPS Uninterrupted Power Supply for your device It will prevent you from network data loss or network downtime In some area installing a surge suppression device may also help to protect your Managed Switch from being damaged by unregulated surge or current to the Switch or the power adapter 2 2 Install the Switch This section describes how to install your Managed Switch and make connections to the Managed Switch Please read the following topics and perform the procedures in the order being presented To install your Managed Switch on a desktop or shelf simply complete the following steps 2 2 1 Desktop Installation To install the Managed Switch on desktop or shelf please follows these steps As desktop and rackmount installation demonstration as following is an example for SGSW 24040 however the installation procedure of
77. TACACS Authentication Server Configuration The table has one row for each TACACS Authentication Server and a number of columns which are Object Description o The TACACS Authentication Server number for which the configuration below applies e Enabled Enable the TACACS Authentication Server by checking this box e P Address Hostname The IP address or hostname of the TACACS Authentication Server IP address is expressed in dotted decimal notation e Port The TCP port to use on the TACACS Authentication Server If the port is set to 0 zero the default port 49 is used on the TACACS Authentication Server e Secret The secret up to 29 characters long shared between the TACACS Authentication Server and the switch Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 234 User s Manual of MGSW 24160F 4 11 7 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration page The RADIUS Authentication Accounting Server Overview screen in Figure 4 11 8 appears RADIUS Authentication Server Status Overview Te adres 0 0 0 0 1612 Disable 0 0 0 0 1612 Disable 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable 0 0 0 0 1812 Disable RADIUS Accounting Server Status Overview ie adres 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable
78. Transceivers PLANET Managed Switch supports both Single mode and Multi mode SFP transceiver The following list of approved PLANET SFP transceivers is correct at the time of publication 1000Base X SFP modules Ml MGB SX SFP 1000BASE SX SFP transceiver Multi mode 850nm 220m 550m Hi MGB LX SFP 1000BASE LX SFP transceiver Single mode 1310nm 10km Ml MGB L30 SFP 1000BASE LX SFP transceiver Single mode 1310nm 30km E MGB L50 SFP 1000BASE LX SFP transceiver Single mode 1310nm 50km Ml MGB LA10 SFP 1000BASE LX SFP transceiver WDM Single mode TX 1310nm RX 1550nm 10km Hi MGB LB10 SFP 1000BASE LX SFP transceiver WDM Single mode TX 1550nm RX 1310nm 10km Ml MGB TSX SFP 1000BASE SX SFP transceiver Multi mode 850nm 220m 550m 40 75 C Ml MGB TLX SFP 1000BASE SX SFP transceiver Signle mode 1310nm 10km 40 75 C Ml MGB TL30 SFP 1000BASE SX SFP transceiver Signle mode 1310nm 30km 40 75 C Hi MGB TL70 SFP 1000BASE SX SFP transceiver Signle mode 1310nm 70km 40 75 C 100Base FX SFP modules E MFB FX SFP 100BASE FX SFP transceiver Multi mode 1310nm 2km Mi MFB F20 SFP 100BASE FX SFP transceiver Single mode 1310nm 20km E MFB F40 SFP 100BASE FX SFP transceiver Single mode 1310nm 40km Ml MFB F60 SFP 100BASE FX SFP transceiver Single mode 1310nm 60km Ml MGB FA20 SFP 100BASE BX SFP transceiver WDM Single mode TX 1310nm RX 1550nm 20km Ml MGB FB2
79. VLAN tag DSCP TOS field in IP Packet Policy Based QoS IGMP v1 v2 Snooping up to 255 multicast Groups IGMP Snooping IGMP Querier mode support IP Based ACL MAC Based ACL Access Control List Up to 256 entries NENE Basic Management Interfaces Console Telnet Web Browser SNMPv1 v2c and v3 Secure Management Interface SSH SSL SNMP v3 RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2819 RMON MIB Group 1 RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC3411 SNMP Frameworks MIB IEEE802 1X PAE LLDP MAU MIB Standards Conformance Regulation Compliance FCC Part 15 Class A CE IEEE 802 3 10Base T IEEE 802 3u 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP Standards Compliance IEEE 802 1D Spanning tree protocol IEEE 802 1w Rapid Spanning tree protocol IEEE 802 1s Multiple Spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP 25 User s Manual of MGSW 24160F RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 IEC60068 2 32 Free fall Stability IEC60068 2 27 Shock 1EC60068 2 6 Vibration Environment Temperature 10 60 Degree C for DC power i
80. VLANs 4 6 2 IEEE 802 1Q VLAN In large networks routers are used to isolate broadcast traffic for each subnet into separate domains This Managed Switch provides a similar service at Layer 2 by using VLANs to organize any group of network nodes into separate broadcast domains VLANs confine broadcast traffic to the originating group and can eliminate broadcast storms in large networks This also provides a more secure and cleaner network environment An IEEE 802 1Q VLAN is a group of ports that can be located anywhere in the network but communicate as though they belong 112 User s Manual of MGSW 24160F to the same physical segment VLANs help to simplify network management by allowing you to move devices to a new VLAN without having to change any physical connections VLANs can be easily organized to reflect departmental groups such as Marketing or R amp D usage groups such as e mail or multicast groups used for multimedia applications such as videoconferencing VLANs provide greater network efficiency by reducing broadcast traffic and allow you to make network changes without having to update IP addresses or IP subnets VLANs inherently provide a high level of network security since traffic must pass through a configured Layer 3 link to reach a different VLAN This Managed Switch supports the following VLAN features E Up to 255 VLANs based on the IEEE 802 1Q standard a Port overlapping allowing a port to participate i
81. Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Buttons Static Select VLAN Users from this drop down list Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals Refiesh Click to refresh the page immediately 4 6 8 Port Isolation Configuration Overview When a VLAN is configured to be a private VLAN communication between ports within that VLAN can be prevented Two 125 User s Manual of MGSW 24160F application examples are provided in this section e Customers connected to an ISP can be members of the same VLAN but they are not allowed to communicate with each other within that VLAN e Servers in a farm of web servers in a Demilitarized Zone DMZ are allowed to communicate with the outside world and with database servers on the inside segment but are not allowed to communicate with each other Promiscuous Public Servers Permit MGSW 24160F Promiscuous Isolate Access Deny Access Deny Access Deny
82. Wires DOO and DO1 to Open Detector 38 User s Manual of MGSW 24160F 3 SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Managed Switch It describes the types of management applications and the communication and management protocols that deliver data between your management device workstation or personal computer and the system It also contains information about port connection options This chapter covers the following topics E Requirements a Management Access Overview a Administration Console Access E Web Management Access a SNMP Access a Standards Protocols and Related Reading 3 1 Requirements El Workstations of subscribers running Windows 98 ME NT4 0 2000 XP 2003 Vistsa MAC OS9 or later Linux UNIX or other platform compatible with TCP IP protocols a Workstation installed with Ethernet NIC Network Interface Card a Serial Port connect Terminal e Above PC with COM Port DB9 RS 232 or USB to RS 232 converter ii Ethernet Port connect e Network cables Use standard network UTP cables with RJ45 connectors a Above Workstation installed with WEB Browser and JAVA runtime environment Plug in It is recommended to use Internet Explore 7 0 or above to access Managed Switch 39 3 2 Management Access Overview User s Manual of MGSW 24160F The Managed Switch gives you the flexibility to access and manage it using any or all of the f
83. a frame is received on the port the port will be disabled Disabled Port shut down is disabled The default value is Disabled e Counter Counts the number of frames that match this ACE Buttons ta a a Click to save changes et Click to undo any changes made locally and revert to previously saved values Click to refresh the page any changes made locally will be undone e fF E Click to clear the counters 4 10 5 ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch The ACL Rate Limiter Configuration screen in Figure 4 10 5 appears 206 User s Manual of MGSW 24160F ACL Rate Limiter Configuration Rate Limiter ID Rate pps lt lt lt lt lt lt SI EIEI SL SIL EMEI Figure 4 10 5 ACL Rate Limiter Configuration Page Screenshot The page includes the following fields Object Description e Rate Limiter ID The rate limiter ID for the settings contained in the same row e Rate The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 207 User s Manual of MGSW 24160F 4 11 Authentication This section is to control the access of the Managed Switch in
84. a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and electronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision PLANET 16 Port 100 1000Base X SFP 8 Port 10 100 1000Base T L2 L4 Managed Metro Ethernet Switch User s Manual FOR MODEL MGSW 24160F REVISION 1 1 May 2012 Part No EM MGSW 24160F 2080 A93270 000 User s Manual of MGSW 24160F TABLE OF CONETNTS t INTRODU TION o Ai 18 11 Packet Comens uasna A a AEAEE E TE 18 1 2 Product Description cererii neien EE EAEE AEE EARR 18 1 3 How to Use This Manual a aae e nooo 20 1 4 Product er A E EE E E E E E E E 21 1 5 Prod ct Specification 24 2 NSTALLATI O N cia 27 2 1 Hardware Description hide a e iran iaa 27 21 1 Switch Front Pael cion catar a Er eaa eea ae iaaa eea a to lianas tr pai 27 2 VA LED AINGICAtONS EEA a ATEEN EE AN EE A AT E A A 28 2 1 3 Switch Rear Panelini iaieineea iee enert e da tad 29 2 2 Install the Switch siennas eee aa aa a 30 22 1 Desktop Installation laca 30 22 2 RAKIM O UNI saeco sets Sess et e ones oh oS seed Ss hes a ade ea aa 31 2 2 3 Installing the SFP transceiver cccccecceseceeceeeeeeeeeeaece cece caeeaaaeceeeeeeeeaaaeaeceeeeeesaaaeaeceseseceeaeeeseeeeeseesanaeeeeeeeseeees 32 2 2 4 Wiring the Power Input iii aii 36 2 2 5 Wiring th
85. acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components The UPnP Configuration screen in Figure 4 2 9 appears UPnP Configuration Advertising Duration Figure 4 2 9 UPnP Configuration Page Screenshot The page includes the following fields Object Description e Mode Indicates the UPnP operation mode Possible modes are Enabled Enable UPnP mode operation Disabled Disable UPnP mode operation When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled e TTL The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 1 to 255 e Advertising Duration The duration carried in SSDP packets is used to inform a control point or control points how often it or they should receive a SSDP advertisement message from this switch If a control point does not receive any message within the duration it will think that the switch no longer exists Due to the unreliable nature of UDP in the standard it is recommended that such refreshing of advertisements to be done at less than one half of the advertising duration In the implementation the switch sends SSDP messages
86. aia 454 IED RMEDRastunt et E e e o 455 ILDPMEDAINfO corrio e et e o e ele ces ea e tl efe e Ms Ed 455 LLDPMED Debuge_med_transmit_vat 2 0 2 2 eccceccceece cece eeeeeee cece teens eeaeaeeeeeeeseceaeaeceeeeeseeaaeaeeeeeseseeaeeeeeseesneaeees 455 6 14 Quality of Service Command cnmminncccccccnonicnencc rc 456 QOS CONMGUCALIOM caia Ai de 456 QOS Classes ii a Ane 456 QOS Default id E E 457 QOS Tag Pro Viera Na a tddi 457 Eoo KO N m0 0 AEEA AEE A S EAA A a T E OA net ed dae ed ah eet Met de 458 QoS QCL Add iii aos cs 458 QoOS OCE Deletes iria ido litis bed es 459 QOS QC LOOK Praia 460 QOS MOdG EE A i Meet eee ie Geet A ie leh eh eaten 460 QOS Wei ia agita 460 QoS Rae Limite caida ad ascii 461 QS Shape rs a e des oe el de ela e Lele site Cats 461 A O A O O T 462 QoS Strom Multicas 0 A aie cena vie ahi 462 QoS SironBroadcast in miir haces is Aa 463 QOS DSCP REMArKING es cronista rl ea oiod eira aaen eaid 464 QoS DSCP Q s eMaApPiNG seeen eaa r seas aa raa aea eee a eK Ee e aa a aae EE AEE er tes 464 14 User s Manual of MGSW 24160F 6 15 Mirror Comma iaa 465 Miror CON ainia 465 Mirror POr steele Seth o oa 465 O O O TN 466 Mirror MODE iia a A ee E 466 6 16 Configuration COMMANO cccsseteeenceeeeeeeeeeeeeeeeeeeeeeesaae se nneee sees sae sesaaeenseeeesaessasaeeeneeeeseaeseceesaseaeenseaeees 468 COMPIQUIATION SAVE ici A A A A di ae 468 Configuration LO Ad ricooiriitar tetitas iia 468 6 17 Firmware COMMAN
87. all default All ports Default Setting disable Example Show mirror configuration User s Manual of MGSW 24160F SWITCH gt mirror configuration Mirror Port Description Set or show the mirror port Syntax Mirror Port lt port gt disable Parameters lt port gt disable Mirror port or disable default Show port Default Setting Mirror Port 1 Example Set port 2 for the mirror port SWITCH gt mirror port 2 465 Mirror SID Description Set or show the mirror switch ID Syntax Mirror SID lt sid gt Parameters lt sid gt Switch ID 1 16 Default Setting 1 Example Set SID2 for mirror switch ID User s Manual of MGSW 24160F SWITCH gt mirror sid 2 Mirror Mode Description Set or show the mirror mode Syntax Mirror Mode lt port_list gt enable disable rx tx Parameters lt port_list gt Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting disable 466 User s Manual of MGSW 24160F Example Enable the mirror mode for port 1 4 SWITCH gt mirror mode 1 4 enable 467 6 16 Configuration Command Configuration Save Description Save configuration to TFTP server Syntax Config Save lt ip_server gt lt file_name gt Parameters lt ip_server gt TFTP s
88. and suppose that the first server in the list is currently down but not considered dead Now if the supplicant retransmits EAPOL Start frames at a rate faster than X seconds then it will never get authenticated because the switch will cancel on going backend authentication server requests whenever it receives a new EAPOL Start frame from the supplicant And since the server hasn t yet failed because the X seconds haven t expired the same server will be contacted upon the next backend authentication server request from the switch This scenario will loop forever Therefore the server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 802 1X In port based 802 1X authentication once a supplicant is successfully 218 User s Manual of MGSW 24160F authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Single 802 1X variant Single 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X In Single 802 1X at most one supplicant can get authenticated on the port at a time Normal EAPOL frames are used in the communication between the supplicant and the switch If more than one sup
89. are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE e Counter The counter indicates the number of times the ACE was hit by a frame MAC Parameters Object Description e SMAC Filter Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE Any No SMAC filter is specified SMAC filter status is don t care Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears e SMAC Value When Specific is selected for the SMAC filter you can enter a specific source MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this SMAC value e DMAC Filter Specify the destination MAC filter for this ACE Any No DMAC filter is specified DMAC filter status is don t care MC Frame must be multicast BC Frame must be broadcast UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears e DMAC Value When Specific is selected for the DMAC filter you can enter a specific destination VLAN Parameters Object MAC address The legal format is xx xx xx xx xx xx A frame that hits this ACE matches this DMAC value Description e VLAN ID Filter Specify the VLAN ID filter fo
90. be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components User Priority is a 3 bit field storing the priority level for the 802 1Q frame Virtual LAN is a method to restrict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 10 standard All ports are VLAN aware Ports connected to V
91. be used to increase the bandwidth of a network connection or to ensure fault recovery Link aggregation lets you group up to 4 consecutive ports into a single dedicated connection between any two the Switch or other Layer 2 switches However before making any physical connections between devices use the Link aggregation Configuration menu to specify the link aggregation on the devices at both ends When using a port link aggregation note that e The ports used in a link aggregation must all be of the same media type RJ 45 100 Mbps fiber e The ports that can be assigned to the same link aggregation have certain other restrictions see below e Ports can only be assigned to one link aggregation e The ports at both ends of a connection must be configured as link aggregation ports e None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port 102 User s Manual of MGSW 24160F e All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN e The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole e Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop e Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop It allows a maximum of 16 ports to be aggreg
92. become overlap setting About the overlapped VLAN configuration see next VLAN configure sample 4 Assign PVID for each port Port 1 Port 2 and Port 3 PVID 2 Port 4 Port 5 and Port 6 PVID 3 Port 7 Port 24 PVID 1 5 Enable VLAN Tag for specific ports Link Type Port 3 VLAN 2 and Port 6 VLAN 3 The Per Port VLAN configuration in Figure 4 6 10 appears 131 User s Manual of MGSW 24160F VLAN Port Configuration IEEE 802 10 Y Aa y Dome unl Disable 802 10 Tag Diae v Disable Disable Disable Disable Disable Disable Disable Disable Disable y Disable Disable Disable Disable Disable Disable Disable Disable E 5 fa al a kjkj UnTag UnTag UnTag UnTag UnTag UnTag UnTag UnTag UnTag Ues De v UnTag Disable Urls v Die CE sisas is ss gt BEEP PPP PGI EES ES ES ESET ES ES ES ES ES ES ES E m 0 m a e a O O a a a e G R a S a A G Figure 4 6 10 Port 1 Port 6 VLAN Configuration 132 User s Manual of MGSW 24160F 4 6 10 2 VLAN Trunking between two 802 1Q aware switch The most cases are used for Uplink to other switches VLANs are separated at different switches but they need to access with other switches within the same VLAN group The screen in Figure 4 6 11 appears ea eee eee oe ee ee ee ee zi Y a PC 2 PC 3 i PS IPCS Untagged Tagged i i Untagged Tagged l i l I l i l l
93. by a MAC address and VLAN ID If Limit Control is enabled on a port the limit specifies the maximum number of users on the port If this number is exceeded an action is taken The action can be one of four different as described below The Limit Control module is one of a range of modules that utilizes a lower layer module the Port Security module which manages MAC addresses learned on the port The Limit Control configuration consists of two sections a system and a port wide The Port Limit Control Configuration screen in Figure 4 12 1 appears 250 User s Manual of MGSW 24160F Port Limit Control Configuration seconds Port Configuration state Reopen Disabled Reopen Limit oO Te i J lt E F lt Disabled Reopen Disabled Reopen E f Disabled Reopen Disabled Reopen y s Disabled Reopen y is Disabled Reopen y s Disabled Reopen Disabled Reopen DIO EE Y ES i E F lt Disabled Reopen Disabled Reopen Disabled Reopen Disabled Esoren Disabled Reopen Disabled Reopen Disabled Reopen Disabled Reopen Disabled Reopen D us L 4 L 4 L 4l L 4 L 4 L 4 EA L 4 L 4l L 4 L 4l 4 L 4 L 4l 4 4 4 Disabled Reopen Disabled Reopen y s Disabled Reopen E Disabled Reopen Disabled Reopen Disabled Reopen Figure 4 12 1 Port Lim
94. check if the IP address is changed If the IP address is successfully configured the Managed Switch will apply the new IP address setting immediately You can access the Web interface of The Managed Switch through the new IP address If you do not familiar with console command or the related parameter enter help anytime in console to get the help description You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 302 5 2 Telnet Login User s Manual of MGSW 24160F The Managed Switch also supports telnet for remote management The switch asks for user name and password for remote login when using telnet please use admin for username amp password Welcome to PLANET Command Line Interface Port Numbers A O O i i 43 i i 4 4 t 119112114116 o i 91111131151 4 E A O O 118 126122 i241 q oe O O o 1171191211231 Ho 4 BEE al 303 User s Manual of MGSW 24160F 6 Command L
95. classified to the Port VLAN ID and tags are not removed e Ingress Filtering Show the ingress filtering for a port This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded e Frame Type Shows whether the port accepts all frames or only tagged frames This 124 User s Manual of MGSW 24160F parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded e Tx Tag Shows egress filtering frame status whether tagged or untagged e UVID Shows UVID untagged VLAN ID Port s UVID determines the packet s behavior at the egress side e Conflicts Shows status of Conflicts whether exists or Not When a Volatile VLAN User requests to set VLAN membership or VLAN port configuration the following conflicts can occur Functional Conflicts between features Conflicts due to hardware limitation Direct conflict between user modules e VLAN User AVLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN CLI Web SNMP This are reffered as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server
96. coated Shea ated alee maths he sede ald Soc ah and D 295 4 15 3 Remote IP Ping Testi A ie 296 4 154 Cable DidQnostics vicio ito 298 5 COMMAND LINE INTERFACE lt lt lt w lt lt iimiiiaiiiaraaara etsnventenie teenies 300 5 ACceSsing the Chloe ind igun eoi rauan dance aliada oda Dita 300 Logon to the COSSA A eaeesaee tesla alc bearer heed dade 300 Configure IP address isi sss eedee eee adie ee abad eii 301 522 A A sepa ecndestevseaeaeuvccueness 303 5 Gommand Line Modena 304 Gi System COMO ii A a aaan Ae aaea AE 304 System Configuratio seken tilda dida 304 System Name out ses til ooo cda ETE caste anc eee tna E E RE 305 User s Manual of MGSW 24160F System COMACE A eire eE Sa eaaa E aada eaaa Ae Ea Eaa AN NEATA EEEa E Eaa diede 306 System LOCO iii a ee 306 System TIMEZONE Sii di aerea aa eaaa eae ica 307 SYSTEM A O EE AN O O 307 System Reboot e e a E OA A ee E Ea 308 System Restore Default A eed EAA ios 308 NE AAA O 308 Systeri LOG titi tt it ea a 309 ZA CAMA O ii 311 RS NN 311 IPD CP e o e A 311 IP SO tUpPy O ae ea Aaa 312 A te Med dN te e Med coh a arr ad de tet 313 P DNS tee ha ada sas 313 IPS PNSIPIOXYaversdedesa echoes bectesnse Solve Ment e il 314 IPV6 AUTOGINEIG ccoomadanta incoada 314 IPVO SOU a id e a ag 315 PO PO is 316 IP NTP Configurations omic arias 316 IPN TRAM OGG t thes as ete ea Cane oh e ela ce el ad e al ele ase tae 317 IP NT PESOrVeriAGa anos chececes ccs capeebeck ay uscteds vaste eben
97. default Set or show digital input output fault alarm 1 2 status Example Enable power alarm configuration SWITCH gt dido fault_pwr_alr dc1 enable SWITCH gt dido fault_pwr_alr dc2 enable SWITCH gt dido fault_pwr_alr ac enable 498 User s Manual of MGSW 24160F 7 SWITCH OPERATION 7 1 Address Table The Switch is implemented with an address table This address table composed of many entries Each entry is used to store the address information of some node in network including MAC address port no etc This in formation comes from the learning process of Ethernet Switch 7 2 Learning When one packet comes in from any port the Switch will record the source address port no And the other related information in address table This information will be used to decide either forwarding or filtering for future packets 7 3 Forwarding amp Filtering When one packet comes from some port of the Ethernet Switching it will also check the destination address besides the source address learning The Ethernet Switching will lookup the address table for the destination address If not found this packet will be forwarded to all the other ports except the port which this packet comes in And these ports will transmit this packet to the network it connected If found and the destination address is located at different port from this packet comes in the Ethernet Switching will forward this packet to the port where this destination
98. ena int alii e eta ed od ied dee eee 423 STP POE Ge ceuta tenacidad 423 User s Manual of MGSW 24160F STP Port AutO Edge 00000 dee 424 SEP ROMM RAR cee too TE Le Ee SEN a noe te tear o EU e E eet 424 STP Port RestrictedROle cinc 425 SEP dolac ie nET E T OT 425 ST P PortbpduG ard wicca oe a eo ee ee ee E E 426 STP Port Statistic srcani ni alc batik Ae ani ie hae oA nal Ne en A eee 426 STP PortiMcheck coincidan dorado pt 427 STP MSTIPort Configura ictericia 427 STP MSTI Port Cost l 428 STEP MS il PoOrt Priority e S 429 6 9 Multicast Configuration COMMAN cccceecceseeeeeeeeeeeeseseeeeneeeeeseaesaseeeeneeeeseeeeseaesaaeeeeseeesesnaesnneeenseeeees 430 IGMP Configuration ize casciceiesnccietuatcescste pala 430 IGMP Mode 225 acto tei de EAE ie hee Me LA esd A eet aR Ae nek Madd ad edo eed de eri 430 IGMP Leave Pro A ee ee 431 IGMP Stale ii e hase oe boed sas 431 IGMP Querer vicio ta e tete dra 432 ISGMPEastleave 0 dt di ie edo 432 IGMP Throttling 0 Ae 433 GMP Ellt ring tec eo eones cell ene es ate oo coo Da e e e 433 IGMP Router ccoo o oca 434 IGMP FIOOGING ee A EE i a 435 IGMPGroupS vice oa tae ee ee ee ee i es en ae ctas 435 IGMP Statussa esi E E E Ae ath a A eed el ee I eh es ei 435 6 10 Link Aggregation Command ommncicncnccccnnninnrn unnn nnnn nunnan nn nnnn annene nnn nnna 437 Aggregation CoM gU A O ii ros 437 SS O eiaa aa aaia a eaa e aa ra 437 Aggregation DE EAT TE E A E E E 438 Aggregation Look Up i
99. entry of the currently displayed VLAN MAC address pairs as a basis for the next lookup When the end is reached the text no more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Query by The query of the MAC addresses entry The following query types are supported Interface Query of the MAC addresses entry by interface VLAN Query of the MAC addresses entry by VLAN MAC Address Query of the MAC addresses entry by MAC address e Type Indicates whether the entry is a static or dynamic entry 271 User s Manual of MGSW 24160F e VLAN The VLAN ID of the entry e MAC address The MAC address of the entry e Port Members The ports that are members of the entry Buttons Auto refresh Cl Check this box to enable an automatic refresh of the page at regular intervals Refiesh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Cea Flushes all dynamic entries Lk lt Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address gt gt gt Updates the table starting with the entry after the last entry currently displayed 4 13 4 MAC Table Learning If the learning mode for a given port is grayed out another module is in control of the mode so that it cannot be changed by the user An example
100. first 1 second 2 select lt description gt Digital input1 2 described string Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact Example Set digital input alarm message SWITCH gt dido di_desc first window was opened Di_en Description Set or show the system digital input1 2 Syntax di_desc first second lt description gt Parameters lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output first 1 second 2 select lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status lt hightolow gt Trigger gt high to low lt lowtohigh gt Trigger gt low to high default Set or show digital input output 1 2 trigger Example Enable digital input function and set trigger condition SWITCH gt dido di_en first enable hightolow 493 Do_act Description Set or show the system digital output1 2 action Syntax do_act first second port power enable disable Parameters lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output first 1 second 2 select lt port gt port fail lt power gt power fail default Set or show digital output fault alarm 1 2 action lt di_1 gt Digital Inpu
101. graph The switch system log information is provided here The switch system detailed log information is provided here Configure remote syslog on this page This page facilitates an update of the firmware controlling the switch Upgrade the firmware via TFTP server You can save the switch configuration The configuration file is in XML format with a hierarchy of tags You can load the switch configuration The configuration file is in XML format with a hierarchy of tags Configure SMTP for alarm on this page This page is for you setting up digital input and digital output and what kind of action will be done This page is for you monitoring power and port status If they are failed system will trigger alarm You can reset the configuration of the switch on this page Only the IP configuration is retained You can restart the switch on this page After restart the switch will boot normally 49 User s Manual of MGSW 24160F 4 2 1 System Information The System Info page provides information for the current device information System Info page helps a switch administrator to identify the hardware MAC address software version and system uptime The screen in Figure 4 2 1 appears System Information Contact Name MGSW 24160F Location Hardware MAC Address 00 30 4f 16 81 68 AC Power ON Power Status DC Power1 OFF DC Power2 OFF Temperature 270C 806F System Date 1970 01 01 Thu 00 02 44 0000 System Uptime 0d
102. gt OUI address xx xx xx Example Delete Voice VLAN OUI entry SWITCH gt voice vian oui delete 00 11 22 Voice VLAN OUI Clear Description Clear Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Clear Example Clear Voice VLAN OUI entry SWITCH gt voice vian oui clear 481 User s Manual of MGSW 24160F Voice VLAN OUI Look up Description Look up Voice VLAN OUI entry Syntax Voice VLAN OUI Look up lt oui_addr gt Parameters lt oui_addr gt OUI address xx xx xx default Show OUI address Example Look up Voice VLAN OUI entry SWITCH gt voice vian oui lookup Voice VLAN Port Mode Description Set or show the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Port Mode lt port_list gt disable auto force Parameters lt port_list gt Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically force Forced join to Voice VLAN default Show Voice VLAN port mode Default Setting disable 482 User s Manual of MGSW 24160F Example Set auto mode for port 1 4 of Voice VLAN port mode SWITCH gt voice vlan port mode
103. hold in the Unauthorized state The hold timer does not count during an on going authentication In MAC based Auth mode the The switch will ignore new frames coming from the client during the hold time The Hold Time can be set to a number between 10 and 1000000 seconds e RADIUS Assigned QoS Enabled RADIUS assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned QoS Enabled below for a detailed description The RADIUS Assigned QoS Enabled checkbox provides a quick way to globally enable disable RADIUS server assigned QoS Class functionality When checked the individual ports ditto setting determines whether RADIUS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports e RADIUS Assigned VLAN Enabled RADIUS assigned VLAN provides a means to centrally control the VLAN on which a successfully authenticated supplicant is placed on the switch Incoming traffic will be classified to and switched on the RADIUS assigned VLAN The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature see RADIUS Assigned VLAN Enabled below for a detailed description The RADIUS Assigned VLAN Enabl
104. importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For example the domain name www example com might translate to 192 168 0 1 DoS is an acronym for Denial of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 DSCP is an acronym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802 3az 508 User s Manual of MGSW 24160F EPS is an abbreviation for Ethernet Protection Switching defined in ITU T G 8031 Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is being transported in an Ethernet frame FTP is an acronym for File Transfer Protocol It is a transfer protocol that uses the Transmiss
105. includes the following fields Object Description e Port The switch interface e PVLAN Port Type Displays private VLAN port types Isolated A single stand alone VLAN that contains one promiscuous port and one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting 127 User s Manual of MGSW 24160F 4 6 9 Private VLAN Membership Configuration The Private VLAN membership configurations for the switch can be monitored and modified here Private VLANs can be added or deleted here Port members of each Private VLAN can be added or removed here Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs The Private VLAN Membership Configuration screen in Figure 4 6 7 appears Private VLAN Membership Configuration Port Members a Derete vano beppe ebene Figure 4 6 7 Private VLAN Membership Configuration Page Screenshot The page includes the following fields
106. interface under access management mode is enabled Buttons Refresh Click to refresh the page immediately cra J Clear all statistics 255 User s Manual of MGSW 24160F 4 12 4 HTTPs Configure HTTPS on this page The HTTPS Configuration screen in Figure 4 12 4 appears HTTPS Configuration E Mode Disabled v Automatic Redirect Disabled v Figure 4 12 4 HTTPS Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the HTTPS mode operation Possible modes are Enabled Enable HTTPS mode operation Disabled Disable HTTPS mode operation e Automatic Redirect Indicates the HTTPS redirect mode operation Automatic redirect web browser to HTTPS during HTTPS mode enabled Possible modes are Enabled Enable HTTPS redirect mode operation Disabled Disable HTTPS redirect mode operation Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 5 SSH Configure SSH on this page This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules
107. logoff frame is received the port returns to the unauthorized state 4 11 2 Authentication Configuration This page allows you to configure how an administrator is authenticated when he logs into the switch via TELNET SSH or the web pages The Authentication Method Configuration screen in Figure 4 11 3 appears Authentication Method Configuration Authentication Method Fallback console telnet ssh Figure 4 11 3 Authentication Method Configuration Page Screenshot 212 User s Manual of MGSW 24160F The page includes the following fields Object Description e Client The management client for which the configuration below applies e Authentication Method Authentication Method can be set to one of the following values None authentication is disabled and login is not possible local use the local user database on the switch for authentication radius use a remote RADIUS server for authentication tacacs use a remote TACACS server for authentication e Fallback Enable fallback to local authentication by checking this box If none of the configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to something else than none or local Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 11 3 Network Access Se
108. lt age_time gt Parameters lt age_time gt Time in seconds between checks for activity on a MAC address 10 10000000 seconds default Show current age time Default Setting 3600 Example Set age time in 100sec SWITCH gt security network limit agetime 100 Security Network Limit Port Description Set or show per port enabledness 379 User s Manual of MGSW 24160F Syntax Security Network Limit Port lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enabledness of port security limit control Default Setting disable Example Enable port limit for port 1 SWITCH gt security network limit port 1 enable Security Network Limit Limit Description Set or show the max number of MAC addresses that can be learned on this set of ports Syntax Security Network Limit Limit lt port_list gt lt limit gt Parameters lt port_list gt Port list or all default All ports lt limit gt Max number of MAC addresses on this port default Show current limit Default Setting 4 Example Set limit in 5 SWITCH gt security network limit limit 1 24 5 380 User s Manual of MGSW 24160F Security Network Limit Action Description Set or show the action involved with exceeding the limit Syntax
109. might not be able to access the RADIUS server 4 11 10 802 1X Client Configuration Windows XP is originally 802 1X support As to other operating systems windows 98SE ME 2000 an 802 1X client utility is needed The following procedures show how to configure 802 1X Authentication in Windows XP Please note that if you want to change the 802 1x authentication type of a wireless client i e switch to EAP TLS from EAP MD5 you must remove the current existing wireless network from your preferred connection first and add it in again Configure Sample EAP MD5 Authentication 1 Go to Start gt Control Panel double click on Network Connections 2 Right click on the Local Network Connection 3 Click Properties to open up the Properties setting window 3COM 3C940 Status General Support Connection Status Connected Duration 03 35 37 Speed 100 0 Mbps Activity b dE 146 938 760 110 212 126 Sent Received Figure 4 11 18 247 User s Manual of MGSW 24160F 4 Select Authentication tab 5 Select Enable network access control using IEEE 802 1X to enable 802 1x authentication 6 Select MD 5 Challenge from the drop down list box for EAP type 3COM 3C940 Properties A General Authentication Advanced Select this option to provide authenticated network access for Ethernet networks Enable IEEE 802 1 authentication for this network EAP type
110. now for port 1 SWITCH gt security network nas authenticate 1 now Security Network NAS Siatistics Description Show or clear 802 1X statistics Syntax Security Network NAS Statistics lt port_list gt clear eapol radius Parameters lt port_list gt Port list or all default All ports clear Clear statistics eapol Show EAPOL statistics radius Show Backend Server statistics default Show all statistics Example Show 802 1X statistics in port 1 SWITCH gt security network nas statistics 1 Port 1 EAPOL Statistics Rx Total 0 Tx Total Rx Response ld 0 Tx Request ld Rx Response O Tx Request Rx Start Rx Logoff Rx Invalid Type Rx Invalid Length Port 1 Backend Server Statistics Rx Access Challenges O Tx Responses 389 Rx Other Requests Rx Auth Successes Rx Auth Failures User s Manual of MGSW 24160F Security Network ACL Configuration Description Show ACL Configuration Syntax Security Network ACL Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show ACL Configuration SWITCH gt security network acl configuration ACL Configuration Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Rate Limiter Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled
111. of MGSW 24160F 1 4 Product Features gt Physical Port 16 100 1000Base X SFP mini GBIC slots from port9 to port24 8 Port 10 100 1000Base T Gigabit Ethernet RJ 45 RS 232 DB9 console interface for Switch basic management and setup gt Hardware Conformance 36 to 72V DC redundant power with polarity reverse protect function 10 to 60 Degree C operating temperature 19 inch Rack mountable Relay alarm for port breakdown power failure Two Thermal FAN built in gt Layer 2 Features Prevents packet loss with back pressure Half Duplex and IEEE 802 3x PAUSE frame flow control Full Duplex High performance of Store and Forward architecture broadcast storm control and runt CRC filtering eliminates erroneous packets to optimize the network bandwidth Storm Control support Broadcast Multicast Unknown Unicast Support VLAN IEEE 802 1Q Tagged VLAN Up to 255 VLANs groups out of 4094 VLAN IDs Provider Bridging VLAN Q in Q support IEEE 802 1ad Private VLAN Edge PVE Voice VLAN Support Spanning Tree Protocol STP IEEE 802 1D Spanning Tree Protocol RSTP IEEE 802 1w Rapid Spanning Tree Protocol MSTP IEEE 802 1s Multiple Spanning Tree Protocol spanning tree by VLAN BPDU Guard Support Link Aggregation 802 3ad Link Aggregation Control Protocol LACP Cisco ether channel Static Trunk Maximum 12 trunk groups up to 16 ports per trunk group Up to 32Gbps bandwidth Duplex Mode Provide Port Mirro
112. or reset the password to default value Press the hardware reset button at the front panel about 10 seconds After the device is rebooted you can login the management WEB interface within the same subnet of 192 168 0 xx MGSW 24160F eee e ev er 2 gt eeee 4 o X RESET Button 502 A 1 Switch s RJ 45 Pin Assignments 1000Mbps 1000Base T 1 BI_DA BI_DA BI_DB BI_DC BI_DC BI_DB BI_DD oo NIOJ a AJ OJN BI_DD BI_DB BI_DB BI_DA BI_DD BI_DD BI_DA BI_DC BI_DC User s Manual of MGSW 24160F APPENDEX A Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard A 2 10 100Mbps 10 100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment Contact MDI Media Dependant Interface 1 2 3 AA MDI X Media Dependant Interface Cross User s Manual of MGSW 24160F OS The standard cable RJ 45 pin assignment The standard RJ 45 receptacle connector There are
113. page is used to configure DSCP remarking The DSCP value of incoming frames will be changed according to its mapping queue once the packet is transmitted by the egress port The DSCP Remarking Configuration screen in Figure 4 9 13 appears 187 User s Manual of MGSW 24160F DSCP Remarking Configuration DSCP Queue Mappin por ee omonr ont WN N en M gt E 0 MD OF DON OOH amp WH O ale lt lt 2 ik 2 2 2 Ln aaa g Z ho i CS3 v v a ho ae ii 2 Yo lt lt Z al lt Z Z KIK 2 EJIE g lt EIE IS HSS SSS Sy SS Sy SSS SS SS SN SS ISS Z El Figure 4 9 13 DSCP Remarking Configuration Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e DSCP Remarking If the QoS remarking mode is set to enabled it should be with this DSCP Mode remarking correction function according to RFC2474 on this port e DSCP Queue Mapping Configure the mapping table between the queue and its DSCP value that is used for DSCP remarking if the DSCP value of incoming packets is not specified in RCF2474 Best Effort DSCP 0 188 User s Manual of MGSW 24160F CS1 DSCP 8 CS2 DSCP 16 CS3 DSCP 24 CS4 DSCP 32
114. platform section must be the first section tag and this section must include the correct platform ID and version The global section is optional and includes configuration that is not related to specific switch ports The switch section is optional and includes configuration that is related to specific switch ports Module tags lt ip gt lt mac gt lt port gt etc These tags identify a module controlling specific parts of the configuration Group tags lt port_table gt lt vlan_table gt etc These tags identify a group of parameters typically a table Parameter tags lt mode gt lt entry gt etc These tags identify parameters for the specific section module and group The lt entry gt tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is included in the file The file may then be modified using an editor and loaded to a switch The example is as below shows ismall configuration file only including configuration of the MAC address age time and the learning mode per port When loading this file only the included parameters will be changed This means that the age time will be set to 200 and the learn mode will be set to automatic Save Configuration 1 Press the Save Configuration button to save the current configuration in manager workstation The following
115. previously saved values Renew Click to undo any changes made locally and revert to previously saved values 4 2 3 IPv6 Configuration Configure the switch managed IPv6 information on this page The Configured column is used to view or change the IPv6 configuration The Current column is used to show the active IPv6 configuration The screen in Figure 4 2 3 appears IPv6 Configuration Tte O ment Auto Configuration O 192 168 0 100 Link Local Address fe80 230 4ff fe24 4d1 VLAN ID Figure 4 2 3 IPv6 Configuration Page Screenshot The page includes the following fields Object Description e Auto Configuration Enable IPv6 auto configuration by checking this box If fails the configured IPv6 address is zero The router may delay responding to a router solicitation for a few seconds the total time needed to complete auto configuration can be significantly longer 52 e Address User s Manual of MGSW 24160F Provide the IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 e Prefix Provide the IPv6 Prefix of
116. primary link failure is also accomplished automatically without operator intervention This automatic network reconfiguration provides maximum uptime to network users However the concepts of the Spanning Tree Algorithm and protocol are a complicated and complex subject and must be fully researched and understood It is possible to cause serious degradation of the performance of the network if the Spanning Tree is incorrectly configured Please read the following before making any changes from the default values The Switch STP performs the following functions a Creates a single spanning tree from any combination of switching or bridging elements a Creates multiple spanning trees from any combination of ports contained within a single switch in user specified groups a Automatically reconfigures the spanning tree to compensate for the failure addition or removal of any element in the tree a Reconfigures the spanning tree without operator intervention Bridge Protocol Data Units For STP to arrive at a stable network topology the following information is used E The unique switch identifier E The path cost to the root associated with each switch port E The port identifier STP communicates between switches on the network using Bridge Protocol Data Units BPDUs Each BPDU contains the following information a The unique identifier of the switch that the transmitting switch currently believes is the root switch The path cost to the
117. priority Buttons Save Click to save changes 180 User s Manual of MGSW 24160F Reset Click to undo any changes made locally and revert to previously saved values Cancel Return to the previous page 4 9 4 Port QoS Configuration This page allows you to configure QoS settings for each port e Frames can be classified by 4 different QoS classes are Low Normal Medium and High e The classification is controlled by a QCL that is assigned to each port e AQCL consists of an ordered list of up to 12 QCEs e Each QCE can be used to classify certain frames to a specific QoS class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority e Frames not matching any of the QCEs are classified to the default QoS class for the port The settings relate to the currently selected unit as reflected by the page header The Port QoS Configuration screen in Figure 4 9 9 appears 181 User s Manual of MGSW 24160F Port QoS Configuration Number of C asses Ingress Configuration Egress Configuration tes Queue Weighted Default Class QCL Tag Priority Queuing Mode Tow Low j 2 g E lt 3 lt alek o lt lt o Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Strict Priority Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Strict Priorit
118. range is 1 to 4095 Age Time Indicates the Voice VLAN secure learning age time The allowed range is 10 to 10000000 seconds It used when security mode or auto detect mode is enabled In other cases it will be based hardware age time The actual age time will be situated in the age_time 2 age_time interval Traffic Class Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this class Port Mode Indicates the Voice VLAN port mode When the port mode isn t disabled we must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Possible port modes are Disabled Disjoin from Voice VLAN Auto Enable auto detect mode It detects whether there is VoIP phone attached on the specific port and configure the Voice VLAN members automatically Forced Forced join to Voice VLAN e Port Security Buttons Save Click to save changes Indicates the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds Possible port modes are Enabled Enable Voice VLAN security mode operation Disabled Disable Voice VLAN security mode operation Reset Click to undo any changes made locally and revert to previously saved values 191 User s Manual of MGSW 24160F 4 9 10 Voice VLAN OUI Table Configure VOICE VLAN OUI table on this page The maximum entry number is 16 Modify
119. row for each RADIUS Authentication Server and a number of columns which are Object Description o The RADIUS Authentication Server number for which the configuration below applies e Enabled Enable the RADIUS Authentication Server by checking this box e IP Address Hostname The IP address or hostname of the RADIUS Authentication Server IP address is expressed in dotted decimal notation e Port The UDP port to use on the RADIUS Authentication Server If the port is set to 0 zero the default port 1812 is used on the RADIUS Authentication Server e Secret The secret up to 29 characters long shared between the RADIUS Authentication Server and the switch RADIUS Accounting Server Configuration The table has one row for each RADIUS Accounting Server and a number of columns which are Object Description o The RADIUS Accounting Server number for which the configuration below 233 User s Manual of MGSW 24160F applies e Enabled Enable the RADIUS Accounting Server by checking this box e IP Address Hostname The IP address or hostname of the RADIUS Accounting Server IP address is expressed in dotted decimal notation e Port The UDP port to use on the RADIUS Accounting Server If the port is set to 0 zero the default port 1813 is used on the RADIUS Accounting Server e Secret The secret up to 29 characters long shared between the RADIUS Accounting Server and the switch
120. screens in Figure 4 2 22 amp 4 2 23 appear 71 User s Manual of MGSW 24160F File Download Do you want to open or save this file E Name ntent length_18058Server__PLANET_Web_Server Type XML Document 17 6KB From 192 168 0 100 harm your computer If you do not trust the source do not open or 9 While files from the Internet can be useful some files can potentially save this file What s the risk Figure 4 2 22 File Download Screen 2 Chose the file save path in management workstation O Contig Backup My Recent Documents Fie name My Network Save as type All Files j Figure 4 2 23 File Save Screen 72 User s Manual of MGSW 24160F 4 2 18 Configuration Upload This function allows backup and reload the current configuration of the Managed Switch to the local management station The Configuration Upload screen in Figure 4 2 24 appears Configuration Upload ENE Figure 4 2 24 Configuration Upload Page Screenshot Configuration Upload 1 Click the ome configuration The Configuration screen in Figure 4 2 25 appears button of the main page the system would pop up the file selection menu to choose saved Choose file Look in B Config Backup e PE y My Recent Documents Desktop My Documents My Computer My Network File name confg xml z Places Files of type fan Files v Cancel Figure 4 2
121. syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 lt ping_length gt Ping data length 8 1400 excluding MAC IP and ICMP headers Example SWITCH gt ip ipv6 ping 2001 0002 PING6 server 2001 2 68 bytes from 2001 2 icmp_seq 0 time 0ms 68 bytes from 2001 2 icmp_seq 1 time 0ms 2 68 bytes from 2001 2 icmp_seq 2 time 0ms 2 68 bytes from 2001 2 icmp_seq 3 time 0ms 68 bytes from 2001 2 icmp_seq 4 time 0ms Sent 5 packets received 5 OK 0 bad IP NTP Configuration Description Show NTP configuration Syntax IP NTP Configuration Default Setting IP NTP Configuration 316 User s Manual of MGSW 24160F NTP Mode Disabled Idx Server IP host address a b c d or a host name string 1 pool ntp org 2 europe pool ntp org 3 north america pool ntp org 4 asia pool ntp org 5 oceania pool ntp org IP NTP Mode Description Set or show the NTP mode Syntax IP NTP Mode enable disable Parameters enable Enable NTP mode disable Disable NTP mode default Show NTP mode Default Setting disable Example Enable NTP mode SWITCH gt ip ntp mode enable IP NTP Server Add Description Add NTP server entry Syntax IP NTP Server Add lt server_index gt lt ip_addr_string gt 317 User s Manual of MGSW 24160
122. table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from port address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic ARP Inspection Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port e VLAN ID The VLAN ID of the entry e MAC address The MAC address of the entry e IP Address The IP address of the entry Buttons Auto refresh Ch Check this box to enable an automatic refresh of the page at regular intervals Refresh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields clear Flush
123. that reside in network elements They collect and store management information such as the number of error packets received by a network element Management information base MIB A MIB is a collection of managed objects residing in a virtual information store Collections of related managed objects are defined in specific MIB modules network management protocol A management protocol is used to convey management information between agents and NMSs SNMP is the Internet community s de facto standard management protocol SNMP Operations SNMP itself is a simple request response protocol NMSs can send multiple requests without receiving a response Get Allows the NMS to retrieve an object instance from the agent Set Allows the NMS to set values for object instances within an agent Trap Used by the agent to asynchronously inform the NMS of some event The SNMPv2 trap message is designed to replace the SNMPv1 trap message SNMP community An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group A SNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are Write private Read public Use the SNMP Menu to display or configure the Managed Switch s
124. the System is running under booting procedure 28 User s Manual of MGSW 24160F HE 10 100 1000Base T interfaces Function Lights To indicate the link through that port is successfully established with speed 1000Mbps 1000 Blink To indicate that the switch is actively sending or receiving data over that port LNK ACT ff If L10 100 NK ACT LED light gt indicate that the port is operating at 10Mbps or 100Mbps If LNK ACT LED Off gt indicate that the port is link down Lights To indicate the link through that port is successfully established with speed 10Mbps or 100Mbps 10 100 Orange Blink To indicate that the switch is actively sending or receiving data over that port LNK ACT If 1000 LNK ACT LED light gt indicate that the port is operating at 1000Mbps If 1000 LNK ACT LED Off gt indicate that the port is link down HM 1000Base SX LX SFP interfaces Shared Port 21 Port 24 Function Lights To indicate the link through that SFP port is successfully established LNK ACT Off To indicate that the SFP port is link down 2 1 3 Switch Rear Panel The rear panel of the Managed Switch indicates an AC inlet power socket which accepts input power from 100 to 240V AC 50 60Hz Figure 2 3 shows the rear panel of this Managed Switch MGSW 24160F Rear Panel Figure 2 3 Rear Panel of MGSW 24160F HE AC Power Receptacle For compatibility with electric service in most areas of the world the Managed
125. the UPnP mode 470 User s Manual of MGSW 24160F User s Manual of MGSW 24160F SWITCH gt upnp mode enable UPnP TTL Description Set or show the TTL value of the IP header in SSDP messages Syntax UPnP TTL sttl gt Parameters lt ttl gt ttl range 1 255 default Show UPnP TTL Default Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages SWITCH gt upnp ttl 10 UPnP Advertising Duration Description Set or show UPnP Advertising Duration Syntax UPnP Advertising Duration lt duration gt Parameters lt duration gt duration range 100 86400 default Show UPnP duration range Default Setting 100 Example Set value 1000 for UPnP Advertising Duration SWITCH gt upnp advertising duration 1000 471 6 19 MVR Command MVR Configuration Description Show the MVR configuration Syntax MVR Configuration Example Show the MVR configuration SWITCH gt mvr configuration MVR Configuration MVR Mode Disabled Muticast VLAN ID 100 Port Port Mode Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Port Type Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Immediate Leave Dis
126. the message of any length A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SMTP is an acronym for Simple Mail Transfer Protocol It is a text based protocol that uses the Transmission Control Protocol TCP and provides a mail service modeled on the FTP file transfer service SMTP transfers mail messages between systems and notifications regarding incoming mail SNMP is an acronym for Simple Network Management Protocol It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol for network management SNMP allow diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range advertising their SSIDs and can choose one to connect to base on pre configuration or by displaying a list of SSIDs in range and asking the user to select one wikipedia 517 User s Manual of MGSW 24160F SSH is an acronym for Secure SHell It is a network protocol that al
127. the mirror port 512 User s Manual of MGSW 24160F NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X NetBIOS is an acronym for Network Basic Input Output System It is a program that allows applications on separate computers to communicate within a Local Area Network LAN and it is not supported on a Wide Area Network WAN The NetBIOS giving each computer in the network both a NetBIOS name and an IP address corresponding to a different host name provides the session and transport services described in the Open Systems Interconnection OSI model NFS is an acronym for Network File System It allows hosts to mount partitions on a remote system and use them as though they are local file systems NFS allows the system administrator to store resources in a central location on the network providing authorized users continuous access to them which means NFS supports sharing of files printers and other resources as persistent storage over a computer network NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagram
128. this switch The allowed range is 1 through 128 e Router Provide the IPv6 gateway address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Provide the IPv6 SNTP Server address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 e VLAN ID Buttons Save Click to save changes Provide the managed VLAN ID The allowed range is 1 through 4095 Reset Click to undo any changes made locally and revert to previously saved values 4 2 4 Users Configuration This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser After setup completed please press Save button to take effect Please lo
129. tiacedssce cdeustteccndaaasddvse rice ctaz N E NET 317 IP NT PServer IPVO Add viii daa 318 IP NT PServer Deletes iiin iia caido 318 6 3 Port Management COMMANd nncnncinnnnnnnncnnninonc nnne nnnn nunne annann nennen annann 320 Port COnmfQurationy e a a a a a a a a A eT a EAE R e 320 POr MOG evacrisa eieiei eed anaes 320 Port eNA STNE AAE E E T A E EE 321 Port Statene A ER EAER E A O ee ees 322 Port Maximum Frames oniinn see toes beet eo aaa 322 o ONN E A E E E A E E EE E E E T 323 POM SER alo EETA A aa o E T A al al ET Noes am le E EE 323 POr EXCESSIVE A a a ee ee 324 Port Statistics ii ira 324 Port VeriPHY A tee ant aad tlc sei Gan 325 6 4 MAC Address Table Command ccccseccesccesseeeesneeenseeeneeeseenneeeneeeeseaesasaaeegseaeseaeeasaaesaseeeeneeesasnaeseeaeenseaeess 326 MAC Configurationnics c c ccccgadsieetacsccesccecesasbeseepussdnessasceecavuaecedesdaags Anna ar 326 MAGIA 2h AA ee 327 MAG Delete o eae kata ee Ae eee seed St need eae ed sd eee abe 327 MAC LOOK t o E EPEE EE toa EET 328 User s Manual of MGSW 24160F MAG Age TIME ii dai 328 MAC beage nse chce coh each ieee baked ben edigs date eobcthcdn ee iii 329 MAC DUMP torcida locas 329 MAC Stati Stes cece ea sisi eacce ces A N Sas A TATT 330 MACFlUS heehee iii see eee deel ied ied ee een 331 6 5 VLAN Configuration Command conmmiciinccnnnnnincrrrr nunna nnmnnn nenne nnnn nunnan nnna 332 VLAN Configurations oinnia e Aa Ae 332 MEAW PMID EN talent E E AE 332 VEAN Frame
130. to 8192 entries and is sorted first by VLAN ID then by MAC address The MAC Address Table screen in Figure 4 13 3 appears 270 User s Manual of MGSW 24160F MAC Address Table Start from VLAN 1 and MAC Address 00 00 00 00 00 00 with 20 entries per page Query by C MAC Address mac portmem recor CS ive ian wac address Jool 2a 79 ileese v Static 00 30 4F 88 64 SE Dynamic 00 E0 4C 69 60 84 Static 01 00 5E 7F FE FA Static 33 33 FF 88 64 5E Static 33 33 FF A8 00 64 Static FF FF FF FF FF FF WEIEN IEN N NENV NN NINE NONM ON OV WE NENN NN Auto Refresh J Figure 4 13 3 MAC Address Table Status Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table Clicking the Refresh button will update the displayed table starting from that or the closest next MAC Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last
131. to refresh the page any changes made locally will be undone Lk lt Updates the system log entries starting from the first available entry ID lt lt Updates the system log entries ending at the last entry currently displayed Updates the system log entries starting from the last entry currently displayed a Updates the system log entries ending at the last available entry ID 66 User s Manual of MGSW 24160F 4 2 13 Remote Syslog Configure remote syslog on this page The Remote Syslog screen in Figure 4 2 16 appears Remote es Configuration Disable v Disable v Figure 4 2 16 Remote Syslog Page Screenshot The page includes the following fields Object Description e Mode Indicates the remote syslog mode operation Possible modes are Enabled Enable remote syslog mode operation Disabled Disable remote syslog mode operation e Syslog Server IP Fill in your remote syslog server IP address Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 2 14 SMTP Configure This page facilitates a SMTP Configure the switch The SMTP Configure screen in Figure 4 2 17 appears 67 SMTP Mode SMTP Server SMTP Port SMTP Authentication Authentication User Name Authentication Password E mail Subject E mail 1 To E mail 2 To The page includes the following fields User s Manual of MGSW 24160F SMTP Configuration Ol Enab
132. trap mode operation e Trap Version Indicates the SNMP trap supported version Possible versions are SNMP v1 Set SNMP trap supported version 1 SNMP v2c Set SNMP trap supported version 2c SNMP v3 Set SNMP trap supported version 3 e Trap Community Indicates the community access string when send SNMP trap packet The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 33 to 126 e Trap Destination Indicates the SNMP trap destination address 82 Address User s Manual of MGSW 24160F Trap Destination IPv6 Address Provide the trap destination IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Trap Authentication Failure Indicates the SNMP entity is permitted to generate authentication failure traps Possible modes are Enabled Enable SNMP trap authentication failure Disabled Disable SNMP trap authentication failure Trap Link up and Link down Indicates the SNMP trap link up and link down mode operation Possible modes are Enabled Enable SNMP trap link up an
133. upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if there is not frame with the corresponding SMAC address have been seen after a configurable age time MEP is an acronym for Maintenance Entity Endpoint and is an endpoint in a Maintenance Entity Group ITU T Y 1731 MDS is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming source and outgoing destination frames can be mirrored to
134. values 4 2 20 Fault Alarm The Fault Relay Alarm function provides the Power Failure and Port Link Down Broken detection With both power input 1 and power input 2 installed and the check boxes of power 1 power 2 ticked the FAULT LED indicator will then be possible to light up when any one of the power failures occurs As for the Port Link Down Broken detection the FAULT LED indicator will light up when the port failure occurs certainly the check box beside the port must be ticked first Please refer to the segment of Wiring the Fault Alarm Contact for the failure detection The Configuration screen in Figure 4 2 27 appears 75 User s Manual of MGSW 24160F Fault alarm Control Configuration Cl enable System Log Syslog SNMP Trap SMTP Action Port Fail _ Power Fail Power Alarm DC1 DC2 AC Power E A ete AA 5 Ge 5 MS 9 10 11 12 13 14 15 16 Port Alarm Mie O 19 20 21 22 23 124 Figure 4 2 27 Windows File Selection Menu Popup The page includes the following fields Object Description e Enable Allows user to enable Fault Alarm function e Record Allows user to record alarm message to System log syslog or issues out via SNMP Trap or SMTP As default SNMP Trap and SMTP are disabled please enable them first if you want to issue alarm message via them e Action Allows user to monitor and alarm from port fail or power fail e Power Alarm Allows user to choose which power modu
135. voice voice_signaling guest_voice guest_voice_signaling softphone_voice video_conferencing streaming_video video_si gnaling tagged untagged lt vlan_id gt lt I2_priority gt lt dscp gt Parameters voice Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications voice_signaling Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media guest_voice Guest Voice to support a separate limited feature set voice service for guest users and 452 User s Manual of MGSW 24160F visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services guest_voice_signaling Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media softphone_voice Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN video_conferencing Video Conferencing is for use by dedicated Video Conferencing equipment and other simil
136. water sea ocean IETF Geopriv Civic Address based Location Configuration Information Civic Address LCI Object Description e Country code The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US e State National subdivisions state canton region province prefecture e County County parish gun Japan district e City City township shi Japan Example Copenhagen e City district City division borough city district ward chou Japan e Block Neighborhood Neighborhood block e Street Street Example Poppelvej e Leading street direction Leading street direction Example N e Trailing street suffix Trailing street suffix Example SW e Street suffix Street suffix Example Ave Platz e House no House number Example 21 e House no suffix House number suffix Example A 1 2 283 Landmark User s Manual of MGSW 24160F Landmark or vanity address Example Columbia University Additional location Additional location info Example South Wing info Name Name residence and office occupant Example Flemming Jahn Zip code Postal zip code Example 2791 Building Building structure Example Low Library Apartment Unit Apartment suite Example Apt 42 e Floor Floor Example 4 e Room no Room number Example 450F e Place type Place type Example Office
137. where x is a number between 2 and 254 to do the relative configuration on manager PC PLANET Managed Switch PC Workstation with IE Browser RJ 45 UTP Cable IP Address IP Address 192 168 0 100 192 168 0 x Figure 4 1 1 Web Management Diagram 44 User s Manual of MGSW 24160F m Logging on the switch 1 Use Internet Explorer 7 0 or above Web browser Enter the factory default IP address to access the Web interface The factory default IP Address as following http 192 168 0 100 2 When the following login screen appears please enter the default username admin with password admin or the username password you have changed via console to login the main screen of Managed Switch The login screen in Figure 4 1 2 appears Connect to 192 168 0 100 The server 192 168 0 100 at Web Management requires a username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name i v Password Remember my password Figure 4 1 2 Login Screen Default User name admin Default Password admin After entering the username and password the main screen appears as Figure 4 1 3 45 User s Manual of MGSW 24160F MGSW 24160F System SNMP gt Port Management Link Aggregation VLAN z al pres Welcome to PLANET Multicast QoS Access Contro
138. whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status The SSH Configuration screen in Figure 4 12 5 appears 256 User s Manual of MGSW 24160F SSH Configuration Mode Dista Figure 4 12 5 SSH Configuration Screen Page Screenshot The page includes the following fields Object Description e Mode Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 6 Port Security Status This page shows the Port Security status Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it For a MAC address to be set in the forwardi
139. which an LLDP neighbor is detected The LLDP Neighbor Information screen in Figure 4 14 4 appears The columns hold the following information LLDP Neighbor Information Auto Refresh Figure 4 14 4 LLDP Neighbor Information Page Screenshot The page includes the following fields 290 User s Manual of MGSW 24160F Object Description e Local Port The port on which the LLDP frame was received e Chassis ID The Chassis ID is the identification of the neighbor s LLDP frames Remote Port ID The Remote Port ID is the identification of the neighbor port System Name System Name is the name advertised by the neighbor unit Port Description Port Description is the port description advertised by the neighbor unit System Capabilities System Capabilities describes the neighbor unit s capabilities The possible capabilities are 1 Other Repeater Bridge WLAN Access Point 2 3 4 5 Router 6 Telephone 7 DOCSIS cable device 8 Station only 9 Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by e Management Address Management Address is the neighbor unit s address that is used for higher layer entities to assist the discovery by the network management This could for instance hold the neighbor s IP address Buttons Refresh Click to refresh the page immediately Auto refresh i Check
140. with the receiving of e mail and are not to be confused with the Simple Mail Transfer Protocol SMTP You send e mail with SMTP and a mail handler receives it on your recipient s behalf Then the mail is read using POP or IMAP IMAP4 and POP3 are the two most prevalent Internet standard protocols for e mail retrieval Virtually all modern e mail clients and servers support both PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia In a private VLAN communication between ports in that private VLAN is not permitted A VLAN can be configured as a private VLAN PTP is an acronym for Precision Time Protocol a network protocol for synchronizing the clocks of computer systems QCE is an acronym for QoS Control Entry It describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application QCL is an acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects 515
141. 0 0 0 0 1613 Disable 0 0 0 0 1613 Disable Auto Refresh C Figure 4 11 8 RADIUS Authentication Accounting Server Overview Page Screenshot The page includes the following fields RADIUS Authentication Servers Object Description o The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e State The current state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled 235 User s Manual of MGSW 24160F but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled RADIUS Accounting Servers Object Description o The RADIUS server number Click to navigate to detailed statistics for this server e IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e State The current
142. 0 0008 E O 1 O 1 O 1 OO 1 OO ME O ME O A O E O E O A O E OO E El O El O El O ll O E O E O E O E O E O E O E OO E OO E O ODOOODODOODOODO O0o000000000000o00o 10 1 1 1 1 1 1 1 1 19 20 2l 22 23 24 25 26 Auto Refresh O Figure 4 9 12 QoS Statistics Page Screenshot 186 User s Manual of MGSW 24160F The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e Low Queue There are 4 QoS queues per port with strict or weighted queuing scheduling This is the lowest priority queue e Normal Queue This is the normal priority queue of the 4 QoS queues It has higher priority than the Low Queue e Medium Queue This is the medium priority queue of the 4 QoS queues It has higher priority than the Normal Queue e High Queue This is the highest priority queue of the 4 QoS queues e Receive Transmit The number of received and transmitted packets per port Buttons Click to refresh the page immediately Refresh Car Clears the counters for all ports Auto refresh l Check this box to enable an automatic refresh of the page at regular intervals 4 9 8 DSCP Remarking This page allows you to configure DSCP remarking related settings for each port Frames can be classified by 4 different QoS classes are Low Normal Medium and High The classification can be controlled by Port QoS configuration page And this
143. 0 SFP 100BASE BX SFP transceiver WDM Single mode TX 1550nm RX 1310nm 20km E MFB TFX SFP 100BASE FX SFP transceiver Multi mode 1310nm 2km 40 75 C Ml MFB TF20 SFP 100BASE FX SFP transceiver Single mode 1310nm 20km 40 75 C 33 User s Manual of MGSW 24160F 1 It recommends using PLANET SFPs on the Managed Switch If you insert a SFP transceiver that is not supported the Managed Switch will not recognize it 2 MGB series SFP modules are guaranteed working under 10 50 C environmet but MGB TSX MGB TLX MBG T30 MGB T70 supports to 40 75 C 3 MFB series SFP modules are guaranteed working under 10 50 C environmet but MFB TFX MFB TF20 supports to 40 75 C Before connect the other Managed Switches workstation or Media Converter 1 Make sure both side of the SFP transceiver are with the same media type for example 1000Base SX to 1000Base SX 1000Bas LX to 1000Base LX Check the fiber optic cable type match the SFP transceiver model gt To connect to 1000Base SX SFP transceiver use the Multi mode fiber cable with one side must be male duplex LC connector type gt To connect to 1000Base LX SFP transceiver use the Single mode fiber cable with one side must be male duplex LC connector type Connect the fiber cable Attach the duplex LC connector on the network cable into the SFP transceiver Connect the other end of the cable to a device switches with SFP insta
144. 0F SWITCH gt igmp configuration IGMP Mode Description Set or show the IGMP snooping mode Syntax IGMP Mode enable disable Parameters enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting Disabled Example Enable IGMP mode SWITCH gt igmp mode enable 430 IGMP Leave Proxy Description Set or show the mode of IGMP Leave Proxy Syntax IGMP Leave Proxy enable disable Parameters enable Enable IGMP Leave Proxy disable Disable IGMP Leave Proxy default Show IGMP snooping mode Default Setting disable Example Enable IGMP leave proxy User s Manual of MGSW 24160F SWITCH gt igmp leave proxy enable IGMP State Description Set or show the IGMP snooping state for VLAN Syntax IGMP State lt vid gt enable disable Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting enable Example Disable VID 1 431 User s Manual of MGSW 24160F SWITCH gt igmp state 1 disable IGMP Querier Description Set or show the IGMP snooping querier mode for VLAN Syntax IGMP Querier lt vid gt enable disable Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs enable Enable IGMP querier disable Disable IGMP querier default Show IGMP querier mode
145. 0F industrial Managed Switch 1 1 Packet Contents Open the box of the Managed Switch and carefully unpack it The box should contain the following items Check the contents of your package for following parts M The Managed Switch x1 M User s Manual CD x1 M Quick Installation Guide x1 M 19 Rack Mount Accessory Kit x1 M AC Power Cord x1 M Rubber Feet X4 M RS 232 DB9 Male Console Cable x1 If any of these are missing or damaged please contact your dealer immediately if possible retain the carton including the original packing material and use them against to repack the product in case there is a need to return it to us for repair 1 2 Product Description Multiple SFP Fiber Port Switch for Growing Long Reach Networking of Enterprise Telecoms and Campus The MGSW 24160F is equipped with advanced management functions and provides 16 100 1000Mbps dual speed SFP Fiber ports and 8 10 100 1000Mbps TP ports delivered in a rugged strong case It is capable of providing non blocking switch fabric and wire speed throughput as high as 48 Gbps in the temperature range from 10 to 60 Degree C without any packet loss and CRC error which greatly simplifies the tasks of upgrading the enterprise LAN for catering to increasing bandwidth demands The MGSW 24160F is specially designed for service provider to deliver profitable Ethernet network Optimized Design for Metropolitan Area Network By means of improving the technology of Optical Fib
146. 12 8 appears DHCP Snooping Configuration Snooping Mode Disable v Port Mode Configuration 00 310102 U N _ gt to E E mn _ om h co _ da No i MN MI MI ha Qu v v v v v v v v v v v 12 v v v v v v v v v v v v v ho Figure 4 12 8 DHCP Snooping Configuration Screen Page Screenshot The page includes the following fields Object Description 261 User s Manual of MGSW 24160F e Snooping Mode Indicates the DHCP snooping mode operation Possible modes are Enabled Enable DHCP snooping mode operation When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports Disabled Disable DHCP snooping mode operation e Port Mode Indicates the DHCP snooping port mode Possible port modes are Trusted Configures the port as trusted sources of the DHCP message Untrusted Configures the port as untrusted sources of the DHCP message Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 9 DHCP Snooping Statistics This page provides statistics for DHCP snooping The statistics only counter packet under DHCP
147. 25 26 Auto Refresh O Figure 4 4 2 Port Statistics Overview Page Screenshot 93 User s Manual of MGSW 24160F The displayed counters are Object Description e Port The logical port for the settings contained in the same row e Packets The number of received and transmitted packets per port e Bytes The number of received and transmitted bytes per port e Errors The number of frames received in error and the number of incomplete transmissions per port e Drops The number of frames discarded due to ingress or egress congestion e Filtered The number of received frames filtered by the forwarding process Buttons Refresh Click to refresh the page immediately _ crear Clears the counters for all ports ini Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals 4 4 3 Port Statistics Detail This page provides detailed traffic statistics for a specific switch port Use the port select box to select which switch port details to display The selected port belongs to the currently selected unit as reflected by the page header The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit The Detailed Port Statistics screen in Figure 4 4 3 appears Detailed Port Statistics Auto Refresh O Poti vw Receive Total Transmit Total Rx Packets Tx Packets 1138 Rx Oct
148. 263 4 12 11 IP Source Guard Static Table ite si ee a ee i ee 265 4 12 12 ARP Inspection dd ri A AA 266 4 12 13 ARP Inspection Static Table c cionado qdo 268 4 13 Address Table ocn do Eear a ia oa Kou iones 269 4 13 1 MAC Address Table Configuration oooooccnoninnnnccccnnnocnncnonannnnnonnnnnnno nn rn nnnn nn rro 269 4 13 2 Static MAC Table Configuration oooononcccnnnocicnnoccconononnnnnonncnn non cnnn ttunttun AE rre 270 4 13 3 MAG Address Table Status ici cdas 270 4 13 4 MAC Table Learning emision iia 272 4 13 5 Dynamic ARP Inspection Table eee ceeesseceeeeeceeeeeneeeeeenaeeeceeeeeeeeaeeeseeaaeeeeeeeeeeesnaeeeeeeaaeeeseeeeeessieeeeesnaeeeeeeaaeees 273 4 13 6 Dynamic IP Source Guard Table ccccccccscceececeeeecenneeceeeeeeeeeanaeceeeeecaceaeaaeaeceeeeeseeaaeaecesessanaeeeeeeeseeseaeeeeeeeess 275 RA a 277 4 14 1 Link Layer Discovery Protocol ccoo debeis 277 4 1 42 EL DP Configuration la anda dees Me aad 277 4 14 3 LLDPMED Configtiration coco ata Abeta 281 4 14 4 LLDP MED Neighbor ccceccceeeeeceeeceeeeeeeeeeeeeseeeeecaeceaeceaeceaesceesececeeseeeeeaesaeseaeceaesaeecaeeeeseaeseaeeeaeeneeeneeeeeaes 287 4 14 5 NeIQhbot nrt re seed eee at whee 290 4 14 6 POrt Stati StI Sinanin sion heen bog e AA o oia 291 4 15 Network Diagnostics sii e A A as 294 AA DET PING Foreign Adc Sct Mahl o ht cate ee au ack het plan teh ohh Me E E A eSB aks 294 AO DPVG PING ze x2 ies cca end oe a Bate E acres eet aad wand SS 8
149. 3 Address Table Switching of frames is based upon the DMAC address contained in the frame The Managed Switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch that to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if there is not frame with the corresponding SMAC address has been seen after a configurable age time 4 13 1 MAC Address Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here The MAC Address Table Configuration screen in Figure 4 13 1 appears MAC Address Table Configuration Disable Automatic Aging Age Time Figure 4 13 1 MAC Address Table Configuration Page Screenshot The page includes the following fields Object Description e Disable Automatic Enables disables the the automatic aging of dynamic entries Aging e Aging Time The time after which a learned entry is discarded By defau
150. 33 to 126 Click to add a new group entry Reset Click to undo any changes made locally and revert to previously saved values 87 User s Manual of MGSW 24160F 4 3 5 4 SNMPv3 Views Configuration Configure SNMPv3 views table on this page The entry index key is View Name and OID Subtree The SNMPv3 Views Configuration screen in Figure 4 3 7 appears SNMPv3 Views Configuration View Type OID Subtree DO default_view included Y asdney view save Reset Figure 4 3 7 SNMPv3 Views Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e View Name A string identifying the view name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e View Type Indicates the view type that this entry should belong to Possible view type are included An optional flag to indicate that this view subtree should be included excluded An optional flag to indicate that this view subtree should be excluded General if a view entry s view type is excluded it should be exist another view entry which view type is included and it s OID subtree overstep the excluded view entry e OID Subtree The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed strin
151. 4 digits It is possible to specify the direction to either East of the prime meridian or West of the prime meridian e Altitude Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters 282 User s Manual of MGSW 24160F Meters Representing meters of Altitude defined by the vertical datum specified Floors Representing altitude in a form more relevant in buildings which have different floor to floor dimensions An altitude 0 0 is meaningful even outside a building and represents ground level at the given latitude and longitude Inside a building 0 0 represents the floor level associated with ground level at the main entrance e Map Datum Civic Address Location The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is the North American Vertical Datum of 1988 NAVD88 This datum pair is to be used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW North American Datum 1983 CRS Code 4269 Prime Meridian Name Greenwich The associated vertical datum is Mean Lower Low Water MLLW This datum pair is to be used when referencing locations on
152. 4 7 5 STP Bridge Status Page Screenshot The page includes the following fields Object Description e MSTI The Bridge Instance This is also a link to the STP Detailed Bridge Status e Bridge ID The Bridge ID of this Bridge instance e Root ID The Bridge ID of the currently elected root bridge e Root Port The switch port currently assigned the root port role e Root Cost Root Path Cost For the Root Bridge this is zero For all other Bridges it is the sum of the Port Path Costs on the least cost path to the Root Bridge e Topology Flag The current state of the Topology Change Flag for this Bridge instance e Topology Change Last The time since last Topology Change occurred 145 User s Manual of MGSW 24160F 4 7 4 CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations and possibly change them as well This page contains settings for aggregations and physical ports The RSTP port settings relate to the currently selected unit as reflected by the page header The STP CIST Port Configuration screen in Figure 4 7 6 appears STP CIST Ports Configuration CIST Aggregated Ports Configuration peste Por splice Path Cost a Admin Edge Auto Edge CE BPDU Guard Point to point CIST Normal Ports Configuration for Switch 1 Rese ot Enable Path Cost ty admin cage Admin Edge Auto Edge Foole BPDU Guard Point to point E E
153. A ceci r Oe ara E ae Ea ae ae eaa a ed eana aaaea aae En naaar e Enana deina ieaiaia 469 Firmware Load iaa 469 Firmware IPV6 LOaG EEAS E NE E EE 469 6 18 UPnP Command e teseadetanceesiderduadeeted 470 UPnP Configuration 0 A ei aie 470 UPNP Mode ost e lea etek tas ao de eee dere teed 470 UPAP Eta da La deal 471 WPnPAdvertiSing DUO A A A ER eee LS 471 6 19 MV Ann 472 Vdeo Aio UIE Lro aE ETTE E T sasdeceay ta cee dee 472 A Panina naa si ian Mee en io ee e ea 473 MVR Status Sx e cistes Sivan a kistr een aie each haiietod to Ade ee ah eee Ht eed eee Het en Mea een Yel 473 MVR Mode sitiada aran needa deste 473 MVR iRort MOG 2 i ccoo it dhe a ahaa ea dl De aaa Seed Shes a A atta e a ahd 474 MVR Multicast VIANA aa 474 MVR Pott Ty pOr laicas eet 475 MVR Immediate Leave igusta ati otis ted shideee yatceteg becasue ete Bled vac ea audi dee sel eiea ei 475 6 20 Voice VLAN COMMAND i 477 Voice VLAN Configuration cccccecccceeceeeeeeeee eee EA E 477 Voice VLAN Mode 30 3 ndan heed hae ee A een HG een 478 Voice VAN Dic edhe hain Wee detec ioe beng noha eet Wet et doc ng beg ned e e Aaa ea ef ora og eo dal 479 Voice VLAN AgetiM E conca aio 479 Voice VLAN Trafic Class a Ta 480 Voice VLAN DUIAddO ci aia 480 Voice VLAN Q T Delete coo iii 481 Voice VLAN OUD Clear napina acacia 481 Voice VLAN OU LOOK Up ene 482 Voice VLAN Port Mode cc a A tb ee 482 Voice VLAN Securities aaa 483 15 User s Manual of MGSW 24160F 6 21 SMTP C
154. AN if EAPOL Seen Port Configuration The switch remembers if an EAPOL frame has been received on the port for the lifetime of the port Once the switch considers whether to enter the Guest VLAN it will first check if this option is enabled or disabled If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the lifetime of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame has been received on the port for the lifetime of the port The value can only be changed if the Guest VLAN option is globally enabled The table has one row for each port on the selected switch and a number of columns which are Object Description e Port The port number for which the configuration below applies e Admin State If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without 217 User s Manual of MGSW 24160F authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X In the 802 1X world the user is called the supplican
155. Access Statistics screen in Figure 4 11 6 appears Network Access Statistics Port 1 Auto refresh C Pot w Port State Force Authorized Port State Globally Disabled Figure 4 11 6 Network Access Statistics Page Screenshot The page includes the following fields Port State Object Description e Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values e Port State The current state of the port Refer to NAS Port State for a description of the 225 User s Manual of MGSW 24160F individual states e QoS Class The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned e Port VLAN ID Port Counters Object The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID Read more about RADIUS assigned VLANs here If the port is moved to the Guest VLAN Guest is appended to the VLAN ID Read more about Guest VLANs here Description e EAPOL Counters These supplicant frame counters are available for the following administrative states Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X IEEE Name Direction Name Description Rx Total dot1xAuthEapolFrames The number of valid EAPOL Rx frames of any type that have
156. Aggregation VLAN Spanning Tree Multicast LLDP Diagnosti gt gt gt gt gt gt gt gt gt gt gt gt Figure 4 1 5 MGSW 24160F Managed Switch Main Functions Menu 48 4 2 System User s Manual of MGSW 24160F Use the System menu items to display and configure basic administrative details of the Managed Switch Under System the following topics are provided to configure and view the system information This section has the following items System Information IP Configuration IPv6 Configuration Users Configuration Users Privilege Levels NTP Configuration UPnP DHCP Relay DHCP Relay Statistics CPU Load System Log Detailed Log Remote Syslog Web Firmware Upgrade TFTP Firmware Upgrade Configuration Backup Configuration Upload SMTP Configure Digital input output Fault Alarm Factory Default System Reboot The switch system information is provided here Configure the switch managed IP information on this page Configure the switch managed IPv6 information on this page This page provides an overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser This page provides an overview of the privilege levels Configure NTP on this page Configure UPnP on this page Configure DHCP Relay on this page This page provides statistics for DHCP relay This page displays the CPU load using a SVG
157. Bhs eee eee eee ede ee eee donee 69 4 2 16 TFIEP Firmware Upgrade sinisiin A Egin 70 4 2 17 Configuration BACkUp Sacie ienn anpa tote kant pheentog en aap detenent ihc ai patada 71 4 218 Configuration Uploads e 2 bs zctzeeavetchceccchgnde R a se ydeecetde fica caged diet ihc daciaviedenadi a a E he 73 4 219 Digital input output 20 00 aaa 74 42 20 Faia a lee bbb ceed eaters win etes bola obs igrsdbed bung bveadaenstusdenheus lee coubalheuglgessbuettasuesecge ue reesGuemmesss 75 4 2 21 Factory Default oia ii cn 77 PES A O 78 4 3 Simple Network Management ProtOCOl oomoonnnocicnnnnnicncnsennnnccrccnrrc cr 79 4 3 1 SNMP Dr a dai 79 4 3 2 SNMP System Configuration civic ie 80 4 3 3 SNMP System Information Configuration oononcccconocccononocnnononcncnanannnn nono nnnn uttu nn Attn AnAk EAEE nn rn nn nn rr ANEAN NEEE n rra nan anname 81 4 3465NMP Trap Configuration syes it ai 82 4 3 5 SNMPv3 Configuration eieren e die 84 4 3 5 1 SNMPv3 Communities Configuration oooioncccnnnoncccnnnocnnonoconnnononnnc nano nn nr nnnn nn nar n rra nn rre rr 84 4 3 5 2 SNMPy3 Users Configuration iii io ita 84 4 3 5 3 SNMPv3 Groups Configuration oooooccnnonccnnoccccnononnncnnnonnnn conc nnnnnonn nr nano n nr rra n nn nn n nera ren nn r rra 87 4 3 5 4 SNMPy3 Views Configuration 88 4 3 5 5 SNMPv3 Accesses Configuration ooococononicnnnccccnnnoncncnononcnonononcnn non n nc canon rn nn rr rre nr rre 89 4 4 Port Manage Met eel i cndas 91 4 4 1 Por
158. CE Any No ICMP code filter is specified ICMP code filter status is don t care Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears e ICMP Code Value TCP UDP Parameters Object When Specific is selected for the ICMP code filter you can enter a specific ICMP code value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value Description e TCP UDP Source Filter Specify the TCP UDP source filter for this ACE Any No TCP UDP source filter is specified TCP UDP source filter status is don t care Specific If you want to filter a specific TCP UDP source filter with this ACE you can enter a specific TCP UDP source value A field for entering a TCP UDP source value appears Range If you want to filter a specific TCP UDP source range filter with this ACE you can enter a specific TCP UDP source range value A field for entering a TCP UDP source value appears 202 TCP UDP Source No User s Manual of MGSW 24160F When Specific is selected for the TCP UDP source filter you can enter a specific TCP UDP source value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Source Range When Range is selected for the TCP UDP source filter you can enter a specific TCP UDP source range value The allo
159. CP SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE 0 TCP frames where the SYN field is set must not be able to match this entry 1 TCP frames where the SYN field is set must be able to match this entry Any Any value is allowed don t care TCP PSH Specify the TCP Push Function PSH value for this ACE 0 TCP frames where the PSH field is set must not be able to match this entry 1 TCP frames where the PSH field is set must be able to match this entry Any Any value is allowed don t care TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE 0 TCP frames where the ACK field is set must not be able to match this entry 1 TCP frames where the ACK field is set must be able to match this entry Any Any value is allowed don t care TCP URG Specify the TCP Urgent Pointer field significant URG value for this ACE 0 TCP frames where the URG field is set must not be able to match this entry 203 User s Manual of MGSW 24160F 1 TCP frames where the URG field is set must be able to match this entry Any Any value is allowed don t care m Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected Object Description e EtherType Filter Specify the Ethernet type filter for this ACE Any No EtherType filter is specified EtherType filter status is don t care
160. CP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options E Circuit ID option 1 E Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on 60 User s Manual of MGSW 24160F The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agent s MAC address The DHCP Relay Configuration screen in Figure 4 2 11 appears The page includes the following fields Object DHCP Relay Configuration Relay Mode Relay Server Relay Information Mode Relay Information Policy Figure 4 2 11 DHCP Relay Configuration Page Screenshot Description e Relay Mode Indicates the DHCP relay mode operation Possible modes are Enabled Enable DHCP relay mode operation When enable DHCP
161. Disabled Disabled Disabled Disabled Port Copy Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Logging Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 390 Shutdown Counter Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled ooeoeoeoeoe90oeoeoeoeoeoeoeo oo oO Permit Permit Permit Permit Permit Permit Permit Permit Permit Permit Rate Limiter Rate 1 1 Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Security Network ACL Action Description Set or show the ACL port default action Syntax Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled User s Manual of MGSW 24160F Security Network ACL Action lt port_list gt permit deny lt rate_limiter gt lt port_copy gt lt logging gt lt shutdown gt 391 Parameters lt port_list gt Port list or all default All ports permit Permit forwarding default deny Deny
162. EE 802 1Q Tunneling Q in Q IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to maintain customer specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network A service provider s customers may have specific requirements for their internal VLAN IDs and number of VLANs supported VLAN ranges required by different customers in the same service provider network might easily overlap and traffic passing through the infrastructure might be mixed Assigning a unique range of VLAN IDs to each customer would restrict customer configurations require intensive processing of VLAN mapping tables and could easily exceed the maximum VLAN limit of 4096 117 User s Manual of MGSW 24160F OMAN Q in Q VLAN Tunnel Headquarter IGSW 24040T Sere gt MAN Edge Switch mess A a VLAN 1 20 MAN Service Provider Domair IGSW 24040T Edge Switch VLAN 1 20 AS Q in Q SS MAN Edge Switch Q in Q VLAN Tunnel The Managed Switch supports multiple VLAN tags and can therefore be used in MAN applications as a provider bridge aggregating traffic from numerous ind
163. Example Look up PVLAN SWITCH gt lookup PVLAN ID Ports PVLAN Isolate Description Set or show the port isolation mode Syntax PVLAN Isolate lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port isolation 342 User s Manual of MGSW 24160F disable Disable port isolation default Show port isolation port list Default Setting Promiscous Example Enable isolate for port10 SWITCH gt pvlan isolate 10 enable 343 6 7 Security Command Security Switch User Configuration Description Show users configuration Syntax Security Switch Users Configuration Default Setting User Name Privilege admin 15 guest 5 Example Enable isolate for port10 SWITCH gt security switch user configuration Users Configuration Security Switch User Add Description Add or modify users entry Syntax Security Switch Users Add lt user_name gt lt password gt lt privilege_level gt User s Manual of MGSW 24160F Parameters lt user_name gt A string identifying the user name that this entry should belong to lt password gt The password for this user name Use clear or as null string lt privilege_level gt User privilege level 1 15 User s Manual of MGSW 24160F Example Add new user username test password test amp privilege 10 SWITCH gt securi
164. F Parameters lt server_index gt The server index 1 5 lt ip_addr_string gt IP host address a b c d or a host name string Example To add NTP server SWITCH gt ip ntp server add 1 60 249 136 151 IP NTP Server IPv6 Add Description Add NTP server IPv6 entry Syntax IP NTP Server Ipv6 Add lt server_index gt lt server_ipv6 gt Parameters lt server_index gt The server index 1 5 lt server_ipv6 gt Pv6 server address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example To add IPv6 NTP server SWITCH gt ip ntp server ipv6 add 1 2001 7b8 3 2c 123 IP NTP Server Delete Description Delete NTP server entry Syntax IP NTP Server Delete lt server_index gt Parameters 318 User s Manual of MGSW 24160F lt server_index gt The server index 1 5 Example To delete NTP server SWITCH gt ip ntp server delete 1 319 User s Manual of MGSW 24160F 6 3 Port Management Command Port Configuration Description Show port configuration Syntax Port Configuration lt port_list gt up down Paramete
165. I l l i 802 1Q VLAN Trunking VLAN 2 VLAN 3 PC 4 Untagged PC 1 Untagged AS a e o oe s lt j a e e e e Setup steps 1 Create VLAN Group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 VLAN Group 3 with VID 3 2 Assign VLAN Member 133 User s Manual of MGSW 24160F VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 About the VLAN ports connect to the hosts please refer to 4 6 10 1 examples The following steps will focus on the VLAN Trunk port configuration 1 Specify Port 8 to be the 802 1Q VLAN Trunk port 2 Assign Port 8 to both VLAN 2 and VLAN 3 at the VLAN Member configuration page 3 Define a VLAN 1 as a Public Area that overlapping with both VLAN 2 members and VLAN 3 members 4 Assign the VLAN Trunk Port to be the member of each VLAN which wants to be aggregated At this sample add Port 8 to be VLAN 2 and VLAN 3 member port The screen in Figure 4 6 12 appears VLAN Membership Configuration Start fram WLAN 1 with 20 entries per page Refresh Port Members O ste ven ro a Te Te T e Te Los ooln laff ekspo Figure 4 6 12 VLAN Overlap Port Setting 8 VLAN 1 The Public Area Member Assign 5 Specify Port 8 to be the 802 1Q VLAN Trunk port
166. ID already exists the QCE will be modified Otherwise a new QCE will be added If the QCE ID is not specified the next available QCE ID will be used If the next QCE ID parameter lt qce_id_next gt is specified the QCE will be placed before this QCE in the list If the next QCE ID is not specified the QCE will be placed last in the list Syntax QoS QCL Add lt qcl_id gt lt qce_id gt lt qce_id_next gt etype lt etype gt vid lt vid gt port lt udp_tcp_port gt dscp lt dscp gt tos lt tos_list gt tag_prio lt tag_prio_list gt lt class gt Parameters lt qcl_id gt QCL ID lt qce_id gt QCE ID 1 24 lt qce_id_next gt Next QCE ID 1 24 etype Ethernet Type keyword lt etype gt Ethernet Type vid VLAN ID keyword lt vid gt VLAN ID 1 4095 port UDP TCP port keyword lt udp_tcp_port gt Source or destination UDP TCP port 0 65535 dscp IP DSCP keyword lt dscp gt IP DSCP 0 63 tos IP ToS keyword lt tos_list gt IP ToS list 0 7 tag_prio VLAN tag priority keyword lt tag_prio_list gt VLAN tag priority list 0 7 lt class gt Traffic class low normal medium high or 1 2 3 4 QoS QCL Delete Description Delete QCE Syntax QoS QCL Delete lt qcl_id gt lt qce_id gt Parameters lt qcl_id gt QCL ID lt qce_id gt QCE ID 1 24 459 QoS QCL Look up Description Look up QCE Syntax QoS QCL Look up lt qcl_id gt lt q
167. LAN Traffic Class High Voice VLAN OUI Table PLANET phones Cisco phones H3C phones Philips and NEC AG phones Pingtel phones Polycom phones 3Com phones Siemens AG phones Voice VLAN Port Configuration 477 User s Manual of MGSW 24160F Security Discovery Protocol Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Voice VLAN Mode Description Set or show the Voice VLAN mode We must disable MSTP feature before we enable Voice VLAN It can avoid the conflict of ingress filter Syntax Voice VLAN Mode enable disable Parameters enable Enable Voice VLAN mode 478 User s Manual of MGSW 24160F User s Manual of MGSW 24160F disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting disable Example Enable the Voice VLAN mode SWITCH gt voice vian mode enable Voice VLAN ID Description Set or show Voice VLAN ID Syntax Voice VLAN ID lt vid gt Parameters lt vid gt VLAN ID 1 4095 Default Setting 1000 Example Set ID 2 for Vo
168. LAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames 520 User s Manual of MGSW 24160F Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames received on a subscriber port are forwarded to the provider port with a double VLAN tag VLAN ID is a 12 bit field specifying the VLAN to which the frame belongs Voice VLAN is VLAN configured specially for voice traffic By adding the ports with voice devices attached to voice VLAN we can perform QoS related configuration for voice data ensuring the transmission priority of voice traffic and voice quality WEP is an acronym for Wired Equivalent Privacy WEP is a deprecated algorithm to secure IEEE 802 11 wireless networks Wireless network broadcast messages using radio so are more susceptible to eavesdropping than wired networks When introduced in 1999 WEP was intended to provide confidentiality comparable to that of a traditional wired network Wikipedia WiFi is an acronym for Wireless Fidelity It is meant to be used g
169. LANs where hosts have requested it them 166 User s Manual of MGSW 24160F This page provides MVR related configuration The MVR Configuration screen in Figure 4 8 10 appears MVR Configuration lt 1 Disabled Y Receiver Disabled 2 iver Y Disabled 3 Disabled Receiver Disabled 4 Disabled Receiver Disabled 5 Disabled Receiver Disabled 6 7 8 9 iver Disabled Disabled Receiver Disabled Disabled Receiver Disabled Disabled vw j Disabled 10 iver Y Disabled 11 Disabled v Disabled 12 Disabled Receiver Disabled 13 Disabled Y Receiver Y Disabled 14 Disabled Y Receiver Y Disabled 15 Disabled Disabled 16 Disabled Y Receiver Y Disabled 17 Disabled Y Receiver Disabled 18 Disabled vw j Disabled 19 Disabled Receiver Y Disabled 20 Disabled v Receiver Disabled 21 Disabled Y Receiver Disabled 22 Disabled v Receiver Disabled 23 Disabled Y Receiver Y Disabled 24 Figure 4 8 10 MVR Configuration Page Screenshot i lt lt ji Ei i lt lt The page includes the following fields Object Description e MVR Mode Enable Disable the Global MVR 167 User s Manual of MGSW 24160F e VLAN ID Specify the Multicast VLAN ID e Mode Enable MVR on the port
170. LLDP frame is transmitted but the time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds This attribute must comply with the rule 4 Delay Interval lt Transmission Interval e Tx Reinit When a port is disabled LLDP is disabled or the switch is rebooted a LLDP LLDP Port Configuration shutdown frame is transmitted to the neighboring units signaling that the LLDP information isn t valid anymore Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds The LLDP port settings relate to the currently selected unit as reflected by the page header Object Description e Port The switch port number of the logical LLDP port e Mode Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbor units is analyzed Tx only The switch will drop LLDP information received from neighbors but will send out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbors Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbors e CDP Aware Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames The s
171. MAC address and VLAN ID that is seen on this port If no MAC addresses ID are learned a single row stating No MAC addresses attached is displayed e State Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic e Time of Adding Shows the date and time when this MAC address was first seen on the port e Age Hold If at least one user module has decided to block this MAC address it will stay in the blocked state until the hold time measured in seconds expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will periodically check that this MAC address still forwards traffic If the age period measured in seconds expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise a new age period will begin If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown Buttons Refresh Click to refresh the page immediately 260 User s Manual of MGSW 24160F 4 12 8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of DUT when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this page The DHCP Snooping Configuration screen in Figure 4
172. MGSW 24160F is the same with SGSW 24040 Step1 Attach the rubber feet to the recessed areas on the bottom of the Managed Switch Step2 Place the Managed Switch on the desktop or the shelf near an AC power source as shown in Figure 2 4 Figure 2 4 Place the Managed Switch on the Desktop 30 User s Manual of MGSW 24160F Step3 Keep enough ventilation space between the Managed Switch and the surrounding objects When choosing a location please keep in mind the environmental restrictions discussed in Chapter 1 Section 4 and Specification Step4 Connect the Managed Switch to network devices Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Managed Switch Connect the other end of the cable to the network devices such as printer servers workstations or routers etc Connection to the Managed Switch requires UTP Category 5 network cabling with RJ 45 tips For more information please see the Cabling Specification in Appendix A Step5 Supply power to the Managed Switch Connect one end of the power cable to the Managed Switch Connect the power plug of the power cable to a standard wall outlet When the Managed Switch receives power the Power LED should remain solid Green 2 2 2 Rack Mounting To install the Managed Switch in a 19 inch standard rack please follows the instructions described below Step1 Place the Managed Switch on a hard fl
173. Manual of MGSW 24160F Responses dot1xAuthBackendResp onses server 802 1X based Counts the number of times that the switch attempts to send a supplicant s first response packet to the backend server Indicates the switch is attempting to communicate with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted e Last Supplicant Client Info Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Name IEEE Name Description MAC dotixAuthLastEapolF The MAC address of the last supplicant client Address rameSource VLAN ID The VLAN ID on which the last frame from the last supplicant client was received Version dotixAuthLastEapolF 802 1X based rameVersion The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable 229 Selected Counters Object User s Manual of MGSW 24160F Identity 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL frame MAC based Not applicable Description e Selected Counte
174. Manual of MGSW 24160F e Counter The counter indicates the number of times the ACE was hit by a frame e Modification Buttons You can modify each ACE Access Control Entry in the table using the following buttons O Inserts a new ACE before the current row Edits the ACE row O Moves the ACE up the list Moves the ACE down the list Deletes the ACE The lowest plus sign adds a new entry at the bottom of the ACE listings Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs at regular intervals Click to refresh the page any changes made locally will be undone Click to clear the counters Remove All Click to remove all ACEs 4 10 3 ACE Configuration Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type that you selected The ACE Configuration screen in Figure 4 10 3 appears 196 User s Manual of MGSW 24160F ACE Configuration hay V Frame Type Port Copy Logging MAC Parameters VLAN Parameters DMAC Filter VLAN ID Filter Any Tag Priority Figure 4 10 3 ACE Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port Selec
175. N ID 1 4095 default Show current MVR multicast VLAN ID Default Setting 100 Example Set VLAN 1000 for MVR multicast VLAN ID SWITCH gt mvr multicast vlan 1000 MVR Port Type Description Set or show MVR port type Syntax MVR Port Type lt port_list gt source receiver Parameters lt port_list gt Port list or all default All ports source Enable source mode receiver Disable receiver mode default Show MVR port type Default Setting receive Example Set source type for MVR port type of port 1 SWITCH gt mvr port type 1 source MVR Immediate Leave Description Set or show MVR port state about immediate leave Syntax 475 MVR Immediate Leave lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Immediate leave mode disable Disable Immediate leave mode default Show MVR Immediate leave mode Default Setting disable Example Enable MVR port state about immediate leave for port 1 User s Manual of MGSW 24160F SWITCH gt mvr immediate leave 1 enable 476 6 20 Voice VLAN Command Voice VLAN Configuration Description Show Voice VLAN configuration Syntax Voice VLAN Configuration Example Show Voice VLAN configuration SWITCH gt voice vian configuration Voice VLAN Configuration Disabled Voice VLAN VLAN ID 1000 Voice VLAN Age Time seconds 86400 Voice V
176. O Tx Lease Unassigned Rx Lease Unknown 0 Tx Lease Unknown 402 User s Manual of MGSW 24160F Rx Lease Active O Tx Lease Active 0 Security Network IP Source Guard Configuration Description Show IP source guard configuration Syntax Security Network IP Source Guard Configuration Example Show IP source guard configuration SWITCH gt security network ip source guard configuration IP Source guard Configuration IP Source Guard Mode Disabled Port Port Mode Dynamic Entry Limit Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited 403 User s Manual of MGSW 24160F Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited Disabled unlimited IP Source Guard Entry Table Type Port VLAN IP Address IP Mask Security Network IP Source Guard Mode Description Set or show IP source guard mode Syntax Security Network IP Source Guard Mode enable disable Parameters enable Enable IP Source Guard disable Disable IP Source Guard Default Setting disable Example Enable IP source guard mode SWITCH gt security network ip source gu
177. OUI table will restart auto detect OUI process The Voice VLAN OUI Table screen in Figure 4 9 15 appears Voice VLAN OUI Table 00 30 4f PLANET phones 00 03 6b Cisco phones 00 0f e2 H3C phones 00 60 b9 Philips and NEC AG phones 00 d0 1e Pingtel phones 00 e0 75 Polycom phones 00 e0 bb 3Com phones 00 01 e3 Siemens AG phones Figure 4 9 15 Voice VLAN OUI Table Page Screenshot O O O O O O O O The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Telephony OUI An telephony OUI address is a globally unique identifier assigned to a vendor by IEEE It must be 6 characters long and the input format is xx xx xx x is a hexadecimal digit e Description The description of OUI address Normaly it describes which vendor telephony device The allowed string length is 0 to 32 Buttons Add new entry Click to add a new access management entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 192 User s Manual of MGSW 24160F 4 10 Access Control Lists ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privi
178. Please check the VLAN settings trunk settings or port enabled disabled status M Performance is bad Solution Check the full duplex status of the Ethernet Switch If the Ethernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port M Why the Switch doesn t connect to the network Solution 1 Check the LNK ACT LED on the switch 2 Try another port on the Switch 3 Make sure the cable is installed properly 4 Make sure the cable is the right type 5 Turn off the power After a while turn on power again HM 100Base TX port link LED is lit but the traffic is irregular Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting M Switch does not power up Solution lis AC power cord not inserted or faulty 2 Check that the AC power cord is inserted correctly 3 Replace the power cord if the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 501 User s Manual of MGSW 24160F 4 If that device works refer to the next step 5 If that device does not work check the AC power E while IP Address be changed or forgotten admin password To reset the IP address to the default IP Address 192 168 0 100
179. Report version 2 Leave a Group version 2 Membership Report version 1 IGMP packets enable multicast routers to keep track of the membership of multicast groups on their respective sub networks The following outlines what is communicated between a multicast router and a multicast group member using IGMP A host sends an IGMP report to join a group A host will never send a report when it wants to leave a group for version 1 A host will send a leave report when it wants to leave a group for version 2 Multicast routers send IGMP queries to the all hosts group address 224 0 0 1 periodically to see whether any group members exist on their sub networks If there is no response from a particular group the router assumes that there are no group members on the network The Time to Live TTL field of query messages is set to 1 so that the queries will not be forwarded to other sub networks IGMP version 2 introduces some enhancements such as a method to elect a multicast queried for each LAN an explicit leave 159 User s Manual of MGSW 24160F message and query messages that are specific to a given group The states a computer will go through to join or to leave a multicast group are shown below Non Member Leave Group Stop Timer Join Group Send Report Start Timer Leave Group Query Received Start Timer Report Received Stop Timer Timer Expried Send report Figur
180. SW 24160F System SNMP Port Management Link Aggregation gt VLAN Spanning Tree aast Welcome to PLANET QoS Access Control List MGSW 24160F Authentication Security 24 Port 10 100 1000Mbps with 16 SFP MAC Address Table LLDP Management Switch Diagnostics HELP PLANET Technology Corporation 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528 Email sales planet com tw Copyright82011 PLANET Technology Corporation All rights reserved Figure 3 4 Web Main Screen of Managed Switch 42 User s Manual of MGSW 24160F 3 5 SNMP Based Network Management You can use an external SNMP based application to configure and manage the Managed Switch such as SNMPc Network Manager HP Openview Network Node Management NNM or What s Up Gold This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Net work management Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the Managed Switch are public PLANET Managed Switch Serre y SNMP Agent Status Enabled bead iaa PC Workstation
181. System Location Timezone Offset 0 CLI Prompt SWITCH MAC Address 00 30 4f 76 27 10 Power Status AC Power OFF DC Power1 OFF DC Power2 ON Temperature 49 5 C 121 1 F System Time 1970 01 01 Thu 00 08 08 0000 System Uptime 00 08 08 Software Version Beta110426 Software Date 2010 06 23 15 43 02 0800 Previous Restart Cool SWITCH gt System Name Description Set or show the system name Syntax System Name lt name gt Parameters lt name gt System name or clear to clear System name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No blank or space characters are permitted as part of a name The first character must be an alpha character and the first or last character must not be a minus sign 305 User s Manual of MGSW 24160F Example To set device title Switch gt System name MGSW 24160F LAB System Contact Description Set or show the system contact Syntax System Contact lt contact gt Parameters lt contact gt System contact string Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Default Setting empty Example To set device contact Switch gt System contact MGSW 24160F Test System Location Description Set or show the system location Syntax System Location lt location gt Parameters lt location gt System location string
182. TP parameters for the switch level Parameter Description Default Value Bridge Identifier Not user A combination of the User set priority and 32768 MAC configurable the switch s MAC address except by setting priority The Bridge Identifier consists of two parts below a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC Priority A relative priority for each switch lower 32768 numbers give a higher priority and a greater chance of a given switch being elected as the root bridge Hello Time The length of time between broadcasts of 2 seconds the hello message by the switch Maximum Age Timer Measures the age of areceived BPDU fora 20 seconds port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer Forward Delay Timer The amount time spent by a port in the 15 seconds learning and listening states waiting for a BPDU that may return the port to the blocking state The following are the user configurable STP parameters for the port or port group level Variable Description Default Value Port Priority A relative priority for each 128 port lower numbers give a higher priority and a greater chance of a given port being elected as the root port Port Cost A value used by STP to evaluate paths 200 000 100Mbps Fast Ethernet ports STP calculates path costs and selects the 20 000 1000Mbps Gigabit Ethernet path with the minimum cost as the active por
183. Table match In addition the two input fields will upon a Refresh button click assume the value of the first displayed entry allowing for continuous refresh with the same start address The gt gt will use the last entry of the currently displayed as a basis for the next lookup When the end is reached the text No more entries is shown in the displayed table Use the lt lt button to start over The page includes the following fields Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port e VLAN ID The VLAN ID of the entry e MAC address The MAC address of the entry e IP Address The IP address of the entry Buttons Auto refresh Ch Check this box to enable an automatic refresh of the page at regular intervals Refiesh Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Cea Flushes all dynamic entries 275 User s Manual of MGSW 24160F Lk lt Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address gt gt gt Updates the table starting with the entry after the last entry currently displayed 276 User s Manual of MGSW 24160F 4 14 LLDP 4 14 1 Link Layer Discovery Protocol Link Layer Discovery Protocol LLDP is used to discover basic information about neighboring
184. There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet 113 User s Manual of MGSW 24160F backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained 802 1Q Tag User Priority CFI VLAN ID VID 3 bits 1 bits 12 bits TPID Tag Protocol Identifier TCI Tag Control Information 2 bytes Preamble Destination Source VLAN TAG Ethernet Data FCS Address Address Type 6 bytes 6 bytes 4 bytes 2 bytes 46 1500 bytes 4 bytes The Ether Type and VLAN ID are inserted after the MAC source address but before the original Ether Type Length or Logical Link Control Because the packet is now a bit longer than it was originally the Cyclic Redundancy Check CRC must be recalculated
185. U e CPU Once Forward first packet that matched the specific ACE to CPU e Counter The counter indicates the number of times the ACE was hit by a frame e Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations Buttons Combined w Refresh a l Select the ACL status from this drop down list Click to refresh the page any changes made locally will be undone 4 10 2 Access Control List Configuration This page shows the Access Control List ACL which is made up of the ACEs defined for this Managed Switch Each row describes the ACE that is defined m The maximum number of ACEs is 128 a Click on the lowest plus sign to add a new ACE to the list The Access Control List Configuration screen in Figure 4 10 2 appears 194 User s Manual of MGSW 24160F Access Control List Configuration Ingress Port Frame Type Rate Limiter Port Copy Logging Shutdown Counter Figure 4 10 2 Access Control List Configuration Page Screenshot The page includes the following fields Object Description e Ingress Port Indicates the ingress port of the ACE Possible values are Any The ACE will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port e Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame t
186. Unknown The network policy for the specified application type is currently unknown Defined The network policy is defined e TAG TAG is indicating whether the specified application type is using a tagged or an untagged VLAN Can be Tagged ot Untagged Untagged The device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 Tagged The device is using the IEEE 802 1Q tagged frame format VLAN ID VLAN ID is the VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 A value of 1 through 4094 is used to define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames as defined by IEEE 802 1Q 2003 meaning that only the IEEE 802 1D priority level is significant and the default PVID of the ingress port is used instead Priority Priority is the Layer 2 priority to be used for the specified application type One of eight priority levels 0 through 7 DSCP DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Buttons Refresh Click to refresh the page immediately Auto refresh H Check this box to enable an automatic refresh of the page at regular intervals 4 14 5 Neighbor This page provides a status overview for all LLDP neighbors The displayed table contains a row for each port on
187. W 24160F Parameters lt community gt Community string Use clear or to clear the string default Show SNMP read community Default Setting public Example Set to SNMP read community private SWITCH gt security switch snmp read community private Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax Security Switch SNMP Write Community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP write community Default Setting private Example Set public value in SNMP write community SWITCH gt security switch snmp write community public Security Switch SNMP Trap Mode Description Set or show the SNMP trap mode Syntax Security Switch SNMP Trap Mode enable disable 359 User s Manual of MGSW 24160F Parameters enable Enable SNMP traps disable Disable SNMP traps default Show SNMP trap mode Default Setting disable Example Enable SNMP trap mode SWITCH gt security switch snmp trap mode enable Security Switch SNMP Trap Version Description Set or show the SNMP trap protocol version Syntax Security Switch SNMP Trap Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting 1 Example Set SNMP trap version in version 2c SWITCH gt s
188. a e A EPEE TEET ETTET arden 376 Security Network Limit Configuration ooocccinnnncnnncoccnnnoncncnonannno nono ncnn non rn crono nn n rn nn rre rana 377 Security Network Limit Mode coord ias 378 Security Network Limit AGIA esirippua evia 378 security Network Limit AgetiMe cocida tai 379 Security Network Limit Port ed 379 Security Network Limit LiMit oiccooninii iii 380 Security Network LimitA clica ii aiii 381 Security Network Limit REOPEN ooooccccnnoccconococcnononononononnnnnnnno cnn nro cnn nano nn r nn rre 381 Security Network NAS ConfiguratiON ooooccnnnnnnnnoccccnnnonnncnonannno nono ncnn nn nnr naar nn AAAA r rro arre rra 382 Security Network NAS MOd siriasi enn ae diodo 382 Security Network NAS Hate ssie eienn aipe st ll lobo 383 Security Network NAS Reauthentication ooooooncnnncccnnnoccccnonocnnononcccnnnonn nc nono cnn rn nn cnn narran 384 Security Network NAS ReauthPeri0d oooooocccconcccnnocccccononcnonononcno nono nonn ano nn nr nan nn r anna rra 384 Security Network NAS EapolTiMeOUt ooooocccnnnncnnnoccccnononcncnononcnnnonn nn nano nn rr nnnn nn rare 385 Sec rity Network NAS AgetiMe canica ica 385 Security Network NAS Holdtime oooooconoccccnonocccononcccnononcnnnnnnnno non ncnnn nn n rr narrar 386 Security Network NAS RADIUS QOS edina pa eae ce eee eaaaaeaeee cess eagaaeaeeeceeeeegceaaeaeseeeessceaeeeeeseeesanaeees 386 Security Network NAS RADIUS_VLAN oocccicocccccoccnccononcnonononcnnnonnnnnnno nn nr nano
189. able for implementing fault tolerant and mesh network architectures Powerful Security The Managed Switch offers comprehensive Access Control List ACL for enforcing security to the edge lts protection mechanisms also comprise of port based 802 1x and MAC based user and device authentication The port security is effective in limit the numbers of clients pass through so that network administrators can now construct highly secured corporate networks with time and effort considerably less than before 19 User s Manual of MGSW 24160F 1 3 How to Use This Manual This User Manual is structured as follows Section 2 INSTALLATION The section explains the functions of the Switch and how to physically install the Managed Switch Section 3 SWITCH MANAGEMENT The section contains the information about the software function of the Managed Switch Section 4 WEB CONFIGURATION The section explains how to manage the Managed Switch by Web interface Section 5 COMMAND LINE INTERFACE The section describes how to use the Command Line interface CLI Section 6 CLI CONFIGURATION The section explains how to manage the Managed Switch by Command Line interface Section 7 SWITCH OPERATION The chapter explains how to does the switch operation of the Managed Switch Section 8 TROUBSHOOTING The chapter explains how to trouble shooting of the Managed Switch Appendix A The section contains cable information of the Managed Switch 20 User s Manual
190. abled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 472 User s Manual of MGSW 24160F Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled User s Manual of MGSW 24160F MVR Group Description Show the MVR group Syntax MVR Group MVR Status Description Show the MVR status Syntax MVR Status MVR Mode Description Set or show the MVR mode Syntax MVR Mode enable disable Parameters enable Enable MVR mode disable Disable MVR mode default Show MVR mode 473 User s Manual of MGSW 24160F Default Setting disable Example Enable MVR mode SWITCH gt mvr mode enable MVR Port Mode Description Set or show the MVR port mode Syntax MVR Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting disable Example Enable the MVR port mode for port 1 4 SWITCH gt mvr port mode 1 4 enable MVR Multicast VLAN Description Set or show MVR multicast VLAN ID Syntax MVR Multicast VLAN lt vid gt 474 User s Manual of MGSW 24160F Parameters lt vid gt VLA
191. address is located according to the information from address table But if the destination address is located at the same port with this packet comes in then this packet will be filtered Thereby increasing the network throughput and availability 7 4 Store and Forward Store and Forward is one type of packet forwarding techniques A Store and Forward Ethernet Switching stores the incoming frame in an internal buffer do the complete error checking before transmission Therefore no error packets occurrence it is the best choice when a network needs efficiency and stability The Ethernet Switch scans the destination address from the packet header searches the routing table pro vided for the incoming port and forwards the packet only if required The fast forwarding makes the switch attractive for connecting servers directly to the network thereby increasing throughput and availability How ever the switch is most commonly used to segment existence hubs which nearly always improves overall performance An Ethernet Switching can be easily configured in any Ethernet network environment to signifi cantly boost bandwidth using conventional cabling and adapters Due to the learning function of the Ethernet switching the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source addre
192. ady The server is enabled IP communication is up and run and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip radiusAccClientExtRo The time interval measured in milliseconds Time undTripTime between the most recent Response and the Request that matched it from the RADIUS accounting server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet 4 11 9 Windows Platform RADIUS Server Configuration Setup the RADIUS server and assign the client IP address to the Managed switch In this case field in the default IP Address of the Managed Switch with 192 168 0 100 And also make sure the shared secret key is as same as the one you had set at the Managed Switch s 802 1x system configuration 12345678 at this case 242 1 2 User s Manual of MGSW 24160F Configure the IP Address of remote RADIUS server and secret key Authentication Server Configuration Common Server Configuration Timeout seconds Dead Time 200 seconds RADIUS Authenticati
193. agged frames This parameter affects VLAN ingress processing If the port only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All e Link Type Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or remove the tag from a frame on egress Untag outgoing frames without VLAN Tagged Tagged outgoing frames with VLAN Tagged e Q in Q Mode Sets the Managed Switch to QinQ mode and allows the QinQ tunnel port to be configured The default is for the Managed Switch to function in Disable mode Disable The port operates in its normal VLAN mode This is the default MAN Port Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network Set Out layer VLAN tag ether type The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port 802 1Q Tag 8100 vMAN Tag 88A8 Default 802 1Q Tag The port must be a member of the same VLAN as the Port VLAN ID Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 120 User s M
194. al ype in A E e a aa eea ias 333 VLAN Ingress Filter rainn ie 333 VEAN Modest o a oh ee 334 MEAN Link TYpe ii sextet socie ot to sete oe ele a a a ai 335 VLAN MEA Me do 335 VLAN Ethernet Type sos 336 VEAN AGG tt a de dd 336 VEAN Delete occidente 337 UA A AS 337 VLAN Status ai 338 6 6 Private VLAN Configuration Command ccccsecceeeeseeeeeeneeeneeeeeeeeeseseeeeneeeeseneeeseaesaseeeeeeeeesseaesaseeeneneeees 340 PVLAN Configuration 0 cccn caved ein A a aes 340 PVEAN AG Sos ec e Ae ee kee seed He ede ee a eee ee 341 PULAN Delete rosita da e dl doit 341 PVEAN LOOKUP ica dd daa 342 PALA N Isolate 000 e aid 342 TESTATA Eo aaral BAe E E E E E aldesauee ene 344 Security Switch User Configuration oonnoncccnnnnnnnoccccnononnncnonancnnnnrn cn nano nnn rre 344 security Switch User Add eiii aii ii 344 Security Switch User Delete ccoo aria 345 Security Switch Privilege Level Configuration ooooccnnnnncnnnocconnoccccnnnonnnonono cnn nnnrn cnn ano tutkita rn rn 345 Security Switch Privilege Level GrOUP ooooocccnnociconoccccnononcnononancno nono cc e aaki de eiki e ia 346 Security Switch Privilege Level Current oocccinncicci eeteeeveuesineespoesbedieesays 347 Security Switch Auth Configuration oononcccninonicnnoccccnononnnononannnnnnrn nn non nn rr nano rre rre 347 Security Switch Auth Methodes ieii A EE 348 Security Switch SSH Configuration ianea ena aaae enke AAE NE rre 349 Security Switch SSH Modei ariere i ii idas 349
195. alue 7 packets received and transmitted e Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted e Rx and Tx Lease Query The number of lease query option 53 with value 10 packets received and transmitted e Rxand Tx Lease The number of lease unassigned option 53 with value 11 packets received and Unassigned transmitted e Rxand Tx Lease The number of lease unknown option 53 with value 12 packets received and Unknown transmitted e Rxand Tx Lease The number of lease active option 53 with value 13 packets received and Active transmitted Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately clear Clears the counters for the selected port 4 12 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host This page provides IP Source Guard related configuration The IP Source Guard 263 User s Manual of MGSW 24160F Configuration screen in Figure 4 12 10 appears IP Source Guard Configuration Mode Date Y Port Mode Configuration Port Mode Max Dynamic Clients
196. alue and fulfil the following requirements if Tag 0 is used the Tunnel Private Group ID does not need to include a Tag Value of Tunnel Medium Type must be set to IEEE 802 ordinal 6 Value of Tunnel Type must be set to VLAN ordinal 13 Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 e Guest VLAN Enabled When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e e Port based 802 1X Single 802 1X Multi 802 1X For trouble shooting VLAN assignments use the Monitor VLANs VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration Guest VLAN Operation When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received in the meanwhile the switch considers entering the Guest VLAN The interval between transmissions of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Guest VLAN if EAPOL Seen is
197. ame counters are available for the following administrative states Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth Direction Name IEEE Name Description 227 User s Manual of MGSW 24160F Access Challenges Other Requests Auth Successes Auth Failures 228 dot1xAuthBackendAcce ssChallenges dot1xAuthBackendOther Requests ToSupplicant dot1xAuthBackendAuth Successes dot1xAuthBackendAuth Fails 802 1X based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table 802 1X based Counts the number of times that the switch sends an EAP Request packet following the first to the supplicant Indicates that the backend server chose an EAP method MAC based Not applicable 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server 802 1X and MAC based Counts the number of times that the switch receives a failure message This indicates that the supplicant client has not authenticated to the backend Tx User s
198. ameters lt port_list gt Port list or all Port zero means aggregations Example Show STP status of Port1 SWITCH gt stp port configuration 1 Port Mode AdminEdge AutoEdge restrRole restricn bpduGuard Point2point 422 User s Manual of MGSW 24160F 1 Enabled Enabled Enabled Disabled Disabled Disabled Auto STP Port Mode Description Set or show the STP enabling for a port Syntax STP Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all Port zero means aggregations Enable Enable MSTP protocol Disable Disable MSTP protocol Default Enable Example Disable STP function on port1 SWITCH gt stp port mode 1 disable STP Port Edge Description Set or show the STP adminEdge port parameter Syntax STP Port Edge lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default Enable 423 User s Manual of MGSW 24160F Example Disable STP edge function on port1 SWITCH gt sip port edge 1 disable STP Port AutoEdge Description Set or show the STP autoEdge port parameter Syntax STP Port AutoEdge lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Enable MSTP autoEdge Disable Disable MSTP autoEdge Default enab
199. and this is the default VLAN membership allows the frames Classified to the VLAN ID to be forwarded to the respective VLAN member ports e VLAN User AVLAN User is a module that uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configuration such as PVID UVID Currently we support following VLAN CLI Web SNMP This are reffered as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication 122 User s Manual of MGSW 24160F Server Voice VLAN Voice VLAN is a VLAN configured specially for voice traffic typically originating from IP phones MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only ona single multicast VLAN MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment Buttons Static Select VLAN Users from this drop down list rl Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refiesh Click to refresh the page immediately 4 6 7 VLAN Port Status for User Static This page provides VLAN Port Staus The VLAN Port Status for User Static screen in Figure 4 6 5 appe
200. anual of MGSW 24160F 4 6 5 VLAN Membership Configuration E Adding Static Members to VLANs VLAN Index Use the VLAN Static Table to configure port members for the selected VLAN index The VLAN membership configuration for the selected the switch can be monitored and modified here Up to 255 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN The VLAN Membership Configuration screen in Figure 4 6 3 appears VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Refresh k lt gt Port Members O Se st ean a12 o Tas Te Tz of ofall sss lalola pajas AAA AAA Add new entry Figure 4 6 3 VLAN Membership Configuration Page Screenshot The page includes the following fields Object Description e Delete To delete a VLAN entry check this box e VLAN ID Indicates the ID of this particular VLAN e Port Members A row of check boxes for each port is displayed for each VLAN ID To include a port in a VLAN check the box To remove or exclude the port from the VLAN make sure the box is unchecked By default no ports are members and all boxes are unchecked e Adding a New VLAN Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected the switch when you click on Save A VLAN with
201. ar appliances supporting real time interactive video audio services streaming_video Streaming Video is for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type video_signaling Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media tagged The device is using tagged frames unragged The device is using untagged frames lt vlan_id gt VLAN id lt I2_priority gt This field may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 3 lt dscp gt This field shall contain the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 5 This 6 bit field may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 LLDPMED Port Policy Description Set or show LLDP MED port polcies Syntax LLDPMED port policies lt port_list gt lt policy_list gt Parameters lt port_list gt Port list or all default All ports lt policy_list gt List of policies to delete 453 User s Manual of MGSW 24160F LLDPMED Coordinates Description Set or s
202. ard mode enable Security Network IP Source Guard Port Mode Description Set or show the IP Source Guard port mode 404 Syntax Security Network IP Source Guard Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IP Source Guard port disable Disable IP Source Guard port default Show IP Source Guard port mode Default Setting disable Example Enable IP source guard port mode for port1 4 User s Manual of MGSW 24160F SWITCH gt security network ip source guard port mode 1 4 enable Security Network IP Source Guard Limit Description Set or show the IP Source Guard port limitation for dynamic entries Syntax Security Network IP Source Guard limit lt port_list gt lt dynamic_entry_limit gt unlimited Parameters lt port_list gt Port list or all default All ports lt dynamic_entry_limit gt unlimited dynamic entry limit 0 2 or unlimited Default Setting unlimited Example Set IP source guard limit SWITCH gt security network ip source guard 1 1 405 User s Manual of MGSW 24160F Security Network IP Source Guard Entry Description Add or delete IP source guard static entry Syntax Security Network IP Source Guard Entry lt port_list gt add delete lt vid gt lt allowed_ip gt lt ip_mask gt Parameters lt port_list gt Port list or all default All ports ad
203. ars 123 User s Manual of MGSW 24160F VLAN Port Status for User Static PYID LAN Aware Ingress Filtering Frame Type UYID A Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Disabled Disabled Untag_this Auto Refresh CI Static w Refresh Figure 4 6 5 VLAN Port Status for User Static Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e PVID Shows the VLAN identifier for that port The allowed values are 1 through 4095 The default value is 1 e VLAN Aware Show the VLAN Awareness for the port If VLAN awareness is enabled the tag is removed from tagged frames received on the port VLAN tagged frames are classified to the VLAN ID in the tag If VLAN awareness is disabled all frames are
204. at allows you to establish control over network traffic QoS enables you to assign various grades of network service to different types of traffic such as multi media video protocol specific time critical and file backup traffic QoS reduces bandwidth limitations delay loss and jitter It also provides increased reliability for delivery of your data and allows you to prioritize certain applications across your network You can define exactly how you want the switch to treat selected applications and types of traffic You can use QoS on your system to Control a wide variety of network traffic by Classifying traffic based on packet attributes Assigning priorities to traffic for example to set higher priorities to time critical or business critical applications Applying security policy through traffic filtering Provide predictable throughput for multimedia applications such as video conferencing or voice over IP by minimizing delay and jitter Improve performance for specific types of traffic and preserve performance as the amount of traffic grows Reduce the need to constantly add bandwidth to the network Manage network congestion QoS Terminology Classifier classifies the traffic on the network Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appro
205. at surface with the front panel positioned towards the front side Step2 Attach the rack mount bracket to each side of the Managed Switch with supplied screws attached to the package Figure 2 5 shows how to attach brackets to one side of the Managed Switch Figure 2 5 Attach Brackets to the Managed Switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws would invalidate the warranty 31 User s Manual of MGSW 24160F Step3 Secure the brackets tightly Step4 Follow the same steps to attach the second bracket to the opposite side Step5 After the brackets are attached to the Managed Switch use suitable screws to securely attach the brackets to the rack as shown in Figure 2 6 GAS 0086000 Figure 2 6 Mounting the Managed Switch on a Rack Step6 Proceeds with the steps 4 and steps 5 of session 2 2 1 Desktop Installation to connect the network cabling and supply power to the Managed Switch 2 2 3 Installing the SFP transceiver The sections describe how to insert an SFP transceiver into an SFP slot The SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the Managed Switch As the Figure 2 7 appears 32 User s Manual of MGSW 24160F 1000Base SX LX LC Fiber Figure 2 7 Plug in the SFP Transceiver Approved PLANET SFP
206. ated IP Telephony handsets and other similar appliances supporting interactive voice services These devices are typically deployed on a separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling for use in network topologies that require a different policy for the voice signaling than for the voice media Guest Voice to support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances supporting real time interactive video audio services Streaming Video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling for use in network topologies that require a separate policy for the video signaling than for the video media 289 User s Manual of MGSW 24160F Policy Policy
207. ated at the same time The Managed Switch support Gigabit Ethernet ports up to 12 groups If the group is defined as a LACP static link aggregationing group then any extra ports selected are placed ina standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregationing group then the number of ports must be the same as the group member ports The aggregation code ensures that frames belonging to the same frame flow for example a TCP connection are always forwarded on the same link aggregation member port Reording of frames within a flow is therefore not possible The aggregation code is based on the following information e Source MAC e Destination MAC e Source and destination IPv4 address e Source and destination TCP UDP ports for IPv4 packets Normally all 5 contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may consist of up to 16 member ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed 103 User s Manual of MGSW 24160F 4 5 1 Static Aggregation Configuration This page is used to configure the Aggregation hash mode and the aggregation group The aggregation hash mode settings are
208. ated the client it is unauthenticated If an authentication fails for one or the other reason the client will 230 User s Manual of MGSW 24160F remain in the unauthenticated state for Hold Time seconds e Last Authentication Shows the date and time of the last authentication of the client successful as well as unsuccessful Buttons Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately Cea This button is available in the following modes e Force Authorized e Force Unauthorized e Port based 802 1X e Single 802 1X Click to clear the counters for the selected port Clear All This button is available in the following modes e Multi 802 1X MAC based Auth Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared however Clear This This button is available in the following modes e Multi 802 1X MAC based Auth X Click to clear only the currently selected client s counters 4 11 6 Authentication Server Configuration This page allows you to configure the Authentication Servers The Authentication Server Configuration screen in Figure 4 11 7 appears 231 User s Manual of MGSW 24160F Authentication Server Configuration Common Server Configuration seconds seconds RADIUS Authentication Server Configuration 1812
209. automatically First select the QCL ID for these QCEs and then select the traffic class Different parameter options are displayed depending on your selection J a Class Low Figure 4 9 4 Set up Typical Network Application Rules Page 2 Screenshot The page includes the following fields Object Description e QCLID Select the QCL ID to which these QCEs apply e Traffic Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard 175 User s Manual of MGSW 24160F 4 9 2 3 Set up ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets The Set up ToS Precedence Mapping screen in Figure 4 9 5 appears Set up ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets a a ToS Precedenced Class Loy v MEME EEE E cia Figure 4 9 5 Set up ToS Precedence Mapping Page Screenshot The page includes the following fields Object Description e QCLID Select the QCL ID to which this QCE applies e ToS Precedence Class Buttons Cancel Wizard Next Click to continue the wizard Select a traffic class of Low Normal Medium or High to apply to the QCE
210. ax Security Switch SNMP User Changekey lt engineid gt lt user_name gt lt auth_password gt lt priv_password gt Parameters lt engineid gt Engine ID the format may not be all zeros or all fFH and is restricted to 5 32 octet string lt user_name gt A string identifying the user name that this entry should belong to lt auth_password gt A string identifying the authentication pass phrase lt priv_password gt A string identifying the privacy pass phrase Example Delete SNMPv3 user entry SWITCH gt security switch snmp user changekey 800007e5017f000003 admin_snmpv3 87654321 12345678 Security Switch SNMP User Look up Description Look up SNMPv3 user entry 369 User s Manual of MGSW 24160F Syntax Security Switch SNMP User Look up lt index gt Parameters lt index gt entry index 1 64 Example Look up SNMPv3 user entry SWITCH gt security switch snmp user lookup Auth Priv Auth Priv MD5 DES Number of entries 1 Security Switch SNMP Group Add Description Add or modify SNMPv3 group entry The entry index key are lt security_model gt and lt security_name gt Syntax Security Switch SNMP Group Add lt security_model gt lt security_name gt lt group_name gt Parameters lt security_model gt v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM lt security_name gt A string identifying the security name that thi
211. been received by the switch Rx Response ID dotixAuthEapolRespld The number of valid EAPOL FramesRx Response Identity frames that have been received by the switch Rx Responses dot1xAuthEapolRespFr The number of valid EAPOL amesRx response frames other than Response Identity frames that have been received by the switch Rx Start dot1xAuthEapolStartFra The number of EAPOL Start mesRx frames that have been 226 Tx Tx Tx Logoff Invalid Type Invalid Length Total Request ID Requests User s Manual of MGSW 24160F dot1xAuthEapolLogoffFr amesRx dot1xAuthInvalidEapolF ramesRx dot1xAuthEapLengthErr orFramesRx dot1xAuthEapolFrames Tx dot1xAuthEapolReqldFr amesTx dot1xAuthEapolReqFra mesTx received by the switch The number of valid EAPOL Logoff frames that have been received by the switch The number of EAPOL frames that have been received by the switch in which the frame type is not recognized The number of EAPOL frames that have been received by the switch in which the Packet Body Length field is invalid The number of EAPOL frames of any type that has been transmitted by the switch The number of EAPOL Request Identity frames that have been transmitted by the switch The number of valid EAPOL Request frames other than Request Identity frames that have been transmitted by the switch e Backend Server Counters These backend RADIUS fr
212. between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily VLAN can enhance performance by conserving bandwidth and improve security by limiting traffic to specific domains A VLAN is a collection of end nodes grouped by logic instead of physical location End nodes that frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast packets are forwarded to only members of the VLAN on which the broadcast was initiated No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware 3 The Switch s default is to assign all ports to a single 802 1Q VLAN named DEFAULT_VLAN As new VLAN is created the member ports assigned to the new VLAN will be removed from the DEFAULT_ VLAN port member list The DEFAULT_VLAN has a VID 1 This section has the following items a IEEE 802 1Q VLAN Enable IEEE 802 1Q Tag based VLAN group a IEEE 802 1Q Tunneling Enables 802 1Q QinQ Tunneling a Private VLAN Creates removes primary or community
213. cause of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices can coexist on the same network A switch port can have only one PVID but can have as many VID as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted should the packet to be transmitted have a tag or not If the transmitting port is connected to a tag unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged Ml Default VLANs The Switch initially configures one VLAN VID 1 called default The factory default setting assigns all ports on the Switch to the default As new VLAN are configured in Port based mode their respective member ports are removed from the default E Assigning Ports to VLANs Before enabling VLANs for the switch you must first assign each port to the VLAN group s in which it will participate By default all ports are assigned to VLAN 1 as untagged ports Add a port as a tagged port if you want it to carry traffic for one or more VLANs and any intermediate network devices or the host at the other end of the connection supports VLANs Then assign ports on the other VLAN aware network devices along the path that will carry this traffic to the same VLAN s However if
214. ce_id gt Parameters lt qcl_id gt QCL ID lt qce_id gt QCE ID 1 24 QoS Mode Description Set or show the port egress scheduler mode Syntax QoS Mode lt port_list gt strict weighted Parameters lt port_list gt Port list or all default All ports strict Strict mode weighted Weighted mode default Show QoS mode Default Setting Strict Example Set weighted mode for port15 User s Manual of MGSW 24160F SWITCH gt qos mode 15 weighted QoS Weight Description Set or show the port egress scheduler weight Syntax QoS Weight lt port_list gt lt class gt lt weight gt Parameters lt port_list gt Port list or all default All ports lt class gt Traffic class low normal medium high or 1 2 3 4 lt weight gt Traffic class weight 1 2 4 8 QoS Rate Limiter Description Set or show the port rate limiter Syntax QoS Rate Limiter lt port_list gt enable disable lt bit_rate gt Parameters lt port_list gt Port list or all default All ports enable Enable rate limiter disable Disable rate limiter default Show rate limiter mode lt bit_rate gt Rate in 1000 bits per second 500 1000000 kbps Default Setting Disabled 500kbps Example Set 1000kbps rate limiter for port17 24 User s Manual of MGSW 24160F SWITCH gt qos rate limiter 17 24 enable 1000 QoS Shaper Description Set or show the port shaper Syntax
215. cess control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of th
216. cludes the user access and management control The Authentication section contains links to the following main topics m IEEE 802 1X Port Based Network Access Control m MAC Based Authentication m User Authentication Overview of 802 1X Port Based Authentication In the 802 1X world the user is called the supplicant the switch is the authenticator and the RADIUS server is the authentication server The switch acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frames sent between the supplicant and the switch is special 802 1X frames known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frames sent between the switch and the RADIUS server is RADIUS packet RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet contain
217. cn 1 enable STP Port bpduGuard Description Set or show the bpduGuard port parameter Syntax STP Port bpduGuard lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port BPDU Guard disable Disable port BPDU Guard Default disable Example Eisable BPDU guard on port1 SWITCH gt stp port bpduguard 1 enable STP Port Statistic Description Show STP port statistics Syntax STP Port Statistics lt port_list gt 426 User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports Example Show STP port statistics SWITCH gt sip port statistics Port Rx MSTP Tx MSTP Rx RSTP Tx RSTP Rx STP Tx STP Rx TCN Tx TCN Rx Ill Rx Unk 0 0 0 STP Port Mcheck Description Set the STP mCheck Migration Check variable for ports Syntax STP Port Mcheck lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 SWITCH gt stp port mcheck 1 STP MSTI Port Configuration Description Show the STP CIST MSTI port configuration Syntax STP Msti Port Configuration lt msti gt lt port_list gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports 427 User s Manual of MGSW 24160F Default
218. connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software 208 User s Manual of MGSW 24160F to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone and only the MD5 Challenge method is supported The 802 1X and MAC Based Authentication configuration consists of two sections a system and a port wide Overview of User Authentication It is allowed to configure the Managed Switch to authenticate users logging into the system for management access using local or remote authentication methods such as telnet and Web browser This Managed Switch provides secure network management access using the following options m Remote Authentication Dial in User Service RADIUS m Terminal Access Controller Access Control System Plus TACACS m Local user name and Priviledge Level control RADIUS and TACACS are logon authentication protocols that use software running on a central server to control access to RADIUS aware or TACACS aware devices on the network An authentication server contains a database of multiple user name password pairs with associated privilege levels for each user that requires management access to the Managed Switch 4 11 1 Understanding IEEE 802 1X Port Based Authentication The IEEE 802 1X standard
219. creen in Figure 4 5 3 appears 104 Feros 213 a 5 6 7 9 pojes Normal 1 oo 40M WwW N a N O User s Manual of MGSW 24160F Aggregation Group Configuration Port Members N Pp N N N Q N h ORORORORORORORORO RORO RORO OROROORO d o a o o d d o d d OO0000000 a a o a o d a a OO000000 o a a o o o d o 00000000 000000000000 000000000000 000000000000 000000000000 000000000000 000000000000 000000000000 0000000000000 0000000000000 0000000000000 0000000000000 0000000000000 O O O O O O O O O O Figure 4 5 3 Aggregation Group Configuration Page Screenshot The page includes the following fields Object Description e Group ID Indicates the group ID for the settings contained in the same row Group ID Normal indicates there is no aggregation Only one group ID is valid per port e Port Members Each switch port is listed for each group ID Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 105 User s Manual of MGSW 24160F 4 5 2 LACP Configuration Link Aggregation Control Protocol LACP LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches co
220. cs for Server 1 0 0 0 0 1813 Receive Packets Transmit Packets Responses Requests Malformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Dropped 0 Other Info State Disable Round Trip Time O ms Figure 4 11 9 RADIUS Authentication Accounting for Server Overview Page Screenshot The page includes the following fields RADIUS Authentication Servers The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS authentication server packet counter There are seven receive and four transmit counters Direction Name RFC4668 Name Description Rx Access radiusAuthClientExtA The number of RADIUS Accepts ccessAccepts Access Accept packets valid or invalid received from the server Rx Access Rejects radiusAuthClientExtA The number of RADIUS 237 Tx Access Challenges Malformed Access Responses Bad Authenticators Unknown Types Packets Dropped Access 238 User s Manual of MGSW 24160F ccessRejects radiusAuthClientExtA ccessChallenges radiusAuthClientExt MalformedAccessRe sponses radiusAuthClientExtB adAuthenticators radiusAuthClientExtU nknownTypes radiusAuthClientExtP acketsDropped radiusAuthClientExtA Access Reject packets vali
221. ction Trap If Limit 1 MAC an address is seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent but with Aging enabled new SNMP traps will be sent everytime the limit gets exceeded Shutdown If Limit 1 MAC addresses is seen on the port shut down the port This implies that all secured MAC addresses will be removed from the port and no new will be learned Even if the link is physically disconnected and reconnected on the port by disconnecting the cable the port will remain shut down There are three ways to re open the port 1 Boot from a new masterthe switch 2 Disable and re enable Limit Control on the port or the switch 3 Click the Reopen button Trap amp Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken e State This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port Ready The limit is not yet reached This can be shown for all actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap amp Shutdown e Reopen Button I
222. ction Mode oocooocccccocccccononcncnononcnononn cinco no nn ncnnnn cnn ran nn rra nn rr rre rre 407 Security Network ARP Inspection Port Mode ocococconnoccccconoccnononononononcnc nono nnn nooo nc nano rn rr narran rn rre rra 407 Security Network ARP Inspection EnNtlY ooonocccnnnncccnnnoccccnononcno nono ncnnnonnn crono cnn rro n nn nro r nr rn 408 Security Network ARP Inspection Status oooocoioncccnnnoccccnonocnnonononcnnnonn nn nano cnn rn n nn narran rre 409 Security AAA Configuration ci A a a a i e 409 Security AAA Tin ias 410 Security A A De ade iii a are 411 Security ARA RADIUS cui a iaa dla 411 Security AAA ACCT RADIUS ee 412 Security AAA TACACS E ati tied 413 Security AAA Statist CS ou A id 413 6 8 Spanning Tree Protocol Command oconcccnccnnnnonncncnnccrr cc 415 STP Configuration scott dado 415 STP VOPSION ti A A it ta 415 STP TX Hold ii 416 TP Max HOPS 0 piero 416 STE MAXA Dec dt do de e A O A Ade o cn dr 417 AA A O O ces T EAA TET E TEE TE 417 STP CONAM eta te 418 SIP BRDU ETIE EEE ote o lo elo de tinock te eee 418 SANA BIURE E e E A E A E E e dns 419 SAP ELN D AEAN t 419 STP StAtUs iit ad eee dee eee salads sale eee tad geste ad aa sue tnd use dae gun ta ds aid a okt 420 STP MST Bros cusco ei a e et a A 421 STR MST Map ei ena Sik er ee e ee a Se RS at 421 STPEMSTIAG sei Ao ke eo ee ee ah aS Bs a he eee A re as 422 STP Port Contiguration c22 4 c 4ui hia sn ei een ee te ee 422 STP PortMode x ssh seach
223. d Add new port IP source guard static entry delete Delete existing port IP source guard static entry lt vid gt VLAN ID 1 4095 lt allowed_ip gt IP address a b c d IP address allowed for doing ARP request lt ip_mask gt IP mask a b c d IP mask for allowed IP address Example Add IP source guard static entry SWITCH gt security network ip source guard entry 1 add 1 192 168 0 20 255 255 255 0 Security Network IP Source Guard Status Description Show IP source guard static and dynamic entries Syntax Security Network IP Source Guard Status lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show IP source guard static and dynamic entries SWITCH gt security network ip source guard status 406 User s Manual of MGSW 24160F Security Network ARP Inspection Configuration Description Show ARP inspection configuration Syntax Security Network ARP Inspection Configuration Example Show ARP inspection configuration SWITCH gt security network arp inspection configuration Security Network ARP Inspection Mode Description Set or show ARP inspection mode Syntax Security Network ARP Inspection Mode enable disable Parameters enable Enable ARP Inspection disable Disable ARP Inspection Default Setting disable Example Enable ARP inspection mode SWITCH gt security network arp inspection mode enable Securi
224. d or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS Access Request packets sent Requests Tx Access Retransmissio ns Tx Pending Requests Tx Timeouts User s Manual of MGSW 24160F ccessRequests radiusAuthClientExtA ccessRetransmission S radiusAuthClientExtP endingRequests radiusAuthClientExtT imeouts to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request i
225. d 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnastic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the currently selected unit as reflected by the page header The VeriPHY Cable Diagnostics screen in Figure 4 15 4 appears 298 User s Manual of MGSW 24160F VeriPHY Cable Diagnostics Pala Cable Status Pair A 1 2 Length A Pair B 3 6 Length B Pair C 4 5 Length C Pair D 7 8 Length D Figure 4 15 4 VeriPHY Cable Diagnostics Page Screenshot The page includes the following fields Object Description e Port The port where you are requesting Cable Diagnostics e Cable Status Port Port number Pair The status of the cable pair Length The length in meters of the cable pair Buttons Start Click to run the diagnostics 299 User s Manual of MGSW 24160F 5 COMMAND LINE INTERFACE 5 1 Accessing the CLI When accessing the management interface for the switch over a direct connection to the server s console port or via a Telnet connection the switch can be managed by entering command keywords and parameters at the prompt Using the switch s command line interface CLI is very similar to entering commands on a UNIX system This chapter describes how to use the Command Line Interface CLI Logon to the Console Once the terminal has connected to the device powe
226. d IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling several physical ports together to form a single logical port LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP 511 User s Manual of MGSW 24160F LLDP MED is an extendsion of IEEE 802 1ab and is defined by the telecommunication industry association TIA 1057 LOC is an acronym for Loss Of Connectivity and is detected by a MEP and is indicating lost connectivity in the network Can be used as switch criteria by EPS Switching of frames is based
227. d link down mode operation Disabled Disable SNMP trap link up and link down mode operation Trap Inform Mode Indicates the SNMP trap inform mode operation Possible modes are Enabled Enable SNMP trap inform mode operation Disabled Disable SNMP trap inform mode operation Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap informs retry times The allowed range is 0 to 255 Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 83 User s Manual of MGSW 24160F 4 3 5 SNMPv3 Configuration 4 3 5 1 SNMPv3 Communities Configuration Configure SNMPv3 community s table on this page The entry index key is Community The SNMPv3 Communities Configuration screen in Figure 4 3 4 appears SNMPv3 Communities Configuration private 0000 0 0 0 0 0 0 0 Figure 4 3 4 SNMPv3 Communities Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Community Indicates the community access string to permit access to SNMPv3 agent The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Source IP Indicates the SNMP access source address e Source Mask Indicat
228. d none privacy Auth NoPriv Authentication and none privacy Auth Priv Authentication and privacy The value of security level cannot be modified if entry already exist That means must first ensure that the value is set correctly e Authentication Indicates the authentication protocol that this entry should belong to Possible Protocol authentication protocol are None None authentication protocol MD5 An optional flag to indicate that this user using MD5 authentication protocol SHA An optional flag to indicate that this user using SHA authentication protocol The value of security level cannot be modified if entry already existed That means must first ensure that the value is set correctly e Authentication A string identifying the authentication pass phrase For MD5 authentication Password protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 e Privacy Protocol Indicates the privacy protocol that this entry should belong to Possible privacy protocol are None None privacy protocol 85 User s Manual of MGSW 24160F DES An optional flag to indicate that this user using DES authentication protocol e Privacy Password A string identifying the privacy pass phrase The allowed string length is 8 to 32 and the allowed content is the ASCII characters from 33 to 126 Bu
229. ddress Indicates the end IP address for the access management entry e HTTP HTTPS Indicates the host can access the switch from HTTP HTTPS interface that the e host IP address matched the entry e SNMP Indicates the host can access the switch from SNMP interface that the host IP address matched the entry e TELNET SSH Indicates the host can access the switch from TELNET SSH interface that the 254 User s Manual of MGSW 24160F host IP address matched the entry Buttons Add new enty Click to add a new access management entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 3 Access Management Statistics This page provides statistics for access management The Access Management Statistics screen in Figure 4 12 3 appears Access Management Statistics Receive Packets Allow Packets Discard Packets HTTP 0 0 0 HTTPS SNMP TELNET SSH Auto Refresh O Figure 4 12 3 Access Management Statistics Overview Page Screenshot The page includes the following fields Object Description e Interface The interface that allowed remote host can access the switch e Receive Packets The received packets number from the interface under access management mode is enabled e Allow Packets The allowed packets number from the interface under access management mode is enabled e Discard Packets The discarded packets number from the
230. defines a client server based access control and authentication protocol that restricts unauthorized clients from connecting to a LAN through publicly accessible ports The authentication server authenticates each client connected to a switch port before making available any services offered by the switch or the LAN Until the client is authenticated 802 1X access control allows only Extensible Authentication Protocol over LAN EAPOL traffic through the port to which the client is connected After authentication is successful normal traffic can pass through the port This section includes this conceptual information e Device Roles e Authentication Initiation and Message Exchange e Ports in Authorized and Unauthorized States E Device Roles With 802 1X port based authentication the devices in the network have specific roles as shown below 209 User s Manual of MGSW 24160F Authentication server Authentication server RADIUS Server TACACS Server Authenticator Internet PLANET 802 1X aware Switch Intra p de oad Supplicant C Client with 802 1X authentication Figure 4 11 1 Client the device workstation that requests access to the LAN and switch services and responds to requests from the switch The workstation must be running 802 1X compliant client software such as that offered in the Microsoft Windows XP operating system The client is the supplicant in the IEEE 802 1X specifica
231. devices on the local broadcast domain LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device Advertised information is represented in Type Length Value TLV format according to the IEEE 802 1ab standard and can include details such as device identification capabilities and configuration settings LLDP also defines how to store and maintain information gathered about the neighboring network nodes it discovers Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details LLDP and LLDP MED information can be used by SNMP applications to simplify troubleshooting enhance network management and maintain an accurate network topology 4 14 2 LLDP Configuration This page allows the user to inspect and configure the current LLDP port settings The LLDP Configuration screen in Figure 4 14 1 appears 277 User s Manual of MGSW 24160F LLDP Configuration LLDP Parameters Tx Interval Tx Hold Tx Delay Tx Reinit Optional TLYs Port Mode CDP aware Port Description System Name System Description System Capabilities Management Address 2 3 4 5 6 7 8 9
232. duplex operations Ports in a LAG can be of different media types UTP Fiber or different fiber types provided they operate at the same speed Aggregated Links can be assigned manually Port Trunk or automatically by enabling Link Aggregation Control Protocol LACP on the relevant links Aggregated Links are treated by the system as a single logical port Specifically the Aggregated Link has similar port attributes to a non aggregated port including auto negotiation speed Duplex setting etc The device supports the following Aggregation links a Static LAGs Port Trunk Force aggregared selected ports to be a trunk group a Link Aggregation Control Protocol LACP LAGs LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them 101 User s Manual of MGSW 24160F Link Aggregation 4 ports aggregate up to 4Gbps Figure 4 5 1 Link Aggregations The Link Aggregation Control Protocol LACP provides a standardized means for exchanging information between Partner Systems that require high speed redundant links Link aggregation lets you group up to eight consecutive ports into a single dedicated connection This feature can expand bandwidth to a device on the network LACP operation requires full duplex mode more detail information refer to the IEEE 802 3ad standard Port link aggregations can
233. e Digital Input OUTPUT c t0e grec needs eons hee o me eee eee 37 3 SWITCH MANAGEMENT os cicsciescisscisscisvedeccdsvadsscdevedsvadevadssadivedsvaduvedsscduvedssaduvedessdivedessiuvedeacts 39 3 1 REQUIFEMONIS 2a iden 39 3 2 Management ACCESS OvervieW cninnnncccccnnncnc rre 40 3 3 Administration Console cccssssccccsssseceensseeeensecceeeensceeeesnsaeeesnseaeeesnseceeesnseaeeesnsnegeeesnseeesenscaeensnseaeensnses 40 3 4 Web Manageme nt cccsecccceceeeeeeeenee seen nnee see enanee sees anee sees aueeseeaneee see geee see neeesaeegseeeeeenseaeseeneaeeeeaseeeeeenseeeeeenees 42 3 5 SNMP Based Network Manageme nt s ccccscccsseeceeeeeeeeeeeseeeeeneeeeseaeeesaaesaseeeeeeeeessaaesaseeeseeeeeseaesaaeensneaeeeaes 43 4 WEB CONFIGURATION craneo none nenes aie a 44 4 1 Main Web Page ina 47 ASNO A A 49 4 21 System IMAOMMATOM issiria pinnaan ada dida 50 4 2 2 1P GONIQUEA ION a edita la E IDO E oa teas 51 User s Manual of MGSW 24160F 4 2 3 IPV6 CONTIQUIATION ui c0 sce des eeecesee e aa 52 42 4 USES Configuration iii amd 53 4 2 5 Users Privilege Level iii 56 ADLONTIA CA a eii 58 4 21 UPnP Conquista adas 59 428 DHCP Rel e e 60 429 DHCP Relay Statistics cocirier peineta iaae iea aa eekan aidean eniai 62 A210 A AT A A E E E E E 64 42110 System Loginni e a i eee a te eel e ee i eel eo 65 4 2 12 Detailed LOG viii anda 66 4 2 13 Remote Syslog ima id 67 A2A4A SMTPsCOnfigure Aaa 67 4 2 15 Web Firmware Upgrade inion ee
234. e 4 8 4 IGMP State Transitions Delaying Member Idle Member E IGMP Querier A router or multicast enabled switch can periodically ask their hosts if they want to receive multicast traffic If there is more than one router switch on the LAN performing IP multicasting one of these devices is elected querier and assumes the role of querying the LAN for group members It propagates the service requests on to any doing upstream multicast switch router to ensure that it will continue to receive the multicast service ES Multicast routers use this information along with a multicast routing protocol such as DVMRP or PIM to support IP multicasting across the Internet 160 User s Manual of MGSW 24160F 4 8 2 IGMP Snooping Configuration This page provides IGMP Snooping related configuration Most of the settings are global whereas the Router Port configuration is related to the currently selected unit as reflected by the page header The IGMP Snooping Configuration screen in Figure 4 8 5 appears IGMP Snooping Configuration Global Configuration Snooping Enabled Unregistered IPMC Flooding enabled Leave Proxy Enabled O LAN ID Snooping Enabled IGMP Querier 1 O Figure 4 8 5 IGMP Snooping Configuration Page Screenshot The page includes the following fields Object Description e Snooping Enabled Enable the Global IGMP Snooping e Unregistered IPMC Enable unregistered IPMC traffic flo
235. e ACE Possible values are Any The ACE will match any ingress port Policy The ACE will match ingress ports with a specific policy Port The ACE will match a specific ingress port e Frame Type Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames 193 User s Manual of MGSW 24160F ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP e Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped e Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 15 When Disabled is displayed the rate limiter operation is disabled e Port Copy Indicates the port copy operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When the Disabled is displayed the port copy operation is disabled e CPU Forward packet that matched the specific ACE to CP
236. e Guard Table screen in Figure 4 12 11 appears Static IP Source Guard Table Figure 4 12 11 Static IP Source Guard Table Screen Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Port The logical port for the settings e VLAN ID The VLAN ID for the settings e IP Address Allowed Source IP address e IP Mask It can be used for calculating the allowed network with IP address 265 User s Manual of MGSW 24160F Buttons Add new entry Click to add a new entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 12 ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration The ARP Inspection Configuration screen in Figure 4 12 12 appears 266 User s Manual of MGSW 24160F ARP Inspection Configuration ode Deane E Port Mode Configuration _ 000 M5 UN o h _ M e _ nm E ox 0 N 0 N O YD ho gt NN to ho D PREEERPE PEER EEERP PEER EES
237. e RADIUS format The EAP frames are not modified or examined during encapsulation and the 210 User s Manual of MGSW 24160F authentication server must support EAP within the native frame format When the switch receives frames from the authentication server the server s frame header is removed leaving the EAP frame which is then encapsulated for Ethernet and sent to the client a Authentication Initiation and Message Exchange The switch or the client can initiate authentication If you enable authentication on a port by using the dot1x port control auto interface configuration command the switch must initiate authentication when it determines that the port link state transitions from down to up It then sends an EAP request identity frame to the client to request its identity typically the switch sends an initial identity request frame followed by one or more requests for authentication information Upon receipt of the frame the client responds with an EAP response identity frame However if during bootup the client does not receive an EAP request identity frame from the switch the client can initiate authentication by sending an EAPOL start frame which prompts the switch to request the client s identity If 802 1X is not enabled or supported on the network access device any EAPOL frames from the client are dropped If the client does not receive an EAP request identity frame after three attempts to start authentication t
238. e T RJ 45 Auto MDI MDI X ports 1 x RS 232 DB9 serial port 115200 8 N 1 Switch Processing Scheme Store and Forward Switch Throughput 64Bytes 35 7Mpps 48Gbps non blocking Address Table 8K entries automatic source address learning and ageing Share data Buffer 1392 kilobytes IEEE 802 3x Pause Frame for Full Duplex Flow Control Back pressure for Half Duplex lt 5 seconds System reboot Reset Button gt 10 seconds Factory Default Dimension W x D x H 440 x 200 x 44 5 mm 1U high wam O S e LED Power DC1 DC2 Fault Link Act and speed per Gigabit port Power Consumption Max 45 Watts 154 4 BTU AC Power Requirement AC AC 100 240V 50 60Hz 0 75A Power Requirement DC 36V DC 1 1A Range 36V 72V DC Layer 2 Function Port disable enable Auto Negotiation 10 100 1000Mbps full and half duplex mode selection Port configuration Flow Control disable enable Bandwidth control on each port Power saving mode control Display each port s speed duplex mode link status Flow control status Auto negotiation status trunk status 802 1Q Tagged Based VLAN Port Based VLAN Q in Q Private VLAN Edge PVE Up to 256 VLAN groups out of 4094 VLAN IDs 24 User s Manual of MGSW 24160F IEEE 802 3ad LACP Static Trunk Port trunking Support 12 groups of 16 Port trunk support Traffic classification based Strict priority and WRR 4 level priority for switching Port Number 802 1p priority 802 1Q
239. e given switch port Draw the menu bar to select the mode Auto Speed Setup Auto negotiation 10 Half Force sets 10Mbps Half Duplex mode 10 Full Force sets 10Mbps Full Duplex mode 100 Half Force sets 100Mbps Half Duplex mode 100 Full Force sets 100Mbps Full Duplex mode 1000 Full Force sets 10000Mbps Full Duplex mode Disable Shutdown the port manually e Flow Control When Auto Speed is selected for a port this section indicates the flow control capability that is advertised to the link partner When a fixed speed setting is selected that is what is used Current Rx column indicates whether pause frames on the port are obeyed Current Tx column indicates whether pause frames on the port are transmitted The Rx and Tx settings are determined by the result of the last Auto Negotiation Check the configured column to use flow control This setting is related to the setting for Configured Link Speed e Maximum Frame Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes e Excessive Collision Mode Configure port transmit collision behavior Discard Discard frame after 16 collisions default Restart Restart back off algorithm after 16 collisions e Power Control The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters pe
240. e module e g LACP RSTP or QoS but a few of them contains more than one The following description defines these privilege level groups in details System Contact Name Location Timezone Log Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard IP Everything except ping Port Everything except VeriP HY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI e Privilege Level Every privilege level group has an authorization level for the following sub groups configuration read only configuration execute read write status statistics read only and status statistics read write e g for clearing of statistics Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 57 4 2 6 N TP Configuration Configure NTP on this page User s Manual of MGSW 24160F NTP is an acronym for Network Time Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP data grams as transport layer You can specify NTP Servers and set GMT Time zone The NTP Configuration screen in The page includes t
241. e server index 1 5 default Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external accounting server Set to an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server UDP port Use 0 to use the default RADIUS port 1813 Example Set RADIUS accounting server configuration SWITCH gt security acct_radius 1 enable 192 168 0 20 12345678 1813 412 User s Manual of MGSW 24160F Security AAA TACACS Description Set or show TACACS authentication server setup Syntax Security AAA TACACS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt Parameters The server index 1 5 default Show TACACS authentication server configuration enable Enable TACACS authentication server disable Disable TACACS authentication server default Show TACACS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external authentication server Set to an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt
242. ecure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth When the NAS module uses the Port Security module to secure MAC addresses the Port Security module needs to check for activity on the MAC address in question at regular intervals and free resources if no activity is seen within a given period of time This parameter controls exactly this period and can be set to a number between 10 and 1000000 seconds If reauthentication is enabled and the port is in 802 1X based mode this is not so criticial since supplicants that are no longer attached to the port will get removed upon the next reauthentication which will fail But if reauthentication is not enabled the only way to free resources is by aging the entries For ports in MAC based Auth mode reauthentication doesn t cause direct 215 User s Manual of MGSW 24160F communication between the switch and the client so this will not detect whether the client is still attached or not and the only way to free any resources is to age the entry e Hold Time This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Single 802 1X Multi 802 1X MAC Based Auth If a client is denied access either because the RADIUS server denies the client access or because the RADIUS server request times out according to the timeout specified on the Configuration gt Security gt AAA page the client is put on
243. ecurity switch access clear Security Switch Access Statistics Description Show up or clear to access management statistics Syntax Security Switch Access Statistics clear Parameters clear Clear access management statistics Default Setting disable Example Show access management statistics SWITCH gt security switch access statistics Access Management Statistics Receive Discard Receive Discard Receive Discard Receive Discard Receive Discard Security Switch SNMP Configuration Description Show SNMP configuration Syntax Security Switch SNMP Configuration 355 User s Manual of MGSW 24160F Example Show SNMP configuration SWITCH gt security switch snmp configuration SNMP Configuration Enabled SNMP Version 2c Read Community public Write Community private Trap Mode Disabled Trap Version 51 Trap Community public Trap Destination Trap IPv6 Destination Trap Authentication Failure Enabled Trap Link up and Link down Enabled Trap Inform Mode Enabled Trap Inform Timeout seconds 1 Trap Inform Retry Times 15 Trap Probe Security Engine ID Enabled Trap Security Engine ID Trap Security Name None SNMPv3 Engine ID 800007e5017f000001 SNMPv3 Communities Table Idx Community Source IP Source Mask 2 private Number of entries 2 SNMPv3 Users Table Idx Engine ID User Name Auth Priv Local default_user NoAuth NoPr
244. ecurity switch snmp trap version 2c Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps 360 User s Manual of MGSW 24160F Syntax Security Switch SNMP Trap Community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP trap community Default Setting public Example Set private value for SNMP trap community SWITCH gt security switch snmp trap community private Security Switch SNMP Trap Destination Description Set or Show the SNMP trap destination address Syntax Security Switch SNMP Trap Destination lt ip_addr_string gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string Example Set SNMP trap destination address for 192 168 0 20 SWITCH gt security switch snmp trap destination 192 168 0 20 Security Switch SNMP Trap IPv6 Destination Description Set or Show the SNMP trap destination IPv6 address Syntax Security Switch SNMP Trap IPv6 Destination lt ipv6_addr gt 361 User s Manual of MGSW 24160F Parameters lt ipv6_addr gt IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used a
245. ed checkbox provides a quick way to globally enable disable RADIUS server assigned VLAN functionality When checked the individual port s ditto setting determines whether RADIUS assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports 216 e Guest VLAN Enabled User s Manual of MGSW 24160F A Guest VLAN is a special VLAN typically with limited network access on which 802 1X unaware clients are placed after a network administrator defined timeout The switch follows a set of rules for entering and leaving the Guest VLAN as listed below The Guest VLAN Enabled checkbox provides a quick way to globally enable disable Guest VLAN functionality When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled for all ports e Guest VLAN ID This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 e Max Reauth Count The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 e Allow Guest VL
246. ed excluded An optional flag to indicate that this view subtree should excluded lt oid_subtree gt The OID defining the root of the subtree to add to the named view Example Add SNMPv3 view entry SWITCH gt security switch snmp view add snmpv3_ view include 1 Security Switch SNMP View Delete Description Delete SNMPv3 view entry Syntax Security Switch SNMP View Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 view entry SWITCH gt security switch snmp view delete 3 Security Switch SNMP View Look up Description 372 Look up SNMPv3 view entry Syntax Security Switch SNMP View Look up lt index gt Parameters lt index gt entry index 1 64 Example Look up SNMPv3 view entry SWITCH gt security switch snmp view lookup View Type OID Subtree default_view included 2 snmpv3_viwe included Number of entries 2 Security Switch SNMP Access Add Description Add or modify SNMPv3 access entry The entry index key are lt group_name gt lt security_model gt and lt security_level gt Syntax User s Manual of MGSW 24160F Security Switch SNMP Access Add lt group_name gt lt security_model gt lt security_level gt lt read_view_name gt lt write_view_name gt Parameters lt group_name gt A string identifying the group name that this entry should belong to lt security_model gt any Accepted any securit
247. ed for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 6 3 VLAN Basic Information The VLAN Basic Information page displays basic information on the VLAN type supported by the Managed Switch The VLAN Basic Information screen in Figure 4 6 1 appears VLAN Basic Information LAN Basic Information Mode IEEE 802 10 Maximum VLAN ID 4094 Maximum Number of Supported VLANs 255 Current Number of VLANs 1 VLAN Learning PEL The page includes the following fields Object Configurable PVID Tagging Yes Figure 4 6 1 VLAN Basic Information Page Screenshot Description e Mode Display the current VLAN mode used by this Managed Switch E Port Based E IEEE 802 1Q VLAN e Maximum VLAN ID Maximum VLAN ID recognized by this Managed Switch e Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this Managed Switch e Current number of VLANs Display the current number of VLANs e VLAN Learning Display the VLAN learning mode The Managed Switch supports IVL IVL Independent vlan learning e Configurable PVID Tagging Indicates whether or not configurable PVID tagging is implemented 116 User s Manual of MGSW 24160F 4 6 4 VLAN Port Configuration This page is used for configuring the Managed Switch port VLAN The VLAN per Port Configuration page contains fields for managing ports that are part of a VLAN The po
248. eeseeeaeees 367 Security Switch SNMP Community LOOK UP ooooccoccccnnnoconinonananononcnonanoncnnnnnn cnn roo n nc nano nr enana rra 367 Security Switch SNMP User Add siise iiipin iee a 368 Security Switch SNMP User Delete coooomrinmamsn ira ad IRE 369 Security Switch SNMP User Changekey cccococccccococccononcnonononcnnnoncncnnno tuttun untk AAAA ANAE nn rr rre 369 Security Switch SNMP User LOOK Umi EEC 369 Security Switch SNMP Group Add eeeeceeeeneee cence eeeeeeeeeeeaeeeceeeaeeeeaeeeeeeaaeeeseeeeeeeseaeeeeseaeeeseneaeesieeeesenaeeeseeeatess 370 Security Switch SNMP Group Delete soisi initia eieiei ao aa choses delenedsesbaeensdetesssecedeDobedseescenese 371 Security Switch SNMP Group LOOK UD oooooccconoccconococinononcncnnno nono nono tnnt non nncnnnn nn rra n nn ran rre rra rre 371 Security Switch SNMP View Add iii dei 372 Security Switch SNMP View Delete ooooiocioioni ia e 372 Security Switch SNMP View LOOK UP coocooccccococnnononcncnononcnonono nono non nnnn enineering aeeaiei aapea iiias 372 Security Switch SNMP Access Add occoonoccccconoccnononcnononononcnono cnn nn n nn eae nr rn rare rra 373 10 User s Manual of MGSW 24160F Security Switch SNMP Access Delete ooooooccconocccnnococcnonoccnonononcnnnono nono nono nn nnnn cnn ran n nn 374 Security Switch SNMP Access LOOK UP occcconocccnnocccinononcnnnnncncnn nono ncnnno nn rr nano cnn non n nn rn 374 Security Network Psec SWitCh cicle ca 375 securityNetwork mi1 L 0
249. em The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic rules Traffic Policy is created under the Access Control List page You can you also set up specific traffic properties Action Rate Limiter Port copy etc for each ingress port They will though only apply if the frame gets past the ACE matching without getting matched In that case a counter associated with that port is incremented See the Web page help text for each specific port property ACL Rate Limiters Under this page you can configure the rate limiters There can be 15 different rate limiters each 505 User s Manual of MGSW 24160F ranging from 1 1024K packets per seconds Under Ports and Access Control List web pages you can assign a Rate Limiter ID to the ACE s or ingress port s AES is an acronym for Advanced Encryption Standard The encryption key protocol is applied in 802 1i standard to improve WLAN security It is an encryption standard by the U S government which will replace DES and 3DES AES has a fixed block size of 128 bits and a key size of 128 192 or 256 bits APS is an acronym for Automatic Protection Switching This protocol is used to secure that switching is done bidirectional in the two ends of a protection group as defined in G 8031 Using multiple ports in parallel is to increase the link speed beyond the limi
250. emote ID option was missing Receive Bad Circuit ID The packets number that the Circuit ID option did not match known the circuit ID Receive Bad Remote ID Client Statistics Object The packets number that the Remote ID option did not match the known Remote ID Description Transmit to Client The packets number that relayed packets from server to client Transmit Error The packets number that error sending packets to servers Receive form Client The packets number that received packets from server Receive Agent Option The packets number that received packets with relay agent information option e Replace Agent Option The packets number that replaced received packets with relay agent information option e Keep Agent Optin The packets number that keepped received packets with relay agent information option e Drop Agent Option The packets number that dropped received packets with relay agent information option Buttons Auto refresh dl Check this box to enable an automatic refresh of the page at regular intervals Refresh cea J Clear all statistics Click to refresh the page any changes made locally will be undone 63 User s Manual of MGSW 24160F 4 2 10 CPU Load This page displays the CPU load using a SVG graph The load is measured as averaged over the last 100ms 1sec and 10 seconds intervals The last 120 samles are graphed and the last numbers are dis
251. emote peer MEP A router port is a port on the Ethernet switch that leads switch towards the Layer 3 multicast device In 1998 the IEEE with document 802 1w introduced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP 516 User s Manual of MGSW 24160F Samba is a program running under UNIX like operating systems that provides seamless integration between UNIX and Microsoft Windows machines Samba acts as file and print servers for Microsoft Windows IBM OS 2 and other SMB client machines Samba uses the Server Message Block SMB protocol and Common Internet File System CIFS which is the underlying protocol used in Microsoft Windows networking Samba can be installed on a variety of operating system platforms including Linux most common Unix platforms OpenVMS and IBM OS 2 Samba can also register itself with the master browser on the network so that it would appear in the listing of hosts in Microsoft Windows Neighborhood Network SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence
252. enable an automatic refresh of the page at regular intervals 108 User s Manual of MGSW 24160F 4 5 4 LACP Port Status This page provides a status overview for LACP status for all ports The LACP Port Status screen in Figure 4 5 6 appears LACP Status LACP Key Aggr ID Partner System ID Partner Port No Auto Refresh O Figure 4 5 6 LACP Port Status Page Screenshot The page includes the following fields Object Description e Port The switch port number e LACP Yes means that LACP is enabled and the port link is up No means that LACP is not enabled or that the port link is down Backup means that the port could not join the aggregation group but will join if other port leaves Meanwhile it s LACP status is disabled e Key The key assigned to this port Only ports with the same key can aggregate together e Aggr ID The Aggregation ID assigned to this aggregation group IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs 109 User s Manual of MGSW 24160F Partner System ID The partner System ID MAC address e Partner Port The partner port number connected to this port Buttons Refresh Click to refresh the page immediately mu Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals 4 5 5 LACP Port Statistics This page provides an overview for LACP statistics for all ports The LACP statistics screen in Figure 4 5 7 appear
253. enabled the port will now be placed in the Guest VLAN If disabled the switch will first check its history to see if an EAPOL frame has previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit 222 User s Manual of MGSW 24160F an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled e Port State The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single supplicant mode and the supplicant is authorized Unauthorized The port is in Force Unauthorized or a sin
254. enerically when referring of any type of 802 11 network whether 802 11b 802 11a dual band etc The term is promulgated by the Wi Fi Alliance WPA is an acronym for Wi Fi Protected Access It was created in response to several serious weaknesses researchers had found in the previous system Wired Equivalent Privacy WEP WPA implements the majority of the IEEE 802 11i standard and was intended as an intermediate measure to take the place of WEP while 802 11i was prepared WPA is specifically designed to also work with pre WPA wireless network interface cards through firmware upgrades but not necessarily with first generation wireless access points WPA2 implements the full standard but will not work with some older network cards Wikipedia WPA PSK is an acronym for Wi Fi Protected_Access Pre Shared Key WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia 521 User s Manual of MGSW 24160F WPA Radius is an acronym for Wi Fi Protected Access Radius 802 1X authentication serve
255. ependent customer LANs into the MAN Metro Access Network space One of the purposes of the provider bridge is to recognize and use VLAN tags so that the VLANs in the MAN space can be used independent of the customers VLANs This is accomplished by adding a VLAN tag with a MAN related VID for frames entering the MAN When leaving the MAN the tag is stripped and the original VLAN tag with the customer related VID is again available This provides a tunneling mechanism to connect remote costumer VLANs through a common MAN space without interfering with the VLAN tags All tags use EtherType 0x8100 or 0x88A8 where 0x8100 is used for customer tags and 0x88A8 are used for service provider tags In cases where a given service VLAN only has two member ports on the switch the learning can be disabled for the particular VLAN and can therefore rely on flooding as the forwarding mechanism between the two ports This way the MAC table requirement is reduced VLAN Port Configuration The VLAN Port Configuration screen in Figure 4 6 2 appears 118 User s Manual of MGSW 24160F VLAN Port Configuration Mode 15550210 Y Ingress Acceptable Set out layer LAN Karg erns Frame rae Link Type Q in Q Mode tag ether type 00 000 0UN LOA Sd bkfbkfefeje fej
256. er s Manual of MGSW 24160F Example Add port17 to port24 in VLAN10 SWITCH gt vlan add 10 17 24 VLAN Delete Description Delete VLAN entry Syntax VLAN Delete lt vid gt Parameters lt vid gt VLAN ID 1 4095 Example Delete port17 to port24 in VLAN10 SWITCH gt vlan delete 10 VLAN Look up Description Look up VLAN entry Syntax VLAN Look up lt vid gt combined static nas mvr voice_vlan all Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vlan Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration 337 User s Manual of MGSW 24160F Example Show VLAN status SWITCH gt vlan lookup VLAN Status Description VLAN Port Configuration Status Syntax VLAN Status lt port_list gt combined static nas mvr voice_vlan mstp all conflicts Parameters lt port_list gt Port list or all default All ports combined combined VLAN Users configuration static static port configuration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration all All VLAN Users configuration default combined VLAN Users configuration Default Setting P
257. er Ethernet with high flexible high extendable and easy installation features the data exchange speed of Optical Fiber is up to 1Gbps and the distance of Gigabit Optical Fiber is up to 120km Service provides such as ISP and Telecom install Metropolitan Area Network MAN based on Fiber technology to the WAN Internet Service MGSW 24160F adopts Front Access design for technician wiring and maintain MGSW 24160F very easily in cabinet 18 User s Manual of MGSW 24160F AC and DC Redundant Power to ensure continuous operation PLANET MGSW 24160F is equipped with one 100 240V AC power supply unit and one additional DC 36 72V power supply unit for redundant power supply installation A redundant power system is also provided to enhance the reliability with either 100 240V AC power supply unit or DC 36 72V power supply unit Redundant Power Systems are specifically designed to handle the demands of high tech facilities requiring the highest power integrity Furthermore with the 36 72V DC power supply implemented the MGSW 24160F can be applied as the telecom level device that could be located at the electronic room Digital Input and Digital Output for external Alarm PLANET MGSW 24160F supports Digital Input and Digital Output on the front panel this external alarm offers technician use Digital Input to detect and log external device status such as door intrution detector then alarm As Digital Output could be used to alarm
258. er is specified Sender IP filter is don t care Host Sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear e Sender IP Address When Host or Network is selected for the sender IP filter you can enter a specific sender IP address in dotted decimal notation e Sender IP Mask When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation e Target IP Filter Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear e Target IP Address When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation e Target IP Mask When Network is selected for the target IP filter you can enter a specific target IP mask in dotted decimal notation e ARP SMAC Match Specify whether frames can hit the action according to their sender hardware address fie
259. ers replace Replace the original relay information when receive a DHCP message that already contains it keep Keep the original relay information when receive a DHCP message that already contains it drop Drop the package when receive a DHCP message that already contains relay information default Show DHCP relay information policy Default Setting replace Example Keep the original relay information when receive a DHCP message that already contains it SWITCH gt security network dhcp relay information policy keep Security Network DHCP Relay Statistics Description Show or clear DHCP relay statistics Syntax Security Network DHCP Relay Statistics clear Parameters clear Clear DHCP relay statistics Example Show DHCP relay statistics SWITCH gt security network dhcp relay statistics 399 Description Show DHCP snooping configuration Syntax Security Network DHCP Snooping Configuration Example Set NAS age time in 1000sec User s Manual of MGSW 24160F 400 User s Manual of MGSW 24160F 22 trusted 23 trusted 24 trusted Security Network DHCP Snooping Mode Description Set or show the DHCP snooping mode Syntax Security Network DHCP Snooping Mode enable disable Parameters enable Enable DHCP snooping mode When enable DHCP snooping mode operation the request DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted po
260. erver IP address a b c d lt file_name gt Configuration file name Configuration Load Description Load configuration from TFTP server Syntax Config Load lt ip_server gt lt file_name gt check Parameters lt ip_server gt TFTP server IP address a b c d lt file_name gt Configuration file name check Check configuration file only default Check and apply file 468 User s Manual of MGSW 24160F 6 17 Firmware Command Firmware Load Description Load new firmware from TFTP server Syntax Firmware Load lt ip_addr_string gt lt file_name gt Parameters lt ip_addr_string gt IP host address a b c d or a host name string lt file_name gt Firmware file name Firmware IPv6 Load Description Load new firmware from IPv6 TFTP server Syntax Firmware IPv6 Load lt ipv6_server gt lt file_name gt Parameters lt ipv6_server gt TFTP server IPv6 address 469 User s Manual of MGSW 24160F 6 18 UPnP Command UPnP Configuration Description Show UPnP configuration Syntax UPnP Configuration Example Show UPnP configuration SWITCH gt upnp configuration UPnP Configuration Disabled 4 UPnP Advertising Duration 100 UPnP Mode Description Set or show the UPnP mode Syntax UPnP Mode enable disable Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting disable Example Enable
261. es Page Screenshot The page includes the following fields Object Description e Audio and Video Indicates the common servers that apply to the specific ACE The common servers are QuickTime 4 Server MSN Messenger Phone Yahoo Messenger Phone Napster Real Audio e Games Indicates the common games that apply to the specific QCE e User Definition Buttons Cancel Wizard Indicates the user definition that applies to the specific QCE The user definitions are Ethernet Type Specify the Ethernet Type filter for this QCE The allowed range is 0x600 to OxFFFF VLAN ID VLAN ID filters for this QCE The allowed range is 1 to 4095 UDP TCP Port Specify the TCP UDP port filter for this QCE The allowed range is 0 to 65535 DSCP Specify the DSCP filter for this QCE The allowed range is O to 63 Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard 174 User s Manual of MGSW 24160F i STEP 2 According to your selection on the previous page this wizard will create specific QCEs QoS Control Entries automatically First select the QCL ID for these QCEs and then select the traffic class Different parameter options are displayed depending on the frame type that you selected Set up Typical Network Application Rules According to your selection on the previous page this wizard will create specific QCEs QoS Control Entries
262. es all dynamic entries Lk lt Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address gt gt gt Updates the table starting with the entry after the last entry currently displayed 274 User s Manual of MGSW 24160F 4 13 6 Dynamic IP Source Guard Table Entries in the Dynamic IP Source Guard Table are shown on this page The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by IP mask The Dynamic IP Source Guard Table screen in Figure 4 13 6 appears Dynamic IP Source Guard Table Start from Port 1 Y VLAN 1 _ and IP Address 0 0 0 0 _ and IP Mask 0 0 0 0 _ with 20 entries per page Port VLAN ID IP Address IP Mask no more entries Auto Refresh CO Figure 4 13 6 Dynamic IP Source Guard Table Page Screenshot Navigating the ARP Inspection Table Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic IP Source Guard Table The Start from port address VLAN IP address and IP mask input fields allow the user to select the starting point in the Dynamic IP Source Guard Table Clicking the Refresh button will update the displayed table starting from that or the closest next Dynamic IP Source Guard
263. es the SNMP access source address mask Buttons _ Add new community Click to add a new community entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 3 5 2 SNMPv3 Users Configuration Configure SNMPv3 users table on this page The entry index key are Engine ID and User Name The SNMPv3 Users Configuration screen in Figure 4 3 5 appears 84 User s Manual of MGSW 24160F SNMPv3 Users Configuration User Security Authentication Authentication Privacy Privacy Delete Engine ID Name Level Protocol Password Protocol Password oO 800007e5017f000001 default_user NoAuth NoPriv None None None None Add new user Figure 4 3 5 SNMPv3 Users Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Engine ID A octet string identifying the engine ID that this entry should belong to The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed User Name A string identifying the user name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Security Level Indicates the security model that this entry should belong to Possible security models are NoAuth NoPriv None authentication an
264. ese devices are typically deployed ona separate VLAN for ease of deployment and enhanced security by isolation from data applications Voice Signaling conditional for use in network topologies that require a different policy for the voice signaling than for the voice media This application type should not be advertised if all the same network policies apply as those advertised in the Voice application policy Guest Voice support a separate limited feature set voice service for guest users and visitors with their own IP Telephony handsets and other similar appliances supporting interactive voice services Guest Voice Signaling conditional for use in network topologies that require a different policy for the guest voice signaling than for the guest voice media This application type should not be advertised if all the same network policies apply as those advertised in the Guest Voice application policy Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops This class of endpoints frequently does not 285 User s Manual of MGSW 24160F support multiple VLANs if at all and are typically configured to use an untagged VLAN or a single tagged data specific VLAN When a network policy is defined for use with an untagged VLAN see Tagged flag below then the L2 priority field is ignored and only the DSCP value has relevance Video Conferencing Streaming Video for
265. ets Tx Octets 142665 Rx Unicast Tx Unicast 0 Rx Multicast Tx Multicast 1025 Rx Broadcast Tx Broadcast 113 Rx Pause Tx Pause Receive Size Counters Transmit Size Counters Rx 64 Bytes Tx 64 Bytes Rx 65 127 Bytes Tx 65 127 Bytes Rx 128 255 Bytes Tx 128 255 Bytes Rx 256 511 Bytes Tx 256 511 Bytes Rx 512 1023 Bytes Tx 512 1023 Bytes Rx 1024 1526 Bytes Tx 1024 1526 Bytes Rx 1527 Bytes Tx 1527 Bytes Receive Queue Counters Transmit Queue Counters Rx Low Tx Low Rx Normal Tx Normal Rx Medium Tx Medium Rx High Tx High Receive Error Counters Transmit Error Counters Rx Drops Tx Drops Rx CRC Alignment Tx Late Exc Coll Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered Figure 4 4 3 Detailed Port Statistics Port 1 Page Screenshot 94 The page includes the following fields Receive Total and Transmit Total Object User s Manual of MGSW 24160F Description e Rx and Tx Packets The number of received and transmitted good and bad packets e Rx and Tx Octets The number of received and transmitted good and bad bytes Includes FCS but excludes framing bits e Rx and Tx Unicast The number of received and transmitted good and bad unicast packets e Rx and Tx Multicast The number of received and transmitted good and bad multicast packets e Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets e Rx and Tx Pa
266. etwork layer policy discovery LLDP MED Communication Endpoint Class III The LLDP MED Communication Endpoint Class III definition is applicable to all endpoint products that act as end user communication appliances supporting IP media Capabilities include all of the capabilities defined for the previous Generic Endpoint Class and Media Endpoint Class II classes and are extended to include aspects related to end user devices Example product categories 288 User s Manual of MGSW 24160F expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management e LLDP MED Capabilities LLDP MED Capabilities describes the neighbor unit s LLDP MED capabilities The possible capabilities are 1 LLDP MED capabilities Network Policy Location Identification Extended Power via MDI PSE Extended Power via MDI PD Inventory NO oO A W DN Reserved e Application Type Application Type indicating the primary function of the application s defined for this network policy advertised by an Endpoint or Network Connectivity Device The poosible application types are shown below Voice for use by dedic
267. f a port is shutdown by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action section Note that clicking the reopen button causes the page to be refreshed so non committed changes will be lost 253 User s Manual of MGSW 24160F Buttons Refresh Click to refresh the page Note that non committed changes will be lost Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 12 2 Access Management Configure access management table on this page The maximum entry number is 16 If the application s type match any one of access management entry it will allow to access the switch The Access Management Configuration screen in Figure 4 12 2 appears Access Management Configuration COIE Delete Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH Figure 4 12 2 Access Management Configuration Overview Page Screenshot The page includes the following fields Object Description e Mode Indicates the access management mode operation Possible modes are Enabled Enable access management mode operation Disabled Disable access management mode operation e Delete Check to delete the entry It will be deleted during the next save e Start IP address Indicates the start IP address for the access management entry e End IP a
268. figuration Description Show system configuration Syntax Show system Show VLAN Configuration Description Show VLAN configuration Syntax Show vlan Show STP Configuration Description Show up STP Port configuration Syntax Show STP 491 User s Manual of MGSW 24160F 6 23 DIDO Command Di_act Description Digital input fuction and action configuration Syntax di_act first second 1 2 3 4 enable disable Parameters lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output first 1 second 2 select lt 1 gt System Log lt 2 gt Syslog lt 3 gt SNMP Trap lt 4 gt SMTP default set or show digital input 1 2 action lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable Digital input 1 and enable acion to System log SWITCH gt dido di_act first 1 enable Didital input1 action System Log enbale Syslog disable SNMP Trap disable SMTP disable Di_desc Description Set or show the system digital input1 2 description 492 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Syntax Di_desc first second lt description gt Parameters lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output
269. for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to a second client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer can be added to a network without the hassle of manually assigning it a unique IP address DHCP Relay is used to forward and to transfer DHCP messages between the clients and the serve
270. forwarding lt rate_limiter gt Rate limiter number 1 15 or disable lt port_copy gt Port number for copy of frames or disable lt logging gt System logging of frames log log_disable lt shutdown gt Shut down ingress port shut shut_disable Default Setting 300 Example Show ACL action in port 1 SWITCH gt security network acl action 1 Port Action Rate Limiter Port Copy Logging Shutdown Counter Permit Disabled Disabled Disabled Disabled 0 User s Manual of MGSW 24160F Security Network ACL Policy Description Set or show the ACL port policy Syntax Security Network ACL Policy lt port_list gt lt policy gt Parameters lt port_list gt Port list or all default All ports lt policy gt Policy number 1 8 Default Setting 1 Example Set ACL policy 2 for port 1 SWITCH gt security network acl policy 1 2 392 User s Manual of MGSW 24160F Security Network ACL Rate Description Set or show the ACL rate limiter Syntax Security Network ACL Rate lt rate_limiter_list gt lt packet_rate gt Parameters lt rate_limiter_list gt Rate limiter list 1 15 default All rate limiters lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting 1 Example Set rate limit value in 1024k for port 1 SWITCH gt security network acl rate 1 1024k Security Network ACL Add Description Add or modify Access Con
271. g With aging enabled a timer is started once the end host gets secured When the timer expires the switch starts looking for frames from the end host and if such frames are not seen within the next Aging Period the end host is assumed to disconnect and the corresponding resources are freed on the switch The table has one row for each port on the selected switch which are Object Description e Port The port number for which the configuration below applies e Mode Controls whether Limit Control is enabled on this port Both this and the Global Mode must be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port 252 e Limit User s Manual of MGSW 24160F The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken The switch is born with a total number of MAC addresses from which all ports draw whenever a new MAC address is seen on a Port Security enabled port Since all ports draw from the same pool it may happen that a configured maximum cannot be granted if the remaining ports have already used all available MAC addresses e Action If Limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further a
272. g a Transmission Control Protocol TCP connection to a particular port on a remote host port 80 by default An HTTP server listening on that port waits for the client to send a request message HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer It is used to indicate a secure HTTP connection HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security sensitive communication such as payment transactions and corporate logons 509 User s Manual of MGSW 24160F HTTPS is really just the use of Netscape s Secure Socket Layer SSL as a sublayer under its regular HTTP application layering HTTPS uses port 443 instead of HTTP port 80 in its interactions with the lower layer TCP IP SSL uses a 40 bit key size for the RC4 stream encryption algorithm which is considered an adequate degree of encryption for commercial exchange ICMP is an acronym for Internet Control Message Protocol It is a protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access fr
273. g content is digital number or asterisk Buttons Add new view Click to add a new view entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 88 User s Manual of MGSW 24160F 4 3 5 5 SNMPv3 Accesses Configuration Configure SNMPv3 accesses table on this page The entry index key is Group Name Security Model and Security Level The SNMPv3 Accesses Configuration screen in Figure 4 3 8 appears SNMPv3 Accesses Configuration Security Model Security Level Read View Name Write View Name 1 default_ro_group any NoAuth NoPriv default_view Y None vi O default_rw_ group any NoAuth NoPriv default_view v default_view Y Figure 4 3 8 SNMPv3 Accesses Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e Group Name A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 e Security Model Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM e Security Level Indicates the security model that this entry should belong to
274. gin web interface with new user name and password the screen in Figure 4 2 4 appears Users Configuration Username Privilige Lev el admin 15 quest User s Manual of MGSW 24160F Figure 4 2 4 Users Configuration Page Screenshot The page includes the following fields Object Description e Username The name identifying the user This is also a link to Add Edit User e Privilege Level The privilgeg level for the user Buttons Add new user Click to add a new user Add Edit User This page configures a user add edit or delete user Add User User Settings Password Password again Privilige Level See e Figure 4 2 5 Add Edit User Configuration Page Screenshot i 4 The page includes the following fields Object Description e Username The name identifying the user e Password The password of the user e Privilege Level The privilgeg level for the user Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Cancel Click to undo any changes made locally and return to the Users 54 User s Manual of MGSW 24160F Delete User Delete the current user This button is not available for new configurations Add new user Once the new user is added the new user entry shown in the Users Configuration page Users Configuration Username Privilige Level admin 15 quest 5
275. gle supplicant mode and the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized Buttons e Restart Refresh Save Click to refresh the page Click to save changes Two buttons are available for each row The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Rese J Click to undo any changes made locally and revert to previously saved values 223 User s Manual of MGSW 24160F 4 11 4 Network Access Overview This page provides an overview of the current NAS port states for the selected switch The Network Access Overview screen in Figure 4 11 5 appears Network Access Overview A
276. gt Parameters lt mac_addr gt MAC address XX XX XX XX XX XX lt vid gt VLAN ID 1 4095 default 1 Example Look up state of Mac address 00 30 4F 01 01 02 SWITCH gt mac lookup 00 30 4f 01 01 02 MAC Age Time Description Set or show the MAC address age timer Syntax MAC Agetime lt age_time gt Parameters lt age_time gt MAC address age time 0 10 1000000 O disable default Show age time Default Setting 300 Example 328 User s Manual of MGSW 24160F Set agetime value in 30 SWITCH gt mac agetime 30 MAC Learning Description Set or show the port learn mode Syntax MAC Learning lt port_list gt auto disable secure Parameters lt port_list gt Port list or all default All ports auto Automatic learning disable Disable learning secure Secure learning default Show learn mode Default Setting Auto Example Set secure learning mode in port1 SWITCH gt mac learning 1 secure MAC Dump Description Show sorted list of MAC address entries Syntax MAC Dump lt mac_max gt lt mac_addr gt lt vid gt Parameters lt mac_max gt Maximum number of MAC addresses 1 8192 default Show all addresses lt mac_addr gt First MAC address xx xx xx xx Xxx xx default MAC address zero lt vid gt First VLAN ID 1 4095 default 1 329 Example Show all of MAC table SWITCH gt mac dump Type VID MAC Address 00 30 00 33
277. gt TCP flags fin syn rst psh ack urg 0 1 any permit Permit forwarding default deny Deny forwarding lt rate_limiter gt Rate limiter number 1 15 or disable lt port_copy gt Port number for copy of frames or disable lt logging gt System logging of frames log log_disable lt shutdown gt Shut down ingress port shut shut_disable 394 User s Manual of MGSW 24160F Security Network ACL Delete Description Delete ACE Syntax Security Network ACL Delete lt ace_id gt Parameters lt ace_id gt ACE ID 1 128 Example Delete ACE 1 SWITCH gt security network acl delete 1 Security Network ACL Look up Description Show ACE default All ACEs Syntax Security Network ACL Look up lt ace_id gt Parameters lt ace_id gt ACE ID 1 128 Example Look up ACE 1 SWITCH gt security network acl lookup 1 Security Network ACL Clear Description Clear all ACL counters Syntax Security Network ACL Clear 395 User s Manual of MGSW 24160F Example Clear all ACL counters SWITCH gt security network acl clear Security Network ACL Status Description Show ACL status Syntax Security Network ACL Status combined static dhcp upnp arp_inspection ip_source_guard conflicts Parameters combined Shows the combined status static Shows the static user configured status dhcp Shows the status by DHCP upnp Shows the status by UPnP arp_i
278. gt Management Hi Switch Management Interfaces Console Telnet Command Line Interface Web switch management SNMP v1 v2c and v3 switch management SSH SSL secure access Mi Four RMON groups history statistics alarms and events Hi Pv6 IP Address NTP DNS management 22 User s Manual of MGSW 24160F Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Firmware upload download via HTTP TFTP DHCP Relay and Option 82 User Privilege levels control NTP Network Time Protocol Link Layer Discovery Protocol LLDP Protocol Cable Diagnostic technology provides the mechanism to detect and report potential cabling issues Reset button for system reboot or reset to factory default PLANET Smart Discovery Utility for deploy management ICMPv6 gt Redundant Power System HM 100 240V AC 36 72V DC Dual power redundant Active active redundant power failure protection Ml Backup of catastrophic power failure on one supply MM Fault tolerance and resilience gt Digital Input Digital Output Hi 2 Digital Input DI Hi 2 Digital Output DO Ml Integrate sensors into auto alarm system Ml Transfer alarm to IP network via email and SNNP trap 23 User s Manual of MGSW 24160F 1 5 Product Specification Hardware Specification 16 1000Base SX LX BX SFP interfaces from port9 to port16 SFP mini GBIC Slots Compatible with 100Base FX SFP Copper Ports 8 10 100 1000Bas
279. he client transmits frames as if the port is in the authorized state A port in the authorized state effectively means that the client has been successfully authenticated When the client supplies its identity the switch begins its role as the intermediary passing EAP frames between the client and the authentication server until authentication succeeds or fails If the authentication succeeds the switch port becomes authorized The specific exchange of EAP frames depends on the authentication method being used Figure 4 11 2 shows a message exchange initiated by the client using the One Time Password OTP authentication method with a RADIUS server Authentication Client ki pee pen 802 1X Switch v D 3 EAPOL Start EAP Request Identity EAP Response Identity RADIUS Access Request or EAP Request OTP RADIUS Access Challenge Se EAP Response OTP RADIUS Access Request oO EAP Success RADIUS Access Accept Se Port Authorized EAPOL Logoff Port Unauthorized Figure 4 11 2 EAP Message Exchange 211 User s Manual of MGSW 24160F E Ports in Authorized and Unauthorized States The switch port state determines whether or not the client is granted access to the network The port starts in the unauthorized state While in this state the port disallows all ingress and egress traffic except for 802 1X protocol packets When a client is successfully authenticated the port transitions to the authorized sta
280. he following fields Figure 4 2 8 appears Mode Object Disable v GMT 0 Casablanca Monrovia Dublin Edinburgh Lisbon London v pool ntp org o europe pool ntp org north america pool ntp org asia pool ntp org oceania pool ntp org NTP Configuration Figure 4 2 8 NTP Configuration Page Screenshot Description e Mode Indicates the NTP mode operation Possible modes are Enabled Enable NTP mode operation When enable NTP mode operation the agent forward and to transfer NTP messages between the clients and the server when they are not on the same subnet domain Disabled Disable NTP mode operation e Timezone Allow select the time zone according to current location of switch Buttons Save e Server Click to save changes Provide the NTP IPv4 or IPv6 address of this switch IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Reset J Click to undo any changes made locally and revert to previously saved values 58 User s Manual of MGSW 24160F 4 2 7 UPnP Configuration Configure UPnP on this page UPnP is an
281. he port e Tag Priority Select the default tag priority for this port when adding a Tag to the untagged frames e Queuing Mode Select which Queuing mode for this port e Queue Weighted Setting Queue weighted Low Normal Medium High if the Queuing Mode is Weighted Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 5 Bandwidth Control Configure the switch port rate limit for Polices and Shapers on this page The settings relate to the currently selected unit as reflected by the page header The screen Bandwidth Control in Figure 4 9 10 appears 183 User s Manual of MGSW 24160F Rate Limit Configuration Policer Enabled Policer Rate Policer Unit Shaper Enabled Shaper Rate Shaper Unit r 3 3 00 10002 UN _ Ln _ ho a Qu E _ nm _ mn J co _ wo ho o MN gt Nh ofslelelelelelelalalelalals ho q m JJ E SU O O a a O A OS O O O A O O O A ppp a a a e a e a G e G e a S a S S E a o G ho E Figure 4 9 10 Rate Limit Configuration Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row
282. he revision of the MSTI configuration named above This must be an integer between 0 and 65535 150 User s Manual of MGSW 24160F MSTI Mapping Object Description e MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped e VLANs Mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma and or space AVLAN can only be mapped to one MSTI A unused MSTI should just be left empty l e not having any VLANs mapped to it Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 7 7 MSTI Ports Configuration This page allows the user to inspect the current STP MSTI port configurations and possibly change them as well A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The MSTI Port Configuration screen in Figure 4 7 9 amp Figure 4 7 10 appears MSTI Port Configuration Select MSTI MSTI M Figure 4 7 9 MSTI Port Configuration Page Screenshot The page includes the following fields MSTI Port Configuration Object Description e Select MSTI Select the bridge instance and
283. heckbox will disable Digital input output function e Condition As Digital Input Allows user selecting to High to Low or Low to High This is means a signal received by system is from High to Low or From Low to High it will trigger an action that logs a customize message or issue the message from the switch As Digital Output Allows user selecting to High to Low or Low to High This is means that when the switch has power failed or port failed then system will issue a High or Low signal to an external device such as an alarm 74 e Event Description User s Manual of MGSW 24160F Allows user setting a customize message for Digital Input function alarming e Event As Digital Input Allows user to record alarm message to System log syslog or issues out via SNMP Trap or SMTP As default SNMP Trap and SMTP are disabled please enable them first if you want to issue alarm message via them As Digital Output Allows user to monitor and alarm from port fail power fail Digital Input1 and Digital Input2 which means if Digital Output has detected these event then Digitial Output would be triggered according to the setting of Condition e Power Alarm Allows user to choose which power module want to be monitored e Port Alarm Buttons Save Click to save changes Allows user to choose which port want to be monitored Reset Click to undo any changes made locally and revert to previously saved
284. here the PRO is equal to IP 0x800 must not match this entry 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry Any Any value is allowed don t care The IP parameters can be configured when Frame Type IPv4 is selected Object Description e IP Protocol Filter Specify the IP protocol filter for this ACE Any No IP protocol filter is specified don t care Specific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear These fields are explained later in this help file 200 User s Manual of MGSW 24160F UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear These fields are explained later in this help file TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear These fields are explained later in this help file e IP Protocol Value When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IP protocol value e IPTTL Specify the Time to Live settings for this ACE zero IPv4 frames with a Time to Live field greater than zero must not be able to match this entry non zero
285. hese settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 41 User s Manual of MGSW 24160F 3 4 Web Management The Managed Switch offers management features that allow users to manage the Managed Switch from anywhere on the network through a standard browser such as Microsoft Internet Explorer After you set up your IP address for the switch you can access the Managed Switch s Web interface applications directly in your Web browser by entering the IP address of the Managed Switch PLANET Managed Switch PC Workstation with IE Browser J 45 UTP Cabl y IP Address IP Address 192 168 0 100 192 168 0 x Figure 3 3 Web Management Diagram You can then use your Web browser to list and manage the Managed Switch configuration parameters from one central location just as if you were directly connected to the Managed Switch s console port Web Management requires either Microsoft Internet Explorer 6 0 or later Safari or Mozilla Firefox 1 5 or later PLANET Motworking amp Communication MG
286. how LLDP MED Location Syntax LLDPMED Coordinates latitude longitudelaltitude north south west east meters floor coordinate_value Parameters latitude Latitude O to 90 degress with max 4 digits Positive numbers are north of the equator and negative numbers are south of the equator longitude Longitude 0 to 180 degress with max 4 digits Positive values are East of the prime meridian and negative numbers are West of the prime meridian altitude Altitude Meters or floors with maximum 4 digits default Show coordinate location configuration north south west east meters floor North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters Meters Valid for altitude Floor Floor Valid for altitude lldpmed Coordinate value coordinate_value lldpmed Coordinate value LLDPMED Datum Description Set or show LLDP MED Coordinates map datum Syntax LLDPMED Datum wgs84 nad83_navd88 nad83_mllw Parameters wgs84 nad83_navd88 nad83_mllw wgs84 WGS84 nad83_navd88 NAD83_NAVD88 nad83_mllw NAD83_MLLW lldpmed Coordinate datum 454 User s Manual of MGSW 24160F LLDPMED Fast Description Set or show LLDP MED Fast Start Repeat Count Syntax LLDPMED Fast lt count gt Parameters lt count gt The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism
287. how the multicast storm rate limiter Syntax QoS Storm Broadcast enable disable lt packet_rate gt Parameters enable Enable broadcast storm control disable Disable broadcast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k Default Setting Disabled 1pps Example Enable broadcast storm rate limiter in 1kpps 1024k SWITCH gt qos storm broadcast enable 1k 463 QoS DSCP Remarking Description Set or show the status of QoS DSCP Remarking Syntax QoS DSCP Remarking lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable QoS Remarking disable Disable QoS Remarking Default Setting Disabled Example Enable the status of QoS DSCP Remarking for port 1 4 User s Manual of MGSW 24160F SWITCH gt qos dscp remarking 1 4 enable QoS DSCP Queue Mapping Description Set or show the default port priority Syntax QoS DSCP Queue Mapping lt port_list gt lt class gt lt ds Parameters lt port_list gt Port list or all default All ports lt class gt Traffic class low normal medium high or 1 cp gt 12 3 14 lt dscp gt QoS DSCP Remarking Value 0 8 16 24 32 40 48 56 46 464 6 15 Mirror Command Mirror Configuration Description Show mirror configuration Syntax Mirror Configuration lt port_list gt Parameters lt port_list gt Port list or
288. ication default Show SMTP Authentication Default Setting disable SMTP Auth_user Description Set or show up SMTP authentication user name configure Syntax SMTP Auth_user lt auth_user_text gt Parameters lt auth_user_text gt SMTP Authentication User Name Default Setting disable 485 User s Manual of MGSW 24160F SMTP Auth_pass Description Set or show up SMTP authentication password configure Syntax SMTP Auth_pass lt auth_pass_text gt Parameters lt auth_pass_text gt SMTP Authentication Password Default Setting disable SMTP Mailfrom Description Set or show SMTP e mail from configure Syntax SMTP Mailfrom lt mailfrom_text gt Parameters lt mailfrom_text gt SMTP E mail From address Default Setting disable SMTP Mailsubject Description Set or show up SMTP e mail subject configure Syntax SMTP Mailsubject lt mailsubject_text gt Parameters lt mailsubject_text gt SMTP E mail Subject 486 User s Manual of MGSW 24160F Default Setting disable SMTP Mailto1 Description Set or show SMTP e mail 1 to configure Syntax SMTP Mailto1 lt mailto1_text gt Parameters lt mailto1_text gt SMTP e mail 1 to address Default Setting disable SMTP Mailto2 Description Set or show SMTP e mail 2 to configure Syntax SMTP Mailto2 lt mailto2_text gt Parameters lt mailto1_text gt SMTP e
289. ication default Show current age time 385 User s Manual of MGSW 24160F Default Setting 300 Example Set NAS age time in 1000sec SWITCH gt security network nas agetime 1000 Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Security Network NAS Holdtime lt hold_time gt Parameters lt hold_time gt Hold time before MAC addresses that failed authentication expire default Show current hold time Default Setting 10 Example Set NAS hold time in 100sec SWITCH gt security network nas holdtime 100 Security Network NAS RADIUS _ QoS Description Set or show either global enabledness use the global keyword or per port enabledness of RADIUS assigned QoS Syntax Security Network NAS RADIUS_QoS global lt port_list gt enable disable Parameters global Select the global RADIUS assigned QoS setting lt port_list gt Select the per port RADIUS assigned QoS setting 386 User s Manual of MGSW 24160F default Show current per port RADIUS assigned QoS enabledness enable Enable RADIUS assigned QoS either globally or on one or more ports disable Disable RADIUS assigned QoS either globally or on one or more ports default Show current RADIUS assigned QoS enabledness Default Setting disable Example Enable NAS RADIUS QoS SWITCH gt security network nas radius_qos enable
290. ice VLAN ID SWITCH gt voice vian id 2 Voice VLAN Agetime Description Set or show Voice VLAN age time Syntax Voice VLAN Agetime lt age_time gt 479 User s Manual of MGSW 24160F Parameters lt age_time gt MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example Set Voice VLAN age time in 100sec SWITCH gt voice valn agetime 100 Voice VLAN Traffic Class Description Set or show Voice VLAN ID Syntax Voice VLAN Traffic Class lt class gt Parameters lt class gt Traffic class low normal medium high or 1 2 3 4 Default Setting high Example Set medium traffic class for voice VLAN SWITCH gt voice vlan traffic class medium Voice VLAN OUI Add Description Add Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Add lt oui_addr gt lt description gt 480 User s Manual of MGSW 24160F Parameters lt oui_addr gt OUI address xx xx xx lt description gt Entry description Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Example Add Voice VLAN OUI entry SWITCH gt voice vian oui add 00 11 22 test Voice VLAN OUI Delete Description Delete Voice VLAN OUI entry Modify OUI table will restart auto detect OUI process Syntax Voice VLAN OUI Delete lt oui_addr gt Parameters lt oui_addr
291. icies The settings relate to the currently selected unit as reflected by the page header The screen in Figure 4 9 2 appears Set up Policy Rules Group ports into several types according to different QCL policies Mm in a f E a E o a 0000000000000000000000O 2900000000000000O0OOVOVOVO N 0000OOOOOVOOVOVOVOVOVODO 90000000000000000000000 F90000000000000000000000O 3 900000000000000000000000 90000000000000000000000 AJOoooooo0oo0000000000000000 8f9 0000000000000000000000O j90000000000000O0O0O0OVOVDODO j 00000000000000000000000 060000000OOOOOOOOODODODO 060000000OOOOOOOOODODODO 0000000000 DODODODODOODO 3 900000000000000000000000 90000000000000000000000 90000000000000000000000O n 0000000000000000O0DODODO 90000000000OVOOVOVOVOVOVO 0000000000O0O0OOOVOVOVOVO 9000000000000000O0VDODODO 900000000000000000000000O nN 00O0OO0OOOOOVOOVOOVOVOVOVDODO 900000000000000000O00DO00DO 1 NM Fino Roo QSL wD Figure 4 9 2 Set up Policy Rules Page Screenshot izard W Cancel The page includes the following fields Description Frames that hit this QCE are set to match this specific QCL A row of radio buttons for each port is displayed for each QCL ID To include a port in a QCL member click the radio button Object e QCLID e Port Members 172 User s Manual of MGSW 24160F Buttons Cancel Wizard Click t
292. icy is potentially advertised and associated with multiple sets of application types supported on a given port The application types specifically addressed are 1 Voice 2 Guest Voice 3 Softphone Voice 4 Video Conferencing 5 Streaming Video 6 Control Signaling conditionally support a separate network policy for the media types above A large network may support multiple VoIP policies across the entire organization and different policies per application type LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration It should be noted that LLDP MED is not intended to run on links other than between Network Connectivity Devices and Endpoints and therefore does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN Object Description e Delete Check to delete the policy It will be deleted during the next save e Policy ID ID for the policy This is auto generated and shall be used when selecting the police that shall be mapped to the specific ports e Application Type Intended use of the application types Voice for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services Th
293. ield in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled Example Disable SMAC mode SWITCH gt Aggr mode smac disable 439 6 11 Link Aggregation Control Protocol Command LACP Configuration Description Show LACP configuration Syntax LACP Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LACP configuration SWITCH gt lacp configuration Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Key Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Auto Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active Active 440 User s Manual of MGSW 24160F 22 Disabled Auto Active 23 Disabled Auto Active 24 Disabled Auto Active User s Manual of MGSW 24160F LACP Mode Description Set or show LACP mode Syntax LACP Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable LACP protocol disable Disable LACP protocol default Show LACP mode Default Setting disable
294. if MGSW 24160F port link down link up or power failure Cost effective I Pv6 Managed Gigabit Switch solution for industrial Nowadays lots of electronic products or mobile devices can browse the Internet which means the need of IP Address increases However the current IPv4 network infrastructure is not capable enough to provide IP Address to each single users Clients The situation forces the ISP to build up the IPv6 Internet Protocol version 6 network infrastructure speedily To fulfill the demand PLANET releases the IPv6 management Gigabit Ethernet Switch It supports both IPv4 and IPv6 management functions It can work with original network structure IPv4 and also support the new network structure IPv6 in the future With easy and friendly management interfaces and plenty of management functions included the MGSW 24160F Managed Switch is the best choice for you to build the IPv6 FTTx edge service and for Industrial to connect with IPv6 network Layer 2 Layer 4 Full functioned Managed Switch for Building Automation Networking The MGSW 24160F Industrial Managed Ethernet Switch is ideal for applications in the factory data centers and distributions It provides advanced Layer 2 to Layer 4 data switching and redundancy Quality of Service traffic control network access control and authentication and Secure Management features to protect customer s industrial network connectivity with reliable switching recovery capability that is suit
295. includes the following fields Object Description e Auto Learning is done automatically as soon as a frame with unknown SMAC is received e Disable No learning is done e Secure Only static MAC entries are learned all other frames are dropped Make sure that the link used for managing the switch is added to the Static Mac Table before ES changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 13 5 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address The Dynamic ARP Inspection Table screen in Figure 4 13 5 appears 273 User s Manual of MGSW 24160F Dynamic ARP Inspection Table Start from Port 1 M VLAN 1 MAC Address 00 00 00 00 00 00 and IP Address 0 0 0 0 with 20 entries per page Port VLAN ID MAC Address IP Address Auto Refresh C Refresh I lt lt gt Figure 4 13 5 Dynamic ARP Inspection Table Page Screenshot Navigating the ARP Inspection Table Each page shows up to 999 entries from the Dynamic ARP Inspection
296. ine Mode The CLI groups all the commands in appropriate modes according to the nature of the command A sample of the CLI command modes are described below Each of the command modes supports specific software commands Command Groups System IP Port MAC VLAN PVLAN Security STP IGMP Aggr LACP LLDP LLDPMED PoE QoS Mirror Config Firmware UPnP MVR Voice VLAN SMTP Show System settings and reset options IP configuration and Ping Port management MAC address table Virtual LAN Private VLAN Security management Spanning Tree Protocol Internet Group Management Protocol snooping Link Aggregation Link Aggregation Control Protocol Link Layer Discovery Protocol Link Layer Discovery Protocol Media Power Over Ethernet Quality of Service Port mirroring Load Save of configuration via TFTP Download of firmware via TFTP Universal Plug and Play Multicast VLAN Registration Specific VLAN for voice traffic SMTP control configure Display the current information 6 1 System Command System Configuration Description Show system configuration 304 User s Manual of MGSW 24160F Syntax System Configuration all lt port_list gt Parameters all Show all switch configuration default Show system configuration lt port_list gt Port list or all default All ports Example To display system information SWITCH gt System configuration System Contact System Name MGSW 24160F
297. ing Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPv3 local engine ID SWITCH gt security switch snmp engine id 800007e5017f000002 Security Switch SNMP Community Add Description 366 User s Manual of MGSW 24160F Add or modify SNMPv3 community entry The entry index key is lt community gt Syntax Security Switch SNMP Community Add lt community gt lt ip_addr gt lt ip_mask gt Parameters lt community gt Community string lt ip_addr gt IP address a b c d default Show IP address lt ip_mask gt IP subnet mask a b c d default Show IP mask Example Add SNMPv3 community entry Security Switch SNMP Community Delete Description Delete SNMPv3 community entry Syntax Security Switch SNMP Community Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 community entry SWITCH gt security switch snmp community delete 3 Security Switch SNMP Community Look up Description Look up SNMPv3 community entry Syntax Security Switch SNMP Community Look up lt index gt 367 Parameters lt index gt entry index 1 64 Example Look up SNMPv3 community entry SWITCH gt security switch snmp community lookup Source IP Idx Community 192 168 0 20 2 private 0 0 0 0 Number of entries 2 Security Switch SNMP User Add Description Add SNMPv3 user entry User s Manual of MGSW 24160F
298. ing Page Screenshot Object Description e IP Address The destination IP Address e Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes Be sure the target IP Address is within the same network subnet of the switch or you had setup the correct gateway IP address Buttons Start Click to transmit ICMP packets 4 15 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues After you press Start 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMPv6 Ping screen in Figure 4 15 2 appears 295 User s Manual of MGSW 24160F ICMPv6 Ping IP Address 0 0 0 0 0 0 0 0 164 Figure 4 15 2 ICMPv6 Ping Page Screenshot The page includes the following fields Object Description e IPv6 Address The destination IPv6 Address e Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes Buttons Start Click to transmit ICMP packets 4 15 3 Remote IP Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port After you press Test 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a
299. ing VLAN 3 1 While PC 4 transmit an untagged packet enters Port 4 the switch will tag it with a VLAN Tag 3 PC 5 and PC 6 will be received the packet through Port 5 and Port 6 2 While the packet leaves Port 5 it will be stripped away it tag becoming an untagged packet 3 While the packet leaves Port 6 it will keep as a tagged packet with VLAN Tag 3 flow Note ES At this example VLAN Group 1 just set as default VLAN but only focus on VLAN 2 and VLAN 3 traffic Setup steps 1 Create VLAN Group Set VLAN Group 1 Default VLAN with VID VLAN ID 1 Add two VLANs VLAN 2 and VLAN 3 VLAN Group 2 with VID 2 130 User s Manual of MGSW 24160F VLAN Group 3 with VID 3 2 Assign VLAN Member VLAN 2 Port 1 Port 2 and Port 3 VLAN 3 Port 4 Port 5 and Port 6 VLAN 1 All other ports Port 7 Port 24 3 Remove VLAN Member for VLAN 1 Remember to remove the Port 1 Port 6 from VLAN 1 membership since the Port 1 Port 6 had been assigned to VLAN 2 and VLAN 3 VLAN Membership Configuration Start from VLAN 1 with 20 entries per page Port Members AA re O COMO Aaa DODODOOME UM EM EMM EM E MM EM yi 20002 dd dd a a saa a a a a a d la BoOoooMMMoooOoOoooooOooooooo00 Figure 4 6 9 Add new VLAN group assign VLAN members for VLAN 2 and VLAN 3 and Remove Specify Ports from VLAN 1 Member It s import to remove the VLAN members from VLAN 1 configuration Or the ports would
300. ing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Overview of MAC Based Authentication Unlike 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form xx xx xx xx xx xx that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be configured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using static entries into the MAC Table Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over 802 1X is that several clients can be
301. init lt reinit gt Parameters lt reinit gt LLDP reinit delay 1 10 Default Setting 2 447 User s Manual of MGSW 24160F Example Set LLDP reinit delay value in 3 SWITCH gt IIdp reinit 3 LLDP Statistics Description Show LLDP Statistics Syntax LLDP Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear LLDP statistics Example Show LLDP Statistics of port 1 SWITCH gt lldp statistics 1 LLDP global counters Neighbor entries was last changed at 323592 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted 0 Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out 0 LLDP local counters Rx Tx Rx Rx Rx TLV RxTLV RxTLV Port Frames Frames Errors Discards Errors Unknown Organz Aged 448 User s Manual of MGSW 24160F LLDP Info Description Show LLDP neighbor device information Syntax LLDP Info lt port_list gt Parameters lt port_list gt Port list or all default All ports LLDP CDP Aware Description Set or show if discovery information from received CDP Cisco Discovery Protocol frames is added to the LLDP neighbor table Syntax LLDP cdp_aware lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable CDP awareness CDP discovery information is added to the LLDP neighbor
302. ink Status SFP Port Link Status G PLANET Motworking amp Communication MGSW 24160F System SNMP Port Management Link Aggregation VLAN Spanning Tree Multicast QoS Access Control List MGSW 24160F Authentication Security 24 Port 10 100 1000Mbps with 16 SFP MAC Address Table LLDP Management Switch Diagnostics Welcome to PLANET lt Main Screen PLANET Technology Corporation 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528 Email sales planet com tw Copyright82011 PLANET Technology Corporation All rights reserved Figure 4 1 4 Main Page Help Button Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information for the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows State Disabled Down Link RJ 45 Ports i E El al SFP Ports 47 User s Manual of MGSW 24160F Main Menu Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor network conditions Via the Web Management the administrator can setup the Managed Switch by select the functions those listed in the Main Function The screen in Figure 4 1 5 appears Port Man Link
303. ion Control Protocol TCP and provides file writing and reading It also provides directory service and security features IGMP snooping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously HTTP is an acronym for Hypertext Transfer Protocol It is a protocol that used to transfer or convey information on the World Wide Web WWW HTTP defines how messages are formatted and transmitted and what actions Web servers and browsers should take in response to various commands For example when you enter a URL in your browser this actually sends an HTTP command to the Web server directing it to fetch and transmit the requested Web page The other main standard that controls how the World Wide Web works is HTML which covers how Web pages are formatted and displayed Any Web server machine contains in addition to the Web page files it can serve an HTTP daemon a program that is designed to wait for HTTP requests and handle them when they arrive The Web browser is an HTTP client sending requests to server machines An HTTP client initiates a request by establishin
304. ion of the Laws of the Member States relating to Electromagnetic Compatibility Directive on 2004 108 EC For the evaluation regarding the EMC the following standards were applied EN 55022 Class A 2006 A1 2007 EN 61000 3 2 2006 A2 2009 EN 61000 3 3 2008 EN 55024 1998 Al 2001 A2 2003 IEC 61000 4 2 2008 IEC 61000 4 3 2006 A1 2007 A2 2010 IEC 61000 4 4 2004 A1 2010 IEC 61000 4 5 2005 IEC 61000 4 6 2008 IEC 61000 4 8 2009 IEC 61000 4 11 2004 Responsible for marking this declaration if the Manufacturer O Authorized representative established within the EU Authorized representative established within the EU if applicable Company Name Planet Technology Corp Company Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Person responsible for making this declaration Name Surname Kent Kang Position Title Product Manager Ph HA Taiwan 27 April 2012 Place Date Legal Signature PLANET TECHNOLOGY CORPORATION e mail sales planet com tw http www planet com tw 10F No 96 Minquan Rd Xindian Dist New Taipei City Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528
305. iring the Redundant Power Inputs 2 Tighten the wire clamp screws for preventing the wires from loosing 12 3 4 5 6 DC 1 DC 2 Figure 2 10 6 Pin Terminal Block Power Wiring Input The wire gauge for the terminal block should be in the range between 12 24 AWG 36 User s Manual of MGSW 24160F 2 2 5 Wiring the Digital Input Output The 6 contact terminal block connector on the rear panel of MGSW 24160F is used for Digital Input and Digital Output Please follow the steps below to insert wire 1 MGSW 24160F offers two DI and DO groups 1 and 2 are DI groups 3 and 4 are DO groups and 5 is GND ground The 6 pin is useless DI DOGND Figure 2 11 Wiring the Redundant Power Inputs 2 Tighten the wire clamp screws for preventing the wires from loosing 1 2 3 4 5 6 DIO DH DOO DO1 GND N A Figure 2 12 6 Pin Terminal Block DI DO Wiring Input 3 There are two Digital Input groups for you to monitor two different devices As following topology shows how to wire DIO and DI1 We use MGSW 24160F to be an example for describing DI application 37 User s Manual of MGSW 24160F Door Open Detector Window Open Detector Figure 2 13 Wires DIO and DI1 to Open Detector There are two Digital Output groups for you to sense MGSW 24160F port faile or power fail and issue a high or low signal to external device As following topology shows how to wire DOO and DO1 Alarm1 Figure 2 14
306. is idle Syntax System Load 308 Example To show current CPU load Switch gt system load Load average 100ms 1s 10s 1 1 User s Manual of MGSW 24160F System Log Description Show or clear the system log Syntax System Log lt log_id gt alllinfo warninglerror clear Parameters lt log_id gt System log ID or range default All entries all Show all levels default info Show informations warning Show warnings error Show errors clear Clear log Example To show system log Switch gt system log Number of entries Level Time Message Info DC1 Power OFF Info AC Power OFF Info Switch just made a cold boot Info 1970 01 01 Thu 00 00 04 0000 Link up on port 15 309 User s Manual of MGSW 24160F 310 6 2 IP Command IP Configuration Description Show IP configuration Syntax IP Configuration Example Show IP configuration Switch gt ip configuration IP Configuration Disabled 192 168 0 100 255 255 255 0 192 168 0 1 0 0 0 0 Disabled IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe24 4d1 IPv6 Address IPv6 Prefix 192 168 0 100 IP DHCP Description Set or show the DHCP client mode Syntax IP DHCP enable disable 311 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Parameters enable Enable or renew DHCP client disable Disable DHCP client
307. is successfully authenticated If present and valid traffic received on the supplicant s port will be classified to the given QoS Class If re authentication fails or the RADIUS Access Accept packet no longer carries a QoS Class or it s invalid or the supplicant is otherwise no longer present on the port the port s QoS Class is immediately reverted to the original QoS Class which may be changed by the administrator in the meanwhile without affecting 220 User s Manual of MGSW 24160F the RADIUS assigned This option is only available for single client modes i e Port based 802 1X Single 802 1X RADIUS attributes used in identifying a QoS Class Refer to the written documentation for a description of the RADIUS attributes needed in order to successfully identify a QoS Class The User Priority Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access Accept packet Only the first occurrence of the attribute in the packet will be considered and to be valid it must follow this rule All 8 octets in the attribute s value must be identical and consist of ASCII characters in the range 0 3 which translates into the desired QoS Class in the range 0 3 e RADIUS Assigned VLAN Enabled When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted b
308. it Control Configuration Overview Page Screenshot The page includes the following fields System Configuration Object User s Manual of MGSW 24160F Description e Mode Indicates if Limit Control is globally enabled or disabled on the switch If globally disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled e Aging Enabled If checked secured MAC addresses are subject to aging as discussed under Aging Period e Aging Period Port Configuration If Aging Enabled is checked then the aging period is controlled with this input If other modules are using the underlying port security for securing MAC addresses they may have other requirements to the aging period The underlying port security will use the shorter requested aging period of all modules that use the functionality The Aging Period can be set to a number between 10 and 10 000 000 seconds To understand why aging may be desired consider the following scenario Suppose an end host is connected to a 3rd party switch or hub which in turn is connected to a port on this switch on which Limit Control is enabled The end host will be allowed to forward if the limit is not exceeded Now suppose that the end host logs off or powers down If it weren t for aging the end host would still take up resources on this switch and will be allowed to forward To overcome this situation enable agin
309. ity Network ARP Inspection Status lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show ARP inspection static and dynamic entries User s Manual of MGSW 24160F SWITCH gt security network arp inspection status Security AAA Configuration Description Show Auth configuration Syntax Security AAA Configuration Example Show Auth configuration SWITCH gt security aaa configuration AAA Configuration Server Timeout 15 seconds Server Dead Time 300 seconds RADIUS Authentication Server Configuration Mode IP Address Secret 409 Disabled Disabled Disabled Disabled Disabled RADIUS Accounting Server Configuration Disabled Disabled Disabled Disabled Disabled TACACS Authentication Server Configuration Mode IP Address Disabled Disabled Disabled Disabled Disabled Security AAA Timeout Description Set or show server timeout Syntax Security AAA Timeout lt timeout gt Parameters lt timeout gt Server response timeout 3 3600 seconds default Show server timeout configuration 410 User s Manual of MGSW 24160F User s Manual of MGSW 24160F Default Setting 15 Example Set 30sec for server timeout SWITCH gt security aaa timeout 30 Security AAA Deadtime Description Set or show server dead time Syntax Security AAA Deadtime lt dead_time gt Parameters lt dead_time gt Ti
310. iv None None 356 Number of entries 1 SNMPv3 Groups Table Idx Model Security Name Group Name public default_ro_group private default_rw_group v2c public default_ro_group v2c private default_rw_group usm default_user default_rw_group Number of entries 5 SNMPv3 Views Table Idx View Name View Type OID Subtree default_view included Number of entries 1 SNMPv3 Accesses Table Model Level default_ro_group any NodAuth NoPriv default_rw_group any NodAuth NoPriv Number of entries 2 Security Switch SNMP Mode Description Set or show the SNMP mode Syntax Security Switch SNMP Mode enable disable Parameters enable Enable SNMP disable Disable SNMP default Show SNMP mode 357 User s Manual of MGSW 24160F Default Setting enable Example Disable SNMP mode User s Manual of MGSW 24160F SWITCH gt security switch snmp mode disable Security Switch SNMP Version Description Set or show the SNMP protocol version Syntax Security Switch SNMP Version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting 2c Example Set SNMP in version 3 SWITCH gt security switch snmp version 3 Security Switch SNMP Read Community Description Set or show the community string for SNMP read access Syntax Security Switch SNMP Read Community lt community gt User s Manual of MGS
311. l E i i KIRKI KIK j EEES MEIE E lt iS 0 10 Y 0 e won KIKI IK o gt gt S S KK 12 E ESE SI ILS y uw ary a RAE Ea ny ES par XR R RRR k co o KIES N o N as ESE E S S 18 8 S ES KIRKI K EEE MN N MN Q DION AIN NIN NN ANNA ANN dll NE E E Y E Y Y E E E Y E Y E Y E Y E E Y E E El Ao E 000000000000000000000000 7 EEE E E EE E E E E E E E E EEE E E m fefo fefo fefo fefe fefo fofe foge fefe fofo fofo fefe EEES ENE Es Es ha Eh Figure 4 7 6 STP CIST Port Configuration Page Screenshot 146 The page includes the following fields Object User s Manual of MGSW 24160F Description e Port The switch port number of the logical STP port e STP Enabled Controls whether RSTP is enabled on this switch port e Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports
312. l List MGSW 24160F Authentication Security 24 Port 10 100 1000Mbps with 16 SFP MAC Address Table LLDP Management Switch Diagnostics PLANET Technology Corporation 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C Tel 886 2 2219 9518 Fax 886 2 2219 9528 Email sales planet com tw Copyright 2011 PLANET Technology Corporation All rights reserved Figure 4 1 3 Default Main Page Now you can use the Web management interface to continue the switch management or manage the Managed Switch by Web interface The Switch Menu on the left of the web page let you access all the commands and statistics the Managed Switch provides 1 It is recommended to use Internet Explore 7 0 or above to access Managed Switch The changed IP address take effect immediately after click on the Save button you need to use the new IP address to access the Web interface For security reason please change and memorize the new password after this first setup 4 Only accept command in lowercase letter under web interface 46 User s Manual of MGSW 24160F 4 1 Main Web Page The Managed Switch provides a Web based browser interface for configuring and managing it This interface allows you to access the Managed Switch using the Web browser of your choice This chapter describes how to use the Managed Switch s Web browser interface to configure and manage it Main Functions Menu Copper Port L
313. ld SHA settings 199 User s Manual of MGSW 24160F 0 ARP frames where SHA is not equal to the SMAC address 1 ARP frames where SHA is equal to the SMAC address Any Any value is allowed don t care e RARP SMAC Match Specify whether frames can hit the action according to their target hardware address field THA settings 0 RARP frames where THA is not equal to the SMAC address 1 RARP frames where THA is equal to the SMAC address Any Any value is allowed don t care e IP Ethernet Length Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must not match this entry 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings 0 ARP RARP frames where the HLD is equal to Ethernet 1 must not match this entry 1 ARP RARP frames where the HLD is equal to Ethernet 1 must match this entry Any Any value is allowed don t care e Ethernet E IP Parameters Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings 0 ARP RARP frames w
314. le lt 128 Digits 1 65535 lt 64 Digits lt 21 Digits lt 128 Digits lt 64 Digits lt 128 Digits lt 128 Digits Figure 4 2 17 Web Firmware Upgrade Page Screenshot Object Description e SMTP Mode Controls whether SMTP is enabled on this switch e SMTP Server Type the SMTP server name or the IP address of the SMTP server e SMTP Port Set port number of SMTP service e SMTP Authentication Controls whether SMTP authentication is enabled If authentication is required when an e mail is sent e Authentication User Name Type the user name for the SMTP server if Authentication is Enable e Authentication Password Type the password for the SMTP server if Authentication is Enable e E mail From Type the sender s E mail address This address is used for reply e mails e E mail Subject Type the subject title of the e mail e E mail 1 To e E mail 2 To Buttons Type the receiver s e mail address est Send a test mail to mail server to check this account is available or not Save Click to save changes Reset J Click to undo any changes made locally and revert to previously saved values 68 User s Manual of MGSW 24160F 4 2 15 Web Firmware Upgrade This page facilitates an update of the firmware controlling the switch The Web Firmware Upgrade screen in Figure 4 2 18 appears Firmware Upgrade Bowe a
315. le Example Disable STP edge function on port SWITCH gt sip port autoedge 1 disable STP Port P2P Description Set or show the STP point2point port parameter Syntax STP Port P2P lt port_list gt enable disable auto Parameters lt port_list gt Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point detection 424 User s Manual of MGSW 24160F Default auto Example Disable STP P2P function on port SWITCH gt stp port p2p 1 disable STP Port RestrictedRole Description Set or show the MSTP restrictedRole port parameter Syntax STP Port RestrictedRole lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable MSTP restricted role disable Disable MSTP restricted role Default disable Example Eisable STP restricted role on portt SWITCH gt stp port restrictedrole 1 enable STP Port RestrictedTcn Description Set or show the MSTP restrictedTcn port parameter Syntax STP Port RestrictedTcn lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports 425 enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default disable Example Eisable STP restricted TCN on port1 User s Manual of MGSW 24160F SWITCH gt sip port restrictedt
316. le want to be monitored e Port Alarm Allows user to choose which port want to be monitored Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 76 User s Manual of MGSW 24160F 4 2 21 Factory Default You can reset the configuration of the switch on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary The Factory Default screen in Figure 4 2 28 appears Factory Default Are you sure to reset the configuration to Factory Default Figure 4 2 28 Factory Default Page Screenshot Buttons Yes Click to reset the configuration to Factory Defaults No Click to return to the Port State page without resetting the configuration After the Factory button be pressed and rebooted the system will load the default IP settings as following o Default IP address 192 168 0 100 o Subnet mask 255 255 255 0 o Default Gateway 192 168 0 254 o The other setting value is back to disable or none To reset the Managed Switch to the Factory default setting you can also press the hardware reset button at the front panel about 10 seconds After the device be rebooted You can login the management WEB interface within the same subnet of 192 168 0 xx 17 User s Manual of MGSW 24160F 4 2 22 System Reboot The Reboot page enables the device to be rebooted fr
317. leges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situations In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 10 1 Access Control List Status This page shows the ACL status by different ACL users Each row describes the ACE that is defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations The Voice VLAN OUI Table screen in Figure 4 10 1 appears ACL Status Combined Auto refresh O User Ingress Port Frame Type Action Rate Limiter Port Copy CPU CPU Once Counter Conflict No entries Figure 4 10 1 Voice VLAN OUI Table Page Screenshot The page includes the following fields Object Description e User Indicates the ACL user e Ingress Port Indicates the ingress port of th
318. lled fiber NIC on a workstation or a Media Converter Check the LNK ACT LED of the SFP slot on the front ofthe Managed Switch Ensure that the SFP transceiver is operating correctly Check the Link mode of the SFP port if the link failed Co works with some fiber NICs or Media Converters set the Link mode to 1000 Force is needed Remove the transceiver module Make sure there is no network activity by consult or check with the network administrator Or through the management interface of the switch converter if available to disable the port in advance Remove the Fiber Optic Cable gently Turn the handle of the MGB module to horizontal Pull out the module gently through the handle 34 User s Manual of MGSW 24160F 1 MGB SX LX Figure 2 8 Pull out the SFP Transceiver Never pull out the module without pull the handle or the push bolts on the module Direct pull out the module with violent could damage the module and SFP module slot of the Managed Switch MFB series SFP module remove procedure is the same with MGB series SFP Module 35 User s Manual of MGSW 24160F 2 2 4 Wiring the Power Input The 6 contact terminal block connector on the rear panel of MGSW 24160F is used for two DC redundant powers input Please follow the steps below to insert the power wire 1 Insert positive negative DC power wires into the contacts 1 and 2 for DC POWER 1 or 5 and 6 for DC POWER 2 Figure 2 9 W
319. lowing level types are supported Info Information level of the system log Warning Warning level of the system log Error Error level of the system log All All levels e Time The time of the system log entry e Message The message of the system logging entry Buttons Auto refresh dl Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone c J Clear all statistics Hide Hide the statistics Download Download the statistics e Updates the system log entries starting from the first available entry ID lt lt Updates the system log entries ending at the last entry currently displayed 65 User s Manual of MGSW 24160F gt gt gt Updates the system log entries starting from the last entry currently displayed a Updates the system log entries ending at the last available entry ID 4 2 12 Detailed Log The switch system detailed log information is provided here The Detailed Log screen in Figure 4 2 15 appears Detailed System Log Information m Message Level Info Time 1970 01 01 Thu 00 00 01 0000 Message Switch just made a cold boot Figure 4 2 15 Detailed Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system log entry e Message The message of system logging entry Buttons Refresh Click
320. lows data to be exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia SSM In SyncE this is an abbreviation for Synchronization Status Message and is containing a QL indication Spanning Tree Protocol is an OSI layer 2 protocol which ensures a loop free topology for any bridged LAN The original STP protocol is now obsoleted by RSTP SyncE Is an abbreviation for Synchronous Ethernet This functionality is used to make a network clock frequency synchronized Not to be confused with real time clock synchronized IEEE 1588 TACACS is an acronym for Terminal Acess Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services Tag Priority is a 3 bit field storing the priority level for the 802 1Q frame TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sende
321. lt dynamic entries are removed from the MAC after 300 seconds This removal is also called aging Range 10 10000000 seconds Default 300 seconds Buttons Save Click to save changes Rese J Click to undo any changes made locally and revert to previously saved values 269 User s Manual of MGSW 24160F 4 13 2 Static MAC Table Configuration The static entries in the MAC table are shown in this table The static MAC table can contain 64 entries The MAC table is sorted first by VLAN ID and then by MAC address The Static MAC Table Configuration screen in Figure 4 13 2 appears Static MAC Table Configuration mac portmem ATA one Derete vran 10 nac aaaress 25 45 5799 02 05 20 19 5 20 2 2 22J24 Figure 4 13 2 Static MAC Table Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save e VLAN ID The VLAN ID for the entry e MAC Address The MAC address for the entry e Port Members Checkmarks indicate which ports are members of the entry Check or uncheck as needed to modify the entry Buttons Add new static entry Click to add new entry Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 13 3 MAC Address Table Status Dynamic MAC Table Entries in the MAC Table are shown on this page The MAC Table contains up
322. m MAN d cect ar a e paa eaa a cotta ke dad clas eevee ate aT aa aaa aaae aaaea aa ae eae a Aeae aaa aidais 484 SMTP Configuration e an A a A igual a A a a aAa AAE A R A AE E AA EE E aaea 484 SMTP Mode avenne ae e sr elo e e celo o a cea ah S 484 A E A E AN T AS E E ATETA TE 484 SMTP Auth ii A At evel eile ae 485 SMTP Authicus er A A ied 485 SMTP Auth Pass inscrita iaa aaa rn aiana ages svbeatprensuobesveernestueaceelbebeecaiieeieed 486 SMTP MA Om e a e dd do cca aa de do ce do ido o ld T 486 SMTP MalilSubjectiiinioii ia 486 SMTP Maillot o Oe 487 SMTP Malllo2tuconaa a a a da e re ao dd US a a duds 487 6 22 SHOW COMIMANG ziii iadaaa aaee etaa aaea aSa aetna d 488 Show AGL ConfiQurationy E EAEE TERT A E E 488 Show Link Aggregation Configurati0N oooononccnnoncccnononcncnonannno nono ccnn non nn crono cnn nn rre 488 Show IGMP Configurations ceci caida 488 Show IP Configuration ana ra 488 Show LAGP Configura ade 489 Show LLDP Configuration ie 489 Show MAC Configuration iii ar 489 Show Mirror Configuration essa c gesctoe gece seeded id occ 489 SHOW POE Contigua 489 Show Port CONfigUratiON xvii nei sh ei ee 490 Show Private VLAN Configuration eee eeceseeeeeeeceeeenneeeeeeaeeeseeeeeeeeaeeeseeaaeeeseeeeeeeseaeeeeseaaeeeseneeeseeeeesenaeeeseeeaeees 490 Show QOS ConfiguratiOK csecseneket aa iio eli 490 Show SNMP Configuration ica ata 490 Show System Configuration ivenven A a adede idiei da deidat 491 Show VLAN Configurations esre ae
323. mail 2 to address Default Setting disable 487 User s Manual of MGSW 24160F 6 22 Show Command Show ACL Configuration Description Show ACL Configuration Syntax Show acl Show Link Aggregation Configuration Description Show link aggregation configuration Syntax Show aggr Show IGMP Configuration Description Show IGMP snooping configuration Syntax Show igmp Show IP Configuration Description Show IP configuration Syntax Show ip 488 User s Manual of MGSW 24160F Show LACP Configuration Description Show LACP configuration Syntax Show lacp Show LLDP Configuration Description Show LLDP configuration Syntax Show lldp Show MAC Configuration Description Show MAC address table configuration Syntax Show MAC Show Mirror Configuration Description Show mirror configuration Syntax Show mirror Show PoE Configuration Description Show PoE configuration 489 User s Manual of MGSW 24160F Syntax Show PoE Show Port Configuration Description Show port configuration Syntax Show port Show Private VLAN Configuration Description Show up Private VLAN configuration Syntax Show pvlan Show QoS Configuration Description Show QoS Configuration Syntax Show QoS Show SNMP Configuration Description Show SNMP configuration Syntax Show SNMP 490 User s Manual of MGSW 24160F Show System Con
324. me that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time configuration Default Setting 300 Example Set 1000sec for server dead time SWITCH gt security aaa deadtime 1000 Security AAA RADIUS Description Set or show RADIUS authentication server setup Syntax Security AAA RADIUS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt Parameters The server index 1 5 default Show RADIUS authentication server configuration 411 User s Manual of MGSW 24160F enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode lt ip_addr_string gt IP host address a b c d or a host name string lt secret gt Secret shared with external authentication server Set to empty secret please use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server UDP port Use 0 to use the default RADIUS port 1812 Example Set RADIUS authentication server configuration SWITCH gt security aaa radius 1 enable 192 168 0 20 12345678 1812 Security AAA ACCT_RADIUS Description Set or show RADIUS accounting server setup Syntax Security AAA ACCT_RADIUS lt server_index gt enable disable lt ip_addr_string gt lt secret gt lt server_port gt Parameters Th
325. n Show Port Security status Syntax Security Network Psec Switch lt port_list gt Parameters lt port_list gt Port list or all default All ports Default Setting 800007e5017f000001 Example Show port security status SWITCH gt security network psec switch Users L Limit Control 8 802 1X D DHCP Snooping V Voice VLAN Port Users State MAC Cnt No users No users No users No users No users No users No users 375 User s Manual of MGSW 24160F No users No users No users No users No users No users No users No users No users No users No users No users No users No users No users No users oOo Oo O O O O O O O O O O O O O O 28 No users Security Network Psec Port Description Show MAC Addresses learned by Port Security Syntax Security Network Psec Port lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show MAC address learned on port 1 SWITCH gt security network psec port 1 VID State Added 376 User s Manual of MGSW 24160F Age Hold Time User s Manual of MGSW 24160F lt none gt Security Network Limit Configuration Description Show Limit Control configuration Syntax Security Network Limit Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show Limit Control configuration
326. n Syntax Port SFP lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show SFP information for port21 24 SWITCH gt port sfp Port Type Speed Wave Length nm Distance m 323 User s Manual of MGSW 24160F 1000Base LX 1000 Base 1000Base LX 1000 Base Port Excessive Description Set or show the port excessive collision mode Syntax Port Excessive lt port_list gt discard restart Parameters lt port_list gt Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm after 16 collisions default Show mode Default Setting Discard Example SWITCH gt port excessive 1 restart Port Statistics Description Show port statistics Syntax Port Statistics lt port_list gt lt command gt up down Parameters lt port_list gt Port list or all default All ports lt command gt The command parameter takes the following values clear Clear port statistics 324 packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard statistics filtered Show filtered statistics low Show low priority statistics normal Show normal priority statistics medium Show medium priority statistics high Show high priority statistics default Show all port statistics up Show ports which are up down
327. n Figure 4 9 11 appears Storm Control Configuration Frame Type Rate pps Unicast g 1 Multicast O 1 v Broadcast O 1 xj Figure 4 9 11 Storm Control Configuration Page Screenshot The page includes the following fields Object Description e Frame Type The settings in a particular row apply to the frame type listed here unicast multicast broadcast e Status Enable or disable the storm control status for the given frame type e Rate The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 185 User s Manual of MGSW 24160F 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 9 7 QoS Statistics This page provides statistics for the different queues for all switch ports The ports belong to the currently selected unit as reflected by the page header The QoS Statistics screen in Figure 4 9 12 appears Queuing Counters ae Low Queue Medium Queue High Queue 0 0 mn No o 0 1 2 3 4 5 6 FA 8 9 O 4 12 13 14 15 16 17 18 9 El O 1 O 1 O 2 O 1 O e O E O E O E O E O E O E O E a o a o a o a o a o a o e o a o a o a o E o e o E oO a o a o a 0c 00 0 00 00 00 00 o a o a 0700 O O 1 O 1 O 1 O 1 O e O A O E O A O e O A O ts OOOO G o 0c 0 0 00 C00 00 00 00 00
328. n multiple VLANs m End stations can belong to multiple VLANs E Passing traffic between VLAN aware and VLAN unaware devices E Priority tagging M IEEE 802 10 Standard IEEE 802 10 tagged VLAN are implemented on the Switch 802 1Q VLAN require tagging which enables them to span the entire network assuming all switches on the network are IEEE 802 1Q compliant VLAN allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to the stations over IEEE 802 1Q enabled switches that are members of that VLAN and this includes broadcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging m The untagging feature of IEEE 802 1Q VLAN allows VLAN to work with legacy switches that don t recognize VLAN tags in packet headers m The tagging feature allows VLAN to span multiple 802 1Q compliant switches through a single physical connection and allows Spanning Tree to be enabled on all ports and work normally Some relevant terms Tagging The act of putting 802 1Q VLAN information into the header of a packet Untagging The act of stripping 802 1Q VLAN information out of the packet header Hi 802 1Q VLAN Tags The figure below shows the 802 1Q VLAN tag
329. n nn nn 360 Security Switch SNMP Trap DestinatiOD oooonocnnnncccnnnacccononocnnnnoncccnnnoncnnnono cnn rnnrn cnn ano rre 361 Security Switch SNMP Trap IPv6 Destination o oooononnccnnociconnoccccnononcnc nono nnnn nono nono rr rca rn rra 361 Security Switch SNMP Trap Authentication Failure o o ooocionnncnnonicinnnonccononannnnnonocc nano rn rc nono rn rn rra 362 Security Switch SNMP Trap Link p niiit ei 362 Security Switch SNMP Trap Inform Mode ooocccccoccccnononononononcnononononnnncnnnnno cnn rn n nn nano rr rre rre 363 Security Switch SNMP Trap Inform TiMeOUt ooooonoccccnnnoccninonocanonono conan nono nono cnn rnnn nn nano rr rra crear 364 Security Switch SNMP Trap Inform Retry TiMES 0ooooonoccccnnnocccnnonoccnononcncnono cnn n noc nn nono nor rra cnn rca 364 Security Switch SNMP Trap Probe Security Engine ID ooooonncnnnncccnnnoccconononnnonononcnononcnnnnno cnn rnnrn cnn nn rre 365 Security Switch SNMP Trap Security Engine ID oooonnncccnnnnociconococcnononcncnonnnnnnorn cnn non rrn naar rra 365 Security Switch SNMP Trap Security NAME oooocococccnnoccccnononcnononcnonano cnn nn nono cnn nn nn nn naar rr rr narrar 366 Security Switch SNMP Engine ID nunnan ae did Aa Eina 366 Security Switch SNMP Community Add oo eeeseeeeneeeeceeneeeeeeeeeeeeaeeeeeeaaeeeseeeeeeeseaeeeeseaaeeeseeeaeeesnaeeeenaeeeseneaeees 366 Security Switch SNMP Community Delete 0 eee ee eeneeeeeeeeeeeeeeeeeeeeaeeeseeeeeeesaeeeeseaaeeeseneaeeeeneeseaae
330. nable SNMP trap security engine ID probe disable Disable SNMP trap security engine ID probe default Show SNMP trap security engine ID probe mode Default Setting enable Example Disable SNMP trap probe security engine ID SWITCH gt security switch snmp trap probe security engine id disable Security Switch SNMP Trap Security Engine ID Description Set or show SNMP trap security engine ID Syntax Security Switch SNMP Trap Security Engine ID lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ffH and is restricted to 5 32 octet string Example Set the SNMP trap security engine ID SWITCH gt security switch snmp trap security engine id 800007e5017f000011 365 User s Manual of MGSW 24160F Security Switch SNMP Trap Security Name Description Set or show SNMP trap security name Syntax Security Switch SNMP Trap Security Name lt security_name gt Parameters lt security_name gt A string representing the security name for a principal default Show SNMP trap security name Example Set the SNMP trap security name SWITCH gt security switch snmp trap security name 12345678 Security Switch SNMP Engine ID Description Set or show SNMPv3 local engine ID Syntax Security Switch SNMP Engine ID lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ffH and is restricted to 5 32 octet str
331. name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting Description of the port Enable System name Enable Description of the system Enable 445 User s Manual of MGSW 24160F System capabilities Enable Master s IP address Enable Example Disable description of the port for port1 SWITCH gt IIdp optional_tlv 1 port_descr disable LLDP Interval Description Set or show LLDP Tx interval Syntax LLDP Interval lt interval gt Parameters lt interval gt LLDP transmission interval 5 32768 Default Setting 30 Example Set transmission interval in 10 SWITCH gt lldp interval 10 LLDP Hold Description Set or show LLDP Tx hold value Syntax LLDP Hold lt hold gt Parameters lt hold gt LLDP hold value 2 10 Default Setting 3 446 User s Manual of MGSW 24160F Example Set LLDP hold value in 10 SWITCH gt lldp hold 10 LLDP Delay Description Set or show LLDP Tx delay Syntax LLDP Delay lt delay gt Parameters lt delay gt LLDP transmission delay 1 8192 Default Setting 2 Example Set LLDP delay value in 1 SWITCH gt lldp delay 1 LLDP Reinit Description Set or show LLDP reinit delay Syntax LLDP Re
332. neo n een ee Aine a la eee ennai 438 Aggregation Mode ico AA some r ben sbednevbeviers 439 6 11 Link Aggregation Control Protocol Command ccccesceeeeeeeeeeeee sees seneeeeneeeeseaeseseeeeeeeeeesseseneeeenseeeees 440 LACP Configuracion tel 440 LAGPIMOde sen hte mera do tocata do he ee rin an lo Se a alo had a eel aL No i Id Ta etc si Be Ad bared 441 LACP Rei aia 441 ACP Role ia to a O A A e o 442 LACPE Salus nac edited se eses ie do ele ad ad e sr dt sr de he 442 NS O feseeneanutssaehesee cia dae 443 6 12 LLDP COMMANd cuonoconi a aod esaunda e aosa ate caian delicadas 444 EDP Comfiguiation EE idad Ti Lin asia 444 13 User s Manual of MGSW 24160F LDP Mode iii E EE E EE 444 ILDRO primed i H AEE e cto ete eo eo E e ei E E Sere a 445 LLDP Intervalos a laa 446 MDP he A A eh ad A NE de as iN oe 446 LL DP Delay iii A A A A di es 447 LEDP Reint manana esti tod on eae ee A ee ee ed et en Redd ae ee a an 447 LLDP Statistical aaaeeeaa peenaa pa ied Anina iaia 448 LEDP NO ae a EE EE EA T E E E E E EAT 449 LLDP CDP AWATO ii aaa 449 6 13 LEDPMED Commaind aaa ae Teraa ae iaa 450 LEDPMED Configuration asien nea a aa Ea E A A E A a Ae SE N a 450 LEDPMED CNI CXe e a aE 450 UABE A CS A E E E E E E E EA A E A E 451 LLDPMED Policy Delete 0 00s nigra ainia 452 ULDPMED Policy Add 2 soz sarsossets ioe et ales Siete eet e la e Mev eter owed ies 452 LL DPMED POr PORGY eurocopa dal 453 LEDPMED Coordinates eria A A A do 454 ELDPRMED Dato
333. nerate local folders copy messages to your local hard drive and then delete and expunge the messages from the server 510 User s Manual of MGSW 24160F IP is an acronym for Internet Protocol It is a protocol used for communicating data across a internet network IP is a best effort system which means that no packet of information sent over it is assured to reach its destination in the same condition it was sent Each device connected to a Local Area Network LAN or Wide Area Network WAN is given an Internet Protocol address and this IP address is used to identify the device uniquely among all other devices connected to the extended network The current version of the Internet protocol is IPv4 which has 32 bits Internet Protocol addresses allowing for in excess of four billion unique addresses This number is reduced drastically by the practice of webmasters taking addresses in large blocks the bulk of which remain unused There is a rather substantial movement to adopt a new version of the Internet Protocol IPv6 which would have 128 bits Internet Protocol addresses This number can be represented roughly by a three with thirty nine zeroes after it However IPv4 is still the protocol of choice for most of the Internet IPMC is an acronym for IP MultiCast IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configure
334. nfiguration Page Screenshot The page includes the following fields Object Description e Router Port Specify which ports act as router ports A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier If an aggregation member port is selected as a router port the whole aggregation 162 User s Manual of MGSW 24160F will act as a router port e Fast Leave Enable the Fast Leave on the port e Throttling Enable to limit the number of multicast groups to which a switch port can belong Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 8 4 VLAN Configuration Each page shows up to 999 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table The IGMP Snooping VLAN Configuration screen in Figure 4 8 7 appears IGMP Snooping VLAN Configuration Start from VLAN 1 with 20 entries per page LAN ID Snooping Enabled IGMP Querier Figure 4 8 7 IGMP Snooping VLAN Configuration Page Screenshot The page includes the following fields Object Description
335. nfigured accordingly When authentication is complete the RADIUS server sends a success or failure indication which in turn causes the switch to open up or block traffic for that particular client using the Port Security module Only then will frames from the client be forwarded on the switch There are no EAPOL frames involved in this authentication and therefore MAC based Authentication has nothing to do with the 802 1X standard The advantage of MAC based authentication over port based 802 1X is that several clients can be connected to the same port e g through a 3rd party switch or a hub and still require individual authentication and that the clients don t need special supplicant software to authenticate The advantage of MAC based authentication over 802 1X based authentication is that the clients don t need special supplicant software to authenticate The disadvantage is that MAC addresses can be spoofed by malicious users equipment whose MAC address is a valid RADIUS user can be used by anyone Also only the MD5 Challenge method is supported The maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality e RADIUS Assigned QoS Enabled When RADIUS Assigned QoS is both globally enabled and enabled checked for a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant
336. ng state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The status page is divided into two sections one with a legend of user modules and one with the actual port status The Port Security Status screen in Figure 4 12 6 appears 257 User s Manual of MGSW 24160F Port Security Status Auto Refresh O User Module Legend User Module Name Abbr Limit Control 802 1X DHCP Snooping Voice VLAN Port Status MAC Count Port State Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled Disabled 1 2 3 4 5 6 8 3 0 11 12 13 14 15 16 17 18 9 10 1 1 1 1 1 1 1 1 19 20 21 22 23 24 Figure 4 12 6 Port Security Status Screen Page Screenshot The page includes the following fields User Module Legend The legend shows all user modules that may request Port Security services Object Description e User Module Name The full name of a module that may request Port Security services 258 User s Manual of MGSW 24160F e Abbr A one letter abbreviation of the user module This is used in the Users column in the port status table Port Status The table has one row for each port
337. ng values other than the defaults can be complex Therefore you are advised to keep the default factory settings and STP will automatically assign root bridges ports and block loop connections Influencing STP to choose a particular switch as the root bridge using the Priority setting or influencing STP to choose a particular port to block using the Port Priority and Port Cost settings is however relatively straight forward 141 User s Manual of MGSW 24160F a _ LAN 1 gt Port cost 200 000 A vor Bridge ID 15 Port 2 Port cost 20 000 Port cost 20 000 Port cost 20 000 Port cost 20 000 B E c Bridge ID 30 Bridge ID 20 Port cost 200 000 Port cost 200 000 Port cost 200 000 A LAN 2 _ gt A LAN 3 _ gt Figure 4 7 2 Before Applying the STA Rules In this example only the default STP values are used A C Root Bridge Designated Port Designated Port Root Port Root Port c Designated Bridge A LAN 2 _ A AN3 ____ gt Figure 4 7 3 After Applying the STA Rules 142 User s Manual of MGSW 24160F The switch with the lowest Bridge ID switch C was elected the root bridge and the ports were selected to give a high port cost between switches B and C The two optional Gigabit ports default port cost 20 000 on switch A are connected to one optional Gigabit port on both switch B and C The redunda
338. nge and e the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet RADIUS Accounting Servers The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server select box to switch between the backend servers to show details for Object Description e Packet Counters RADIUS accounting server packet counter There are five received and four transmitted counters Direction Name RFC4670 Name Description Rx Responses radiusAccClientExt The number of RADIUS Responses packets valid or invalid received from the server Rx Malformed radiusAccClientExt The number of malformed Responses MalformedRespons RADIUS packets received es from the server Malformed packets include packets with an invalid length Bad authenticators or or unknown types are not included as malformed access responses 240 Rx Rx Tx Tx Tx Tx Bad Authenticators Unknown Types Packets Dropped Requests Retransmissions Pending Requests Timeouts User s Manual of MGSW 24160F radiusAcctClientExt BadAuthenticators radiusAccClientExt UnknownTypes radiusAccClientExt PacketsDropped radiusAccClientExt Requests radiusAccClientExt Retransmissions radiusAccClientExt PendingRequests radiusAccClientExt
339. nn nr n nr rra rre rra 387 Security Network NAS Guest VLAN oooonccccoconcnononcncnnnonnnnnnnonnnnnnnn nn naar rr rr rene rre 387 Security Network NAS Authenticate oooooccccinoccconnoccccnononcnononancnn nono tutik tunut naar rra ran nn nn nn rre 388 Security Network NAS Statistics sinnen a e a ia eiie iiaeiai 389 Security Network ACL Configuration oooooocccnnnonicnnoccccnononcnnnnnoncnnnnnnnnnn no non r naar arar rre 390 Security Network ACLACHiON iento di 391 Security Network ACL PoliCY ooooooonoccccnnnociccnoconnnononcncnononcnnnono cnn nnnnn cn nano r nr rn rre 392 Security Network ACL R te cui aos 393 Security Network ACA cional olaa 393 Security Network ACL Delete edo c 395 security Network AGE Look Ups cti titan 395 Security Network ACL Clear iii ade Lei 395 Security Network ACL Status i is Ai ii 396 Security Network DHCP Relay ConfiguratiON oooocconnoncccnnnocnnonoccccnnnonnncnnno cnn r nono nn nano nr rr narran rre 396 Security Network DHCP Relay Mode oooooccccococccococccccononcncnono nono nono ncnn non nnnnnnn rca ran nn rra nn rr rre 397 Security Network DHCP Relay Servet coioiiitai iii 397 Security Network DHCP Relay Information Mode ooonoocccnnocccnnoccccnononcnonononcnn nono nc nn no nr rr naar rn rar nr nn 398 Security Network DHCP Relay Information PoliCY ooooooconnnnnnnnniconnnocccononannnnnoncnnn ano rn rr nano rca nn rra 399 Security Network DHCP Relay Statistics ooooooonnnncnnonnccccnnnoccnnn
340. nnected to each other to discover automatically whether any ports are member of the same LAG This page allows the user to inspect the current LACP port configurations and possibly change them as well The LACP port settings relate to the currently selected unit as reflected by the page header The LACP Port Configuration screen in Figure 4 5 4 appears LACP Port Configuration LACP Enable _ a lt iis 3 lt 3 lt a lt 3 lt gt 3 lt a lt 0 ony om 2 UN lt i IE EJE MENESES 3 a s 3 ii lt lt O O O O O O O O O O O O Auto O O O O O O O O O O O O Figure 4 5 4 LACP Port Configuration Page Screenshot User s Manual of MGSW 24160F The page includes the following fields Object Description e Port The switch port number e LACP Enabled Controls whether LACP is enabled on this switch port LACP will form an aggregation when 2 or more ports are connected to the same partner LACP can form max 12 LLAGs per switch e Key The Key value incurred by the port range 1 65535 The Auto setting will set the key as appropriate by the physical link speed 10Mb 1 100Mb 2 1Gb 3 Using the Specific setting a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while port
341. nnecting higher speed links to a port that has a higher number than the current root port can cause a root port change STP Port States The BPDUs take some time to pass through a network This propagation delay can result in topology changes where a port that transitioned directly from a Blocking state to a Forwarding state could create temporary data loops Ports must wait for new network topology information to propagate throughout the network before starting to forward packets They must also wait for the packet lifetime to expire for BPDU packets that were forwarded based on the old topology The forward delay timer is used to allow the network topology to stabilize after a topology change In addition STP specifies a series of states a port must transition through to further ensure that a stable network topology is created after a topology change Each port on a switch using STP exists is in one of the following five states a Blocking the port is blocked from forwarding or receiving packets a Listening the port is waiting to receive BPDU packets that may tell the port to go back to the blocking state Learning the port is adding addresses to its forwarding database but not yet forwarding packets a Forwarding the port is forwarding packets a Disabled the port only responds to network management messages and must return to the blocking state first A port transitions from one state to another as follows From initializati
342. nnnnn nn n nr naar rn rn rnannr rr 173 4 9 2 3 Set up ToS Precedence Mapping ommocionciccncc it eee din 176 4 9 2 4 Set up VLAN Tag Priority Mapping oooccccnnoncconoconnnononcnononnonnnn nono cnn nan nn cnn no nar nn n rra 177 4 9 3 QoS Control List Configuration oooooonnnnccnnoncnnnocccnnononnnnnnno enn nenien aaeain aiga idaan eiai 178 4 9 3 1 QoS Control Entry Configuration sericea nee aeaaaee i rn nn rra rana 179 4 9 4 Port QoS Configura A a 181 4 9 5 Bandwidth Control ivi aiii 183 4 9 6 Storm Control ConfiguratiON voii aiii 185 SS E E E hectare eek Nears Sic ed sve ndctn ST TE estes tease cect aghecebaden pac deasisecs esnearatstesedevvanadees 186 49 8 DSCA Remarking ii ewe and ann ee ir nae 187 4 9 9 Voice VLAN Configuration ossis a a oebek snes riada 189 49 10 Voice VEAN OUI Table occitano ado peer selene ove 192 4 10 Access Control LiStSi sisikii geoi ria ea iii cion riada 193 4 10 1 Access Control List Status ii A eh at 193 4 10 2 Access Control List ConfiguratiON oononcccnnoninnnnccccnnnocnncnonannnnnorn unutk tunut knut nn rn rre ren rre 194 4 10 3 ACE Configuration aii ar needs 196 4 10 4 AGL Ports Configuration iii idas 204 4 10 5 ACL Rate Limiter Configuration oocoononnccnnocccnnoccccnononnnnnnno cnn noo cnn canon rr EAEE nn 206 4 11 Authentication giessen yasdeea se seescece sdaes ads ega tassescceeaausevs dices ccuaes aaoi auaa sacs sossesteceedeee 208 4 11 1 Understanding IEEE 802 1X Port Based A
343. noncncnn non n nn nono nnn nn nn nn nano nr rra rre 128 4 6 10 VLAN Setting example nitens iinn e ig ai ado 129 4 6 10 1 Two separate 802 10 VLAN cios ia ip 129 4 6 10 2 VLAN Trunking between two 802 10 aware SWitCh ooononccnninoccnnnocccccononnnononn conan nn nc nano cnn nn nn nn naar rra 133 4 6 10 3 Port Isolate iii iS 134 4 7 Spanning Tree Protocol ii aiii cins 137 ACA TCO a ee ee E 137 4 1 2 5T1P Bridge Configuration A ie 143 Es 746 y e lo BES 1 LU O OOOPPCOn PO o A AEn aa 145 ATA CIST Ron COnIQUTA IN a daa 146 4 7 5 MSTI Priorities nnne ados 149 4 1 6 MST Copfig ratio a E at 150 ATT MSTI Ports Configura seiri ii ici 151 A A A A 154 4 7 9 Port SS cae awe 155 ARMA iaa 157 4 81 IGMP SNOOPING coincida 157 4 8 2 IGMP Snooping COMPOUALION sistigas IR 161 4 8 3 IGMP Port Related Configuration 0 cccccccccecceceeeeeeeeae cece ee eeeeaaeaeeeeeeeseeaaeaeeeeeeeseceaeeeeeeseaeeeeeeeseseenaneeeeeeens 162 4 8 4 VLAN Configuratio sneered ia 163 48 5 Port Group Filter ini ti aaas 164 4 8 0 IGMP SNOOPING Status iiri a ii di 165 BET MVR o pie UTEE Oa EE E EE EAE E EATE 166 4 8 8 MVR Stat e ea ee elie ed E ened ieee E E a E aai 168 49 Quality Of Se E e r dias 170 User s Manual of MGSW 24160F 4 9 1 Understand DOS iaa 170 4 9 2 OCL Configuration Wizard ini acid 171 4 92 11 Setup PolicyiRUlES ici das 172 4 9 2 2 Set up Typical Network Application Rules ooooooocccnnoccccnnnoccnononacanononnnc conocio nor non
344. nput Operating 10 60 Degree C for AC power input Relative Humidity 5 95 non condensing Temperature 10 70 Degree C Storage F el Relative Humidity 5 95 non condensing 26 User s Manual of MGSW 24160F 2 INSTALLATION This section describes the hardware features and installation of the Managed Switch on the desktop or rack mount For easier management and control of the Managed Switch familiarize yourself with its display indicators and ports Front panel illustrations in this chapter display the unit LED indicators Before connecting any network device to the Managed Switch please read this chapter completely 2 1 Hardware Description 2 1 1 Switch Front Panel The unit front panel provides a simple interface monitoring the Switch Figure 2 1 shows the front panel of the Managed Switch MGSW 24160F Front Panel MGSW 24160F Figure 2 1 MGSW 24160F Front Panel Hi Gigabit TP interface 10 100 1000Base T Copper RJ 45 Twist Pair Up to 100 meters Hi Gigabit SFP slots 1000Base SX LX mini GBIC slot SFP Small Factor Pluggable transceiver module From 550 meters Multi mode fiber up to 10 30 50 70 120 kilometers Single mode fiber MW Console Port The console port is a DB9 RS 232 male serial port connector It is an interface for connecting a terminal directly Through the console port it provides rich diagnostic information includes IP Address setting factory reset port management link stat
345. nspection Shows the status by ARP Inspection ip_source_guard Shows the status by IP Source Guard conflicts Shows all conflict status default Shows the combined status Example Show ACL status SWITCH gt security network acl status Security Network DHCP Relay Configuration Description Show DHCP relay configuration Syntax Security Network DHCP Relay Configuration Example Show DHCP relay configuration SWITCH gt security network dhcp relay configuration 396 User s Manual of MGSW 24160F DHCP Relay Configuration DHCP Relay Mode Disabled DHCP Relay Server NULL DHCP Relay Information Mode Disabled DHCP Relay Information Policy replace Security Network DHCP Relay Mode Description Set or show the DHCP relay mode Syntax Security Network DHCP Relay Mode enable disable Parameters enable Enable DHCP relaly mode When enable DHCP relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered disable Disable DHCP relaly mode default Show flow DHCP relaly mode Default Setting disable Example Enable DHCP relay mode SWITCH gt security network dhcp relay mode enable Security Network DHCP Relay Server Description Show or set DHCP relay server 397 User s Manual of MGSW 24160F Syntax
346. nt link between switch B and C is deliberately chosen as a 100 Mbps Fast Ethernet link default port cost 200 000 Gigabit ports could be used but the port cost should be increased from the default to ensure that the link between switch B and switch C is the blocked link 4 7 2 STP Bridge Configuration This page allows you to configure STP system settings The settings are used by all STP Bridge instances in the Switch The Managed Switch support the following Spanning Tree protocols Compatiable Spanning Tree Protocol STP Provides a single path between end stations avoiding and eliminating loops Normal Rapid Spanning Tree Protocol RSTP Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops Extension Multiple Spanning Tree Protocol MSTP Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree The STP Bridge Configuration screen in Figure 4 7 4 appears STP Bridge Configuration Basic Settings Protocol Version Forward Delay Max Age Maximum Hop Count Transmit Hold Count PortError Recovery Error Racova Figure 4 7 4 STP Bridge Configuration Page Screenshot 143 The page includes the following fields
347. nt that it received the packets Ping was created to verify whether a specific computer on a network or the Internet exists and is connected ping uses Internet Control Message Protocol ICMP packets The PING Request is the packet from the origin computer and the PING Reply is the packet response from the target PoE is an acronym for Power Over Ethernet Power Over Ethernet is used to transmit electrical power to remote devices over standard Ethernet cable It could for example be used for powering IP telephones wireless LAN access points and other equipment where it would be difficult or expensive to connect the equipment to main power supply A policer can limit the bandwidth of received frames It is located in front of the ingress queue 514 User s Manual of MGSW 24160F POP3 is an acronym for Post Office Protocol version 3 It is a protocol for email clients to retrieve email messages from a mail server POP3 is designed to delete mail on the server as soon as the user has downloaded it However some implementations allow users or an administrator to specify that mail be saved for some period of time POP can be thought of as a store and forward service An alternative protocol is Internet Message Access Protocol IMAP IMAP provides the user with more capabilities for retaining e mail on the server and for organizing it in folders on the server IMAP can be thought of as a remote file server POP and IMAP deal
348. o fefe fefe fefo fee fofe fefo fojo fofo fe E El E SSS E E E E E S S SS SS S S E E E E E PE EEEEIEEIEE EEEE IREE EE EE EE AACA Ka Kaa Kall cake ATIAAAAAE Sl SS SHS SSS SSS SS HSS SS IS ILS ji Figure 4 6 2 VLAN Port Configuration Page Screenshot The page includes the following fields Object Description e Port This is the logical port number for this row e PVID Allow assign PVID for selected port The range for the PVID is 1 4094 The PVID will be inserted into all untagged frames entering the ingress port The PVID must as same as the VLAN ID that the port belong to VLAN group or the untagged traffic will be dropped Ingress Filtering Enable ingress filtering for a port by checking the box This parameter affects VLAN ingress processing If ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded By default 119 User s Manual of MGSW 24160F ingress filtering is disabled no checkmark e Accept Frame Type Determines whether the port accepts all frames or only t
349. o start the wizard again Back Click to get more information Next Click to continue the wizard Once the QCL configuration wizard is finished the below screen appears Finished The QCL configuration wizard is finished and the new configuration is ready for use Click Finish to get more information Click Wizard Again to start the wizard again Wizard Again Finish Buttons Wizard Again Click to start the wizard again Finish Click to get more information 4 9 2 2 Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control STEP 1 Set up the specific QCL for different typical network application quality control by selecting the network application type for your rule The Set up Typical Network Application Rules screen in Figure 4 9 3 appears 173 User s Manual of MGSW 24160F Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control by selecting the network application type for your rule o Audio and Video O QuickTime 4 Serer LIMSN Messenger Phone Ll Yahoo Messenger Phone Cl Napster Real Audio o Games O Blizzard Battlenet Diablo2 and StarCraft CJ Fighter Ace Il Cl Quake2 Cl Quake3 LIMSN Game Zone o User Definition Cl Ethernet Type VLAN ID TCP UDP Pot CIDSCP Cancel Wizard Figure 4 9 3 Set up Typical Network Application Rul
350. oding Flooding enabled e Leave Proxy Enable Enable the leave proxy e VLAN ID The VLAN ID of the entry e Snooping Enabled Enable the per VLAN IGMP Snooping e IGMP Querier Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from other devices Buttons Save Click to save changes _Reset Click to undo any changes made locally and revert to previously saved values 161 User s Manual of MGSW 24160F 4 8 3 IGMP Port Related Configuration This page provides IGMP Snooping related configuration Most of the settings are global whereas the Router Port configuration is related to the currently selected unit as reflected by the page header The IGMP Port Related Configuration screen in Figure 4 8 6 appears IGMP Port Related Configuration Router Port Throttling h MEMES oon om Ss UN sho a _h h v v v v M QJ gt E lt lt lt mn bh o h co Oo SNS 14 lt 4 ho o ho M ho lt lt lt M Qu pop popondooooooo0o0o00o00o0000000 po poooongoogoooogoooooo0o00o00o000 bh Ea lt Figure 4 8 6 IGMP Port Related Co
351. of MGSW 24160F QCE Configuration QCE Type Ethernet Type Value Traffic Class Figure 4 9 8 QCE Configuration Page Screenshot The page includes the following fields Object Description e QCE Type Select the available type for the specific QCE Ethernet Type Matches the received frame s EtherType against the QCE Key VLAN ID Matches the frame s VID against the QCE Key TCP UDP Port Matches the destination port and the source port against the QCE Key DSCP Matches the received IPv4 IPv6 DSCP value 6 bits against the two DSCP values in the QCE Key ToS Uses the precedence part of the IPv4 IPv6 ToS 3 bits as an index to the eight QoS Class values in the QCE Key Tag Priority Uses the User Priority value 3 bits as an index to the eight QoS Class values in the QCE Key e Type Value Configure the values according to the QCE type you select Ethernet Type The allowed values for this type range from 0x600 1536 to OxFFFF 65535 VLAN ID The allowed values for this type range from 1 to 4095 TCP UDP Port Range Specify whether there is a range or a specific port number The port range allowed is from 0 to 65535 DSCP The allowed range is O to 63 ToS or Tag Priority do not have type value settings e Traffic Class Select a traffic class of Low Normal Medium or High to apply to the QCE If the QCE type is ToS or Tag Priority there are 8 rows of traffic class that can be configured for each
352. of such a module is the MAC Based Authentication under 802 1X Each port can do learning based upon the following settings Port security is a feature that allows you to configure a switch port with one or more device MAC addresses that are authorized to access the network through that port When port security is enabled on a port the Managed Switch stops learning new MAC addresses on the specified port and when it has reached a configured maximum number Only incoming traffic with source addresses already stored in the dynamic or static address table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message lt source MAC address VLAN gt pair for frames received on the port Note that you can also manually add secure addresses to the port using the Static Address Table The selected port will stop learning The MAC addresses already in the address table will be retained and will not age out Any other device that attempts to use the port will be prevented from accessing the switch The MAC Table Learning screen in Figure 4 13 4 appears 272 User s Manual of MGSW 24160F MAC Table Learning E Port Members fif2 3l4 s l6 7 8lo9 li10f11J12 13 14 15 16 17 18 Auto 0000000 Figure 4 13 4 MAC Table Learning Page Screenshot The page
353. ollowing methods E An administration console a Web browser interface a An external SNMP based network management application The administration console and Web browser interface support are embedded in the Managed Switch software and are available for immediate use Each of these management methods has their own advantages Table 3 1 compares the three management methods Method Console Web Browser e SNMP Agent e Advantages No IP address or subnet needed Text based Telnet functionality and HyperTerminal built into Windows 95 98 NT 2000 ME XP operating systems Secure Ideal for configuring the switch remotely Compatible with all popular browsers Can be accessed from any location Most visually appealing Communicates with switch functions at the MIB level Based on open standards Disadvantages Must be near switch or use dial up connection Not convenient for remote users Modem connection may prove to be unreliable or slow Security can be compromised hackers need only know the IP address and subnet mask May encounter lag times on poor connections Requires SNMP manager software Least visually appealing of all three methods Some settings require calculations Security can be compromised hackers need only know the community name Table 3 1 Management Methods Comparison 3 3 Administration Console The administration console is an internal character oriented and command line user interface for pe
354. om a remote location Once the Reboot button is pressed user have to re login the WEB interface about 60 seconds later the System Reboot screen in Figure 4 2 29 appears System Reboot Are you sure to perform System Reboot Figure 4 2 29 System Reboot Page Screenshot Buttons Yes Click to reboot the system No Click to return the Port State page without reboot the system 78 User s Manual of MGSW 24160F 4 3 Simple Network Management Protocol 4 3 1 SNMP Overview The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devices It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth An SNMP managed network consists of three key components Network management stations NMSs SNMP agents Management information base MIB and network management protocol Network management stations NMSs Sometimes called consoles these devices execute management applications that monitor and control network elements Physically NMSs are usually engineering workstation caliber computers with fast CPUs megapixel color displays substantial memory and abundant disk space At least one NMS must be present in each managed environment Agents Agents are software modules
355. om that port if authentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the same credentials for authentication from any point within the network IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections IGMP can be used for online video and gaming and allows more efficient use of resources when supporting these uses A router sends IGMP Query messages onto a particular link This router is called the Querier IMAP is an acronym for Internet Message Access Protocol It is a protocol for email clients to retrieve email messages from a mail server IMAP is the protocol that IMAP clients use to communicate with the servers and SMTP is the protocol used to transport mail to an IMAP server The current version of the Internet Message Access Protocol is IMAP4 It is similar to Post Office Protocol version 3 POP3 but offers additional and more complex features For example the IMAP4 protocol leaves your email messages on the server rather than downloading them to your computer If you wish to remove your messages from the server you must use your mail client to ge
356. on e MSTI The bridge instance The CIST is the default instance which is always active e Priority Controls the bridge priority Lower numerical values have better priority The bridge priority plus the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Buttons Save Click to save changes Reset J Click to undo any changes made locally and revert to previously saved values 149 User s Manual of MGSW 24160F 4 7 6 MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well The MSTI Configuration screen in Figure 4 7 8 appears MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 00 30 4f 24 04 d1 ei Configuration Revision 0 MSTI Mapping VLANs Mapped Figure 4 7 8 MSTI Configuration Page Screenshot The page includes the following fields Configuration Identification Object Description e Configuration Name The name identifiying the VLAN to MSTI mapping Bridges must share the name and revision see below as well as the VLAN to MSTI mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters e Configuration Revision T
357. on switch boot to blocking E From blocking to listening or to disabled a From listening to learning or to disabled From learning to forwarding or to disabled From forwarding to disabled E From disabled to blocking 138 User s Manual of MGSW 24160F Switch Blocking Listening Disable Learning Forwarding Figure 4 7 1 STP Port State Transitions You can modify each port state by using management software When you enable STP every port on every switch in the network goes through the blocking state and then transitions through the states of listening and learning at power up If properly configured each port stabilizes to the forwarding or blocking state No packets except BPDUs are forwarded from or received by STP enabled ports until the forwarding state is enabled for that port 2 STP Parameters STP Operation Levels The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root Bridge and the Designated Bridges On the port level STP sets the Root Port and the Designated Ports 139 User s Manual of MGSW 24160F The following are the user configurable S
358. on Server Configuration 192 168 0 253 Figure 4 11 10 RADIUS Server Configuration Page Screenshot Add New RADIUS Cleint on the Windows 2003 server Internet Authentication Service File Action View Help e Amen e Internet Authentication Service Local meee RADIUS Clients i 192 168 0 5 RADIUS or Remote Acce New RADIUS Client oY Remote Acce 3 Connection R New Client P Figure 4 11 11 Windows Server add new RADIUS Client Setting 243 User s Manual of MGSW 24160F 3 Assign the client IP address to the Managed switch New RADIUS Client xi Name and Address Type a friendly name and either an IP Address or DNS name for the client Friendly name 202 1 x Managed Switch Client address IP or DNS fi 92 168 0 100 Verify Figure 4 11 12 Windows Server RADIUS Server setting 4 The shared secret key should be as same as the key configured on the Managed Switch New RADIUS Client xi Additional Information If you are using remote access policies based on the client vendor attribute specify the vendor of the RADIUS client Client Vendor RADIUS Standard Shared secret i Confirm shared secret A I Request must contain the Message Authenticator attribute lt Back Cancel Figure 4 11 13 Windows Server RADIUS Server Setting 244 User s Manual of MGSW 24160F 5 Configure ports attribute of 802 1X the same as 802 1X Port Configuration RADIUS A
359. on fails disable Disable local authentication if remote authentication fails default Show backup client authentication configuration Default Setting Authentication Method local Fallback disable Example Use RADIUS authentication method for telnet SWITCH gt security switch auth method telnet radius enable 348 Security Switch SSH Configuration Description Show SSH configuration Syntax Security Switch SSH Configuration Example Show SSH configuration SWITCH gt security switch ssh configuration SSH Mode Disabled Security Switch SSH Mode Description Set or show the SSH mode Syntax Security Switch SSH Mode enable disable Parameters enable Enable SSH disable Disable SSH default Show SSH mode Default Setting disable Example Enable SSH function User s Manual of MGSW 24160F SWITCH gt security switch ssh mode enable 349 Security Switch HTTPs Configuration Description Show HTTPS configuration Syntax Security Switch HTTPS Configuration Default Setting disable Example Show HTTPs configuration SWITCH gt security switch https configuration HTTPS Configuration HTTPS Mode Disabled HTTPS Redirect Mode Disabled Security Switch HTTPs Mode Description Set or show the HTTPS mode Syntax Security Switch HTTPS Mode enable disable Parameters enable Enable HTTPs disable Disable HTTPs default Show HTTPs mode
360. on the TFTP server The TFTP Firmware Upgrade screen in Figure 4 2 20 appears TFTP Firmware Upgrade Firmware File Name Figure 4 2 20 TFTP Firmware Update Page Screenshot The page includes the following fields Object Description e TFTP Server IP Fill in your TFTP server IP address e Firmware File Name The name of firmware image Maximum length 24 characters Buttons Click to upgrade firmware 1 DO NOT Turn OFF Power the Managed Switch until the update progress is complete 2 Do not quit the Firmware Upgrade page without press the OK button after the image was loaded or the system won t apply to the new firmware User has to repeat the firmware upgrade processes again 70 User s Manual of MGSW 24160F 4 2 17 Configuration Backup This function allows backup and reload the current configuration of the Managed Switch to the local management station The Configuration Backup screen in Figure 4 2 21 appears Configuration Backup Save configuration Save configuration except IP Address Figure 4 2 21 Configuration Backup Page Screenshot You can save view or load the switch configuration The configuration file is in XML format with a hierarchy of tags Header tags lt xml version 1 0 gt and lt configuration gt These tags are mandatory and must be present at the beginning of the file Section tags lt platform gt lt global gt and lt switch gt The
361. on the port respectively If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Buttons Refresh Click to refresh the page immediately Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals 259 User s Manual of MGSW 24160F 4 12 7 Port Security Detail This page shows the MAC addresses secured by the Port Security module Port Security is a module with no direct configuration Configuration comes indirectly from other modules the user modules When a user module has enabled port security on a port the port is set up for software based learning In this mode frames from unknown MAC addresses are passed on to the port security module which in turn asks all user modules whether to allow this new MAC address to forward or block it Fora MAC address to be set in the forwarding state all enabled user modules must unanimously agree on allowing the MAC address to forward If only one chooses to block it it will be blocked until that user module decides otherwise The Port Security Detail screen in Figure 4 12 7 appears Port Security Detail Port 1 Auto Refresh O Port 1 E No MAC addresses attached Figure 4 12 7 Port Security Detail Screen Page Screenshot The page includes the following fields Object Description e MAC Address amp VLAN The
362. on the selected switch in the switch and a number of columns which are Object Description e Port The port number for which the status applies Click the port number to see the status for this particular port e Users Each of the user modules has a column that shows whether that module has enabled Port Security or not A means that the corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security e State Shows the current state of the port It can take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive Limit Reached The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is reached and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module and that module has indicated that the limit is exceeded No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page e MAC Count Current The two columns indicate the number of currently learned MAC addresses Limit forwarding as well as blocked and the maximum number of MAC addresses that can be learned
363. oncccnnnanncnnnno cnn nnnrn cnn nan nn EAEE crac rr 399 11 User s Manual of MGSW 24160F Security Network DHCP Snooping Configuration ooooccccnnnnnnnnoccccnononnncnononcnn nono nnnn no nn rrnnnn nn rr nn rra 400 Security Network DHCP Snooping Mode ooocccccocccccononcccnononcnononcnonano non nnnnn nino ron nn nn nn ANAE rnn rn rana 401 Security Network DHCP Snooping Port MoOde oooocconnoccccnococnnononcnonononcnonono nono nonn nc nnnn nn rr narrar 401 Security Network DHCP Snooping Statistics o oooonnnncnnonncinonoccccnnnonnncnononnnnnorn cc nn non rr nro cnn cnn rr rn 402 Security Network IP Source Guard Configuration oononnccninonicnnocccnnononnnononancnnnnrn cc nono nr rnnnn rre ren 403 Security Network IP Source Guard MOd8 oocooocccccococcconocncnonononcnononcccnnnonn nn nono ddiaa iiie 404 Security Network IP Source Guard Port Mode oocooccccnnoccccnonocnnononononononcno nono n corno n cnn nan n rr rra narran 404 Security Network IP Source Guard Limit ooooocccnnnccccnnnoccccnonacnnononononanoncnononn cnn rnnn crono nr rr narrar rre 405 Security Network IP Source Guard Entry ccooocccncocccinononcnonononcnononn nono nn nnnnnnn cnn rra nn nn nano rr rre 406 Security Network IP Source Guard StatuS oooooonnoncccnonoccccnonocnnononcncnnnonnncnnnn cnn rn n nn nro rre 406 Security Network ARP Inspection ConfiguratiON oooonnonncnnnoccnonocccnnononcnnnononnnn non cnn nao r rr nana rr 407 Security Network ARP Inspe
364. opology change notifications and topology changes to other ports If set it can cause temporary loss of connectivity after changes in a spanning trees active topology as a result of persistent incorrectly learned station location information It is set by a network administrator to prevent bridges external to a core region of the network causing address flushing in that region possibly because those bridges are not under the full control of the administrator or is the physical link state for the attached LANs transitions frequently e BPDU Guard If enabled causes the port to disable itself upon receiving valid BPDU s Contrary 147 User s Manual of MGSW 24160F to the similar bridge setting the port Edge status doesn t affect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well e Point2Point Controls whether the port connects to a point to point LAN rather than a shared Buttons _ Save Click to save changes media medium This can be automatically determined or forced either true or false Transition to the forward state is faster for point to point LANs than for shared This applies to physical ports only Aggregations are always forced Point2Point Reset Click to undo any changes made locally and revert to previously saved values By default the system automatically detects the speed and duplex mode used on each port
365. ork Connectivity Device start to advertise LLDP MED TLVs in outgoing LLDPDUs on the associated port The LLDP MED application will temporarily speed up the transmission of the LLDPDU to start within a second when a new LLDP MED neighbor has been detected in order share LLDP MED information as fast as possible to new neighbors Because there is a risk that a LLDP frame being lost during transmission between neighbors it is recommended to repeat the fast start transmission multiple times to increase the possibility for that the neighbors has received the LLDP frame With Fast start repeat count it is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received It should be noted that LLDP MED and the LLDP MED Fast Start mechanism is only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and as such does not apply to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of links Object Description e Latitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North of the equator or South of the equator e Longitude Longitude SHOULD be normalized to within 0 180 degrees with a maximum of
366. ormation No LLDP MED neighbor information found Auto Refresh C Figure 4 14 3 LLDP MED Neighbor Information Page Screenshot The page includes the following fields Fast start repeat count Object Description e Port The port on which the LLDP frame was received e Device Type LLDP MED Devices are comprised of two primary Device Types Network Connectivity Devices and Endpoint Devices LLDP MED Network Connectivity Device Definition LLDP MED Network Connectivity Devices as defined in TIA 1057 provide access to the IEEE 802 based LAN infrastructure for LLDP MED Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies 1 LAN Switch Router 287 User s Manual of MGSW 24160F 2 IEEE 802 1 Bridge 3 IEEE 802 3 Repeater included for historical reasons 4 IEEE 802 11 Wireless Access Point 5 Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method LLDP MED Endpoint Device Definition Within the LLDP MED Endpoint Device category the LLDP MED scheme is broken into further Endpoint Device Classes as defined in the following Each LLDP MED Endpoint Device Class is defined to build upon the capabilities defined for the previous Endpoint Device Class Fore example will any LLDP MED Endpoint Device claiming compliance as a Media Endpoint Class II also support all aspects of TIA 1057 ap
367. out any port members on any unit will be deleted when you click Save The button can be used to undo the addition of new VLANs 121 User s Manual of MGSW 24160F Buttons Add new ent Glick to add new VLAN Save Click to save changes y Click to undo any changes made locally and revert to previously saved values E Refreshes the displayed table starting from the VLAN ID input fields al Updates the table starting from the first entry in the VLAN Table e the entry with the lowest VLAN ID ag gt Updates the table starting with the entry after the last entry currently displayed 4 6 6 VLAN Membership Status for User Static This page provides an overview of membership status for VLAN users The VLAN Membership Status for User Static screen in Figure 4 6 4 appears VLAN Membership Status for User Static Port Members Y Y Y Yv v v v v v v Auto Refresh C Static H E vavo hfk 1 E E E d Y Y j i j d 17 18 19 20 21 22 23 24 Figure 4 6 4 VLAN Membership Status for User Static Page Screenshot The page includes the following fields Object Description e VLANID Indicates the ID of this particular VLAN e Port Members The VLAN Membership Status Page shall show the current VLAN port members for all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box When ALL VLAN Users is selected it shall show this information for all the VLAN Users
368. ow the MSTP Bridge Max Hop Count parameter Syntax STP MaxHops lt maxhops gt Parameters lt maxhops gt STP BPDU MaxHops 6 40 Default Setting 20 416 User s Manual of MGSW 24160F Example Set STP maximum hops in 25 SWITCH gt stp maxhops 25 STP MaxAge Description Set or show the CIST MSTI bridge maximum age Syntax STP MaxAge lt max_age gt Parameters lt max_age gt STP maximum age time 6 40 and max_age lt forward_delay 1 2 Default Setting 20 Example Set STP maximum age time in 10 SWITCH gt stp maxage 10 STP FwdDelay Description Set or show the CIST MSTI bridge forward delay Syntax STP FwdDelay lt delay gt Parameters lt delay gt MSTP forward delay 4 30 and max_age lt forward_delay 1 2 Default Setting 15 Example 417 User s Manual of MGSW 24160F Set STP forward delay value in 25 SWITCH gt stp fwddelay 25 STP CName Description Set or show MSTP configuration name and revision Syntax STP CName lt config name gt lt integer gt Parameters lt config name gt MSTP Configuration name A text string up to 32 characters length Use quotes to embed spaces in name lt integer gt Integer value Default Setting Configuration name MAC address Configuration rev 0 Example Set MSTP configuration name and revision SWITCH gt stp cname 9f_MGSW 24160F 1 STP BPDU Filter Descrip
369. p to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 web WEB HTTPS interface snmp SNMP interface telnet TELNET SSH interface default Show configured and current mode Example Add access management list from 2001 0001 to 2001 0100 via web interface SWITCH gt security switch access add 2001 0001 2001 0100 web 353 User s Manual of MGSW 24160F Security Switch Access Delete Description Delete access management entry Syntax Security Switch Access Delete lt access_id Parameters lt access_id gt entry index 1 16 Example Delete access management ID 1 SWITCH gt security switch access delete 1 Security Switch Access Look up Description Look up access management entry Syntax Security Switch Access Look up lt access_id gt Parameters lt access_id gt entry index 1 16 Example Look up access management entry SWITCH gt security switch access lookup 1 Security Switch Access Clear Description Clear access management entry Syntax Security Switch Access Clear 354 User s Manual of MGSW 24160F Example Clear to access management entry SWITCH gt s
370. packets will not be forwarded to that sub network Multicast Receiver Multicast 4 Switch Transmitter P A IPTV s Server Router Switch Switch Multicast Switch Receiver O Multicast y Receiver ay D Figure 4 8 1 Multicast Service 157 User s Manual of MGSW 24160F B Multicast Receiver Multicast Switch Transmitter A IPTV Server Router Switch C Multicast Switch Receiver Multicast Receiver D Figure 4 8 2 Multicast Flooding B Multicast Receiver Multicast IGMP Snooping Transmitter Switch A IPTV eae Router IGMP Snooping IGMP Snooping C Switch Switch I IGMP Snooping Multicast Switch Receiver Multicast Receiver D Figure 4 8 3 IGMP Snooping Multicast Stream Control 158 User s Manual of MGSW 24160F IGMP Versions 1 and 2 Multicast groups allow members to join or leave at any time IGMP provides the method for members and multicast routers to communicate when joining or leaving a multicast group IGMP version 1 is defined in RFC 1112 It has a fixed packet size and no optional data The format of an IGMP packet is shown below IGMP Message Format Octets 0 8 16 31 Type Response Time Checksum Group Address all zeros if this is a query The IGMP Type codes are shown below ype Maing Membership Query if Group Address is 0 0 0 0 Specific Group Membership Query if Group Address is 0x11 Present Membership
371. periodically at the interval one half of the advertising duration minus 30 seconds Valid values are in the range 100 to 86400 59 User s Manual of MGSW 24160F Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Y My Network Places File Edit View Favorites Tools Help Sin wi ya Search gt Folders E Address My Network Places Network Tasks e 2 Add a network place A Ld view network a i m connections y A Set up a wireless network for a home or small office lt Q Search Active Directory Print Server Print Server MGSW 24160F cd on Enm esther RDM HPS000 RDM HPLI1320 5 Hide icons For networked UPnP VED VED VED devices EI EI 4 Other Places E Desktop Entire Network ig My Computer ES My Documents O O QY Printers and Faxes fae on 10 1 1 26 FAE on planet m FAE_Files on 10 1 1 26 fileMKT_Public on file enm on 10 1 1 20 enmg on File ENM_Public on 10 1 1 20 ENM_Public on file Details My Metu Figure 4 2 10 UPnP devices shows on Windows My Network Places 4 2 8 DHCP Relay Configure DHCP Relay on this page DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into DHCP request packet when forwarding client DH
372. played as text as well In order to display the SVG graph your browser must support the SVG format Consult the SVG Wiki for more information on browser support Specifically at the time of writing Microsoft Internet Explorer will need to have a plugin installed to support SVG The CPU Load screen in Figure 4 2 13 appears CPU Load Auto refresh Y 100ms 3 1sec 1 10sec 1 all numbers running average 13 50 25 a LIA ls at MW A Figure 4 2 13 CPU Load Page Screenshot Buttons Auto refresh d Check this box to enable an automatic refresh of the page at regular intervals If your browser can not displies anythings in this page please download Adobe SVG tool and install it in your computer 64 User s Manual of MGSW 24160F 4 2 11 System Log The switch system log information is provided here The System Log screen in Figure 4 2 14 appears System Log Information The total number of entries is 3 for the given level Start frorn ID 1 with 20 entries per page Info 1970 01 01 Thu 00 00 01 0000 Switch just made a cold boot Info 1970 01 01 Thu 00 00 04 0000 Link up on switch 1 port 1 Info 1970 01 01 Thu 00 00 04 0000 Link up on switch 1 port 16 Figure 4 2 14 System Log Page Screenshot The page includes the following fields Object Description e ID The ID gt 1 of the system logging entry e Level The level of system logging entry The fol
373. plicable to Generic Endpoints Class 1 and any LLDP MED Endpoint Device claiming compliance as a Communication Device Class III will also support all aspects of TIA 1057 applicable to both Media Endpoints Class II and Generic Endpoints Class 1 LLDP MED Generic Endpoint Class 1 The LLDP MED Generic Endpoint Class definition is applicable to all endpoint products that require the base LLDP discovery services defined in TIA 1057 however do not support IP media or act as an end user communication appliance Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class Il The LLDP MED Media Endpoint Class II definition is applicable to all endpoint products that have IP media capabilities however may or may not be associated with a particular end user Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this class include media type specific n
374. plicant is connected to a port the one that comes first when the port s link comes up will be the first one considered If that supplicant doesn t provide valid credentials within a certain amount of time another supplicant will get a chance Once a supplicant is successfully authenticated only that supplicant will be allowed access This is the most secure of all the supported modes In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access even though they really aren t authenticated To overcome this security breach use the Multi 802 1X variant Multi 802 1X is really not an IEEE standard but features many of the same characteristics as does port based 802 1X Multi 802 1X is like Single 802 1X not an IEEE standard but a variant that features many of the same characteristics In Multi 802 1X one or more supplicants can get authenticated on the same port at the same time Each supplicant is authenticated individually and secured in the MAC table using the Port Security module In Multi 802 1X it is not possible to use the multicast BPDU MAC address as destination MAC addre
375. pon reception of a BPDU The port will enter the error disabled state and will be removed from the active topology e Port Error Recovery Control whether a port in the error disabled state automatically will be enabled after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The condition is also cleared by a system reboot e Port Error Recovery Timeout The time that has to pass before a port in the error disabled state can be enabled Valid values are between 30 and 86400 seconds 24 hours 144 User s Manual of MGSW 24160F The Gigabit Ethernet Switch implement the Rapid Spanning Protocol as the default spanning tree protocol While select Compatibles mode the system uses the RSTP 802 1w to compatible and co work with another STP 802 1d s BPDU control packets Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 7 3 Bridge Status This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance where the column displays the following information The STP Bridge Status screen in Figure 4 7 5 appears STP Bridges Root MSTI Bridge ID o Root Topology Flag Topology Change Last CN ES CIST 80 00 00 30 4F 24 04 D1 80 00 00 30 4F 00 00 00 18 20000 Steady Od 03 11 08 Auto Refresh O Figure
376. ppreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at whose own expense CE Mark Warning This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Energy Saving Note of the Device This power required device does not support Standby mode operation For energy saving please remove the power cable to disconnect the device from the power circuit Without removing power cable the device is will still consuming power from the power source In the view of Saving the Energy and reduce the unnecessary power consuming it is strongly suggested to remove the power connection for the device if this device is not intended to be active WEEE Warning To avoid the potential effects on the environment and human health as
377. priate service level DiffServ Code Point DSCP is the traffic prioritization bits within an IP header that are encoded by certain applications and or devices to indicate the level of service required by the packet across a network Service Level defines the priority that will be given to a set of classified traffic You can create and modify service levels Policy comprises a set of rules that are applied to a network so that a network meets the needs of the business That is traffic can be prioritized across a network according to its importance to that particular business type QoS Profile consists of multiple sets of rules classifier plus service level combinations The QoS profile is assigned to a port s Rules comprises a service level and a classifier to define how the Switch will treat certain types of traffic Rules are associated with a QoS Profile see above To implement QoS on your network you need to carry out the following actions 1 Define a service level to determine the priority that will be applied to traffic 2 Apply a classifier to determine how the incoming traffic will be classified and thus treated by the Switch 3 Create a QoS profile that associates a service level and a classifier 170 User s Manual of MGSW 24160F 4 Apply a QoS profile to a port s 4 9 2 QCL Configuration Wizard This handy wizard helps you set up a QCL quickly The QCL Configuration Wizard screen in Fig
378. r WPA was designed to enhance the security of wireless networks There are two flavors of WPA enterprise and personal Enterprise is meant for use with an IEEE 802 1X authentication server which distributes different keys to each user Personal WPA utilizes less scalable pre shared key PSK mode where every allowed computer is given the same passphrase In PSK mode security depends on the strength and secrecy of the passphrase The design of WPA is based on a Draft 3 of the IEEE 802 11i standard Wikipedia WPS is an acronym for Wi Fi Protected Setup It is a standard for easy and secure establishment of a wireless home network The goal of the WPS protocol is to simplify the process of connecting any home device to the wireless network Wikipedia WTR is an acronym for Wait To Restore This is the time a fail on a resource has to be not active before restoration back to this previously failing resource is done 522 Q PLANET Networking amp Communication EC Declaration of Conformi For the following equipment Type of Product 16 Port 100 1000Base X SFP 8 Port 10 100 1000Base T L2 L4 Managed Metro Ethernet Switch Model Number MGSW 24160F Produced by Manufacturers Name Planet Technology Corp Manufacturer s Address 10F No 96 Minquan Rd Xindian Dist New Taipei City 231 Taiwan R O C is herewith confirmed to comply with the requirements set out in the Council Directive on the Approximat
379. r many to 1 Port Mirroring to monitor the incoming or outgoing traffic on a particular port gt Quality of Service 21 User s Manual of MGSW 24160F Ml Ingress Shaper and Egress Rate Limit per port bandwidth control M4 priority queues on all switch ports Ml Traffic classification IEEE 802 1p CoS TOS DSCP IP Precedence of IPv4 IPv6 packets IP TCP UDP port number Typical network application Strict priority and Weighted Round Robin WRR CoS policies Supports QoS and In Out bandwidth control on each port Traffic policing policies on the switch port QoS Control List Wizard makes QoS creation and configuration easier and more quickly DSCP remarking gt Multicast M Supports IGMP Snooping v1 v2 and v3 Querier mode support Hi IGMP Snooping port filtering Hi Multicast VLAN Registration MVR support gt Security M IEEE 802 1x Port Based MAC Based network access authentication Built in RADIUS client to co operate with the RADIUS servers TACACS login users access authentication RADIUS TACACS users access authentication IP Based Access Control List ACL MAC Based Access Control List Source MAC IP address binding DHCP Snooping to filter un trusted DHCP messages Dynamic ARP Inspection discards ARP packets with invalid MAC address to IP address binding IP Source Guard prevents IP spoofing attacks Auto DoS rule to defend DoS attack IP address access management to prevent unauthorized intruder
380. r on the Managed Switch the terminal will display that it is running testing procedures Then the following message asks the login username amp password The factory default password as following and the login screen in Figure 5 1 appears Username admin Password admin COM1_ HyperTerminal File Edit View Call Transfer Help Dw amp O08 Welcome to PLANET Command Line Interface Port Numbers HGSH 24160F i 2i 41 6i 8i 10 12 14 16 18 20 22 24 111 31 51 71 i 91111131151 117119121123 I i a I I I I 1 l 1 I I i Username admin Password Login in progress SWITCH gt _ Connected 00 13 46 ANSIW 115200 8 N 1 Figure 5 1 The Managed Switch Console Login Screen 300 User s Manual of MGSW 24160F For security reason please change and memorize the new password after this first setup Only accept command in lowercase letter under console interface Configure IP address The Managed Switch is shipped with default IP address as following IP Address 192 168 0 100 Subnet Mask 255 255 255 0 To check the current IP address or modify a new IP address for the Switch please use the procedures as follow 3 Show the current IP address On Switch gt prompt enter ip configuration COM1_ HyperTerminal Eile Edit View Call Transfer Help Username admin Password Login in progress SWITCH gt show ip IP Configuration DHCP
381. r port Disabled All power savings mechanisms disabled ActiPHY Link down power savings enabled Dynamic Link up power savings enabled Enabled Link up and link down power savings enabled 92 User s Manual of MGSW 24160F When set each port to run at 100M Full 100M Half 10M Full and 10M Half speed modes The Auto MDIX function will disable Click to save changes Reset Click to undo any changes made locally and revert to previously saved values Refresh Click to refresh the page Any changes made locally will be undone 4 4 2 Port Statistics Overview This page provides an overview of general traffic statistics for all switch ports The ports belong to the currently selected unit as reflected by the page header The Port Statistics Overview screen in Figure 4 4 2 appears Port Statistics Overview 0 0 D 0 oo oo oo oo 1 2 3 4 5 6 FA 8 9 0 4 12 13 14 15 16 17 18 9 203341 EN O E O E O ME 00 ME O ME O EN O E O E O EN O E O E O El O 1 O E O E 00 5 O E O E O E O E O E O E O E OO EA so O 153 O 3 01 5 O 13 O 15 O 5 O PE O E O E O AO El O ll O E O E CO E O 1 O 8 O E O E O E O E O E OO EA O El O 5 O 13 O 13 O 53 O 5 O 3 O E O E O E O AO 2000000000000 00000000000000 So O 1 O 13 O 1 O 1 O 5 O A O E O 1 O A O A O E O MN O MN O A O A O A O A O MN OO A O A O E OO A OO E oO E o G o a o 000 0000 00 0000 000 08 10 1 1 1 1 1 1 1 1 19 20 21 22 23 24
382. r this ACE Any No VLAN ID filter is specified VLAN ID filter status is don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for entering a VLAN ID number appears e VLANID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value 198 e Tag Priority User s Manual of MGSW 24160F Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The allowed number range is 0 to 7 The value Any means that no tag priority is specified tag priority is don t care E ARP Parameters The ARP parameters can be configured when Frame Type ARP is selected Object Description e ARP RARP Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is specified OP is don t care ARP Frame must have ARP RARP opcode set to ARP RARP Frame must have ARP RARP opcode set to RARP Other Frame has unknown ARP RARP Opcode flag e Request Reply Specify the available ARP RARP opcode OP flag for this ACE Any No ARP RARP OP flag is specified OP is don t care Request Frame must have ARP Request or RARP Request OP flag set Reply Frame must have ARP Reply or RARP Reply OP flag e Sender IP Filter Specify the sender IP filter for this ACE Any No sender IP filt
383. r to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create connections to one another It is known as a connection oriented protocol which means that a connection is established and maintained until such time as the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP 518 User s Manual of MGSW 24160F TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through the Telnet program just as if they were entering commands directly on the server console TFTP is an acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Pro
384. r when they are not on the same subnet domain 507 User s Manual of MGSW 24160F The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most
385. relay mode operation the agent forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain And the DHCP broadcast message won t flood for security considered Disabled Disable DHCP relay mode operation e Relay Server Indicates the DHCP relay server IP address A DHCP relay agent is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain e Relay Information Mode Indicates the DHCP relay information mode option operation Possible modes are Enabled Enable DHCP relay information mode operation When enable DHCP relay information mode operation the agent insert specific information option 82 into a DHCP message when forwarding to DHCP server and remove it from a DHCP message when transferring to DHCP client It only works under DHCP relay operation mode enabled Disabled Disable DHCP relay information mode operation e Relay Information Policy Indicates the DHCP relay information option policy When enable DHCP relay information mode operation if agent receives a DHCP message that already contains relay agent information It will enforce the policy And it only works under 61 User s Manual of MGSW 24160F DHCP relay information operation mode enabled Possible policies are Replace Replace the original relay information when receive a DHCP message that already contains it
386. reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The ICMP Ping screen in Figure 4 15 3 appears 296 User s Manual of MGSW 24160F Remote IP Ping Test Remote IP Address Ping Size Ping Button Result 1 co MESA Bee cn EN wo fee SQ VY Vl Vl Vl Bl Bl Bl B _ o E R Qu _ mn mo _ J EENE _ co du non fe LL M N MN A ho E 12 e Ping a Pig Figure 4 15 3 Remote IP Ping Test Page Screenshot The page includes the following fields Object Description e Port The logical port for the settings e Remote IP Address The destination IP Address 297 User s Manual of MGSW 24160F e Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes e Result Display the ping result 4 15 4 Cable Diagnostics This page is used for running the Cable Diagnostics Press to run the diagnostics This will take approximately 5 seconds If all ports are selected this can take approximately 15 seconds When completed the page refreshes automatically and you can view the cable diagnostics results in the cable status table Note that Cable Diagnostics is only accurate for cables of length 7 140 meters 10 an
387. resh of the page at regular intervals Car Click to clear the information immediately 156 User s Manual of MGSW 24160F 4 8 Multicast 4 8 1 IGMP Snooping The Internet Group Management Protocol IGMP lets host and routers share information about multicast groups memberships IGMP snooping is a switch feature that monitors the exchange of IGMP messages and copies them to the CPU for feature processing The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group About the Internet Group Management Protocol IGMP Snooping Computers and network devices that want to receive multicast transmissions need to inform nearby routers that they will become members of a multicast group The Internet Group Management Protocol IGMP is used to communicate this information IGMP is also used to periodically check the multicast group for members that are no longer active In the case where there is more than one multicast router on a sub network one router is elected as the queried This router then keeps track of the membership of the multicast groups that have active members The information received from IGMP is then used to determine if multicast packets should be forwarded to a given sub network or not The router can check using IGMP to see if there is at least one member of a multicast group on a given subnet work If there are no members on a sub network
388. rforming system administration such as displaying statistics or changing option settings Using this method you can view the administration console from a terminal personal computer Apple Macintosh or workstation connected to the switch s console serial port There are two ways to use this management method via direct access or modem port access The following sections describe these methods For more information about using the console refer to Chapter 5 Command Line Interface Console Management 40 User s Manual of MGSW 24160F PC Workstation PLANET Managed Switch with Terminal emulation software TAS _ Wer RS 232 l a Serial Port a 115200 8 n 1 LE Serial Port Figure 3 1 Console Management Diagram Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port When using this management method a straight DB9 RS 232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following parameters The default parameters are E 115200 bps m 8 data bits E No parity E 1 stop bit COMT Properties Port Settings Bits per second JAE Data bits Parity Stop bits Flow control Figure 3 2 Terminal Parameter Settings You can change t
389. rized Globally Disabled Reavthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitial Force Authorized Globally Disabled Feauthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitial Force Authorized Globally Disabled Reavthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitialize Force Authorizad gt Globally Disabled Reauthenticate Reinitialize Force Authorized Globally Disabled Reauthenticate Reinitialize Force Authorized Globally Disabled Pesubhentcate Reinitialize Force Authorized Globally Disabled Reavthenticate Reinitial Force Authorized Globally Disabled Seauthenticate Reinitia Force Authorized Globally Disabled Reauthenticate Reinita Force Authorized Globally Disabled Peauthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitia Br GF BF EE 5 Force Authorized Globally Disabled Reauthenticate Reinitia Force Authorized Globally Disabled Reauthenticate Reinitial Force Authorizad v Globally Disabled Reavthenticate Reinitial Force Authorizad vw Globally Disabled Reavthenticate Reinitial Force Authorized v Globally Disabled Reauthenticate Reinitial Force Authorized Globally Disabled Reauthenticate Reinitia
390. rol function for port1 SWITCH gt port flow control 1 enable 321 User s Manual of MGSW 24160F Port State Description Set or show the port administrative state Syntax Port State lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port disable Disable port default Show administrative mode Default Setting Enable Example Disable port SWITCH gt port state 1 disable Port Maximum Frame Description Set or show the port maximum frame size Syntax Port MaxFrame lt port_list gt lt max_frame gt Parameters lt port_list gt Port list or all default All ports lt max_frame gt Port maximum frame size 1518 9600 default Show maximum frame size Default Setting 9600 Example Set 2048 frame size for port1 SWITCH gt port maxframe 1 2048 322 Port Power Description Set or show the port PHY power mode Syntax Port Power lt port_list gt enable disable actiphy dynamic Parameters lt port_list gt Port list or all default All ports enable Enable all power control disable Disable all power control actiphy Enable ActiPHY power control dynamic Enable Dynamic power control Default Setting Enable Example Disable port power function for port1 4 User s Manual of MGSW 24160F SWITCH gt port power 1 4 disable Port SFP Description Show SFP port informatio
391. romiscous Example Show VLAN configuration of port10 SWITCH gt status 1 Port VLAN User Aware PVID Frame Type Ing Filter Tx Tag UVID Conflicts Static Enabled 1 338 NAS MVR Voice VLAN MSTP Combined Enabled 1 All Disabled 339 Untag This User s Manual of MGSW 24160F 1 6 6 Private VLAN Configuration Command U Description Show Private VLAN configuration Syntax PVLAN Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show private VLAN configuration User s Manual of MGSW 24160F 340 User s Manual of MGSW 24160F Disabled Disabled Disabled Disabled Disabled Disabled Disabled PVLANID Ports PVLAN Add Description Add or modify Private VLAN entry Syntax PVLAN Add lt pvlan_id gt lt port_list gt Parameters lt pvlan_id gt Private VLAN ID lt port_list gt Port list or all default All ports Example Add port17 to port24 in PVLAN10 SWITCH gt pvian add 10 17 24 PVLAN Delete Description Delete Private VLAN entry Syntax PVLAN Delete lt pvlan_id gt 341 User s Manual of MGSW 24160F Parameters lt pvlan_id gt Private VLAN ID Example Delete PVLAN10 SWITCH gt pvlan delete 10 PVLAN Look up Description Look up Private VLAN entry Syntax PVLAN Look up lt pvlan_id gt Parameters lt pvlan_id gt Private VLAN ID
392. root from the transmitting port E The port identifier of the transmitting port 137 User s Manual of MGSW 24160F The switch sends BPDUs to communicate and construct the spanning tree topology All switches connected to the LAN on which the packet is transmitted will receive the BPDU BPDU does nt directly forward by the switch but the receiving switch uses the information in the frame to calculate a BPDU and if the topology changes initiates a BPDU transmission The communication between switches via BPDUs results in the following a One switch is elected as the root switch The shortest distance to the root switch is calculated for each switch E A designated switch is selected This is the switch closest to the root switch through which packets will be forwarded to the root a A port for each switch is selected This is the port providing the best path from the switch to the root switch Ports included in the STP are selected Creating a Stable STP Topology It is to make the root port a fastest link If all switches have STP enabled with default settings the switch with the lowest MAC address in the network will become the root switch By increasing the priority lowering the priority number of the best switch STP can be forced to select the best switch as the root switch When STP is enabled using the default parameters the path between source and destination stations in a switched network might not be ideal For instance co
393. ros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 lt ipv6_prefix gt IPv6 subnet mask default Show IPv6 prefix lt ipv6_router gt IPv6 router default Show IPv6 router IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separates each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 lt vid gt VLAN ID 1 4095 default Show VLAN ID Default Setting IPv6 AUTOCONFIG mode Disabled IPv6 Link Local Address fe80 230 4fff fe24 4d1 IPv6 Address 192 168 0 100 IPv6 Prefix 96 IPv6 Router IPv6 VLAN ID A Example Set IPv6 address SWITCH gt ip ipv6 setup 2001 0002 64 2100 0001 1 315 User s Manual of MGSW 24160F IPv6 Ping Description Ping IPv6 address ICMPv6 echo Syntax IP IPv6 Ping6 lt ipv6_addr gt lt ping_length gt Parameters lt ipv6_addr gt IPv6 host address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special
394. rs Port Counters Object The Selected Counters table is visible when the port is one of the following administrative states Multi 802 1X MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below Description e Identity Shows the identity of the supplicant as received in the Response Identity EAPOL frame Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth e MAC Address For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached e VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module e State The client can either be authenticated or unauthenticated In the authenticated state it is allowed to forward frames on the port and in the unauthenticated state it is blocked As long as the backend server hasn t successfully authentic
395. rs lt port_list gt Port list or all default All ports up Show ports which are up down Show ports which are down default Show all ports Example Display port1 4 status SWITCH gt port configuration 1 4 Port Configuration Port State Mode Flow Control MaxFrame Power Excessive Link Enabled Disabled Enabled Discard Down Enabled Disabled Enabled Discard Down Enabled Disabled Enabled Discard Down Enabled Disabled Enabled Discard Down Port Mode Description Set or show the port speed and duplex mode Syntax Port Mode lt port_list gt 1Ohdx 10fdx 100hdx 100fdx 1000fdx auto 320 Parameters lt port_list gt Port list or all default All ports 10hdx 10 Mbps half duplex 10fdx 10 Mbps full duplex 100hdx 100 Mbps half duplex 100fdx 100 Mbps full duplex 1000fdx 1 Gbps full duplex auto Auto negotiation of speed and duplex default Show configured and current mode Default Setting Auto Example Set 10Mbps half duplex speed for port1 User s Manual of MGSW 24160F SWITCH gt port mode 1 10hdx Port Flow Control Description Set or show the port flow control mode Syntax Port Flow Control lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable flow control disable Disable flow control default Show flow control mode Default Setting Disable Example Enable flow cont
396. rt default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID Understand nomenclature of the Switch Ml IEEE 802 1Q Tagged and Untagged Every port on an 802 1Q compliant switch can be configured as tagged or untagged e Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact Other 802 1Q compliant devices on the network to make packet forwarding decisions can use the VLAN information in the tag e Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet doesn t have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device Frame Income Income Frame is tagged Income Frame is untagged Frame Leave Leave port is tagged Frame remains tagged Tag is inserted Leave port is untagged Tag is removed Frame remain untagged Table 4 6 1 Ingress Egress port with VLAN VID Tag Untag table MI IE
397. rts disable Disable DHCP snooping mode default Show flow DHCP snooping mode Default Setting disable Example Enable DHCP snooping mode SWITCH gt security network dhcp snooping mode enable Security Network DHCP Snooping Port Mode Description Set or show the DHCP snooping port mode Syntax Security Network DHCP Snooping Port Mode lt port_list gt trusted untrusted Parameters lt port_list gt Port list or all default All ports trusted Configures the port as trusted sources of the DHCP message 401 User s Manual of MGSW 24160F untrusted Configures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting trusted Example Set untrusted DHCP snooping port mode in port 1 SWITCH gt security network dhcp snooping port mode 1 untrusted Security Network DHCP Snooping Statistics Description Show up or clear DHCP snooping statistics Syntax Security Network DHCP Snooping Statistics lt port_list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear DHCP snooping statistics Example Show DHCP snooping statistics of port 1 SWITCH gt security network dhcp snooping siatistics 1 Port 1 Statistics O Tx Discover O Tx Offer O Tx Request O Tx Decline 0 Tx ACK 0 Tx NAK O Tx Release 0 Tx Inform Rx Lease Query O Tx Lease Query Rx Lease Unassigned
398. rver Configuration This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication One or more central servers the backend servers determine whether the user is allowed access to the network These backend RADIUS servers are configured on the Configuration Security gt AAA page The IEEE802 1X standard defines port based operation but non standard variants overcome security limitations as shall be explored below MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server Intruders can create counterfeit MAC addresses which makes MAC based authentication less secure than 802 1 X authentication The NAS configuration consists of two sections a system and a port wide The Network Access Server Configuration screen in Figure 4 11 4 appears 213 User s Manual of MGSW 24160F Network Access Server Configuration Refresh seconds seconds seconds seconds Force Authorized Y Globally Disabled Reauthenticate Reinitia Force Authorized Globally Disabled Reauthenticate Reinitia Force Autho
399. s LACP Statistics Port LACP R i d ACP e Discarded eceive L Transmitted Unknown Illegal O0 NDA A wN SH E O 5 O E O E O ll O Sl O El O 1 O ES O E O ll O ll O El O 3 O E O E O 5 O E O E O 1 O 3 O A O MA O A O El O El O E O 5 O E O E O E O E O A O A O Al O A OO 0 O 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 Auto Refresh 1 Figure 4 5 7 LACP Port Statistics Page Screenshot 110 User s Manual of MGSW 24160F The page includes the following fields Object Description e Port The switch port number e LACP Transmitted Shows how many LACP frames have been sent from each port e LACP Received Shows how many LACP frames have been received at each port e Discarded Shows how many unknown or illegal LACP frames have been discarded at each port Buttons Fl Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refiesh Click to refresh the page immediately _ clear J Clears the counters for all ports 111 User s Manual of MGSW 24160F 4 6 VLAN 4 6 1 VLAN Overview A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme rather than the physical layout VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN VLAN also logically segment the network into different broadcast domains so that packets are forwarded only
400. s TxFrames Rx Unknown Rx illegal 443 User s Manual of MGSW 24160F User s Manual of MGSW 24160F 6 12 LLDP Command LLDP Configuration Description Show LLDP configuration Syntax LLDP Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LLDP configuration of port1 4 SWITCH gt lldp configuration 1 4 LLDP Configuration Enabled Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled LLDP Mode Description Set or show LLDP mode Syntax LLDP Mode lt port_list gt enable disable rx tx 444 User s Manual of MGSW 24160F Parameters lt port_list gt Port list or all default All ports enable Enable LLDP reception and transmission disable Disable LLDP rx Enable LLDP reception only tx Enable LLDP transmission only default Show LLDP mode Default Setting disable Example Enable port1 LLDP function SWITCH gt lldp mode 1 enable LLDP Optional TLV Description Show or Set LLDP Optional TLVs Syntax LLDP Optional_TLV lt port_list gt port_descr sys_name sys_descr sys_capa mgmt_addr enable disable Parameters lt port_list gt Port list or all default All ports port_descr Description of the port sysm_
401. s as transport layer O OR OAM is an acronym for Operation Administration and Maintenance It is a protocol described in ITU T Y 1731 used to implement carrier ethernet functionality MEP functionality like CC and RDI is based on this A LLDP frame contains multiple TLVs 513 User s Manual of MGSW 24160F For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in the LLDP frame OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address PCP is an acronym for Priority Code Point It is a 3 bit field storing the priority level for the 802 1Q frame It is also known as User Priority PD is an acronym for Powered Device In a PoE gt system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY is an abbreviation for Physical Interface Transceiver and it is the device implements the Ethernet physical layer IEEE 802 3 ping is a program that sends a series of packets over a network or the Internet to a specific computer in order to generate a response from that computer The other computer responds with an acknowledgme
402. s a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 Example Set SNMP trap IPv6 destination address for 2001 0001 SWITCH gt security switch snmp trap ipv6 destination 2001 0001 Security Switch SNMP Trap Authentication Failure Description Set or show the SNMP authentication failure trap mode Syntax Security Switch SNMP Trap Authentication Failure enable disable Parameters enable Enable SNMP trap authentication failure disable Disable SNMP trap authentication failure default Show SNMP trap authentication failure mode Default Setting enable Example Disable SNMP trap authentication failure SWITCH gt security switch snmp trap authentication failure disable Security Switch SNMP Trap Link up Description Set or show the port link up and link down trap mode 362 Syntax Security Switch SNMP Trap Link up enable disable Parameters enable Enable SNMP trap link up and link down disable Disable SNMP trap link up and link down default Show SNMP trap link up and link down mode Default Setting enable Example Disable SNMP trap link up User s Manual of MGSW 24160F SWITCH gt security switch snmp trap link up disable Security Switch SNMP Trap Inform Mode Description Set or show the SNMP trap inform mode Syntax Security Switch SNMP Trap
403. s entry should belong to lt group_name gt A string identifying the group name that this entry should belong to Example Add SNMPv3 group entry SWITCH gt security switch snmp group add usm admin_snmpv3 group_snmpv3 370 User s Manual of MGSW 24160F Security Switch SNMP Group Delete Description Delete SNMPv3 group entry Syntax Security Switch SNMP Group Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 group entry SWITCH gt security switch snmp group delete 1 Security Switch SNMP Group Look up Description Look up SNMPv3 group entry Syntax Security Switch SNMP Group Look up lt index gt Parameters lt index gt entry index 1 64 Example Look up SNMPv3 group entry SWITCH gt security switch snmp group lookup Idx Model Security Name Group Name private default_rw_group public default_ro_group private default_rw_group default_user default_rw_group Number of entries 4 371 User s Manual of MGSW 24160F Security Switch SNMP View Add Description Add or modify SNMPv3 view entry The entry index key are lt view_name gt and lt oid_subtree gt Syntax Security Switch SNMP View Add lt view_name gt included excluded lt oid_subtree gt Parameters lt view_name gt A string identifying the view name that this entry should belong to included An optional flag to indicate that this view subtree should includ
404. s sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send to a different server or give up A retry to the same server is counted as a retransmit as well as a timeout A send to a different server is counted as a Request as well as a timeout e Other Info This section contains information about the state of the server and the latest round trip time Name RFC4668 Name Description State Shows the state of the server It takes one of the 239 following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is User s Manual of MGSW 24160F up and run and the RADIUS module is ready to accept access attempts Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Round Trip radiusAuthClient The time interval measured in milliseconds between Time ExtRoundTripTim the most recent Access Reply Access Challe
405. s with different keys cannot The default setting is Auto e Role The Role shows the LACP activity status The Active will transmit LACP packets each second while Passive will wait for a LACP packet from a partner speak if spoken to Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 4 5 3 LACP System Status This page provides a status overview for all LACP instances The LACP Status page display the current LACP aggregation Groups and LACP Port status The LACP System Status screen in Figure 4 5 5 appears LACP System Status Aggr ID Partner System ID Partner Key Last Changed Local Ports No ports enabled or no existing partners Auto Refresh C Figure 4 5 5 LACP System Status Page Screenshot 107 User s Manual of MGSW 24160F The page includes the following fields Object Description e Aggr ID The Aggregation ID associated with this aggregation instance For LLAG the id is shown as isid aggr id and for GLAGs as aggr id e Partner System ID The system ID MAC address of the aggregation partner e Partner Key The Key that the partner has assigned to this aggregation ID e Last changed The time since this aggregation changed e Local Ports Shows which ports are a part of this aggregation for this switch Buttons Refresh Click to refresh the page immediately Auto refresh Cl Check this box to
406. sable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v Disable v TE 0 0 Dia y 0 0 D 0 0 0 0 0 D 0 0 0 q E J o 0 O MN O PM O MN O Figure 4 10 4 ACL Ports Configuration page screenshot The page includes the following fields Object Description e Port The logical port for the settings contained in the same row e Policy ID Select the policy to apply to this port The allowed values are 1 through 8 The default value is 1 e Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 1 through 15 The default value is Disabled Port Copy Select which port frames are copied to The allowed values are Disabled or a specific port number The default value is Disabled 205 User s Manual of MGSW 24160F e Logging Specify the logging operation of this port The allowed values are Enabled Frames received on the port are stored in the System Log Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited e Shutdown Specify the port shut down operation of this port The allowed values are Enabled If
407. san iii 491 Show STP Configuration ipese a a aa a Aa 491 6 23 DIDO COMME e coke aa a Ta cede rra a r a tage aaa aaea ea e aaant aa iaeiae 492 DE a E wave pees E E E T E E ht atac 492 DESC it A A AAA A E aa 492 DEEN A A ee 493 DO ia 494 DO O it td io ee loa 494 A AEA EEEE E O O TA 495 NA oo en ee ee e 495 fault Aci A A oa ed pata aii talento any DARA Ate 496 fault SMi eraa o a pbieen tenes bis phan esaceackeltetenapteceadhansbacah socsideubee cee svba la Aa aa 497 TaUlbapOrt sali oc tota 497 16 User s Manual of MGSW 24160F fault OWI lr cocino A id da aba 497 TESWITGH O PERA TO Norris aa ANNENS 499 TA AddreSS Table iii A raaa AEDA TENESTA ENAA EA TESTENE 499 Pe COAN ir n 499 7 3 Forwarding amp Filtering ssssssuunnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nunun nnn nnnn nnna nnmnnn nnmnnn 499 14 SUOTe ANG F OF WAN PERPE E E E E E T 499 Ta AUTONOMO dai 500 Se TROUBLE SHOOT Nina 501 APRENDE Allande ela 503 A 1 Switch s RJ 45 Pin ASSIgNMen S e ae ae aen r reae e aee rc 503 A 2 10 100Mbps 10 100Base TX mccconocccccconnccccnnncrnnnnn rre 503 APPENDEX B GLOSSARY oiiaii Aaa 505 User s Manual of MGSW 24160F 1 INTRODUTION The PLANET MGSW 24160F is all multiple ports Gigabit Ethernet Switch with SFP fiber optical connective ability and robust layer 2 features Terms of Managed Switch means the Switch mentioned titled in the cover page of this User s manual i e MGSW 2416
408. sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics The Cable Diagnostics performing tests on copper cables These functions have the ability to identify the cable length and operating conditions and to isolate a variety of common faults that can occur on the Cat5 twisted pair cabling There might be two statuses as follow m If the link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer m If the link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is reestablished And the following functions are available m Coupling between cable pairs m Cable pair termination m Cable Length Buttons Start Click to start to transmit ICMP packets 4 15 1 Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues After you press Start 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs The 294 User s Manual of MGSW 24160F ICMP Ping screen in Figure 4 15 1 appears The page includes the following fields ICMP Ping IP Address Ping Size Figure 4 15 1 ICMP P
409. ser s Manual of MGSW 24160F Syntax QoS Classes lt class gt Parameters lt class gt Number of traffic classes 1 2 or 4 Default Setting 4 Example Set QoS classes 2 SWITCH gt qos classes 2 QoS Default Description Set or show the default port priority Syntax QoS Default lt port_list gt lt class gt Parameters lt port_list gt Port list or all default All ports lt class gt Traffic class low normal medium high or 1 2 3 4 Default Setting Low Example Set high priority for port5 SWITCH gt qos default 5 high QoS Tag Priority Description Set or show the port VLAN tag priority 457 Syntax QoS Tagprio lt port_list gt lt tag_prio gt Parameters lt port_list gt Port list or all default All ports lt tag_prio gt VLAN tag priority 0 7 Default Setting 0 Example Set priority7 for port 3 User s Manual of MGSW 24160F SWITCH gt qos tagprio 3 7 QoS QCL Port Description Set or show the port QCL ID Syntax QoS QCL Port lt port_list gt lt qcl_id gt Parameters lt port_list gt Port list or all default All ports lt qcl_id gt QCLID Default Setting 1 Example Set QCL ID5 for port10 SWITCH gt qos qcl port 10 5 QoS QCL Add Description Add or modify QoS Control Entry QCE User s Manual of MGSW 24160F If the QCE ID parameter lt qce_id gt is specified and an entry with this QCE
410. set more detail configuration 151 User s Manual of MGSW 24160F MST1 MSTI Port Configuration MSTI Aggregated Ports Configuration Path Cost v MSTI Normal Ports Configuration Path Cost alaa a a alale ls SE al a a la 55 LOU A E PARA RARA RARA e ON MA r BE co MR oO A gt ENE NES 3 Ss ss 3 13 31 ENEE AN A Figure 4 7 10 MST1 MSTI Port Configuration Page Screenshot 152 User s Manual of MGSW 24160F The page includes the following fields MSTx MSTI Port Configuration Object Description e Port The switch port number of the corresponding STP CIST and MSTI port e Path Cost Controls the path cost incurred by the port The Auto setting will set the path cost as appropriate by the physical link speed using the 802 1D recommended values Using the Specific setting a user defined value can be entered The path cost is used when establishing the active topology of the network Lower path cost ports are chosen as forwarding ports in favor of higher path cost ports Valid values are in the range 1 to 200000000 e Priority Controls the port priority This can be used to control priority of ports having identical port cost See above Buttons Ser Click to set MSTx configuration Refresh Click to refresh the page immediately Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 153
411. snooping mode is enabled and relay mode is disabled And it doesn t count the DHCP packets for system DHCP client The DHCP Snooping Port Statistics screen in Figure 4 12 9 appears DHCP Snooping Port Statistics Port 1 Receive Packets Transmit Packets Rx Discover Tx Discover Rx Offer Tx Offer Rx Request Tx Request Rx Decline Tx Decline Rx ACK Tx ACK Tx NAK Tx Release Tx Inform Tx Lease Query Tx Lease Unassigned Tx Lease Unknown Tx Lease Active Rx NAK Rx Release Rx Inform Rx Lease Query Rx Lease Unassigned Rx Lease Unknown Rx Lease Active D oO G Om OC Om O A OS D O E O ite SO A O if Figure 4 12 9 DHCP Snooping Port Statistics Screen Page Screenshot 262 User s Manual of MGSW 24160F The page includes the following fields Object Description e Rx and Tx Discover The number of discover option 53 with value 1 packets received and transmitted e Rx and Tx Offer The number of offer option 53 with value 2 packets received and transmitted e Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted e Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted e Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted e Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted e Rx and Tx Release The number of release option 53 with v
412. ss This confines network traffic to its respective domain and reduce the overall load on the network The Switch performs Store and forward therefore no error packets occur More reliably it reduces the re transmission rate No packet loss will occur 499 User s Manual of MGSW 24160F 7 5 Auto Negotiation The STP ports on the Switch have built in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detect the modes and speeds at the second of both device is connected and capable of both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps with auto negotiation 100 200Mbps 100Base T X Full Duplex 500 User s Manual of MGSW 24160F 8 TROUBLE SHOOTING This chapter contains information to help you solve problems If the Ethernet Switch is not functioning properly make sure the Ethernet Switch was set up according to instructions in this manual M The Link LED is not lit Solution Check the cable connection and remove duplex mode of the Ethernet Switch Ml Some stations cannot talk to other stations located on the other port Solution
413. ss for EAPOL frames sent from the switch towards the supplicant since that would cause all supplicants attached to the port to reply to requests sent from the switch Instead the switch uses the supplicant s MAC address which is obtained from the first EAPOL Start or EAPOL Response Identity frame sent by the supplicant An exception to this is when no supplicants are attached In this case the switch sends EAPOL Request Identity frames using the BPDU multicast MAC address as destination to wake up any supplicants that might be on the port The maximum number of supplicants that can be attached to a port can be 219 User s Manual of MGSW 24160F limited using the Port Security Limit Control functionality MAC based Auth Unlike port based 802 1X MAC based authentication is not a standard but merely a best practices method adopted by the industry In MAC based authentication users are called clients and the switch acts as the supplicant on behalf of clients The initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server The 6 byte MAC address is converted to a string on the following form XX XX XX XX XX XX that is a dash is used as separator between the lower cased hexadecimal digits The switch only supports the MD5 Challenge authentication method so the RADIUS server must be co
414. ssigned RADIUS Assigned Guest Admin State QoS Enabled VLAN Enabled LAN Enabled Port State 1 Porthesed 802 1 w O O O 2 Portbased 802 1X vw O O O Globally Disabled Fesuthenticate Globally Disabled authenticate Reinitializ Figure 4 11 14 802 1x Port Configuration 6 Create user data The establishment of the user data needs to be created on the Radius Server PC For example the Radius Server founded on Win2003 Server and then e gt a5 Shortcut to Network Security sE Active Directory Domains and Trusts Configurati ig Active Directory Sites and Services Direct Users ation Authority E Cluster Administrator er My Cor gt Component Services a Computer Management gt Control 4 Configure Your Server Wizard zs Pas Data Sources ODBC Hd Adminis e Distributed File System mo gt a Printers DNS 6 Domain Controller Security Policy Y Help an fil Domain Security Policy f Event Viewer gt aa Internet Authentication Service Windows Catalog G Internet Information Services 115 Manager Y Windows Update 2 Licensing gt Manage Your Server gt Se Microsoft NET Framework 1 1 Configuration En Microsoft NET Framework 1 1 Wizards A Network Load Balancing Manager FE Performance gt a Remote Desktops gt a Routing and Remote Access gt By Services B Terminal Server Licensing Log Terminal Services Configuration start 3 8 O
415. state of the server This field takes one of the following values Disabled The server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to accept accounting attempts Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Buttons Auto refresh i Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page immediately 4 11 8 RADIUS Details This page provides detailed statistics for a particular RADIUS server The RADIUS Authentication Accounting for Server Overview screen in Figure 4 11 9 appears 236 User s Manual of MGSW 24160F RADIUS Authentication Statistics for Server 1 0 0 0 0 1812 Auto Refresh CI Server 1 Y Receive Packets Transmit Packets Access Accepts Access Requests Access Rejects Access Retransmissions Access Challenges Pending Requests Malformed Access Responses Timeouts Bad Authenticators Unknown Types Packets Dropped Other Info State Disable Round Trip Time 0 ms RADIUS Accounting Statisti
416. t An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group The IGMP Snooping Port Group Filtering Configuration screen in Figure 4 8 8 appears IGMP Snooping Port Group Filtering Configuration Figure 4 8 8 IGMP Snooping Port Group Filtering Configuration Page Screenshot The page includes the following fields Object Description e Delete Check to delete the entry It will be deleted during the next save 164 User s Manual of MGSW 24160F e Port The logical port for the settings e Filtering Group The IP Multicast Group that will be filtered Buttons Delete Check to delete the entry Add new Filtering Group Click to add a new entry to the Group Filtering table Save
417. t the switch is the authenticator and the RADIUS server is the authentication server The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server Frame sent between the supplicant and the switch is special 802 1X frame known as EAPOL EAP Over LANs frames EAPOL frames encapsulate EAP PDUs RFC3748 Frame sent between the switch and the RADIUS server is RADIUS packet RADIUS packets also encapsulate EAP PDUs together with other attributes like the switch s IP address name and the supplicant s port number on the switch EAP is very flexible in that it allows for different authentication methods like MD5 Challenge PEAP and TLS The important thing is that the authenticator the switch doesn t need to know which authentication method the supplicant and the authentication server are using or how many information exchange frames are needed for a particular method The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note Suppose two backend servers are enabled and that the server timeout is configured to X seconds using the AAA configuration page
418. t 2 default Set or show digital input output first 1 second 2 select lt port_list gt Port list or all default All ports Example Set digital output port alarm SWITCH gt dido do_port_alr first all SWITCH gt dido do_port_alr first 1 3 5 SWITCH gt dido do_port_alr first 1 10 Do_pwr_alr Description Set or show the system digital output1 2 power alarm Syntax dido do_pwr_alr first second dc1 dc2 ac enable disable Parameters 495 lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output first 1 second 2 select lt dc1 gt DC power 1 lt dc2 gt DC power 2 lt ac gt AC power default Set or show digital output fault alarm 1 2 power_fail lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable power alarm configuration SWITCH gt dido do_pwr_alr first dc1 enable SWITCH gt dido do_pwr_alr first dc2 enable SWITCH gt dido do_pwr_alr first ac enable User s Manual of MGSW 24160F fault_act Description Set or show the system fault alarm action Syntax dido fault_act port power enable disable Parameters lt port gt port fail lt power gt power fail default Set or show digital output fault alarm 1 2 action lt enable gt Enable digital input1 2 function l
419. t Configura ico 91 4 4 2 Port Statistics OvervieW sinia a e ea aei a ii 93 4 4 3 Port Statistics DE e Er EEEE AE TTT TA E A O T 94 4 4 4 SFP Module Informatica 96 4 4 5 Port Mirroring Gonfig rati N s serei iio 97 4 5 Link AENA betel cad sets ots Seen e ee a a aae tees ey e aeaee coneudbacees suedeenuetens 101 4 5 1 Static Aggregation Configuration ooooononcccnnociconococcnononnncnonnnnn nono cnn non rr narrar 104 User s Manual of MGSW 24160F 4 5 2 LACP Configuration iii ioe eiieeii iaia iaa e a idae d Vea adadda i iiaeaae 106 4 5 LACP System Status ni ais 107 4 5 4 ACP Porte Status tsn ee Na otis e e celo cl dde seed a de e eaea 109 ADO AO mi aola ES ie IEI Le EAE E EN TATE EAS TE E A TETT 110 AG VLAN ad dai 112 4 6 1 VLAN Overview aa 112 4 6 2 1EEE 802 10 VLAN co a aden so o o Se ee eae a o 112 4 6 3 VLAN Basic MfOrmatiOns acsee seieren nesae nenaad sure cvbectpeeesvecevens hcesucoes aeveateeceuietene 116 4 6 4 VLAN Port ConmQurraton siei ia a e a tdi tri 117 4 6 5 VLAN Membership Configuration ooononcccnnociconoccconanonnncnona nono nono ccoo nn r nan rr 121 4 6 6 VLAN Membership Status for User Static oooonoonnncccnnnociccnonacnnononcncnnnonnnn nono nn cnn rn nn nn nn nr rre 122 4 6 7 VLAN Port Status for User atico incas 123 4 6 8 Port Isolation Configuration oooononcccnononicononocnnononcncnanonnnonnno cnn rn n nn nn rre rre 125 4 6 9 Private VLAN Membership Configuration oooocnccccnnnocccnnononnno
420. t disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable power alarm configuration SWITCH gt dido fault_act port enable SWITCH gt dido fault_act power enable 496 User s Manual of MGSW 24160F fault_en Description Set or show the system fault alarm Syntax dido fault_en enable disable Parameters lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Enable power alarm configuration SWITCH gt dido fault_en enable fault_port_alr Description Set or show the system fault alarm of port alarm Syntax dido fault_port_alr lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Enable power alarm configuration SWITCH gt dido fault_port_alr all SWITCH gt dido fault_port_alr 1 3 5 SWITCH gt dido fault_port_alr 1 10 fault_pwr_alr Description Set or show the system fault alarm of power alarm Syntax dido fault_pwr_alr dc1 dc2 ac enable disable 497 User s Manual of MGSW 24160F Parameters lt dc1 gt DC power 1 lt dc2 gt DC power 2 lt ac gt AC power default Set or show digital output fault alarm 1 2 power_fail lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function
421. t the ingress port for which this ACE applies Any The ACE applies to any port Port n The ACE applies to this port number where n is the number of the switch port Policy n The ACE applies to this policy number where n can range from 1 through 8 e Frame Type Select the frame type for this ACE Any Any frame can match this ACE Ethernet Type Only Ethernet Type frames can match this ACE ARP Only ARP frames can match this ACE IPv4 Only IPv4 frames can match this ACE e Action Specify the action to take with a frame that hits this ACE Permit The frame that hits this ACE is granted permission for the ACE operation Deny The frame that hits this ACE is dropped e Rate Limiter Specify the rate limiter in number of base units The allowed range is 1 to 15 Disabled indicates that the rate limiter operation is disabled e Port Copy Frames that hit the ACE are copied to the port number specified here The allowed range is the same as the switch port number range Disabled indicates that the port copy operation is disabled e Logging Specify the logging operation of the ACE The allowed values are Enabled Frames matching the ACE are stored in the System Log 197 User s Manual of MGSW 24160F Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited e Shutdown Specify the port shut down operation of the ACE The allowed values
422. t this person The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 e System Name An administratively assigned name for this managed node By convention this is the node s fully qualified domain name A domain name is a text string drawn from the alphabet A Za z digits 0 9 minus sign No space characters are permitted as part of a name The first character must be an alpha character And the first or last character must not be a minus sign The allowed string length is 0 to 255 e System Location The physical location of this node e g telephone closet 3rd floor The allowed string length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 81 Buttons Save Click to save changes User s Manual of MGSW 24160F Reset Click to undo any changes made locally and revert to previously saved values 4 3 4 SNMP Trap Configuration Configure SNMP trap on this page The SNMP Trap Configuration screen in Figure 4 3 3 appears Trap Mode Trap Community Trap Destination Address Trap Destination IPv6 Address Trap Inform Retry Times The page includes the following fields Object SNMP Trap Configuration Figure 4 3 3 SNMP Trap Configuration Page Screenshot Description e Trap Mode Indicates the SNMP trap mode operation Possible modes are Enabled Enable SNMP trap mode operation Disabled Disable SNMP
423. t1 lt di_2 gt Digital Input2 lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status Example Set digital output action SWITCH gt dido do_act first port enable SWITCH gt dido do_act first power enable SWITCH gt dido do_act first di_1 enable SWITCH gt dido do_act first di_2 enable User s Manual of MGSW 24160F Do_en Description Set or show the system digital output1 2 Syntax do_en first second enable disable hightolow lowtohigh Parameters lt first gt Digital input output 1 lt second gt Digital input output 2 default Set or show digital input output first 1 second 2 select 494 User s Manual of MGSW 24160F lt enable gt Enable digital input1 2 function lt disable gt Disable digital input1 2 function default Set or show digital input output fault alarm 1 2 status lt hightolow gt Trigger gt high to low lt lowtohigh gt Trigger gt low to high default Set or show digital input output 1 2 trigger Example Enable digital output function and set trigger condition SWITCH gt dido do_en first enable hightolow Do_port_alr Description Set or show the system digital output1 2 port alarm Syntax dido do_port_alr first second lt port_list gt Parameters lt first gt Digital input output 1 lt second gt Digital input outpu
424. table disable Disable CDP awareness default Show CDP awareness configuration Default Setting disable Example Enable CDP aware finction for port1 4 SWITCH gt Ildp cdp_aware 1 4 enable 449 User s Manual of MGSW 24160F 6 13 LLDPMED Command LLDPMED Configuration Description Show LLDP MED configuration Syntax LLDPMED Configuration lt port_list gt Parameters lt port_list gt Port list or all default All ports Example Show LLDP MED configuration of port1 4 SWITCH gt Ildpmed configuration 1 4 LLDP MED Configuration Fast Start Repeast Count 4 Location Coordinates Latitude 0 0000 North Longitude 0 0000 East Altitude 0 0000 meter s Map datum WGS84 Civic Address Location Policies none none none none LLDPMED Civic Description Set or show LLDP MED Civic Address Location 450 Syntax LLDPMED Civic User s Manual of MGSW 24160F country state county city district block street leading_street_direction trailing_street_suffix str_suf house_no house_no_s uffix landmark additional_info name zip_code building apartment floor room_number place_type postal_com_name p_o box additional_code lt civic_value gt Parameters country state county city district block street Country National subdivisions state caton region province prefecture County parish gun JP district IN City townchip shi JP
425. tance m Buttons Refresh Display the supports distance of current SFP module the distance value is get from the SFP module Click to refresh the page immediately 4 4 5 Port Mirroring Configuration Configure port Mirroring on this page This function provide to monitoring network traffic that forwards a copy of each incoming or outgoing packet from one port of a network Switch to another port where the packet can be studied It enables the manager to keep close track of switch performance and alter it if necessary e To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow e The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity 97 User s Manual of MGSW 24160F Port Mirroring Uplink Port Monitor Client With Ethereal or Sniffer Pro Figure 4 4 5 Port Mirror application The traffic to be copied to the mirror port is selected as follows e All frames received on a given port also known as ingress or source mirroring e All frames transmitted on a given port also known as egress or destination mirroring Mirror Port Configuration The Port Mirror Configuration screen in Figure 4 4 6 appears 98 User s Manual of MGSW 24160F Mirror Config
426. te allowing all traffic for the client to flow normally If a client that does not support 802 1X is connected to an unauthorized 802 1X port the switch requests the client s identity In this situation the client does not respond to the request the port remains in the unauthorized state and the client is not granted access to the network In contrast when an 802 1X enabled client connects to a port that is not running the 802 1X protocol the client initiates the authentication process by sending the EAPOL start frame When no response is received the client sends the request for a fixed number of times Because no response is received the client begins sending frames as if the port is in the authorized state If the client is successfully authenticated receives an Accept frame from the authentication server the port state changes to authorized and all frames from the authenticated client are allowed through the port If the authentication fails the port remains in the unauthorized state but authentication can be retried If the authentication server cannot be reached the switch can retransmit the request If no response is received from the server after the specified number of attempts authentication fails and network access is not granted When a client logs off it sends an EAPOL logoff message causing the switch port to transition to the unauthorized state If the link state of a port transitions from up to down or if an EAPOL
427. this box to enable an automatic refresh of the page at regular intervals 4 14 6 Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown The LLDP Statistics screen in Figure 4 14 5 appears 291 User s Manual of MGSW 24160F Global Counters Neighbor entries were last changed at 16888 sec ago Total Neighbors Entries Added 0 Total Neighbors Entries Deleted D Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out D Auto Refresh O LLDP Statistics Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TLYs Discarded TLYs Unrecognized Org Discarded Age Outs E O 1 O 1 O M5 O EN O MN O MEN O 2 O MA O fo amp o N N O a D 0 0 0 D 0 0 0 D 0 0 0 D 0 D 0 D 0 D 0 0 0 D e o o 1 O PB O MM O 12 O 2 O 2 O 8 O 2 O 2 O M2 O MB O a o O MS O Ee O MM O MN O MS O MA O MN O MA O MA O MA O MA O O 2 O M2 O 2 O M2 O 2 O 2 O 2 O A O M2 O A O ka SO Baa O MN O MN O MA O MA O MA O ME O MA O MA O MA O MA O O A O E O 3 O 1 O E O 3 O 3 O A O A O A O O E O El O Sl O E O E Om Om O E O E O A O Figure 4 14 5 LLDP Statistics Page Screenshot The page includes the following fields Global Counters Object Description Neighbor entries were last changed at Shows the time for when the last entry was last deleted or added It is also shows
428. thorized Globally Disabled Security Network NAS Mode Description Set or show the global NAS enabledness Last Source Last ID 382 User s Manual of MGSW 24160F Syntax Security Network NAS Mode enable disable Parameters enable Globally enable 802 1X disable Globally disable 802 1X default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function SWITCH gt security network nas mode enable Security Network NAS State Description Set or show the port security state Syntax Security Network NAS State lt port_list gt autojauthorized unauthorized single multi macbased Parameters lt port_list gt Port list or all default All ports auto Port based 802 1X Authentication authorized Port access is allowed unauthorized Port access is not allowed single Single Host 802 1X Authentication multi Multiple Host 802 1X Authentication macbased Switch authenticates on behalf of the client default Show 802 1X state Default Setting none Example Show the port 1 security state 383 User s Manual of MGSW 24160F SWITCH gt security network nas state 1 Port Admin State Port State Force Authorized Link Down Security Network NAS Reauthentication Description Set or show Reauthentication enabledness Syntax Security Network NAS Reauthentication enable disable Parameters enable Enable reauthen
429. tication disable Disable reauthentication default Show current reauthentication mode Default Setting disable Example Enable reauthentication function SWITCH gt security network nas reauthentication enable Security Network NAS ReauthPeriod Description Set or show the period between reauthentications Syntax Security Network NAS ReauthPeriod lt reauth_period gt Parameters lt reauth_period gt Period between reauthentications 1 3600 seconds default Show current reauthentication period 384 User s Manual of MGSW 24160F Default Setting 3600 Example Set reauthentication period in 3000sec SWITCH gt security network nas reauthperiod 3000 Security Network NAS EapolTimeout Description Set or show the time between EAPOL retransmissions Syntax Security Network NAS EapolTimeout lt eapol_timeout gt Parameters lt eapol_timeout gt Time between EAPOL retransmissions 1 65535 seconds default Show current EAPOL retransmission timeout Default Setting 30 Example Set the time between EAPOL retransmissions for 100sec SWITCH gt security network nas eapoltimeout 100 Security Network NAS Agetime Description Time in seconds between check for activity on successfully authenticated MAC addresses Syntax Security Network NAS Agetime lt age_time gt Parameters lt age_time gt Time between checks for activitiy on a MAC address that succeeded autent
430. tion Authentication server performs the actual authentication of the client The authentication server validates the identity of the client and notifies the switch whether or not the client is authorized to access the LAN and switch services Because the switch acts as the proxy the authentication service is transparent to the client In this release the Remote Authentication Dial ln User Service RADIUS security system with Extensible Authentication Protocol EAP extensions is the only supported authentication server it is available in Cisco Secure Access Control Server version 3 0 RADIUS operates in a client server model in which secure authentication information is exchanged between the RADIUS server and one or more RADIUS clients Switch 802 1X device controls the physical access to the network based on the authentication status of the client The switch acts as an intermediary proxy between the client and the authentication server requesting identity information from the client verifying that information with the authentication server and relaying a response to the client The switch includes the RADIUS client which is responsible for encapsulating and decapsulating the Extensible Authentication Protocol EAP frames and interacting with the authentication server When the switch receives EAPOL frames and relays them to the authentication server the Ethernet header is stripped and the remaining EAP frame is re encapsulated in th
431. tion Add access management entry Syntax Security Switch Access Add lt access_id gt lt start_ip_addr gt lt end_ip_addr gt web snmpltelnet Parameters lt access_id gt entry index 1 16 lt start_ip_addr gt Start IP address a b c d lt end_ip_addr gt End IP address a b c d web WEB HTTPS interface 352 User s Manual of MGSW 24160F snmp SNMP interface telnet TELNET SSH interface default Show configured and current mode Example Add access management list from 192 168 0 1 to 192 168 0 200 via web interface SWITCH gt security switch access add 1 192 168 0 1 192 168 0 200 web Security Switch Access IPv6 Add Description Add access management IPv6 entry Syntax Security Switch Access lpv6 Add lt access_id gt lt start_ipv6_addr gt lt end_ipv6_addr gt web snmp telnet Parameters access_id gt entry index 1 16 lt start_ipv6_addr gt Start IPv6 address IPv6 address is in 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separate each field For example fe80 215 c5ff fe03 4dc7 The symbol is a special syntax that can be used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It also used a following legally IPv4 address For example 192 1 2 34 lt end_ipv6_addr gt End IPv6 address IPv6 address is in 128 bit records represented as eight fields of u
432. tion Set or show edge port BPDU Filtering Syntax STP bpduFilter enable disable Parameters enable disable enable or disable BPDU Filtering for Edge ports Default Setting Disable 418 User s Manual of MGSW 24160F Example Set edge port BPDU filtering SWITCH gt stp bpdufilter enable STP BPDU Guard Description Set or show edge port BPDU Guard Syntax STP bpduGuard enable disable Parameters enable disable enable or disable BPDU Guard for Edge ports Default Setting Disable Example Set edge port BPDU guard SWITCH gt stp bpduguard enable STP Recovery Description Set or show edge port error recovery timeout Syntax STP recovery lt timeout gt Parameters lt timeout gt Time before error disabled ports are reenabled 30 86400 seconas O disables default Show recovery timeout Default Setting Disable 419 User s Manual of MGSW 24160F Example Set STP recovery value in 30 sec SWITCH gt stp recovery 30 STP Status Description Show STP Bridge status Syntax STP Status lt msti gt lt port_list gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports Default Setting Disable Example Show up STP Bridge status SWITCH gt stp status CIST Bridge STP Status 80 00 00 30 4F 24 04 D1 80 00 00 30 4F 24 04 D1 Root PathCost 0 Regional Root
433. tion configuration Syntax Aggr Configuration Example SWITCH gt aggr configuration Aggregation Mode Enabled Disabled Enabled Enabled Aggregation Add Description Add or modify link aggregation Syntax Aggr Add lt port_list gt lt aggr_id gt Parameters lt port_list gt Port list lt aggr_id gt Aggregation ID global 1 2 local 3 14 Default Setting disable Example Add port 1 4 in Group1 SWITCH gt aggr add 1 4 1 437 User s Manual of MGSW 24160F Aggregation Delete Description Delete link aggregation Syntax Aggr Delete lt aggr_id gt Parameters lt aggr_id gt Aggregation ID global 1 2 local 3 14 Example Delete Group2 SWITCH gt aggr delete 2 Aggregation Look up Description Look up link aggregation Syntax Aggr Look up lt aggr_id gt Parameters lt aggr_id gt Aggregation ID global 1 2 local 3 14 Example Show aggregation status SWITCH gt aggr lookup 1 Aggr ID Name Type 1 GLAG1 Static 438 User s Manual of MGSW 24160F Aggregation Mode Description Set or show the link aggregation traffic distribution mode Syntax Aggr Mode smac dmac lip port enable disable Parameters smac Source MAC address dmac _ Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable f
434. tion transmitted Sys Name Optional TLV When checked the system name is included in LLDP information transmitted Sys Descr Optional TLV When checked the system description is included in LLDP information transmitted Sys Capa Optional TLV When checked the system capability is included in LLDP information transmitted The system capabilities identifies the primary function s of the system and whether or not these primary functions are enabled The information advertised by this TLV is described in IEEE 802 1AB Mgmt Addr Optional TLV When checked the management address is included in LLDP information transmitted The management address protocol packet includes the IPv4 address of the switch If no management address is available the address should be the MAC address for the CPU or for the port sending this advertisement The management address TLV may also include information about the specific interface associated with this address and an object identifier indicating the type of hardware component or protocol entity associated with this address 280 User s Manual of MGSW 24160F Buttons Save Click to save changes Reset J Click to undo any changes made locally and revert to previously saved values 4 14 3 LLDPMED Configuration This page allows you to configure the LLDP MED The LLDPMED Configuration screen in Figure 4 14 2 appears LLDPMED Configuration Fast Start Repeat Count Fast start repeat count
435. tion type L2 Priority may specify one of eight priority levels 0 through 7 as defined by IEEE 802 1D 2004 A value of 0 represents use of the default priority as defined in IEEE 802 1D 2004 e DSCP Port Policies Configuration DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474 DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value as defined in RFC 2475 Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration Object Description 286 User s Manual of MGSW 24160F e Port The port number for which the configuration applies e Policy ID The set of policies that shall apply for a given port The set of policies is selected by checkmarking the checkboxes that corresponds to the policies Buttons _ Add new policy click to add new policy Save Click to save changes Rese J Click to undo any changes made locally and revert to previously saved values 4 14 4 LLDP MED Neighbor This page provides a status overview for all LLDP MED neighbors The displayed table contains a row for each port on which an LLDP neighbor is detected The LLDP MED Neighbor Information screen in Figure 4 14 3 appears The columns hold the following information LLDP MED Neighbor Inf
436. tiple pieces of information known as TLVs TLV is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Buttons Refresh Age Outs Each LLDP frame contains information about how long time the LLDP information is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Click to refresh the page immediately Cta Clears the local counters All counters including global counters are cleared upon reboot 293 User s Manual of MGSW 24160F 4 15 Network Diagnostics This section provide the Physical layer and IP layer network diagnostics tools for troubleshoot The diagnostic tools are designed for network manager to help them quickly diagnose problems between point to point and better service customers Use the Diagnastics menu items to display and configure basic administrative details of the Managed Switch Under System the following topics are provided to configure and view the system information This section has the following items m Ping m IPv6 Ping m Cable Diagnostic PING The ping and IPv6 ping allow you to issue ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmit ICMP packets and the
437. tistics counters f 1 Auto refresh Check this box to enable an automatic refresh of the page at regular intervals 4 8 7 MVR Configuration In multicast VLAN networks subscribers to a multicast group can exist in more than one VLAN If the VLAN boundary restrictions in a network consist of Layer 2 switches Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANs The alternative would be to use PIM or a similar protocol to route the traffic through a Layer 3 network it might be necessary to replicate the multicast stream to the same group in different subnets even if they are on the same physical network Multicast VLAN Registration MVR routes packets received in a multicast source VLAN to one or more receive VLANs Clients are in the receive VLANs and the multicast server is in the source VLAN Multicast routing has to be disabled when MVR is enabled Refer to the configuration guide at Understanding Multicast VLAN Registration for more information on MVR MVR is typically used for IPTV like services and is therefore usually only available on enterprise level switches Many manufacturers provide support for MVR on their high end switches The main reason for using MVR is to save bandwidth by preventing duplicate multicast streams being sent in the core network instead the stream s are received on the MVR VLAN and forwarded to the V
438. tocol UDP and provides file writing and reading but it does not provides directory service and security features ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the 6 bit ToS field in the IP header The most significant 6 bits of the ToS field are fully decoded into 64 possibilities and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 TLV is an acronym for Type Length Value ALLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV TKIP is an acronym for Temporal Key Integrity Protocol lt used in WPA to replace WEP with a new encryption algorithm TKIP comprises the same encryption engine and RC4 algorithm defined for WEP The key used for encryption in TKIP is 128 bits and changes the key used for each packet 519 User s Manual of MGSW 24160F UDP is an acronym for User Datagram Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers UDP is an alternative to the Transmission Control Protocol TCP that uses the Internet Protocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must
439. trol Entry ACE If the ACE ID parameter lt ace_id gt is specified and an entry with this ACE ID already exists the ACE will be modified Otherwise a new ACE will be added If the ACE ID is not specified the next available ACE ID will be used If the next ACE ID parameter lt ace_id_next gt is specified the ACE will be placed before this ACE in the list If the next ACE ID is not specified the ACE will be placed last in the list If the Switch keyword is used the rule applies to all ports If the Port keyword is used the rule applies to the specified port only If the Policy keyword is used the rule applies to all ports configured with the specified policy The default is that the rule applies to all ports Syntax Security Network ACL Add lt ace_id gt lt ace_id_next gt switch port lt port gt policy lt policy gt lt vid gt lt tag_prio gt lt dmac_type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp_flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp_type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip_flags gt lt tcp_flags gt 393 User s Manual of MGSW 24160F permit deny
440. ts path Default Spanning Tree Configuration Feature Enable state Port priority Port cost Bridge Priority 0 Auto Default Value STP disabled for all ports 128 0 32 768 140 User s Manual of MGSW 24160F User Changeable STA Parameters The Switch s factory default setting should cover the majority of installations However it is advisable to keep the default settings as set at the factory unless it is absolutely necessary The user changeable parameters in the Switch are as follows Priority A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority Hello Time The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Switches that it is indeed the Root Bridge If you set a Hello Time for your Switch and it is not the Root Bridge the set Hello Time will be used if and when your Switch becomes the Root Bridge The Hello Time cannot be longer than the Max Age Otherwise a configuration error will occur Note Max Age The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the Root Bridge your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Forward Delay Timer
441. ts of a port and to increase the redundancy for higher availability Also Port Aggregation Link Aggregation ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known Before using IP the host sends a broadcast ARP request containing the Internet address of the desired destination system ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device Auto negotiation is the process where two different devices establish the mode of operation and the speed settings that can be shared by those devices for a link CC is an acronym for Continuity Check It is a MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP 506 User s Manual of MGSW 24160F CCM is an acronym for Continuity Check Message It is a OAM frame transmitted from a MEP to it s peer MEP and used to implement CC functionality CDP is an acronym for Cisco Discovery Protocol DEI is an acronym for Drop Eligible Indicator It is a 1 bit field in the VLAN tag DES is an acronym
442. ttons Add new user _ Click to add a new user entry Save Click to save changes Rese J Click to undo any changes made locally and revert to previously saved values 86 User s Manual of MGSW 24160F 4 3 5 3 SNMPv3 Groups Configuration Configure SNMPv3 groups table on this page The entry index keys are Security Model and Security Name The SNMPv3 Groups Configuration screen in Figure 4 3 6 appears The page includes the following fields SNMPv3 Groups Configuration Object public default_ro_group private default_rw_group public default_ro_group private default_rw_group default_user default rw_group e Figure 4 3 6 SNMPv3 Groups Configuration Page Screenshot Description e Delete Check to delete the entry It will be deleted during the next save e Security Model Indicates the security model that this entry should belong to Possible security models are v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM e Security Name A string identifying the security name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add new group Save e Group Name Click to save changes A string identifying the group name that this entry should belong to The allowed string length is 1 to 32 and the allowed content is the ASCII characters from
443. ty Network ARP Inspection Port Mode Description Set or show the ARP Inspection port mode Syntax 407 User s Manual of MGSW 24160F Security Network ARP Inspection Port Mode lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable ARP Inspection port disable Disable ARP Inspection port default Show ARP Inspection port mode Default Setting Disable Example Enable the ARP inspection mode of port 1 SWITCH gt security network arp inspection port mode 1 Security Network ARP Inspection Entry Description Add or delete ARP inspection static entry Syntax Security Network ARP Inspection Entry lt port_list gt add delete lt vid gt lt allowed_mac gt lt allowed_ip gt Parameters lt port_list gt Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing port ARP inspection static entry lt vid gt VLAN ID 1 4095 lt allowed_mac gt MAC address xx xx xx xx xx xx MAC address allowed for doing ARP request lt allowed_ip gt IP address a b c d IP address allowed for doing ARP request Default Setting 300 Example Add ARP inspection static entry SWITCH gt security network arp inspection entry 1 add 1 00 30 4f 00 00 11 192 168 0 11 408 Security Network ARP Inspection Status Description Show ARP inspection static and dynamic entries Syntax Secur
444. ty switch users add test test 10 Security Switch User Delete Description Delete users entry Syntax Security Switch Users Delete lt user_name gt Parameters lt user_name gt A string identifying the user name that this entry should belong to Example Delete test account SWITCH gt security switch users delete user Security Switch Privilege Level Configuration Description Show privilege configuration Syntax Security Switch Privilege Level Configuration Example Show privilege level SWITCH gt security switch privilege level configuration Privilege Level Configuration Privilege Current Level 15 Group Name Privilege Level 345 User s Manual of MGSW 24160F CRO CRW SRO SRW 5 10 5 10 15 15 15 15 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 15 15 15 15 5 10 5 10 5 10 5 10 5 10 1 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 5 10 1 10 5 10 5 10 5 10 5 10 5 10 5 10 Security Switch Privilege Level Group Description Configure a privilege level group Syntax Security Switch Privilege Level Group lt group_name gt lt cro gt lt crw gt lt sro gt lt srw gt Parameters lt group_name gt Privilege group name default Show all group privilege level lt cro gt Configuration read only privilege level 1 15 lt crw gt Configuration Execute read write privilege level 1 15 lt sro gt
445. up address a b c d Default Setting No filtering Example Set the IGMP port group filtering list for port 1 SWITCH gt igmp filtering 1 add 239 0 0 1 IGMP Router Description Set or show the IGMP snooping router port mode Syntax IGMP Router lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IGMP router port disable Disable IGMP router port default Show IGMP router port mode Default Setting disable Example Enable IGMP snooping function for port1 4 SWITCH gt igmp router 1 4 enable 434 User s Manual of MGSW 24160F IGMP Flooding Description Set or show the IGMP snooping unregistered flood operation Syntax IGMP Flooding enable disable Parameters enable Enable IGMP flooding disable Disable IGMP flooding default Show IGMP flood mode Default Setting disable Example Enable IGMP flooding function SWITCH gt igmp flooding enable IGMP Groups Description Show IGMP groups Syntax IGMP Groups lt vid gt Parameters lt vid gt VLAN ID 1 4095 IGMP Status Description Show IGMP status Syntax IGMP Status lt vid gt 435 User s Manual of MGSW 24160F Parameters lt vid gt VLAN ID 1 4095 Default Setting disable 436 User s Manual of MGSW 24160F 6 10 Link Aggregation Command Aggregation Configuration Description Show link aggrega
446. uration Figure 4 4 6 Port Mirror Configuration Page Screenshot 99 User s Manual of MGSW 24160F The page includes the following fields Object Description e Port to mirror to Frames from ports that have either source or destination mirroring enabled are mirrored to this port Disabled disables mirroring Switch to mirror to Frames from ports that have either source rx or destination tx mirroring enabled are mirrored to this switch Port The logical port for the settings contained in the same row e Mode Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted nor received are mirrored Enabled Frames received and frames transmitted are mirrored to the mirror port Buttons Save Click to save changes Reset Click to undo any changes made locally and revert to previously saved values 100 User s Manual of MGSW 24160F 4 5 Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups LAGs Port Aggregation multiplies the bandwidth between the devices increases port flexibility and provides link redundancy Each LAG is composed of ports of the same speed set to full
447. ure 4 9 1 appears Welcome to the QCL Configuration Wizard Please select an action O Set up Port Policies Group ports into several types according to different QCL policies Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control O Setup ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the user priority value 3 bits when receiving VLAN tagged packets To continue click Next Next Figure 4 9 1 Welcome to the QCL Configuration Wizard Page Screenshot The page includes the following fields Object Description e Set up Port Policies Group ports into several types according to different QCL policies e Set up Typical Network Setup the specific QCL for different typical network application quality control Application Rules e Setup ToS Precedence Set up the traffic class mapping to the precedence part of ToS 3 bits when Mapping receiving IPv4 IPv6 packets e Set up VLAN Tag Set up the traffic class mapping to the User Priority value 3 bits when receiving Priority Mapping VLAN tagged packets Buttons Next Click to continue the wizard 171 User s Manual of MGSW 24160F 4 9 2 1 Set up Policy Rules Group ports into several types which according to different QCL pol
448. us and system setting Users can use the attached RS 232 cable in the package and connect to the console port on the device After the connection users an run any terminal emulation program Hyper Terminal ProComm Plus Telix Winterm and so on to enter the startup screen of the device E Reset button At the left of front panel the reset button is designed for reboot the Managed Switch without turn off and on the power The following is the summary table of Reset button functions 27 User s Manual of MGSW 24160F Reset Button Pressed and Released Function lt 5 sec System reboot Reboot the Managed Switch Reset the Managed Switch to Factory Default configuration The Managed Switch will then reboot and load the default settings as below Default Username admin Default Password admin Default IP address 192 168 0 100 Subnet mask 255 255 255 0 Default Gateway 192 168 0 254 gt 5 sec Factory Default 2 1 2 LED Indications The front panel LEDs indicates instant status of port links data activity and system power helps monitor and troubleshoot when needed Figure 2 2 shows the LED indications of these Managed Switch MGSW 24160F LED indication Function Lights to indicate that the Switch is powered on by DC1 input Lights to indicate that the Switch is powered on by DC2 input Lights to indicate that Switch AC DC or port has failed Lights to indicate that the Switch is powered on Blink to indicate
449. use A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation Receive and Transmit Size Counters The number of received and transmitted good and bad packets split into categories based on their respective frame sizes Receive and Transmit Queue Counters The number of received and transmitted packet is per input and output queue Receive Error Counters Object Description e Rx Drops The number of frames dropped due to lack of receives buffers or egress congestion e Rx CRC Alignment The number of frames received with CRC or alignment errors e Rx Undersize The number of short frames received with valid CRC e Rx Oversize The number of long frames received with valid CRC e Rx Fragments The number of short frames received with invalid CRC e Rx Jabber The number of long frames received with invalid CRC e Rx Filtered The number of received frames filtered by the forwarding process Short frames are frames that are smaller than 64 bytes Long frames are frames that are longer than the configured maximum frame length for this port 95 User s Manual of MGSW 24160F Transmit Error Counters Object Description e Tx Drops The number of frames dropped due to output buffer congestion e Tx Late Exc Coll The number of frames dropped due to excessive or late collisions Buttons Refresh
450. use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment Video applications relying on TCP with buffering would not be an intended use of this application type Video Signaling conditional for use in network topologies that require a separate policy for the video signaling than for the video media This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy e Tag Tag indicating whether the specified application type is using a tagged or an untagged VLAN Untagged indicates that the device is using an untagged frame format and as such does not include a tag header as defined by IEEE 802 1Q 2003 In this case both the VLAN ID and the Layer 2 priority fields are ignored and only the DSCP value has relevance Tagged indicates that the device is using the IEEE 802 1Q tagged frame format and that both the VLAN ID and the Layer 2 priority values are being used as well as the DSCP value The tagged format includes an additional field known as the tag header The tagged frame format also includes priority tagged frames as defined by IEEE 802 1Q 2003 e VLAN ID VLAN identifier VID for the port as defined in IEEE 802 1Q 2003 e L2 Priority L2 Priority is the Layer 2 priority to be used for the specified applica
451. uthenticatiON ooooocccnnnnnccnnocccnnoccccnnnonncc nono cnn n non cnn nn nrrrnnnrna rn 209 4 11 2 Authentication Configuration momia 212 4 11 3 Network Access Server ConfiguratiON oooonnconnncccnnnoccccnononnnononnncnnnn cnn nono rca rn n rn 213 4 11 4 Network ACCESS OVeIVIBW ici iia 224 4 11 5 Network Access Statistics crie eene pa aoaaa eaa a eda nro rr rn rn 225 4 11 6 Authentication Server ConfiguratiON oooocononnnnnnncccnnnoccncnonannnononnncnnno ro rn nn nn rra r nn rre 231 4 17 7 RADIUS Over EW iii ica 235 4118 RADIUS Detalles sx ccec rece cise atados 236 4 11 9 Windows Platform RADIUS Server Configurati0N oooococonccnnoccccnnnocnnonononnno nono ncnnn nn nc nnnn nr corn n rn nnnn rra 242 4 11 10 802 1X Client Configuration ie 247 A A O advetamenene 250 4 1241 Port Limit Control ion di rs 250 42 2 Access Managements cnt aii iaa 254 4 12 3 Access Management Statistics cic cenceeceeeeeeeeeneeeeeeeaeeeseneeeeeeaeeeeeeaaeeeseeeaeeesaeeeeeeaaeeeseeeeeseeeeeeenaeeseeeaaeees 255 42 4 AS d eiii 256 A ei Nae ach ee tai ee er ane don tolon EE e tetas View roe eee 256 412 6 Port Security Status initial air 257 User s Manual of MGSW 24160F 4 12 7 Port Security Detail ooo ia aia 260 4 12 83 DEIGP SNOOPING cta aaa 261 4 12 9 DHCP Snooping Statistics siii ica 262 4 12 10 IP Source Guard Configuration 0 cccccccececsecceceeeeeeeceaeeeeeeeeeceeaeaeeeeeeseeaaeaeceeeeeseccaeaeceeeeseaaeeeeeeeseeeecaeeeeeeeees
452. uto refresh C Admin State Port State Last ID QoS Class Port VLAN ID 1 a 3 4 5 6 Zz 8 3 0 11 13 13 14 16 16 17 18 9 10 1 1 1 1 1 1 1 1 19 20 21 22 23 ho The page includes the following fields Object Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Force Authorized Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Globally Disabled Figure 4 11 5 Network Access Overview Page Screenshot Description e Port The switch port number Click to navigate to detailed NAS statistics for this port e Admin State The port s current administrative state Refer to NAS Admin State for a description of possible values e Port State The current state of the port
453. v1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string will associated with SNMPv3 communities table e Write Community Indicates the community writes access string to permit access to SNMP agent The allowed string length is O to 255 and the allowed content is the ASCII characters from 33 to 126 The field only suits to SNMPv1 and SNMPv2c SNMPv3 is using USM for authentication and privacy and the community string 80 User s Manual of MGSW 24160F will be associated with SNMPv3 community s table e Engine ID Buttons Save Indicates the SNMPv3 engine ID The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users Click to save changes Rese J Click to undo any changes made locally and revert to previously saved values 4 3 3 SNMP System Information Configuration The switch system information is provided here The System Information Configuration screen in Figure 4 3 2 appears System Contact System Information Configuration System Name MGSW 24160F System Location Figure 4 3 2 System Information Configuration Page Screenshot The page includes the following fields Object Description e System Contact The textual identification of the contact person for this managed node together with information on how to contac
454. wed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source value TCP UDP Destination Filter Specify the TCP UDP destination filter for this ACE Any No TCP UDP destination filter is specified TCP UDP destination filter status is don t care Specific If you want to filter a specific TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination value A field for entering a TCP UDP destination value appears Range If you want to filter a specific range TCP UDP destination filter with this ACE you can enter a specific TCP UDP destination range value A field for entering a TCP UDP destination value appears TCP UDP Destination Number When Specific is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP UDP Destination Range When Range is selected for the TCP UDP destination filter you can enter a specific TCP UDP destination range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP destination value TCP FIN Specify the TCP No more data from sender FIN value for this ACE 0 TCP frames where the FIN field is set must not be able to match this entry 1 TCP frames where the FIN field is set must be able to match this entry Any Any value is allowed don t care T
455. witch doesn t transmit CDP frames CDP frames are only decoded if LLDP for the port 279 User s Manual of MGSW 24160F is enabled Only CDP TLVs that can be mapped into a corresponding field in the LLDP neighbors table are decoded All other TLVs are discarded Unrecognized CDP TLVs and discarded CDP frame are not shown in the LLDP statistic Only CDP TLVs are mapped into LLDP neighbors table as shown below CDP TLV Device ID is mapped into the LLDP Chassis ID field CDP TLV Address is mapped into the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbors table CDP TLV Port ID is mapped into the LLDP Port ID field CDP TLV Version and Platform is mapped into the LLDP System Description field Both the CDP and LLDP supports system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbors table If all ports have CDP awareness disabled the switch forwards CDP frames received from neighbor devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch Note When CDP awareness for a port is disabled the CDP information isn t removed immediately but will be removed when the hold time is exceeded Port Descr Optional TLV When checked the port description is included in LLDP informa
456. work is selected for the source IP filter you can enter a specific SIP mask in dotted decimal notation e DIP Filter Specify the destination IP filter for this ACE Any No destination IP filter is specified Destination IP filter is don t care Host Destination IP filter is set to Host Specify the destination IP address in the 201 User s Manual of MGSW 24160F DIP Address field that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear e DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation e DIP Mask ICMP Parameters Object When Network is selected for the destination IP filter you can enter a specific DIP mask in dotted decimal notation Description e ICMP Type Filter Specify the ICMP filter for this ACE Any No ICMP filter is specified ICMP filter status is don t care Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears e ICMP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The allowed range is O to 255 A frame that hits this ACE matches this ICMP value e ICMP Code Filter Specify the ICMP code filter for this A
457. y Y Strict Priority Y Strict Priority Strict Priority Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Y Strict Priority Y Ge A lt 2 lt lt o e a E KIE o AE o 2 o Es 3 lt a e Es 2 lt lt o 1 2 3 4 5 Low i jl 6 ss 7 8 9 2 lt lt o lis EIEI ji a o i o lt lt a ie 2 Es ES o lt aj o E ap ENE ala A i lt o i k ls Es r Jg i o E ell eT ele mi A lt o o ojele aaa fa Gaal aaa pm o E Figure 4 9 9 Port QoS Configuration Page Screenshot The page includes the following fields Object Description e Number of Classes Configure the number of traffic classes as 1 2 or 4 The default value is 4 e Port The logical port for the settings contained in the same row 182 User s Manual of MGSW 24160F e Default Class Configure the default QoS class for the port that is the QoS class for frames not matching any of the QCEs in the QCL e QCL Select which QCL to use for t
458. y model v1 v2c usm v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM lt security_level gt noAuthNoPriv None authentication and none privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy lt read_view_name gt The name of the MIB view defining the MIB objects for which this request may request the current values lt write_view_name gt The name of the MIB view defining the MIB objects for which this request may potentially SET new 373 User s Manual of MGSW 24160F values Example Add SNMPy3 access entry SWITCH gt security switch snmp access add group_snmpv3 usm authpriv snmpv3_view snmpv3_view Security Switch SNMP Access Delete Description Delete SNMPv3 access entry Syntax Security Switch SNMP Access Delete lt index gt Parameters lt index gt entry index 1 64 Example Delete SNMPv3 access entry SWITCH gt security switch snmp access delete 3 Security Switch SNMP Access Look up Description Look up SNMPv3 access entry Syntax Security Switch SNMP Access Look up lt index gt Parameters lt index gt entry index 1 64 Example Look up SNMPv3 access entry SWITCH gt security switch snmp access lookup Idx Group Name Model Level 374 default_ro_group NoAuth NoPriv 2 default_rw_group NoAuth NoPriv Number of entries 2 Security Network Psec Switch Descriptio
459. y the RADIUS server when a supplicant is successfully authenticated If present and valid the port s Port VLAN ID will be changed to this VLAN ID the port will be set to be a member of that VLAN ID and the port will be forced into VLAN unaware mode Once assigned all traffic arriving on the port will be classified and switched on the RADIUS assigned VLAN ID If re authentication fails or the RADIUS Access Accept packet no longer carries a VLAN ID or it s invalid or the supplicant is otherwise no longer present on the port the port s VLAN ID is immediately reverted to the original VLAN ID which may be changed by the administrator in the meanwhile without affecting the RADIUS assigned This option is only available for single client modes i e e Port based 802 1X Single 802 1X For trouble shooting VLAN assignments use the Monitor gt VLANs gt VLAN Membership and VLAN Port pages These pages show which modules have temporarily overridden the current Port VLAN configuration RADIUS attributes used in identifying a VLAN ID RFC2868 and RFC3580 form the basis for the attributes used in identifying a 221 User s Manual of MGSW 24160F VLAN ID in an Access Accept packet The following criteria are used The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet The switch looks for the first set of these attributes that have the same Tag v
460. you want a port on this switch to participate in one or more VLANs but none of the intermediate network devices or the host at the other end of the connection supports VLANs then you should add this port to the VLAN as an untagged port VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not support VLAN tagging Hi VLAN Classification When the switch receives a frame it classifies the frame in one of two ways If the frame is untagged the switch assigns the frame to an associated VLAN based on the default VLAN ID of the receiving port But if the frame is tagged the switch uses the tagged VLAN ID to identify the port broadcast domain of the frame M Port Overlapping Port overlapping can be used to allow access to commonly shared network resources among different VLAN groups such as file servers or printers Note that if you implement VLANs which do not overlap but still need to communicate you can connect them by enabled routing on this switch HM Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users 115 User s Manual of MGSW 24160F assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designat
461. ype EType The ACE will match Ethernet Type frames ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP e Action Indicates the forwarding action of the ACE Permit Frames matching the ACE may be forwarded and learned Deny Frames matching the ACE are dropped e Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 1 to 15 When Disabled is displayed the rate limiter operation is disabled e Port Copy Indicates the port copy operation of the ACE Frames matching the ACE are copied to the port number The allowed values are Disabled or a specific port number When the Disabled is displayed the port copy operation is disabled e Logging Indicates the logging operation of the ACE Possible values are Enabled Frames matching the ACE are stored in the System Log Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited e Shutdown Indicates the port shut down operation of the ACE Possible values are Enabled If a frame matches the ACE the ingress port will be disabled Disabled Port shut down is disabled for the ACE 195 User s
462. ype Value Traffic Class la Tag Priority 4 9 3 QoS Control List Configuration This page lists the QCEs for a given QCL a 4 different QoS classes classified Frameswhich are Low Normal Medium and High a The classification is controlled by QoS assigned to each port a AQCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class a This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port The QoS Control List Configuration screen in Figure 4 9 7 appears QoS Control List Configuration QCL 1 v QCE Type Type Value Traffic Class Figure 4 9 7 QoS Control List Configuration Page Screenshot The page includes the following fields Object Description e QCL Select a QCL to display a table that lists all the QCEs for that particular QCL e QCE Type Specifies which frame field the QCE processes to determine the QoS class of the frame 178 User s Manual of MGSW 24160F The following QCE types are supported Ethernet Type The Ethernet Type field If frame is tagged this is the Ethernet Type that follows the tag header VLAN ID VLAN ID Only applicable if the frame is VLAN tagged TCP UDP Port IPv4 TCP UDP source destination port DSCP IPv4 and IPv6 DSCP ToS The 3 precedence bit in the ToS b
463. yte of the IPv4 IPv6 header also known as DS field Tag Priority User Priority Only applicable ifthe frame is VLAN tagged or priority tagged e Type Value Indicates the value according to its QCE type Ethernet Type The field shows the Ethernet Type value VLAN ID The field shows the VLAN ID TCP UDP Port The field shows the TCP UDP port range DSCP The field shows the IPv4 IPv6 DSCP value e Traffic Class The QoS class associated with the QCE e Modification Buttons You can modify each QCE in the table using the following buttons Inserts a new QCE before the current row Edits the QCE Moves the QCE up the list Moves the QCE down the list Deletes the QCE The lowest plus sign adds a new entry at the bottom of the list of QCL 4 9 3 1 QoS Control Entry Configuration Configure a new QoS Control Entry on this page Frames can be classified by up to 4 different QoS classes are Low Normal Medium and High The classification is controlled by a QCL assigned to each port AQCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS Class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port The QCE Configuration screen in Figure 4 9 8 appears 179 User s Manual
Download Pdf Manuals
Related Search