SW-24400 User Manual
Contents
1. Set SNMP read community private SWITGH Security switch snips read community Private Console Security Switch SNMP Write Community Description Set or show the community string for SNMP write access Syntax security switch snmp write community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP write community Default Setting Example Set public value in SNMP write community SWITCH gt security switch snmp write community public Console Security Switch SNMP Trap Probe Security Engine ID Description Show SNMP trap security engine ID probe mode Syntax security switch snmp trap probe security engine id enable disable Parameters enable Enable SNMP trap security engine ID probe disable Disable SNMP trap security engine ID probe default Show SNMP trap security engine ID probe mode 96 User s Manual SW 24400 Default Setting Example Disable SNMP trap probe security engine ID SWITCH gt security switch snmp trap probe security engine id disable Console Security Switch SNMP Trap Security Engine ID Set or show SNMP trap security engine ID security switch snmp trap security engine id lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting Enable Example Set the SNMP trap security engine ID SWIUECG2. System Capabilities describes the neighbour unit s capabilities The possible capabilities are Other Repeater Bridge WLAN Access Point Router Telephone DOCSIS cable device Station only Reserved When a capability is enabled the capability is followed by If the capability is disabled the capability is followed by System Capabilities ManagementAddress is the neighbour unit s address that is used for higher layer Management Address entities to assist the discovery by the network management This could for instance hold the neighbour s IP address Console LLDP Info 219 User s Manual SW 24400 4 13 6 Port Statistics This page provides an overview of all LLDP traffic Two types of counters are shown Global counters are counters that refer to the whole stack switch while local counters refer to counters for the currently selected switch Global Counters Neighbor entries were last changed at 16505 sec agoj Total Neighbors Entries Added O Total Neighbors Entries Deleted O Total Neighbors Entries Dropped 0 Total Neighbors Entries Aged Out O Auto Refresh L LLDP Statistics for Switch 1 Local Counters Local Port Tx Frames Rx Frames Rx Errors Frames Discarded TL s Discarded TLYs Unrecognized Org Discarded Age Outs O 0 O 0 O O 0 O 2 0 o 0 o 0 0 0 o 3 0 O 0 O 0 0 O O Z Z 22 0 0 0 23 221 0 0 0 24 106 0 0 0 0 0 The page in
3. e Click on the lowest plus sign to add a new ACE to the list Access Control List Configuration Ingress Port Frame Type Rate Limiter Port Copy Logging Shutdown Counter The page includes the following fields Indicates the ingress port of the ACE Possible values are Ingress Port e Any The ACE will match any ingress port e Policy The ACE will match ingress ports with a specific policy e Port The ACE will match a specific ingress port 147 User s Manual SW 24400 Indicates the frame type of the ACE Possible values are Any The ACE will match any frame type EType The ACE will match Ethernet Type frames ARP The ACE will match ARP RARP frames Frame Type IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP Indicates the forwarding action of the ACE Action e Permit Frames matching the ACE may be forwarded and learned e Deny Frames matching the ACE are dropped Pate Limiter Indicates the rate limiter number of the ACE The allowed range is 7 to 15 When Disabled is displayed the rate limiter operation is disabled Indicates the port copy operation of the ACE Frames matching the ACE are Port Copy copied to the port number The allowed values are Disabl
4. DSCP Pv4 and IPv6 DSCP ToS The 3 precedence bit in the ToS byte of the IPv4 IPv6 header also known as DS field Tag Priority User Priority Only applicable if the frame is VLAN tagged or priority tagged Indicates the value according to its QCE type e Ethernet Type The field shows the Ethernet Type value e VLAN ID The field shows the VLAN ID e TCP UDP Port The field shows the TCP UDP port range e DSCP The field shows the IPv4 IPv6 DSCP value Traffic Class e The QoS class associated with the QCE You_can modify each QCE in the table using the following buttons Type Value E inserts a new QCE before the current row Edits the QCE Modification Buttons Moves the QCE up the list Moves the QCE down the list Deletes the QCE O The lowest plus sign adds a new entry at the bottom of the list of QCL Console QoS QCL Delete Delete QCE gos gcl delete lt gcl_id gt lt gce_id gt lt qce_id gt QCE ID 1 24 Description Syntax Parameters lt qcl_id gt QCL ID lt qce_id gt QCE ID 1 24 133 User s Manual SW 24400 Console QoS QCL Mode Set or show the port egress scheduler mode Syntax gos mode lt port list gt strict weighted Parameters lt port_list gt Port list or all default All ports strict Strict mode weighted Weighted mode default Show QoS mode Default Setting Example Set weighted mode for port15 SWITCH gt qos mode 15 weight
5. Default Setting Disabled 1pps Example Enable multicast storm rate limiter in 1kpps SWITCH gt qos storm multicast enable 1k Console QoS Storm Broadcast Set or show the multicast storm rate limiter 139 User s Manual SW 24400 qos storm broadcast enable disable lt packet rate gt Parameters enable Enable broadcast storm control disable Disable broadcast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable broadcast storm rate limiter in 1kpps SWITCH gt qos storm broadcast enable 1k 4 8 6 QoS Statistics The webpage provides statistics for the different queues for all switch ports belonging to the currently selected stack unit Queuing Counters for Switch 1 0 Receive Transmit Receive Transmit Receive Transmit Receive Transmit O O 3365 526 0 O 0 8302 O 0 O 0 O O O 16 4902 3351 0 O O 0 O 12561 17 D 0 0 O 0 0 0 0 18 0 0 O 0 O 0 0 O 19 D 0 0 O O 0 O 0 20 0 0 0 O 0 O 0 0 21 0 0 0 0 O 0 0 O 22 0 O 0 0 O 0 O 0 23 0 0 O 0 O 0 0 0 24 0 O 0 0 O O O 0 25 0 O 0 0 O 0 O O 26 0 0 O 0 0 O 0 0 The page includes the following fields Port The logical port for the settings contained in the same row Lon A There are 4 QoS queues per port with strict or weighted queuing scheduling This is the lowest priority queue Normal Queue This is the normal priority queue of the 4 QoS queues M
6. IEEE802 3af also called Data Terminal equipment DTE power via Media dependent interface MDI is an international standard which defines the transmission for power over Ethernet 802 3af delivers 48V power over RJ 45 wiring Besides 802 3af two types of source equipment are defined Mid Span and End Span gt Mid Span A Mid Span device is placed between a legacy switch and the powered device Mid Span taps unused wire pairs 4 5 and 7 8 to carry power The other four are reserved for data transmission gt End Span An End Span device connects directly with a power device End Span devices can also tap the 1 2 and 3 6 wire pairs B 2 POE System Architecture The specification of PoE typically requires two devices the Powered Source Equipment PSE and the Powered Device PD The PSE is either an End Span or a Mid Span while the PD is a PoE enabled terminal such as IP Phones Wireless LAN etc Power can be delivered over data pairs or spare pairs of standard CAT 5 cabling B 2 1 Power Transference through a CAT5 Ethernet cable A standard CAT5 Ethernet cable has four twisted pairs but only two of these are used for 10BASE T and 100BASE T specifications The specification allows two options for using these cables for power shown in Figure 8 1 and Figure 8 2 The spare pairs are being used in these diagrams Figure 8 1 shows the pair on pins 4 and 5 connected together forming a positive supply and the pair on pins 7 and 8 connected
7. LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device LACP allows switches connected to each other to discover automatically whether any ports are member of the same LAG The commands and webpage allows the user to inspect and change the current LACP port configurations The LACP port settings relate to the currently selected stack unit User s Manual SW 24400 LACP Port Configuration for Switch 1 tt The page includes the following fields LACP Enabled Enable or disable LACP on this switch port The Key value incurred by the port ranging between 1 65535 e Auto The default setting Sets the key as appropriate to the physical link Key speed 10Mb 1 100Mb 2 1Gb 3 e Specific a user defined value can be entered Ports with the same Key value can participate in the same aggregation group while ports with different keys cannot The Role shows the LACP activity status Active will transmit LACP packets each second while Passive will wait fora LACP packet from a partner Console LACP Configuration Syntax Parameters Example Show LACP configuration 82 User s Manual SW 24400 SWITCH gt lacp Configuration ETE ONCE NOOO Console LACP Mode Syntax Parameters lt port_list gt Port list or all default All ports enable Enable LACP protocol disable Disable LACP protocol default Show LACP mode Default Setting Example
8. MSTI gt MSTI Port Configuration Object Description Select MSTI Select the bridge instance and set more detail configuration 111 User s Manual SW 24400 MST1 MSTI Port Configuration MSTI Aggregated Ports Configuration Stack Global Port Path Cost MSTI Normal Ports Configuration for Switch 1 Figure 4 4 MST1 MSTi Port Configuration for the entire stack or for a specified switch The page includes the following fields gt MSTx MSTI Port Configuration Port The switch port number of the corresponding STP CIST and MSTI port Controls the path cost incurred by the port The Auto setting will set the path cost Path Cost appropriate to the physical link speed Using the Specific setting a user defined value can be entered Valid values are in the range 1 to 200000000 Priority Controls the port priority Buttons Get Click to set MSTx configuration Console STP MSTI Priorit Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt priority gt STP bridge priority 0 16 32 48 224 240 Default Setting MSTI Bridge Priority CIST 128 MST1 128 MST2 128 MST3 128 MST4 128 MST5 128 MST6 128 MST7 128 Example 112 User s Manual SW 24400 Set MST1 priority value in 48 WITO sho meti priority 1 4g Console STP MSTI Map Description Show or clear MSTP MSTI VLAN mapping configuration Syntax stp msti map lt msti gt clear Parameters lt msti gt
9. cccccccceccceeeeseeeeeeeeeeeesseeeeeeeeeaaasaeeeeeeeeaaaaaeeeeeeeseaaaaaeeeeeeeseaasaeeeeeeeessaaaaeeeesesensagaagss 166 4 104 Network ACCESS Statistics tad 167 4 10 5 Authentication Server Configuration cccccccccsssseeeccceeeseeeeeecceeeeeseeeeeceeeeeeeseeseeeeeeessseeseeeeeeesssseaaeeeeeeeessaaaasess 171 4 10 C RADIUS OVVIE Wests a EN 172 O A se oceeee eedates 175 A Vi SAC i n 179 AAV POr OMEC OIIO pcs til o 179 A Ace ACCESS MANACOR 183 4 113 Access Management SialiStiCS ir A E A e eee 185 A A chen a ht E E E slo aetna Tr a Neat aad AA ES E EAE E A A E eens 186 A doses EE ATE setae nee amanda ATEI E EEVEE E E TS E AE EE EE cio se E anata EE S A neck eassaeiaa 187 ay lL ON GO cuy oals sil ota 188 411 7 Por security DC fall xis sates co colar iitacth select ashe stead eeann ey a da 190 ATES DRC SNOODIING ssesersvates leausustoerauccdebaiuaswiand id tidad 191 A tA 9 DAG P SiG ODING Otal SES sensei aa 192 Ade WON Source Guard OMIIGUIATION sacle dt 194 Atel IP Source Guard stato Table rotar a eee eam ete eee 196 i i TE AREAS PELO a a Rr ne cr di e in 197 411 13ARP Inspection Statie Table essa llista lincoln cacon 198 AA 2 Address Table cia cti 199 4 12 1 MAC Address Table ConfiguratiON ccccccooccnncccnncccnnnonncnnnnnnnnnnnnnnnnnnnnnnnnnnnrnnnnnnnnnnnnnrnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnns 200 4 12 2 Static MAC Table Configuration sssaaa 201 4123 WAG Address Table SLAs yn cern cine oes ct write cenns i ced a Gen cinta bio E
10. DHCP Snooping is used to block intruder on the untrusted ports of the switch device when it tries to intervene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server DNS is an acronym for Domain Name System It stores and associates many types of information with domain names Most importantly DNS translates human friendly domain names and computer hostnames into computer friendly IP addresses For example the domain name www example com might translate to 192 168 0 1 DoS is an acronym for Denial of Service In a denial of service DoS attack an attacker attempts to prevent legitimate users from accessing information or services By targeting at network sites or network connection an attacker may be able to prevent network users from accessing email web sites online accounts banking etc or other services that rely on the affected computer Dotted Decimal Notation refers to a method of writing IP addresses using decimal numbers and dots as separators between octets An IPv4 dotted decimal address has the form x y z w where x y z and w are decimal numbers between 0 and 255 DSCP is an acronym for Differentiated Services Code Point It is a field in the header of IP packets for packet classification purposes Ethernet Type or EtherType is a field in the Ethernet MAC header defined by the Ethernet networking standard It is used to indicate which protocol is
11. Enable LACP for port1 4 SWITCH gt lacp mode 1 4 enable Console LACP Key Syntax Parameters lt port_list gt Port list or all default All ports lt key gt LACP key 1 65535 or auto Default Setting Example Set key1 for port 4 SWITCH lacpe Key LAT Console LACP Role Description Set or show the LACP role Syntax Lacp role lt port list gt active passive Parameters lt port_list gt Port list or all default All ports active Initiate LACP negotiation passive Listen for LACP packets default Show LACP role 83 User s Manual SW 24400 Default Setting Example Set passive for port 4 SWITCH gt lacp role 1 4 passive 4 4 3 LACP System Port Status These pages provide status overviews for all and individual LACP instances The LACP System Status page displays the current LACP aggregation Groups LACP System Status Aggr ID Partner System ID Partner Key Last Changed Local Ports Mo ports enabled or no existing partners Auto Refresh LJ The page includes the following fields Acar ID The Aggregation ID associated with this aggregation instance 99 For LLAG the id is shown as isid aggr id and for GLAGs as aggr id Partner System ID The system ID MAC address of the aggregation partner Partner Key The Key that the partner has assigned to this aggregation ID Last changed The time since this aggregation changed Shows which ports are a part of
12. Example To set timezone Switch gt system timezone 0 4 1 2 IP Configuration Fill out the IP Address Subnet Mask and Gateway for the device IP Configuration DHCP Client O IP Address 12 168 0 100 192 160 0 100 255 255 2550 255 255 255 0 192 168 0 1 192 168 0 1 YLANID 1 IP DNS Proxy Configuration DNS Proxy O The Current column is used to show the active IP configuration PI Enable the DHCP client by checking this box If DHCP fails and the configured IP address is zero DHCP will retry If DHCP fails and the configured IP address is non zero DHCP will stop and the configured IP settings will be used The DHCP client will announce the configured System Name as hostname for DNS lookup IP Address Provide the IP address of this switch in dotted decimal notation IP Mask Provide the IP mask of this switch dotted decimal notation IP Router Provide the IP address of the router in dotted decimal notation DHCP Client VLAN ID Provide the managed VLAN ID The allowed range is 7 through 4095 DNS Server Provide the IP address of the DNS Server in dotted decimal notation DNS Prox When DNS proxy is enabled DUT will relay DNS requests to the current configured DNS y server on DUT and reply as a DNS resolver to the client device on the network Console IP Configuration Show IP configuration ip configuration S U O ip configuration Example Show IP configuration 34 User s
13. Set ID 2 for Voice VLAN ID SWLTCH gt voOLCe vlan Lol 2 Console Voice VLAN Agetime Set or show Voice VLAN age time lt age_time gt MAC address age time 10 10000000 default Show age time Default Setting 86400sec Example 143 User s Manual SW 24400 Set Voice VLAN age time in 100sec SWITCH gt voice valn agetime 100 Console Voice VLAN Traffic Class Set Voice VLAN traffic class lt class gt Traffic class low normal medium high or 1 2 3 4 Default Setting Example Set medium traffic class for voice VLAN Sey Source vlana whan tie class mean Console Voice VLAN Port Mode Description Set or show the Voice VLAN port mode When the port mode is not disabled MSTP feature must be disabled before enabling Voice VLAN to avoid ingress filter conflict Syntax Parameters lt port_list gt Port list or all default All ports disable Disjoin from Voice VLAN auto Enable auto detect mode lt detects whether there is VolP phone attached on the specific port and configure the Voice VLAN members automatically force Forced join to Voice VLAN default Show Voice VLAN port mode Default Setting Example Set auto mode for port 1 4 of Voice VLAN port mode SWUITCH gt vOolce yvlan port moce 1 4 aurte Console Voice VLAN Security Description Set or show the Voice VLAN port security mode When the function is enabled all non telephone MAC address in Voice VLAN will be blocked 10 seconds
14. Within a managed stack one master switch or just master must be elected Any switch not designated master is a slave switch or just slave To elect a master the following criteria are evaluated sequentially 1 2 3 4 If any switch already claims to have been master for more than 30 seconds then that switch will become master If multiple switches claim to have been master for more than 30 seconds then the switch which has been master for the longest period of time will become master The switch with the smallest master priority The switch with the smallest MAC address The above algorithm ensures that once a master has been elected and has been master for more than 30 seconds it will remain master However in some cases the user may want to enforce a new master election On the Stack State Monitor web page this is shown by Re elect being set to Yes for one of the switches in the stack 4 16 1 3 Stack Redundancy In the unlikely event that a SW Switch fails in a stack stack integrity is maintained if the redundant cable is connected to the stack The affected switch within the sack can be replaced or removed without disrupting normal operation The broken link is bypassed and data transmission continues uninterrupted The single management IP address for the stack is also preserved for uninterrupted management and monitoring 23 User s Manual SW 24400 Figure4 16 Remove or Replace a switch
15. 1 86 User s Manual SW 24400 4 5 2 IEEE 802 1Q VLAN IEEE 802 1Q tagged VLAN is implemented on the Switch 802 1Q VLAN require tagging which enables them to span the entire network assuming all switches on the network are IEEE 802 1Q compliant VLANs allow a network to be segmented in order to reduce the size of broadcast domains All packets entering a VLAN will only be forwarded to IEEE 802 1Q enabled switches that are members of that VLAN including broadcast multicast and unicast packets from unknown sources VLAN can also provide a level of security to your network IEEE 802 1Q VLAN will only deliver packets between stations that are members of the VLAN Any port can be configured as either tagging or untagging Tagged Ports with tagging enabled will put the VID number priority and other VLAN information into the header of all packets that flow into those ports If a packet has previously been tagged the port will not alter the packet thus keeping the VLAN information intact The VLAN information in the tag can then be used by other 802 1Q compliant devices on the network to make packet forwarding decisions e Untagged Ports with untagging enabled will strip the 802 1Q tag from all packets that flow into those ports If the packet does not have an 802 1Q VLAN tag the port will not alter the packet Thus all packets received by and forwarded by an untagging port will have no 802 1Q VLAN information Remember that the PVID
16. Buttons Type Value 134 User s Manual SW 24400 Cancel Return to the previous page Console QoS QCL Add Parameters Add or modify QoS Control Entry QCE If parameter lt qce_id gt is specified and an entry with this ID already exists the QCE will be modified Otherwise a new QCE will be added else if not specified the next available QCE ID will be used If the parameter lt qce_id_next gt is specified the QCE will be placed before this QCE in the list else if not specified the QCE will be placed last in the list gos qcl add lt qcl_id gt lt qce_id gt lt qce_id next gt etype lt etype gt lt vid gt port lt udp_tcp port gt dscp lt dscp gt tos lt tos_list gt tag prio lt tag prio list gt lt class gt lt qcl_id gt QCL ID lt qce_id gt QCE ID 1 24 lt qce_id_next gt Next QCE ID 1 24 etype Ethernet Type keyword lt etype gt Ethernet Type vid VLAN ID keyword lt vid gt VLAN ID 1 4095 port UDP TCP port keyword lt udp_tcp_port gt Source or destination UDP TCP port 0 65535 dscp IP DSCP keyword lt dscp gt IP DSCP 0 63 tos IP ToS keyword lt tos_list gt IP ToS list 0 7 tag_prio VLAN tag priority keyword lt tag_prio_list gt VLAN tag priority list 0 7 lt Class gt Traffic class low normal medium high or 1 2 3 4 4 8 3 Port QoS Configuration Configure QoS settings for each port Port QoS Configuration Stack Global Set
17. Console IGMP Router Set or show the IGMP snooping router port mode igmp router lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IGMP router port disable Disable IGMP router port default Show IGMP router port mode Default Setting No filtering Example Enable IGMP snooping function for port1 4 SWITCH gt igmp router 1 4 enable Console IGMP Fastleave Set or show the IGMP snooping fast leave port mode igmp fastleave lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IGMP fast leave disable Disable IGMP fast leave default Show IGMP fast leave mode User s Manual SW 24400 Default Setting Example Enable the IGMP snooping fast leave port mode SWITCH gt igmp fastleave 1 enable Console IGMP Throttling Parameters lt port_list gt Port list or all default All ports 0 No limit 1 10 Group learn limit default Show IGMP Port Throttling Default Setting Example Set the IGMP port throttling status for port 1 Sue gt eu elmer te lianas Ih I 4 7 4 IGMP Snooping VLAN Configuration Each page shows up to 999 entries from the VLAN table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the VLAN Table The first displayed will be
18. Deny forwarding lt rate_limiter gt Rate limiter number 1 15 or disable lt port_copy gt Port number for copy of frames or disable lt logging gt System logging of frames log log_disable lt shutdowns Shut down ingress port shut shut_disable Console Security Network ACL Delete Delete ACE lt ace_id gt ACE ID 1 128 Example Delete ACE 1 SWLIECH security network acl delere 1 Console Security Network ACL Lookup Show ACE default All ACEs lt ace_id gt ACE ID 1 128 Example Lookup ACE 1 SWITCH gt security network acl lookup 1 4 9 3 ACE Configuration Configure an ACE Access Control Entry on this page An ACE consists of several parameters These parameters vary according to the frame type that you select First select the ingress port for the ACE and then select the frame type Different parameter options are displayed depending on the frame type that you selected 150 User s Manual SW 24400 ACE Configuration AY Ay Y MAC Parameters VLAN Parameters DMAC Filter Any Y The page includes the following fields Select the ingress port for which this ACE applies Ingress Port e Any The ACE applies to any port e Port n The ACE applies to this port number where n is the number of the switch port e Policy n The ACE applies to this policy number where n can range from 1 through 8 Select the frame type for this ACE e Any Any frame can match this ACE Frame Typ
19. Idx Model Security Name Group Name 1 v1 publie decai ro grouwe 2 v1 private default rw group 2 v2c publite default ro group 4 v2c private default rw group usm detent user default rw group Number of entries 5 SNMPv3 Views Table Idx View Name View Type OID Subtree al deraue mew e ci Number of entries 1 SNMPv3 Accesses Table Idx Group Name Model Level 1 Cefaulrt ro groug any NoAuth NoPriv 2 default rw group any No ucnh NoPriy Number of entries 2 Console Security Switch SNMP Mode Set or show the SNMP mode 99 User s Manual SW 24400 security switch snmp mode enable disable Parameters enable Enable SNMP disable Disable SNMP default Show SNMP mode Default Setting Example Disable SNMP mode SWITCH gt security switch snmp mode disable Console Security Switch SNMP Version Set or show the SNMP protocol version Syntax security switch snmp version 1 2c 3 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP version Default Setting Example Set SNMP in version 3 SWITCH gt security switch snmp version 3 Console Security Switch SNMP Read Community Description Set or show the community string for SNMP read access Syntax security switch snmp read community lt community gt Parameters lt community gt Community string Use clear or to clear the string default Show SNMP read community Default Setting Example
20. Ready The server is enabled IP communication is up and running and the RADIUS module is ready to State accept accounting attempts Other Info Dead X seconds left Accounting attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled radiusAccClientExtP Tx Pending Requests endingRequests The time interval measured in milliseconds between the most recent Response and the Request Round Trip radiusAccClientExtR that matched it from the RADIUS accounting server Time oundTripTime The granularity of this measurement is 100 ms A value of 0 ms indicates that there hasn t been round trip communication with the server yet Console Security AAA Statistics Show RADIUS statistics Parameters The server index 1 5 default Show statistics for all servers Example Show RADIUS statistics SWITCH gt security aaa statistics 178 User s Manual SW 24400 4 11 Security This section is to control the access of the Managed Switch includes the user access and management control The Security page contains links to the following main topics Port Limit Control Access Management HTTPs SSH DHCP Snooping IP Source Guard ARP Inspection 4 11 1
21. Responses Rx Other Requests User s Manual SW 24400 Rx Auth Successes 0 Rx Auta Farlures 0 4 10 5 Authentication Server Configuration This webpage allows you to configure the Authentication Servers Authentication Server Configuration Common Server Configuration RADIUS Authentication Server Configuration 1 2 3 4 5 d L d 2 3 4 5 The page includes the following fields gt Port State These setting are common for all of the Authentication Servers Timeout Dead Time The Timeout which can be set to a number between 3 and 3600 seconds is the maximum time to wait for a reply from a server If the server does not reply within this timeframe we will consider it to be dead and continue with the next enabled server if any The Dead Time which can be set to a number between 0 and 3600 seconds is the period during which the switch will not send new requests to a server that has failed to respond to a previous request This will stop the switch from continually trying to contact a server that it has already determined as dead Setting the Dead Time to a value greater than 0 zero will enable this feature but only if more than one server has been configured 171 User s Manual SW 24400 gt Server Configuration The table contains one row for each RADIUS Authentication Server RADIUS Accounting Server and TACACS Authentication Server respectively The columns display the
22. SW 24400 User s Manual SW 24400 1 INTRODUCTION The 13 International Layer 2 Managed Gigabit Switch series switches are multiple port Gigabit Ethernet Switches with SFP fibre optic connective ability and robust layer 2 features the description of the model discussed in this manual is below The term Managed Switch refers to the Switch titled on the cover page of this User s manual 1 1 Package Contents The box should contain the following items The Managed Switch x1 User s manual CD x1 Quick installation guide x1 19 Rack mount accessory kit x1 Power cord x1 Rubber feet X4 RS 232 DB9 male Console cable x1 CB STX50 50cm stack cable x1 If any of these are missing or damaged please contact your dealer immediately if possible retain the carton including the original packing material in case of repair return 1 2 Product Features and Specification IMPORTANT NOTE This PoE network switch is recommended for IP cameras ONLY Sue Frio eceso OOOO Address Table 8K entries automatic source address learning and ageing Share data Buffer 1392 kilobytes Switch Processing Scheme Store and Forward IEEE 802 3x Pause Frame for Full Duplex Pel Back pressure for Half Duplex lt 5 seconds System reboot Reset Button gt 10 seconds Factory Default Dimension W x D x H 440 x 300 x 44 5 mm 1U high 10 User s Manual SW 24400 LED Power Link Act and speed per Gigabit port Max 432 watts 1473 BTU AC
23. Show SMTP mode Default Setting Console SMTP Server Set or show SMTP server configuration smtp server lt server gt lt port gt Parameters lt server gt SMTP server address lt port gt SMTP server port Default Setting Console SMTP Authentication Enable or disable SMTP authentication configuration Syntax smtp auth enable disable Parameters enable Enable SMTP Authentication disable Disable SMTP Authentication default Show SMTP Authentication Default Setting Console SMTP Authentication User Description Syntax Parameters Console SMTP Authentication Password Description Syntax Parameters Console SMTP Mailfrom Syntax 49 User s Manual SW 24400 Default Setting Description Syntax Parameters Default Setting Console SMTP Mailto1 Description Set or show SMTP primary email Syntax Parameters lt mailto1_text gt SMTP e mail 1 to address Default Setting Description Syntax Parameters Default Setting 4 1 15 Web Firmware Upgrade Update the firmware controlling the switch Firmware Upgrade we Ca To open the Firmware Upgrade screen 1 Click System gt Web Firmware Upgrade The Firmware Upgrade screen appears Click the Browse button of the main page an Open File dialog will appear Select firmware file then click Upload The software will being uploading 1 2 US Once the software is loaded a confirmation screen will appear The new software wi
24. Show client authentication method enable Enable local authentication if remote authentication fails disable Disable local authentication if remote authentication fails default Show backup client authentication configuration Default Setting Authentication Method local Fallback disable Example Use RADIUS authentication method for telnet SWITCH gt security switch auth method telnet radius enable 4 10 2 Network Access Server Configuration This page allows you to configure the IEEE 802 1X and MAC based authentication system and port settings The IEEE 802 1X standard defines a port based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication MAC based authentication allows for authentication of more than one user on the same port and doesn t require the user to have special 802 1X supplicant software installed on his system The switch uses the user s MAC address to authenticate against the backend server 159 User s Manual SW 24400 Network Access Server Configuration Refresh System Configuration Stack Global Reauthentication Enabled Reauthentication Period EAPOL Timeout Age Period Hold Time RADIUS Assigned QoS Enabled RADIUS Assigned VLAN Enabled Guest VLAN Enabled Guest VLAN ID Max Reauth Count Allow Guest VLAN if EAPOL Seen Port Configuration for Switch 1 mae RADIUS Assign
25. co o El o El S a o Al o 8 o al o al o 8 o E o El o El o E O EN O Bee Auto Refresh Refresh AT AF Mode Operating power is applied from a power source PSU power supply unit over the LAN infrastructure to powered devices PDs which are connected to ports The power budget is managed according to the following user definable parameters maximum available power ports priority maximum allowable power per port There are five modes for configuring how the ports PDs may reserve power and when to shut down ports gt Classification mode In this mode each port automatic determines how much power to reserve according to the class the connected PD belongs to and reserves the power accordingly Four different port classes exist and one for 4 7 15 4 and 30 8 Watts Range of maximum power used by the PD Class Description co Default 0 44 to 12 95 Watts Classification unimplement Optional 0 44 to 3 84 Watts Very low power 3 Optional 6 4910 12 95 Watts or to 15 4Watts Optional 12 95 to 25 50 Watts or to 30 8Watts High power 226 User s Manual SW 24400 In this mode the Maximum Power fields have no effect gt Allocation mode In this mode the user allocates the amount of power that each port may reserve The allocated reserved power for each port PD is specified in the Maximum Power fields The ports are shut down when total reserved powered exceeds the amount of power that the power supply ca
26. 202 4124 MAG TablS dad A A A EA A A edn ee mat ceedaed oes 205 User s Manual SW 24400 A12 5 DynamicARP Inspection Tables irradia 206 412 6 Dynamic IP Source Guard Table ac A A ie 207 413 CLDP ali 208 Ato k Enk Layer DISCOVEy Protocol dl o doo 208 A Toe LLDP o A a a A 208 LAS LLDPMED A A lat adn tie leuk 212 2134 ELO MEDINA e e e ter Gers nene eo 217 A e e ee ee eee Seer 219 ATO Ose Ola SUG Sistas Beste cucta ed atau tars gate a eee peeeee se 220 4 14 Network DIAGMOSUICS sxccuscccscccsecveciceseccecsascecsc var cesceusectesasecassacveuessiaecssasceccsst sceabsescecssueusenuesvdeceusveesceusscecsasseegmacue 221 A ee ene eeeene 222 ANA 2 NP VO RINO teea a eal aah cosa ate tea tere a teat a e teeth le talib 223 DAA IP Ping TeStccotsise ena titan cents eee eee eee ee 224 A lol FeAl INOS NG Satter a gt Ma abatile a r tonchaaea toad 224 4 15 POWEr over EME A crease eee a a ae aneseaiebeaeatens 225 AASV POWER CONMOULAUNOM cs cose ata0 hohe ee a ade leet aca tee aut ad ed ies aids oe 226 418 2 POMC OMMOURAN ON eisi e eea A e EA a e A ENN 229 LAS FOE Sa E E E O 231 ATOA POE Schedule sd fate nen es eae iat 233 4 150 LEDP Neighbour Power Over Element ida 233 AVG SAG A O eed ced a aaa aa a aaa waueadule sacay deus detache sccayceedesdetecdeak ders E aa a 234 AAG AStA ANC ECU iio 236 SS a ee ee eRe re me RE EE Te ete te eee eee 236 A AO 12 Master Elec ardid ola ddcae 237 41613 Slack o cieecai ie elie ol aie osc iiecel ie
27. 802 1X Authentication macbased Switch authenticates on behalf of the client default Show 802 1 X state Default Setting Example Show the port 1 security state 164 User s Manual SW 24400 SWITCH gt security network nas state 1 Port Admin Stare POFE State Laste Source Last ID 1 Force Authorized Link Down Console Security Network NAS RADIUS QoS Set or show either global use global keyword or per port enabledness of RADIUS assigned QoS Syntax Parameters global Select the global RADIUS assigned QoS setting lt port_list gt Select the per port RADIUS assigned QoS setting default Show current per port RADIUS assigned QoS enabledness enable Enable RADIUS assigned QoS either globally or on one or more ports disable Disable RADIUS assigned QoS either globally or on one or more ports default Show current RADIUS assigned QoS enabledness Default Setting Example Enable NAS RADIUS QoS SWICK SseSeuicilicy me ove mes eses ces emelo le Console Security Network NAS RADIUS QoS Set or show either global use global keyword or per port enabledness of RADIUS assigned VLAN Syntax Parameters global Select the global RADIUS assigned VLAN setting lt port_list gt Select the per port RADIUS assigned VLAN setting default Show current per port RADIUS assigned VLAN enabledness enable Enable RADIUS assigned VLAN either globally or on one or more ports disable Disable RADIUS assigned VLAN either globa
28. Console PoE Power Suppl Set or show the value of the power supply lt supply_power gt PoE power for a power supply Default Setting Example Set 200 watts of power supply SWITCH gt poe power supply 200 4 15 3 PoE Status This page allows the user to inspect the total power consumption total power reserved and current status for all PoE ports 231 for Switch 1 Power Over Ethernet Status Current Power Consumption Total Power Reserved Temperature 1 Temperature 2 270 5 360 4 271 6 7 360W 33 C 91 F 32 C S0 F The total value add from port 01 to 12 should not more than 190 watt The total value add from port 13 to 24 should not more than 190 watt There is 30 resvered for PoE chip set Local Port PD Class Power Used W Current Used m Port Status AT AF Mode Ez O O 11 6 11 7 17 18 3 17 5 18 3 O O O O O 000000050000 D0D00D0000 E 0 271 6 Wi 5219 mA The page includes the following fields PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE Search PoE Search PoE ON PoE ON PoE ON PoE ON PoE ON PoE ON PoE Search PoE Search PoE Search PoE Search PoE Search PoE Search AT AT AT AT AF AT AT AT AT User s Manual SW 24400 Current Power Consumption Show the total watts usage of PoE Switch Total Power Reserved Shows how much the total power be reserved for all PDs Display the current operating tempe
29. Disabled System Access number of entries 0 Console Security Switch Access Mode Set or show the access management mode security switch access mode enable disable Parameters enable Enable access management disable Disable access management default Show access management mode Default Setting Example Enable access management function SWITCH gt security switch access mode enable Console Security Switch Access Add Add access management entry Syntax security switch access add lt access_id gt lt start_ip addr gt lt end_ip addr gt web snmp telnet Parameters lt access_id gt entry index 1 16 lt start_ip_addr gt Start IP address a b c d lt end_ip_addr gt End IP address a b c d web WEB HTTPS interface snmp SNMP interface telnet TELNET SSH interface default Show configured and current mode Example Add access management list from 192 168 0 1 to 192 168 0 200 via web interface SWLICH Ssecumnky swircch access ace 1 192 166 0 1 192 160 0 200 web Console Security Switch Access IPv6 Add Add access management IPv6 entry Syntax security switch access ipvo add lt access_id gt lt start_ipv6 addr gt lt end ipv6 addr gt web snmp telnet Parameters lt access_id gt entry index 1 16 lt start_ipv6_addr gt Start IPv6 address lt end_ipv6_addr gt End IPv6 address web WEB HTTPS interface snmp SNMP interface telnet TELNET SSH interface default Sh
30. Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled Disabled Disabled Disabled Disabled Console LLDP Mode Description Set or show LLDP mode Syntax lldp mode lt port_list gt enable disable rx tx Parameters lt port_list gt Port list or all default All ports enable Enable LLDP reception and transmission disable Disable LLDP rx Enable LLDP reception only tx Enable LLDP transmission only default Show LLDP mode Default Setting Example Enable port1 LLDP function SWITCH gt 11dp mode 1 enable Console LLDP Optional TLV Description Syntax lldp optional _tlv lt port_list gt lt port_descr gt lt sys name gt lt sys descr gt lt sys capa gt lt mgmt_addr gt enable disable lt port_list gt Port list or all default All ports port_descr Description of the port sysm_name System name sys_descr Description of the system sys_capa System capabilities mgmt_addr Master s IP address default Show optional TLV s configuration enable Enables TLV disable Disable TLV default Show optional TLV s configuration Default Setting All enabled Example Parameters Disable description of the port for port1 SUDICH apro tional aE Wy pormtedescr dita le Console LLDP Interval Description Set or show LLDP Tx interval lt interval gt LLDP t
31. IP address If you do not familiar with console command or the related parameter enter help anytime in console to get the help description You can change these settings if desired after you log on This management method is often preferred because you can remain connected and monitor the system during system reboots Also certain error messages are sent to the serial port regardless of the interface through which the associated action was initiated A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP 3 2 2 1 Telnet Login The Managed Switch also supports Telnet for remote management The switch asks for the user name and password during a 26 User s Manual SW 24400 remote login using Telnet Input admin as the username amp password 3 2 3 Web Management The Managed Switch can be accessed from anywhere on the network through a standard browser capable of handling Java applets such as Microsoft Internet Explorer as if you were directly connected to the Managed Switch s console port After setting an IP address for the switch enter the address into the browser You can then use your Web browser to list and access the Managed Switch configuration parameters from one central location Web Management requires Microsoft Internet Explorer Safari or Mozilla Firefox By
32. If the application s tyoe matches any one of access management entry it will allow access to the switch Access Management Configuration aaa eT Start IP Address End IP Address HTTP HTTPS SNMP TELNET SSH Add new entry The page includes the following fields Indicates the access management mode operation Possible modes are Mode e Enabled Enable access management mode operation e Disabled Disable access management mode operation Check to delete the entry It will be deleted during the next save Start IP address Indicates the start IP address for the access management entry End IP address Indicates the end IP address for the access management entry HTTP HTTPS Indicates the host can access the switch from HTTP HTTPS interface that the host IP address matched the entry Indicates the host can access the switch from SNMP interface that the host IP address SNMP matched the entry TELNET SSH Indicates the host can access the switch from TELNET SSH interface that the host IP address matched the entry Buttons Add new entry dd new entry Click to add a new access management entry Console Security Switch Access Configuration Description Show access management configuration Syntax security switch access configuration Example Show access management configuration 183 User s Manual SW 24400 SHITCH gt 6eCcUuriLey switten access configuration Access Mome Configurations System Access Mode
33. KORG MER Coun east 0 a0 00 00 30 4 2 24 04 DI 0 Port Role j PathCost 0e 00210332 Forwarding 128 4 6 9 Port Statistics This page displays the STP port statistics counters for port physical ports in the currently selected switch STP Statistics for Switch 1 a i TCN MSTP RSTP STP TCN Unknown Illegal 1 1 T 0 o 0 0 0 0 i 3571 O O 1 16 1032 O O O O O O O O O Auto Refresh Ll The page includes the following fields TP TCN The number of legacy Topology Change Notification BPDU s received transmitted on the port Discarded Unknown The number of unknown Spanning Tree BPDU s received and discarded on the port Discarded Illegal The number of illegal Soanning Tree BPDU s received and discarded on the port 115 User s Manual SW 24400 4 7 Multicast 4 7 1 IGMP Snooping Each page shows up to 999 entries from the Dynamic ARP Inspection table memberships IGMP snooping is a switch feature that monitors the exchange of IGMP messages and copies them to the CPU for feature processing The overall purpose of IGMP Snooping is to limit the forwarding of multicast frames to only ports that are a member of the multicast group 4 7 2 IGMP Snooping Configuration This page provides IGMP Snooping related configuration Most of the settings are global whereas the Router Port configuration is related to the currently selected stack unit as reflected by the page header IGMP Snooping C
34. Load This page displays the CPU load using a SVG graph The load is measured as averaged over the last 100 ms 1 second and 10 seconds intervals The last 120 samples are graphed and the last numbers are displayed as text as well The console command provides statistics only CPU Load Auto refresh 100ms 3 1sec 1 10sec 1 all numbers running average 15 50 20 HA A AA gt Prats De PSA MUS Figure4 1 An example CPU Load graph In order to display the SVG graph your browser must support the SVG format Console System Prompt Show current CPU load 100ms 1s and 10s running average in percent zero is idle Example 45 User s Manual SW 24400 To show current CPU load Switch gt system load Load average 100ms 1s 10s Lap La 1 4 1 11 System Log The switch system log information is provided system Log Information for Switch 1 The total number of entries is 3 for the gwen level start from ID 1 with o entries per page Info 1970 01 01 Thu 00 00 04 0000 Switch just made a cold boot Info 1970 01 01 Thu 00 00 04 0000 Link up on switch 1 port 1 Info 1970 04 01 Thu 00 00 04 0000 Link up on switch 1 port 16 Figure4 2 System Log page for a switch in a stack The page includes the following fields ae 1D The ID gt 1 ofthe system log entry The level of the system log entry The following level types are supported e Info Information lev
35. Network DHCP Snooping Mode Syntax Parameters enable Enable DHCP snooping mode When DHCP snooping mode operation is enabled the requested DHCP messages will be forwarded to trusted ports and only allowed reply to packets from trusted ports disable Disable DHCP snooping mode default Show flow DHCP snooping mode Default Setting Example Enable DHCP snooping mode SWITCH gt security network dhcp snooping mode enable Console Security Network DHCP Snooping Configuration Set or show the DHCP snooping port mode Syntax security network dhcp snooping port mode lt port list gt trusted untrusted Parameters lt port_list gt Port list or all default All ports trusted Configures the port as trusted sources of the DHCP message untrusted Configures the port as untrusted sources of the DHCP message default Show flow DHCP snooping port mode Default Setting Example Set untrusted DHCP snooping port mode in port 1 SWEECH Secure neto ek Chey snooping porce moce 1 untrusted 4 11 9 DHCP Snooping Statistics This page provides port statistics for DHCP snooping The statistics only count packets for which DHCP snooping mode is enabled and relay mode is disabled DHCP packets for system DHCP client are not counted 192 User s Manual SW 24400 DHCP Snooping Port Statistics for Switch 1 Port 1 Auto Refresh Dl Port 1 v Receive Packets Transmit Packets Rx Discover Rx Offer Rx Request Rx Declin
36. Port Limit Control This page allows you to configure the Port Security Limit Control system and port settings If Limit Control is enabled on a port the limit specifies the maximum number of users on the port as identified by a user s MAC address and VLAN ID If this number is exceeded an action is taken The action can be one of four different as described below The Limit Control module is one of a range of modules that utilizes a lower layer module the Port Security module which manages MAC addresses learned on the port The Limit Control configuration consists of two sections a system and a port wide configuration page Port Limit Control Configuration System Configuration Stack Global ao a Aging Enabled Enabled Aging Period sen seconds Port Configuration for Switch 1 cs E Disabled Disabled Disabled Disabled Disabled The page includes the following fields gt System Configuration oie User s Manual SW 24400 Indicates if Limit Control is globally enabled or disabled on the switch stack If globally Mode disabled other modules may still use the underlying functionality but limit checks and corresponding actions are disabled Aging Enabled If checked secured MAC addresses are subject to aging If Aging Enabled is checked then the aging period is controlled with this input If other Aging Period modules are using the underlying port security for securing MAC addresses the sh
37. Possible security models are Security Level e NoAuth NoPriv No authentication and no privacy e Auth NoPriv Authentication and no privacy e Auth Priv Authentication and privacy The name of the view defining the MIB objects for which the current values may Read View Name be requested The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 The name of the view defining the MIB objects for which this request may Write View Name potentially SET new values The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add new 820855 Click to add a new access entry Console Security Switch SNMP Engine ID Description Set or show SNMPvy3 local engine ID Syntax security switch snmp engine id lt engineid gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string Default Setting 800007e5017f000001 Example Set 800007e5017f000002 for SNMPy3 local engine ID SWUUCGH security switen sump engine Lc 20000 71e501 1000002 Console Security Switch SNMP Access Delete The entry index keys are lt group_name gt lt security_model gt and lt security_level gt Syntax security switch snmp access add lt group_name gt lt security model gt lt security level gt lt read view name gt lt write view name gt Parameters lt group_name gt A string
38. Query by e Interface Query of the MAC addresses entry by interface l e VLAN Query of the MAC addresses entry by VLAN e MAC Address Query of the MAC addresses entry by MAC address Buttons Refreshes the displayed table starting from the Start from MAC address and VLAN input fields Clear Cea Flushes all dynamic entries Lise Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address ee gt Updates the table starting with the entry after the last entry currently displayed 203 User s Manual SW 24400 Console MAC Dump Show sorted list of MAC address entries mac dump lt mac max gt lt mac addr gt lt vid gt Parameters lt mac_max gt Maximum number of MAC addresses 1 8192 default Show all addresses lt mac_addr gt First MAC address xx xx xx xx xx xx default MAC address zero lt vid gt First VLAN ID 1 4095 default 1 Example Show all of MAC table SWITCH gt mac dump Type VID MAC Address PORES Sates 1 00 30 00 33 22 55 1 Star Le IL 00 30 4t 214 04 01 None CPU STALLO 1 So So Se aA a None CPU Static af 33 33 f a8 00 64 None CPU Dynamic 1 We OS Oa MES OS 10 Statie 1 E E E E E E OY Console MAC Statistics Show MAC address table statistics Syntax mac statistics lt port list gt Parameters lt port_list gt Port list or all default All ports Example Set all
39. Ready The server is enabled IP communication is up and running and the RADIUS module The current state of the server This field takes one of the following values State e Disabled The server is disabled e Not Ready The server is enabled but IP communication is not yet up and running 172 User s Manual SW 24400 is ready to accept access attempts e Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled Console Security AAA Configuration Show Auth configuration Example Show Auth configuration SWITCH gt security aaa configuration AAA Configuration Server Timeout 3 L5 seconcls Server Dead Time 300 seconds RADIUS Authentication Server Configuration Console Security AAA Timeout Set or show server timeout security aaa timeout lt timeout gt lt timeout gt Server response timeout 3 3600 seconds default Show server timeout configuration Example Set 30sec for server timeout SWITCH gt security aaa timeout 30 173 User s Manual SW 24400 Console Security AAA Deadtime Description Set or show server dead time Syntax security aaa deadtime lt dea
40. Root Port for the CIST or any MSTI even if it has the best spanning tree priority vector If enabled causes the port not to propagate received topology change notifications and Restricted TON topology changes to other ports If enabled causes the port to disable itself upon receiving valid BPDU s Contrary to the BPDU Guard similar bridge setting the port Edge status does not affect this setting A port entering error disabled state due to this setting is subject to the bridge Port Error Recovery setting as well Controls whether the port connects to a point to point LAN rather than a shared medium This can be automatically determined or forced either true or false Transitions to the forwarding state is faster for point to point LANs than for shared media This applies to physical ports only Aggregations are always forced Point2Point Point2Point Console STP Port Configuration Show STP Port configuration stp port configuration lt port list gt 105 User s Manual SW 24400 lt port_list gt Port list or all Port zero means aggregations Example Show STP status of Port1 SWITCH gt 8tP port configuration 1 Port Mode AdminEdge AutoEdge restrRole restrTcn bpduGuard Point2point a Enabled Enabled Enabled Disabled Disabled Disabled Auto Console STP Port Mode Set or show the STP enabling for a port Syntax stp port mode lt port list gt enable disable Parameters lt port_list gt Port list or
41. STP bridge instance no 0 7 CIST 0 MSTI1 1 clear Clear VID to MSTI mapping Example Add MST1 priority value in 48 SUIT Somo lo eos Console STP MSTI Add Description Add a VLAN to a MSTI Syntax Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt vid gt VLAN ID 1 4095 Example Add MST1 in vlan1 SWITCH gt sto msti aca Console STP MSTI Port Configuration Show the STP CIST MSTI port configuration stp msti port configuration lt msti gt lt port list gt lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports Example Set MSTI2 in port 2 SWITCH gt sto msti port configuration 2 1 2 POTT Parchn Cost Pate ae csi Aggr EI lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt path_cost gt STP port path cost 1 200000000 or auto Default Setting Example Set MSTI7 in port1 113 User s Manual SW 24400 A Scho sa port cost 7 1 MSTI Port Path Cost MSIT7 Console STP MSTI Port Priorit Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all Port zero means aggregations lt priority gt STP port priority 0 16 32 48 224 240 Default Setting 128 4 6 8 Port Status This page displays the STP CIST port sta
42. Syntax voice vlan security lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Voice VLAN security mode disable Disable Voice VLAN security mode default Show flow Voice VLAN security mode Default Setting Example Enable the Voice VLAN port security mode for port 1 4 Saa voce vlan security l 4 enable 4 8 9 Voice VLAN OUI Table The maximum number of Voice VLAN OUI entries is 16 Modifying the OUI table will restart auto detect OUI process 144 User s Manual SW 24400 The page includes the following fields Check to delete the entry It will be deleted during the next save Telephony OUI A globally unique identifier assigned to a vendor by IEEE It must be 6 characters long prony and the input format is Xx xx xx x is a hexadecimal digit The description of OUI address The allowed string length is O to 32 Buttons Add new entry dd new entry Click to add a new access management entry Console Voice VLAN OUI Add Description Syntax voice vlan oui add lt oui addr gt lt description gt Parameters lt oui_addr gt OUI address xx xx xx lt description gt Entry description Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Example Add Voice VLAN OUI entry SWITCH gt voice vlan our add 00 11 22 test Console Voice VLAN OUI Delete
43. The console only accepts lower case commands The SW Managed Switch is shipped with the following IP address IP Address 192 0 0 20 Subnet Mask 255 255 255 0 To check the current IP address or modify a new IP address for the Switch do the following 1 On the Switch gt prompt input ip configuration 25 2 The screen displays the current IP address Subnet Mask and Gateway as shown below e 192 168 10 68 PuTTY Username techsupport Password Login in progress 3WITCH Master gt ip configuration IP Configuration DHCP Client Disabled IP Address i 10 66 IP Mask IP Router DNS Server VLAN ID DNS Proxy Disabled 6 AUTOCONFIG mode Disabled 6 Link Local Address fe50 230 4f1f1f feod fdoe wh Address ete A a E 6 Prefix O96 6 Router wh VLAN ID SWITCH Master gt Figure3 4 IP information screen To change the IP address 1 On the Switch gt prompt enter the following command and press lt Enter gt Switch gt ip setup 192 168 0 101 255 255 255 0 192 168 0 253 The above command applies the following settings to the switch v 0 IP 192 168 0 101 Subnet Mask 255 255 255 0 Gateway 192 168 0 253 VLAN ID 1 Repeat Step 1 to confirm the IP setting change User s Manual SW 24400 If the IP address is successfully configured the Managed Switch will apply the new IP address setting immediately You can access the Web interface through the new
44. The page includes the following fields Mode of IP Source Guard Enable the Global IP Source Guard or disable the Global IP Source Guard All Configuration configured ACEs will be lost when the mode is enabled Specify IP Source Guard is enabled on which ports Only when both Global Mode Port Mode Configuration and Port Mode on a given port are enabled IP Source Guard is enabled on this given port Specify the maximum number of dynamic clients can be learned on given ports This value can be 0 1 2 and unlimited f the port mode is enabled and the value of max dynamic client is equal 0 it means only allow the IP packets forwarding that are matched in static entries on the specific port Max Dynamic Clients Console Security Network IP Source Guard Configuration Description Show IP source guard configuration Syntax security network ip source guard configuration 194 User s Manual SW 24400 Example Show IP source guard configuration SHITCH gt secu urircy network ip source guard configuration TES tcs guare Configuracion s IP Source Guard Mode Disabled Port Port Moce yace Enya Co O gt COM AY isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled isabled limited limited limited limited limited limited limited limited limited limited limited limit
45. VLAN Cearmimg Independent VLAN learning Configurable PVID Tagging Indicates whether or not configurable PVID tagging is implemented 88 User s Manual SW 24400 Console VLAN Lookur Lookup VLAN entry vlan lookup lt vid gt combined static nas mvr voice vlan all Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs combined Shows All the Combined VLAN database static Shows the VLAN entries configured by the administrator nas Shows the VLANs configured by NAS mvr Shows the VLANs configured by MVR voice_vian Shows the VLANs configured by Voice VLAN all Shows all VLANs configuration Example Show VLAN status SNC Vikan hoo kite Console VLAN Mode Set or show the VLAN Mode Parameters portbased Port Based VLAN Mode dotiq 802 1Q VLAN Mode default Show VLAN Mode Default Setting IEEE 802 1Q Example Set VLAN mode in port base SWITCH gt vlan mode portbased 4 5 4 VLAN Port Configuration VLAN Port Configuration manages ports on a switch that are part of a VLAN The port default VLAN ID PVID is configured on the VLAN Port Configuration page All untagged packets arriving to the device are tagged by the ports PVID VLAN Port Configuration for Switch 1 mods 200210 y Ingress Acceptable i EA Set out layer YLAN Fl Filtering Frame Type Link Type Q in Q Mode tag ether type O All v UnTag v UnTag O O v UnTag O v UnTag
46. Version Max Age Forward Delay tx Hole Count Max HOP COUNT 4 6 2 STP Bridge Configuration Configure STP system settings The settings are used by all STP Bridge instances in the Switch or switch Stack STP Bridge Configuration Basic Settings Advanced Settings Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout Po The page includes the following fields gt Basic Settings 101 User s Manual SW 24400 Protocol Version The STP protocol version setting Values STP RSTP and MSTP The delay used by STP Bridges to transition Root and Designated Ports to Forwarding used in STP compatible mode Valid values are in the range 4 to 30 seconds Forward Delay Defauli 15 e Minimum The higher of 4 or Max Message Age 2 1 e Maximum 30 The maximum age of the information transmitted by the Bridge when it is the Root Bridge Valid values are in the range 6 to 200 seconds Max Age e Default 20 e Minimum The higher of 6 or 2 x Hello Time 1 e Maximum The lower of 40 or 2 x Forward Delay 1 This defines the initial value of remaining Hops for MSTI information generated at Maximum Hop Count the boundary of an MSTI region Valid values are in the range 6 to 40 hops The number of BPDU s a bridge port can send per second Valid values are in the Transmit Hold Count range 1 to 10 gt Advanced Settings Edge Port BPDU Filtering SECU whether a port expl
47. Web Page The SW 24400 Managed Switch provides a web based browser interface for configuration and management using the web browser of your choice This chapter describes how to use the Managed Switch s web interface Main Navigation Pane Copper Port Link Status SFP Port Link Status Stack Port Link Status ANINEXXUS cortex r EEES HEEE PEEK Gia System gt SNMP Port Management gt Link Aggregation SW 24400 gt VLAN gt Spanning Tree 24 Port 10 100 1000Mbps with 4 Shared SFP Multicast gt Qos Access Control List 802 3at PoE Management Stackable Switch i3 International Inc Authentication A ENEN 780 Birchmount Rd Unit 16 gt MAC Address Table Scarborough Ontario LLDP M1K 5H4 Diagnostics T G8 416261226608 F 416 759 7776 PoE Stack Help Button Main Screen Figure3 5 Main Page gt Panel Display The web agent displays an image of the Managed Switch s ports The Mode can be set to display different information about the ports including Link up or Link down Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows Sa piesblea porn AN A m e puro D gt Main Navigation Pane Using the onboard web agent you can define system parameters manage and control the Managed Switch and all its ports or monitor network conditions Administrators can set up the Managed Switch by selecting f
48. a sa a a a a H 69 w ze D Q Console MVR Mode Set or show the MVR mode enable Enable MVR mode Parameters Example disable Disable MVR mode Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive Receive default Show MVR mode Default Setting She G eree SSS Oo S SS G User s Manual SW 24400 Enable MVR mode SWITCH gt mvr mode enable Console MVR Multicast VLAN Set or show MVR multicast VLAN ID lt vid gt VLAN ID 1 4095 default Show current MVR multicast VLAN ID Default Setting Example Set VLAN 1000 for MVR multicast VLAN ID SWLTCH gt mye malticast vlan 1000 Console MVR Port Mode Syntax Parameters lt port_list gt Port list or all default All ports enable Enable MVR mode disable Disable MVR mode default Show MVR mode Default Setting Example Enable the MVR port mode for port 1 4 SWITCH gt mvr port mode 1 4 enable Console MVR Port Type Set or show MVR port type mvr port type lt port list gt source receiver User s Manual SW 24400 Parameters lt port_list gt Port list or all default All ports source Enable source mode receiver Disable receiver mode Default Setting receiver Example Set source type for MVR port type of port 1 SWITCH gt mvre port type 1 source Console MVR Immediate Leave Set
49. accepted frame types Default Setting Example Set port20 that allow tagged frames only SWITCH gt vlan frametype 20 tagged Console VLAN Ingress Filter Description Set or show the port VLAN ingress filter Syntax vlan ingressfilter lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable VLAN ingress filtering disable Disable VLAN ingress filtering default Show VLAN ingress filtering Default Setting Example Enable VLAN ingress filtering for port20 SWITCH gt vlan ingressfilter 20 enable 91 User s Manual SW 24400 Console VLAN Link Type Description Set or show the port VLAN link type Syntax vlan linktype lt port list gt untagged tagged Parameters lt port_list gt Port list or all default All ports untagged VLAN Link Type Tagged tagged VLAN Link Type Untagged default Show VLAN link type Default Setting Untagged Example Enable tagged frame for port2 SWITCH gt vlan linktype 2 tagged Console VLAN Q in Q Mode Description Syntax Parameters lt port_list gt Port list or all default All ports disable Disable Q in Q VLAN Mode man Q in Q MAN Port Mode customer Q in Q Customer Port Mode default Show VLAN QinQ Mode Example Set port2 in man port SHITCH gt vylan aina 2 man Console VLAN Ethernet Type Set or show out layer VLAN tag ether type in Q in Q VLAN mode vla
50. and reloads saved configurations of the Managed Switch to the local management station Configuration Backup save configuration eave configuaton except IP Address 91 User s Manual SW 24400 You can save view or load the switch configuration The configuration file is in XML with the following hierarchical tags lt xml version 1 0 gt and lt configuration gt These tags are mandatory and must be present Header tags at the beginning of the file lt platform gt lt global gt and lt switch gt The platform section must be the first section tag and this section must include the correct platform ID and version The global section is optional and includes configurations unrelated to specific switch ports The switch section is optional and includes configuration which is related to specific switch ports Section tags i lt ip gt lt mac gt lt port gt etc These tags identify a module controlling specific parts of the Group tags lt port_table gt lt vlan_table gt etc These tags identify a group of parameters typically a table lt mode gt lt entry gt etc These tags identify parameters for the specific section module and Parameter tags group The lt entry gt tag is used for table entries Configuration parameters are represented as attribute values When saving the configuration from the switch the entire configuration including syntax descriptions is included in the file The file may then be
51. been disabled but will get re enabled when the dead time expires The number of seconds left before this occurs is displayed in parentheses This state is only reachable when more than one server is enabled The time interval measured in milliseconds between the most recent Access Reply Access Challenge and the Access Request that matched it from the RADIUS authentication server The granularity of this measurement is 100 ms A value of O ms indicates that there hasn t been round trip communication with the server yet Round Trip radiusAuthClientE Time xtRoundTripTime gt RADIUS Accounting Servers The statistics map closely to those specified in RFC4670 RADIUS Accounting Client MIB Use the server select box to switch between the backend servers to show details for RADIUS accounting server packet counter There are five receive and four transmit counters l l The number of RADIUS Responses a A packets valid or invalid p received from the server The number of malformed RADIUS packets received from the server Malformed packets Malformed radiusAccClientExtM include packets with an invalid Responses alformedResponses length Bad authenticators or unknown types are not included as malformed access Packet Counters responses adAuthenticators authenticators received from the server The number of RADIUS radiusAccClientExtU packets of unknown types that nknown Types were received from the server on the ac
52. being transported in an Ethernet frame FTP is an acronym for File Transfer Protocol It is a transfer protocol that uses the Transmission Control Protocol TCP and provides file writing and reading It also provides directory service and security features 299 User s Manual SW 24400 IGMP snooping Fast Leave processing allows the switch to remove an interface from the forwarding table entry without first sending out group specific queries to the interface The VLAN interface is pruned from the multicast tree for the multicast group specified in the original leave message Fast leave processing ensures optimal bandwidth management for all hosts on a switched network even when multiple multicast groups are in use simultaneously ICMP is an acronym for Internet Control Message Protocol It is a protocol that generated the error response diagnostic or routing purposes ICMP messages generally contain information about routing difficulties or simple exchanges such as time stamp or echo transactions For example the PING command uses ICMP to test an Internet connection IEEE 802 1X is an IEEE standard for port based Network Access Control It provides authentication to devices attached to a LAN port establishing a point to point connection or preventing access from that port if authentication fails With 802 1X access to all switch ports can be centrally controlled from a server which means that authorized users can use the
53. can be added to a network without the hassle of manually assigning it a unique IP address DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options Circuit ID option 1 and Remote ID 204 User s Manual SW 24400 option2 The Circuit ID sub option is supposed to include information specific to which circuit the request came in on The Remote ID sub option was designed to carry information relating to the remote host end of the circuit The definition of Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter of vlan_id is the first two bytes represent the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switch it always equal 0 in stackable switch it means switch ID The parameter of port_no is the fourth byte and it means the port number The Remote ID is 6 bytes in length and the value is equal the DHCP relay agents MAC address
54. displayed for each VLAN ID Check this box to Port Members include a port in a VLAN By default no ports are members and all boxes are unchecked Click to add a new VLAN ID An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 Adding a New VLAN The VLAN is enabled on the selected stack switch unit when you click on Save The VLAN is then present on other stack switch units but with no port members A VLAN without any port members on any stack unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Buttons Ad new Private VLAN Glick to add new VLAN 96 User s Manual SW 24400 Console PVLAN Status Show Private VLAN configuration lt port_list gt Port list or all default All ports Example Show private VLAN configuration SWITCH gt pvlan configuration Private VLAN Configuration H H H H H H H H H H H H H H H H H H H H H G e eS SS gt Y Oo od O E O YO E gt es H EVNEENCEDAFES tes Console PVLAN Add Description Add or modify Private VLAN entry pvlan add lt pvlan_id gt lt port list gt Parameters lt pvlan_id gt Private VLAN ID lt port_list gt Port list or all default All ports Example Add port17 to port24 in PVLAN10 SWIVCH Sov ban add 10 17 24 Console PVLAN Delete Delete Private VLAN entry lt p
55. e Solution Check that the attached device is not set to dedicate full duplex Some devices use a physical or software switch to change duplex modes Auto negotiation may not recognize this type of full duplex setting gt Switch does not power up e Solution 6 AC power cord not inserted or faulty Te Check that the AC power cord is inserted correctly 8 Replace the power cord If the cord is inserted correctly check that the AC power source is working by connecting a different device in place of the switch 9 If that device works refer to the next step 10 If that device does not work check the AC power gt Lost admin password e Solution To reset the IP address to the default IP Address 192 0 0 20 or reset the password to default value Press the hardware reset button at the front panel about 10 seconds 245 User s Manual SW 24400 APPENDIX A SWITCH FEATURE OPERATION A 1 Address Table and Learning The Switch is implemented with an address table composed of many entries Each entry is used to store the address information of some node in the network When a packet comes in from a port the switch will record the source address port number and other related information in an address table to be used for deciding to either forward or filter future packets This process is known as Learning A 2 Forwarding and Filtering When a packet comes from a port of the switch it will also check the destination address as
56. entry index keys are Security Model and Security Name SNMPv3 Groups Configuration y public default ro group private default_rw_group public default ro_ group private default rw group default_user default rw group ia a The page includes the following fields 64 User s Manual SW 24400 Check to delete the entry It will be deleted during the next save Indicates the security model that this entry should belong to Possible security models are Security Model e v1 Reserved for SNMPv1 e v2c Reserved for SNMPv2c e usm User based Security Model USM A string identifying the security name that this entry should belong to Security Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 A string identifying the group name that this entry should belong to Group Name The allowed string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Buttons Add new group Click to add a new group entry Console Security Switch SNMP Group Add The entry index keys are lt security_model gt and lt security_name gt lt group name gt Parameters lt security_model gt v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM lt security_name gt A string identifying the security name that this entry should belong to lt group_name gt A string identifying the group name that this entry shoul
57. fields le Indicates the NTP mode operation Possible modes are Mode e Enabled e Disabled Timezone Allows selecting a time zone according to current location of switch Server Provide the NTP IPv4 or IPv6 address of this switch Console IP NTP Configuration Show NTP configuration Syntax Default Setting NTP Mode Disabled Idx Server IP host address a b c d or a host name string pool ntp org europe pool ntp org north america pool ntp org asia pool ntp org oceania pool ntp org Console IP NTP Mode Set or show the NTP mode Parameters enable Enable NTP mode disable Disable NTP mode default Show NTP mode Default Setting Example Enable NTP mode SWITCH gt ip ntp mode enable Console IP NTP Server Add Add NTP server entry 39 User s Manual SW 24400 ip ntp server add lt server index gt lt ip addr string gt Parameters lt server_index gt The server index 1 5 lt ip_addr_string gt P host address a b c d or a host name string Default Setting Example To add NTP server SWITCH gt ip nto server acd 1 60 249 136 151 Console IP NTP Server IPv6 Add Add NTP server IPv6 entry Parameters lt server_index gt The server index 1 5 lt server_ipv6 gt Pv6 server address Default Setting Example To add IPv6 NTP server SWITCH gt 10 nto server oa acd 1 ZCI a il Console IP NTP Server Delete Description Delete NTP server entry Syntax ip n
58. filter you can enter a specific sender IP address in dotted decimal notation When Network is selected for the sender IP filter you can enter a specific sender IP mask in dotted decimal notation Specify the target IP filter for this specific ACE Any No target IP filter is specified Target IP filter is don t care Host Target IP filter is set to Host Specify the target IP address in the Target IP Address field that appears Network Target IP filter is set to Network Specify the target IP address and target IP mask in the Target IP Address and Target IP Mask fields that appear When Host or Network is selected for the target IP filter you can enter a specific target IP address in dotted decimal notation When Network is selected for the target IP filter you can enter a specific target IP mask in dotted decimal notation 152 ARP SMAC Match RARP SMAC Match IP Ethernet Length Ethernet gt IP Parameters User s Manual SW 24400 Specify whether frames can hit the action according to their sender hardware address field SHA settings e 0 ARP frames where SHA is not equal to the SMAC address e 1 ARP frames where SHA is equal to the SMAC address e Any Any value is allowed don t care Specify whether frames can hit the action according to their target hardware address field THA settings e 0 RARP frames where THA is not equal to the SMAC address e 1 RARP frames where THA is equal to th
59. following information and options The Authentication Server number for which the configuration below applies Enabled Enable the corresponding Authentication Server by checking this box The IP address or hostname of the Authentication Server IP address is expressed in AR ine eiaile dotted decimal notation The UDP port to use on the Authentication Server If the port is set to O zero the Port default port is used 1812 for RADIUS Authentication Server 1813 for RADIUS Accounting Server and 49 for TACACS Authentication Server Secret The password up to 29 characters long shared between the Authentication Server and the switch 4 10 6 RADIUS Overview This page provides an overview of the status of the RADIUS servers configurable on the Authentication configuration page RADIUS Authentication Server Status Overview ie nares 0 0 0 0 1012 Disable 0 0 0 0 1812 Disable 0 0 0 0 1012 Disable 0 0 0 0 1012 Disable 0 0 0 0 1812 Disable RADIUS Accounting Server Status Overview a nares 0 0 0 0 1013 Disable 0 0 0 0 1013 Disable 0 0 0 0 1613 Disable 0 0 0 0 1013 Disable 0 0 0 0 1013 Disable Auto Refresh LI The page includes the following fields gt RADIUS Authentication Accounting Server Status Overview The RADIUS server number Click to navigate to detailed statistics for this server IP Address The IP address and UDP port number in lt IP Address gt lt UDP Port gt notation of this server e
60. formed TLVs but with an unknown type value Org Discarded The number of organizationally TLVs received Each LLDP frame contains information about how long time the LLDP information Age Outs is valid age out time If no new LLDP frame is received within the age out time the LLDP information is removed and the Age Out counter is incremented Buttons ear Clear Clears the local counters All counters including global counters are cleared upon reboot Console LLDP Statistics Description Show LLDP Statistics Syntax lldp statistics lt port list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear LLDP statistics Example Show LLDP Statistics of port 1 Simoca tse me oil LLDP global counters Neighbour entries was last changed at 323592 sec Total Neighbours Entries Added On Total Neighbours Entries Deleted 0 Total Neighbours Entries Dropped 0 Total Neighbours Entries Aged Out 0 LLDP Local counters RX T RX RX R IHLY R IHLY R IHLY Kora Ptames Fremes Praos DIRS sucols acom Unknown Organz 1 Console LLDPMED Debug_med_transmit_var Set or show if the current value of the global medTansmitEnable variable Section Section 11 2 1 TIA 1057 lldpmed debug med transmit var lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Set medTansmitEnable variable to true disable Disable Set medTan
61. forming a negative supply In actual use either polarity may be used for power transference POWER SOURCING POWERED DEVICE EQUIPMENT PSE PD SPARE PAIR Figure B 1 Power Supplied over the Spare Pins 248 User s Manual SW 24400 The data pairs are used Since Ethernet pairs are transformer coupled at each end DC power may be applied to the center tap of the isolation transformer without upsetting the data transfer In this mode of operation the pair on pins 3 and 6 and the pair on pins 1 and 2 can be of either polarity POWER SOURCING POWERED DEVICE EQUIPMENT PSE PD SPARE PAIR Figure B 2 Power Supplied over the Data Pins B 3 PoE Provisioning Process Despite the fact that adding PoE support to network devices Is a relatively simple operation read this section carefully and understand this process before attempting to initialize such a network in order to minimize the risk of damage to hardware not designed for network based power provisioning The PSE is a device that manages the power flow over an Ethernet cable During the detection period a small voltage level is induced on the port s output until a PD is detected The PSE may choose to perform classification to estimate the amount of power to be consumed by this PD After a timed start up the PSE begins supplying the 48 VDC level to the PD till it is physically or electrically disconnected during which voltage and power will shut down Since
62. is only used internally within the Switch Untagging is used to send packets from an 802 1Q compliant network device to a non compliant network device gt 802 1Q VLAN Tags There are four additional octets inserted after the source MAC address Their presence is indicated by a value of 0x8100 in the Ether Type field When a packet s Ether Type field is equal to 0x8100 the packet carries the IEEE 802 1Q 802 1p tag The tag is contained in the following two octets and consists of 3 bits of user priority 1 bit of Canonical Format Identifier CFI used for encapsulating Token Ring packets so they can be carried across Ethernet backbones and 12 bits of VLAN ID VID The 3 bits of user priority are used by 802 1p The VID is the VLAN identifier and is used by the 802 1Q standard Because the VID is 12 bits long 4094 unique VLAN can be identified The tag is inserted into the packet header making the entire packet longer by 4 octets All of the information originally contained in the packet is retained The Ether Type and VLAN ID are inserted after the MAC source address but before the original Ether Type Length or Logical Link Control Because the packet is now a bit longer than it was originally the Cyclic Redundancy Check CRC must be recalculated gt Port VLAN ID Tagged packets carrying the 802 1Q VID information can be transmitted from one 802 1Q compliant network device to another with VLAN information intact This allows 802 1Q
63. of MAC statistics SWITCH gt mac statistics Port Dynamic Addresses ONCE l O U e COMO S D OO OOOO Qe 2 oa2oeoqQ o o O O OO fe so Total Dynamic Addresses 1 total Scacic Addresses 3 5 Console MAC Flush Flush all learned entries 204 User s Manual SW 24400 4 12 4 MAC Table Learning If the learning mode for a given port is greyed out another module is in control of the mode so that it cannot be changed by the user When port security is enabled on a port the Managed Switch a configured maximum number of MAC addresses are learned on a specified port Only incoming traffic with source addresses already stored in the dynamic or static address table will be authorized to access the network through that port If a device with an unauthorized MAC address attempts to use the switch port the intrusion will be detected and the switch can automatically take action by disabling the port and sending a trap message Note that you can also manually add secure addresses to the port using the Static Address Table The selected port will stop learning The MAC addresses already in the address table will be retained and will not age out MAC Table Learning for Switch 1 Port Members 7 8 o9j 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 OOO 00000 OO0O0O0OOC0O0O0ODO ooo 00 Oo oo0o0o0o0odso Oooo 0 6 The page includes the following fields Make sure that the link used for managing the s
64. one of the following administrative states e Multi 802 1X e MAC based Auth The table is identical to and is placed next to the Port Counters table and will be empty if no MAC address is currently selected To populate the table select one of the attached MAC Addresses from the table below dotixAuthLastEapolFrameVe Version E PISO rsion Selected Counters gt Port Counters Object Description Shows the identity of the supplicant Identity Clicking the link causes the supplicant s EAPOL and Backend Server counters to be shown in the Selected Counters table If no supplicants are attached it shows No supplicants attached This column is not available for MAC based Auth For Multi 802 1X this column holds the MAC address of the attached supplicant For MAC based Auth this column holds the MAC address of the attached client Clicking the link causes the client s Backend Server counters to be shown in the Selected Counters table If no clients are attached it shows No clients attached MAC Address VLAN ID This column holds the VLAN ID that the corresponding client is currently secured through the Port Security module 169 User s Manual SW 24400 the authenticated state it is allowed to forward frames on the port and in the unauthenticated State it is blocked As long as the backend server hasn t successfully authenticated the client it is unauthenticated If an authentication fails for one or the other
65. or show MVR port state about immediate leave Syntax mvr immediate leave lt port_list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable Immediate leave mode disable Disable Immediate leave mode default Show MVR Immediate leave mode Default Setting Example Enable MVR port state about immediate leave for port 1 SWLECH gt mvic immediate leave 1 enable 4 7 8 MVR Status This page provides MVR status for a switch MYR Status for Switch 1 Auto Refresh LJ Statistics LAN 1 Reports 2 Reports Y3 Reports 2 Leave ID Receive Receive Receive Receive Multicast Groups Port Members TA a aio erws ijile METETE Mo rmutbcast groups The page includes the following fields The present multicast groups Max 128 groups in the multicast VLAN Port Members The ports that are members of the entry 125 User s Manual SW 24400 Console MVR Group Show the MVR group Console MVR Status Show the MVR status 4 8 Quality of Service Quality of Service QoS is an advanced traffic prioritization feature that allows you to establish control over network traffic QoS enables you to assign various grades of network service to different types of traffic such as multi media video protocol specific time critical and file backup traffic A Policy in terms of QoS is a set of rules that are applied to a network according
66. per port mgt_priority max port power determined by priority default Show PoE power management mode Default Setting Example Set priority mode for PoE function SWITCH gt poe mgmt mode mgt priority 228 User s Manual SW 24400 PD Classifications PD classification provides information about the maximum power required by the PD during operation Class 0 is the default for PDs However to improve power management at the PSE the PD may opt to provide a signature for Class 1 to 4 The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes APD shall return Class 0 to 4 in accordance with the maximum power draw as specified by Table 4 16 1 Class Range of maximum power used by the PD Class Description Default 0 44 to 12 95 Watts Classification unimplement 1 Optional 0 44 to 3 84 Watts Very low power Optional 6 4910 12 95 Watts or to 15 4Watts Optional 12 95 to 25 50 Watts or to 30 8Watts High power Table 4 16 1 Device class The SW 24400 has IEEE 802 3at mode and supplies max power up to 30 8 watts Note 4 15 2 Port Configuration This section allows the user to inspect and configure the current PoE port settings for Switch 1 Power Over Ethernet Configuration Ethernet Port Configuration PoE Mode Schedule 4F AT Mode Maximum Power W Power Allocation W The page includes the follow
67. port for the frame By default Destination MAC Address is disabled IP Address Check to enable the use of the IP Address to calculate the destination port for the frame By default IP Address is enabled 79 User s Manual SW 24400 Check to enable the use of the TCP UDP Port Number to calculate the destination Ua iea port for the frame By default TCP UDP Port Number is enabled Console Aggregation Configuration Show link aggregation configuration Example SWITCH gt aggr configuration Aggregation Mode SMAC Enabled Disabled Enabled Enabled Console Aggregation Mode Set or show the link aggregation traffic distribution mode aggr mode smac dmac ip port enable disable Parameters smac Source MAC address dmac Destination MAC address ip Source and destination IP address port Source and destination UDP TCP port enable Enable field in traffic distribution disable Disable field in traffic distribution Default Setting SMAC Enabled DMAC Disabled IP Enabled Port Enabled Example Disable SMAC mode SWITCH gt Aggr mode smac disable gt Static Aggregation Group Configuration Aggregation Group Configuration for Switch 1 a ras 7 Locaity roun 10 1 2 34 5 6 7 e e ojoje OOOO EEE OODOO0OOODOO O eeeeeeee Figure4 3 Aggregation Group Configuration for a single switch The page includes the following fields Indicates the aggregation group type This field is only
68. port_list gt Port list or all default All ports enable Enable port disable Disable port default Show administrative mode Default Setting Example Disable port SWITCH gt port state 1 disable Console Port Maximum Frame Set or show the port maximum frame size Syntax port maxframe lt port list gt lt max_frame gt Parameters lt port_list gt Port list or all default All ports lt max_frame gt Port maximum frame size 1518 9600 default Show maximum frame size Default Setting 9600 Example Set 2048 frame size for port 71 User s Manual SW 24400 SWITCH gt po0rt maxtrame 1 2048 Console Port Power Set or show the port PHY power mode Syntax port power lt port list gt enable disable actiphy dynamic Parameters lt port_list gt Port list or all default All ports enable Enable all power control disable Disable all power control actiphy Enable ActiPHY power control dynamic Enable Dynamic power control Default Setting Example Disable port power function for port1 4 SWITCH gt port power 1 4 disable Console Port Excessive Syntax Parameters lt port_list gt Port list or all default All ports discard Discard frame after 16 collisions restart Restart backoff algorithm after 16 collisions default Show mode Default Setting Example SWITCH gt port excessive 1 restart 4 3 2 Port Statistics Overview The overview p
69. primary Device Types Network Connectivity Devices and Endpoint Devices An LLDP MED Network Connectivity Device is a LAN access device based on any of the following technologies e LAN Switch Router IEEE 802 1 Bridge IEEE 802 3 Repeater included for historical reasons IEEE 802 11 Wireless Access Point Any device that supports the IEEE 802 1AB and MED extensions defined by TIA 1057 and can relay IEEE 802 frames via any method Definition LLDP MED Generic Endpoint Class 1 Such devices may include but are not limited to IP Communication Controllers other communication related servers or any device requiring basic services as defined in TIA 1057 Device Type Discovery services defined in this class include LAN configuration device location network policy power management and inventory management LLDP MED Media Endpoint Class II Capabilities include all of the capabilities defined for the previous Generic Endpoint Class Class and are extended to include aspects related to media streaming Example product categories expected to adhere to this class include but are not limited to Voice Media Gateways Conference Bridges Media Servers and similar Discovery services defined in this class include media type specific network layer policy discovery LLDP MED Communication Endpoint Class III Capabilities include all of the capabilities defined for the previous Generic Endpoint Class l and Media Endpoint Class II classes an
70. remarking 1 4 enable Console QoS DSCP Queue Mapping Description Set or show the default port priority Syntax qos dscp queue mapping lt port list gt lt class gt lt dscp gt Parameters lt port_list gt Port list or all default All ports lt Class gt Traffic class low normal medium high or 1 2 3 4 lt dscp gt QoS DSCP Remarking Value 0 8 16 24 32 40 48 56 46 141 User s Manual SW 24400 4 8 8 Voice VLAN Configuration The Voice VLAN feature enables voice traffic forwarding on Voice VLAN assigning voice traffic as a separate classification for scheduling purposes Before connecting the IP voice device to the switch ensure that the voice device has VLAN ID correctly configured through its own setup utility The Voice VLAN page includes the following fields Disable MSTP feature before enabling Voice VLAN to avoid ingress filter conflict Mod Possible Voice VLAN modes are iia e Enabled e Disabled VLAN ID Indicates the Voice VLAN ID The allowed range is 1 to 4095 Ade Time Indicates the Voice VLAN secure learning age time when in security or auto g detect mode The allowed range is 10 to 10000000 seconds Indicates the Voice VLAN traffic class All traffic on Voice VLAN will apply this Traffic Class ess Indicates the Voice VLAN port mode Disable MSTP feature before enabling Voice VLAN to avoid ingress filter conflict Possible modes are e Disabled Disjoin from Voice VLAN Port Mode e Auto Enabl
71. s Manual SW 24400 UPnP UPnP is an acronym for Universal Plug and Play The goals of UPnP are to allow devices to connect seamlessly and to simplify the implementation of networks in the home data sharing communications and entertainment and in corporate environments for simplified installation of computer components User Priority User Priority is a 3 bit field storing the priority level for the 802 1Q frame VLAN Virtual LAN A method to restrict communication between switch ports VLANs can be used for the following applications VLAN unaware switching This is the default configuration All ports are VLAN unaware with Port VLAN ID 1 and members of VLAN 1 This means that MAC addresses are learned in VLAN 1 and the switch does not remove or insert VLAN tags VLAN aware switching This is based on the IEEE 802 1Q standard All ports are VLAN aware Ports connected to VLAN aware switches are members of multiple VLANs and transmit tagged frames Other ports are members of one VLAN set up with this Port VLAN ID and transmit untagged frames Provider switching This is also known as Q in Q switching Ports connected to subscribers are VLAN unaware members of one VLAN and set up with this unique Port VLAN ID Ports connected to the service provider are VLAN aware members of multiple VLANs and set up to tag all frames Untagged frames received on a subscriber port are forwarded to the provider port with a single VLAN tag Tagged frames r
72. s Manual SW 24400 Users Configuration Username Privilige Level admin 15 est 5 1 The page includes the following fields The name identifying the user This is also a link to the Add Edit User module Privilege Level The privilege level for the user Buttons Add DEW user Click to add a new user Add edit or delete users from this screen Add User User Settings Password Password again Privilige Level The page includes the following fields Username The name identifying the user Password The password of the user Privilege Level The privilege level for the user Buttons Delete Ls Click to undo any changes made locally and return to the Users page Delete the current user This button is not available for new configurations Add new user Once the new user is added the new user entry is shown in the Users Configuration page 36 Console Security Switch User Configuration Show users privilege levels User s Manual SW 24400 Example security switch users configuration Enable isolate for port10 SWITCH gt security Switch user configuration Users Configuration Privilege Level 4 1 5 Users Privilege Levels Configure the privledge levels available to users After setup is completed click Save in order for changes to take effect Log on to the web interface with the new user name and password Group Name Aggregation Diagnostics SMP Sn
73. status by ACL user Each row describes the ACE defined It is a conflict if a specific ACE is not applied to the hardware due to hardware limitations ACL Status for Switch 1 Combined w Auto refresh CI user inaress Port Frame Type action Rate Limiter Port Copy cPu CPU Once counter contie Mo entries The page includes the following fields Indicates the ACL user Indicates the ingress port of the ACE Possible values are Ingress Port e Any The ACE will match any ingress port e Policy The ACE will match ingress ports with a specific policy e Port The ACE will match a specific ingress port Indicates the frame type of the ACE Possible values are e Any The ACE will match any frame type e EType The ACE will match Ethernet Type frames Note that an Ethernet Type based ACE will not get matched by IP and ARP frames Fame te ARP The ACE will match ARP RARP frames IPv4 The ACE will match all IPv4 frames IPv4 ICMP The ACE will match IPv4 frames with ICMP protocol IPv4 UDP The ACE will match IPv4 frames with UDP protocol IPv4 TCP The ACE will match IPv4 frames with TCP protocol IPv4 Other The ACE will match IPv4 frames which are not ICMP UDP TCP Indicates the forwarding action of the ACE Action e Permit Frames matching the ACE may be forwarded and learned e Deny Frames matching the ACE are dropped Rate Limiter Indicates the rate limiter number of the ACE The allowed range is 7 to 15 When the disp
74. switch managed IPv6 information Users Configuration An overview of the current users Currently the only way to login as another user on the web server is to close and reopen the browser Users Privilege Levels An overview of the privilege levels NTP Configuration Configure NTP UPnP Configure UPnP DHCP Relay Configure DHCP Relay DHCP Relay Statistics Provides statistics for DHCP relay CPU Load This page displays the CPU load using a SVG graph System Log The switch system log information is provided here Detailed Log The switch system detailed log information is provided here Remote Syslog Configure remote syslog SMTP Configure Configure SMTP Web Firmware Upgrade Update firmware controlling the switch TFTP Firmware Upgrade Upgrade the firmware via TFTP server Configuration Backup You can save the switch configuration The configuration file is in XML format with a hierarchy of tags Configuration Upload You can load the switch configuration The configuration file is in XML format with a hierarchy of tags Factory Default Reset the configuration of the stack switch the IP configuration is retained System Reboot Restart the stack switch After restart the stack switch will boot normally 4 1 1 System Information System Information provides information on the current device The following fields are included CA 31 User s Manual SW 24400 The current GMT system time and date The syst
75. switch snipe trap authentication failure disable Console Security Switch SNMP Trap Link up Description Set or show the port link up and link down trap mode Syntax security switch snmp trap link up enable disable Parameters enable Enable SNMP trap link up and link down disable Disable SNMP trap link up and link down default Show SNMP trap link up and link down mode Default Setting Example Disable SNMP trap link up SWITCH gt security switch snmp trap link up disable Console Security Switch SNMP Trap Inform Mode Set or show the SNMP trap inform mode security switch snmp trap inform mode enable disable Parameters enable Enable SNMP trap inform disable Disable SNMP trap inform default Show SNMP inform mode Default Setting Example Disable SNMP trap inform mode SWITCH gt securicty switch samo trap inkorm mode disable Console Security Switch SNMP Trap Inform Timeout Description Set or show the SNMP trap inform timeout usecs Syntax security switch snmp trap inform timeout lt timeout gt Parameters lt timeout gt SNMP trap inform timeout 0 2147 seconds default Show SNMP trap inform timeout Default Setting Example Set SNMP trap inform timeout in 20sec SHEECGH secumirry swikchy samo trap intorm timeout 20 Console Security Switch SNMP Trap Inform Retry Times Description Set or show the SNMP trap inform retry times Syntax Parameters lt retries gt SNMP tra
76. take one of four values Disabled No user modules are currently using the Port Security service Ready The Port Security service is in use by at least one user module and is awaiting frames from unknown MAC addresses to arrive State Limit Reached The Port Security service is enabled by at least the Limit Control user module and no more MAC addresses should be taken in Shutdown The Port Security service is enabled by at least the Limit Control user module No MAC addresses can be learned on the port until it is administratively re opened on the Limit Control configuration Web page The two columns indicate the number of currently learned MAC addresses forwarding as well as blocked and the maximum number of MAC addresses that can be learned on the port respectively MAC Count Current Limit If no user modules are enabled on the port the Current column will show a dash If the Limit Control user module is not enabled on the port the Limit column will show a dash Console Security Network Psec Switch Description Syntax Parameters Example Show port security status SWITCH gt security network psec switch Meses L Limit Control 802 1X DHCP SNOOPLNAG Voice VLAN 8 D V Pott Users State 189 User s Manual SW 24400 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 lt port_list gt Port list or all default All ports Example Show MAC address learned on port 1 SWI
77. the one with the lowest VLAN ID found in the VLAN Table The VLAN input fields allow the user to select the starting point in the VLAN Table IGMP Snooping VLAN Configuration start from WLAN with 20 entries per page 1 O F The page includes the following fields VLAN ID The VLAN ID of the entry IGMP Snooping Enable Enable the per VLAN IGMP Snooping Only up to 64 VLANs can be selected Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop act as an IGMP Querier if received any Querier from other devices IGMP Querier Buttons 119 User s Manual SW 24400 Refresh Refreshes the displayed table starting from the VLAN input fields ke Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID oe gt Updates the table starting with the entry after the last entry currently displayed Console IGMP State Set or show the IGMP snooping state for VLAN Syntax igmp state lt vid gt enable disable Parameters lt Vid gt VLAN ID 1 4095 default Show all VLANs enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting Example Disable VID 1 SWITCH gt igmp state 1 disable 4 7 5 Port Group Filtering IGMP filtering enables you to assign a profile to a sw
78. the PSE is responsible for the PoE process timing it is the one generating the probing signals prior to operating the PD and monitoring the various scenarios that may occur during operation All probing is done using voltage induction and current measurement in return Volts specified Volts managed Stage Aon per 802 3af by chipset Measure whether powered device has the correct signature Classification Measure which power level class the resistor indicates 14 5 20 5 12 5 25 0 Startup Where the powered device will startup Normal operation Supply power to device 36 57 25 0 60 0 B 3 1 Line Detection Before power is applied for safety reasons a valid PD is connected to the PSE s output first This process is referred to as line 249 User s Manual SW 24400 detection and involves the PSE seeking a specific 25 KQ signature resistor Detection of this signature indicates that a valid PD is connected and that provision of power to the device may commence The signature resistor is isolated in the PD s PoE front end away from the rest of the PD s circuitries till detection is certified B 3 2 Classification Once a PD is detected the PSE may optionally perform classification to determine the maximal power a PD is to consume The PSE induces 15 5 20 5 VDC limited to 100 mA for a period of 10 to 75 ms responded by a certain current consumption by the PD indicating its power class The PD is assigned to one of 5 classes 0
79. the checkboxes that corresponds to the policies Buttons Add new policy click to add new policy Console LLDPMED Port Policy Set or show LLDP MED port policies lldpmed port policies lt port list gt lt policy list gt Parameters lt port_list gt Port list or all default All ports lt policy_list gt List of policies to delete 216 User s Manual SW 24400 Console LLDPMED Policy Delete Delete the selected policy lldpmed policy delete lt policy list gt lt policy_list gt List of policies to delete Example Delete the policy 1 SWITCH gt 11dpmed policy delete 1 Console LLDPMED Policy Add Adds a policy to the list of polices Syntax lldpmed policy add voice voice signaling guest voice guest voice signaling softphone voice video conferencing streaming video video signaling tagged untagged lt vlan_id gt lt 12 priority gt lt dscp gt Parameters voice Voice for use by dedicated IP Telephony handsets and similar appliances supporting interactive voice services voice_signaling Voice Signalling conditional for use in network topologies requiring a different policy for voice signalling guest_voice support a separate limited voice service for guest users and visitors guest_voice_signaling Guest Voice Signalling conditional for use in network topologies requiring different policy for the guest voice signalling softphone_voice Softphone Voice for use by softphone a
80. the following fields VLAN ID Indicates the ID of this particular VLAN The VLAN Membership Status Page displays the current VLAN port members for Port Members all VLANs configured by a selected VLAN User selection shall be allowed by a Combo Box By default all VLAN Users are selected and information is shown for all the VLAN Users VLAN User A VLAN User is a module that uses services such as PVID and UVID See the VLAN Overview section for more details on the options Buttons mtatic Select VLAN Users from this drop down list 4 5 7 VLAN Port Status This page provides VLAN Port Status 94 User s Manual SW 24400 VLAN Port Status for User Static Port PYID VLAN Aware Ingress Filtering Frame Type TxTag UYID Conflicts Mo Disabled Disabled Untag this Disabled Disabled Untag this Disabled Disabled Untag this Disabled Disabled Untag this Disabled Disabled Untag this Disabled Untag this 22 1 Disabled Disabled All Untag_this 1 o 24 Disabled Disabled All Untag this 1 No 24 1 Disabled Disabled All Untag this 1 Mo The page includes the following fields The logical port for the settings contained in the same row PVID Shows the VLAN identifier for that port The allowed values are 7 through 4095 The default value is 1 Show the VLAN Awareness for the port e f VLAN awareness is enabled the tag is removed from tagged frames received on the VLAN Aware port VLAN tagged frames are classi
81. the supplicant is not successfully authorized by the RADIUS server X Auth Y Unauth The port is in a multi supplicant mode Currently X clients are authorized and Y are unauthorized The buttons are only enabled when authentication is globally enabled and the port s Admin State is in an EAPOL based or MAC based mode Clicking these buttons will not cause settings changed on the page to take effect e Reauthenticate Schedules a reauthentication to whenever the quiet period of the port runs out EAPOL based authentication For MAC based authentication Restart reauthentication will be attempted immediately The button only has effect for successfully authenticated clients on the port and will not cause the clients to get temporarily unauthorized Reinitialize Forces a reinitialization of the clients on the port and thereby a reauthentication immediately The clients will transfer to the unauthorized state while the reauthentication is in progress Console Security Network NAS Mode Set or show the global NAS enabledness Syntax Parameters enable Globally enable 802 1X disable Globally disable 802 1X 162 User s Manual SW 24400 default Show current 802 1X global enabledness Default Setting disable Example Enable IEEE802 1X function SWITCH gt security network nas mode enable Console Security Network NAS Configuration Show 802 1X configuration security network nas configuration lt port list gt l
82. this aggregation for this switch stack Local Ports The format is Switch ID Port The LACP Status page provides a status overview for LACP status for all ports on a switch LACP Status for Switch 1 LACP Key Aggr ID Partner System ID Partner Port Auto Refresh L The page includes the following fields The switch port number e Yes means that LACP is enabled and the port link is up e No means that LACP is not enabled or that the port link is down e Backup LACP status is disabled and the port could not join the aggregation group but User s Manual SW 24400 will join if another port leaves Key The key assigned to this port Only ports with the same key can aggregate together Aaar ID The Aggregation ID assigned to this aggregation group 99 IDs 1 and 2 are GLAGs while IDs 3 14 are LLAGs Partner System ID The partners System ID MAC address Partner Port The partners port number connected to this port Console LACP Status Show LACP Status Syntax lacp status lt port list gt Parameters lt port_list gt Port list or all default All ports Default Setting active Example Show LACP status of port 4 SWITCH gt lacp status 1 4 Mode Key Agger ID Parcher oystem ID Partner POTT Disabled 1 Disabled 1 Disabled 1 Disabled 1 4 4 4 LACP Port Statistics Display LACP statistics overview for all ports on a switch LACP Statistics for Switch 1 port A EAB nea ea o
83. tn N NS a 26 922 95 A ack sabencsceladaaa tossanncectciSineeasaed ssecasacoAaootdecdie a eaeaateudaneiniaennmaceas 27 3 2001 Man VVC Padel iaa 28 3 2 4 SNMP Based Network Manageme nh cccccccssseecccceeseeeeecseeeeceeceeaeeeeeeseaseeeesseaaeeeesseaaeeeessaaeeeessuageeeesseaaeeessssagss 29 3 3 USING TRIS Man Ua ica A 30 1 CGONFIGURA TON ii 31 SE o e In a a a a a 31 ANS SS INTONA ON a io 31 A a ONE Rr a a PRO Oe 34 A To PYG COMIQUEA iOa a E e A E 35 GAUSS GONNA LON dali 35 4 1 59 Users Privilege LAS a de a Gets 37 User s Manual SW 24400 A AAGiNT RP COMMOQUPAMOMIN Ie a n 39 AAG UPnP CONQUE asaacenie a 40 AAO DO TIGE Clay ceptinceceact sete taco o a rath Mcarashacgecs atanenceusreerelt eeeeutoaesseiei iat 41 A E A ee eee messed eens 44 A AOS PRO AG usr se Roan a a oI su dish O ae cet Sa ens at tea 45 AA SUSTO Otilio E sasandeanosaiaesaaveaitesnen ia esnnacck atalasnes auateeccledduncbsasaadeonsmasadeananeeae 46 Altea Detalle Loo tr diia 47 A A 48 ES A speech enacseeasanedebeauauutueed age led usteeueadedel ledeaueb teed eee denuaseiusetadbiene 48 AAS Web Firmware Upg adesina E cdsa ticos 50 ALO TEIR ErmwWar e 0 8 ot 51 e Ae oe A EON 51 Oo o rio A A nace Neat aes 52 A A A beeen eae 53 4 2 OOVSICIN ROO yt tio 53 4 2 Simple Network Management Proto Livtivavisi an ii 53 AZ ASIN OV EIVICW cars rata aioz 53 42 2 SNMP System COnlguraOn ccc eres vtanetaci a ese o asia eee lila ilys ote 54 4 2 3 SNMP Sy
84. to the currently selected stack unit as reflected by the page header 155 User s Manual SW 24400 ACL Ports Configuration for Switch 1 DR ar 3547 2 o z Dee Y Dne 23 24 The page includes the following fields The logical port for the settings contained in the same row Policy ID Select the policy to apply to this port The allowed values are 7 through 8 The y default value is 1 Action Select whether forwarding is permitted Permit or denied Deny The default value is Permit Rate Limiter ID Select which rate limiter to apply to this port The allowed values are Disabled or the values 7 through 15 The default value is Disabled Port Co Select which port frames are copied to The allowed values are Disabled or a py specific port number The default value is Disabled Specify the logging operation of this port The allowed values are e Enabled Frames received on the port are stored in the System Log Logging e Disabled Frames received on the port are not logged The default value is Disabled Please note that the System Log memory size and logging rate is limited Specify the port shut down operation of this port The allowed values are e Enabled If a frame is received on the port the port will be disabled e Disabled Port shut down is disabled The default value is Disabled Counts the number of frames that match this ACE Shutdown Console Security Network ACL Action Syntax sec
85. valid for stackable switches e Global The group members may reside on different units in the stack The device Locality supports two 8 port global aggregations e Local The group members reside on the same unit Each local aggregation may consist of up to 16 members User s Manual SW 24400 Group Indicates the group ID for the settings contained in the same row Group ID Normal p indicates there is no aggregation Only one group ID is valid per port Each switch port is listed for each group ID Select a radio button to include a port in an Port Members aggregation or clear the radio button to remove the port from the aggregation By default no ports belong to any aggregation group Console Aggregation Lookup Lookup link aggregation aggr lookup lt aggr_id gt lt aggr_id gt Aggregation ID global 1 2 local 3 14 Example Show aggregation status SWITCH gt aggi lookup 1 dE GLAG1 Siete 1 4 Description Syntax Parameters lt port_list gt Port list lt aggr_id gt Aggregation ID global 1 2 local 3 14 Default Setting Example Add port 1 4 in Group SWITCH gt aggr acc 1 4 1 Console Aggregation Delete Description Delete link aggregation Syntax aggr delete lt aggr_id gt Parameters lt aggr_id gt Aggregation ID global 1 2 local 3 14 Example Delete Group2 SWITCH gt aggr delete 2 4 4 2 LACP Configuration Link Aggregation Control Protocol LACP
86. well as the source address for learning If the address table for the destination address not found this packet will be forwarded to all the other ports except the port sending the packet These ports will transmit this packet to the connected network If found and the destination address is located at different port than the sending packet the switch will forward this packet to the port where this destination address is located according to the information from address table If the destination address is located at the same port sending the packet then this packet will be filtered thereby increasing network throughput and availability A 3 Store and Forward Store and Forward is one type of packet forwarding technique A Store and Forward Ethernet switch stores the incoming frame in an internal buffer complete error checking is done before transmission to eliminate the occurrence of error packets This is the best choice when a network efficiency and stability are a priority The switch scans the destination address from the packet header searches the routing table provided for the incoming port and forwards the packet only if required The fast forwarding makes the switch ideal for connecting servers directly to the network thereby increasing throughput and availability However the switch is most commonly used to segment existing hubs which nearly always improves overall performance An Ethernet switch can be easily configured in any networ
87. 100 240V 50 60Hz Power Consumption Power Requirement AC Stacking Numbers Stacking Numbers 6 Chain and Ring modes Link Aggregation groups spanning multiple switches in a stack Stacking Architecture Hardware learning with MAC table synchronization across stack Mirroring across stack available 10Gbps Full Duplex 7 Segment LED Display 1 9 A F 0 6KV DC Stacking Bandwidth Stack ID Display ESD Protection End Span Per Port 52V DC Max 30 8 watts Power Pin Assignment 1 2 3 6 PoE Power Budget 360 Watts Auto detect powered device PD Circuit protection prevent power interference between ports PoE Power Supply Type PoE Power Output PoE Management Per port PoE function enable disable PoE Port Power feeding priority Total and per port PoE port power limit Number of PD 24 7Watts PoE Ability SIS D 3 Number of PD 11 30 8Watts Basic Management Interfaces Console Telnet Web Browser SNMPv1 v2c and v3 Secure Management Interface SSH SSL SNMP v3 Four RMON groups history statistics alarms and events IPv6 IP Address NTP DNS management Built in Trivial File Transfer Protocol TFTP client BOOTP and DHCP for IP address assignment Management Features Firmware upload download via HTTP TFTP DHCP Relay User Privilege levels control NTP Network Time Protocol Cable diagnostic tools Port disable enable Auto negotiation 10 100 1000Mbps full and half duple
88. 1000Base LX 1000 Base 22 1000Base LX 1000 Base LILO User s Manual SW 24400 4 3 5 Port Mirroring Configuration The Port Mirroring function monitors network traffic by forwarding a copy of each incoming or outgoing packet from one port of a network switch to another port where the packet can be studied To debug network problems selected traffic can be copied or mirrored to a mirror port where a frame analyzer can be attached to analyze the frame flow The Managed Switch can unobtrusively mirror traffic from any port to a monitor port You can then attach a protocol analyzer or RMON probe to this port to perform traffic analysis and verify connection integrity The traffic to be copied to the mirror port is selected as follows e All frames received on a given port also known as ingress or source mirroring eo All frames transmitted on a given port also known as egress or destination mirroring The Port Mirror Configuration screen is shown below Mirror Configuration Stack Global Settings Port to mirror to Disabled wt Switch to mirror to Swich Mirror Port Configuration for Switch 1 Disabled Figure The Mirror Configuration screen with both Global and switch specific settings The page includes the following fields Frames from ports that have either source or destination mirroring enabled are mirrored to this Port to mirror to port Disabled disables mirroring Frames from ports that h
89. 140 meters 10 and 100 Mbps ports will be linked down while running cable diagnostic Therefore running cable diagnostic on a 10 or 100 Mbps management port will cause the switch to stop responding until VeriPHY is complete The ports belong to the currently selected stack unit Possible states are as follows eo Ifthe link is established on the twisted pair interface in 1000Base T mode the Cable Diagnostics can run without disruption of the link or of any data transfer 224 User s Manual SW 24400 Ifthe link is established in 100Base TX or 10Base T the Cable Diagnostics cause the link to drop while the diagnostics are running After the diagnostics are finished the link is re established And the following functions are available e Coupling between cable pairs e Cable pair termination e Cable Length VeriPHY Cable Diagnostics for Switch 1 Port Al v Cable Status Pair A 1 2 Length A Pair B 3 6 Length B Pair C 4 5 Length Pair D 7 8 Length D The page includes the following fields Request Cable Diagnostics on this port Port Port number Cable Status Pair The status of the cable pair Length The length in meters of the cable pair Buttons Start Click to run the diagnostics Console Port VeriPHY Description Run cable diagnostics Syntax Parameters lt port_list gt Port list or all default All ports 4 15 Power over Ethernet Providing up to 24 PoE in lin
90. 161 User s Manual SW 24400 When RADIUS Assigned VLAN is both globally enabled and enabled checked for a given port the switch reacts to VLAN ID information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated This option is only available for single client modes i e RADIUS Assigned O O TEA VLAN Enabled e Single 802 1X The Tunnel Medium Type Tunnel Type and Tunnel Private Group ID attributes must all be present at least once in the Access Accept packet Value of Tunnel Private Group ID must be a string of ASCII chars in the range 0 9 which is interpreted as a decimal string representing the VLAN ID Leading 0 s are discarded The final value must be in the range 1 4095 When Guest VLAN is both globally enabled and enabled checked for a given port the switch considers moving the port into the Guest VLAN according to the rules outlined below This option is only available for EAPOL based modes i e e Port based 802 1X e Single 802 1X e Multi 802 1X When a Guest VLAN enabled port s link comes up the switch starts transmitting EAPOL Request Identity frames If the number of transmissions of such frames exceeds Max Reauth Count and no EAPOL frames have been received in the meanwhile the switch considers entering the Guest VLAN The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout If Allow Gue
91. 1omp Flooding enable Console IGMP Leave Proxy Description Set or show the mode of IGMP Leave Proxy Syntax Parameters enable Enable IGMP Leave Proxy disable Disable IGMP Leave Proxy default Show IGMP snooping mode Default Setting Example Enable IGMP leave proxy SWITCH gt igmp leave proxy enable Console IGMP Querier Set or show the IGMP snooping querier mode for VLAN Syntax igmp querier lt vid gt enable disable Parameters lt vid gt VLAN ID 1 4095 default Show all VLANs enable Enable IGMP querier disable Disable IGMP querier default Show IGMP querier mode Default Setting Example Enable the IGMP snooping querier mode for VLAN 117 User s Manual SW 24400 SWITCH gt igmp querier 1 enable 4 7 3 IGMP Port Related Configuration This page provides IGMP Snooping related configuration Most of the settings are global whereas the Router Port configuration is related to the currently selected stack unit as reflected by the page header IGMP Port Related Configuration for Switch 1 Router Port Throttling 1 O d Unlimited The page includes the following fields Specify which ports act as router ports If an aggregation member port is selected Router Port l as a router port the whole aggregation will act as a router port Fast Leave Enable Fast Leave on the port Throttling Enable to limit the number of multicast groups to which a switch port can belong
92. 2 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network access In this mode the Port Security module is used to secure a supplicant s MAC address once successfully authenticated Multi 802 1X In port based 802 1X authentication once a supplicant is successfully authenticated on a port the whole port is opened for network traffic This allows other clients connected to the port for instance through a hub to piggy back on the successfully authenticated client and get network The maximum number of supplicants that can be attached to a port can be limited using the Port Security Limit Control functionality MAC based Auth In MAC based authentication the initial frame any kind of frame sent by a client is snooped by the switch which in turn uses the client s MAC address as both username and password in the subsequent EAP exchange with the RADIUS server When RADIUS Assigned QoS is both globally enabled and enabled checked for a given port the switch reacts to QoS Class information carried in the RADIUS Access Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticatedThis option is only available for single client modes i e Port based 802 1X Single 802 1X
93. 3 10Base T IEEE 802 3u 100Base TX 100Base FX IEEE 802 3z Gigabit SX LX IEEE 802 3ab Gigabit 1000T IEEE 802 3x Flow Control and Back pressure IEEE 802 3ad Port trunk with LACP IEEE 802 1d Spanning tree protocol IEEE 802 1w Rapid spanning tree protocol IEEE 802 1s Multiple spanning tree protocol IEEE 802 1p Class of service IEEE 802 1Q VLAN Tagging IEEE 802 1x Port Authentication Network Control IEEE 802 1ab LLDP RFC 768 UDP RFC 793 TFTP RFC 791 IP RFC 792 ICMP RFC 2068 HTTP RFC 1112 IGMP version 1 RFC 2236 IGMP version 2 IEEE 802 3af Power over Ethernet IEEE 802 3at Power over Ethernet Pre Standard Additional Security Features Standards Compliance 12 User s Manual SW 24400 2 INSTALLATION This section describes the hardware features and installation of the Managed Switch to desktop or rack mount For easier management and control of the Managed Switch familiarize yourself with its display indicators and ports Read this chapter completely before connecting any network device to the Managed Switch IMPORTANT NOTE This PoE network switch is recommended for IP cameras ONLY 2 1 Hardware Description 2 1 1 Switch Front Panel The unit front panel provides a simple interface for monitoring the switch DB9 RS 232 male serial port 1000Base SX LX mini GBIC slot connector for direct connection Master LED indicates the SFP Small Factor Pluggable to a terminal device master switch in
94. ADIUS assigned is appended to the VLAN ID If the port is moved to the Guest VLAN Guest is appended to the VLAN ID gt Port Counters Description These supplicant frame counters are available for the following administrative states e Force Authorized Force Unauthorized Port based 802 1X Single 802 1X Multi 802 1X dot1 xAuthEapolFramesRx dotixAuthEapolRespldFra Response ID mesRx dotixAuthEapolRespFram EAPOL Counters dotixAuthEapolStartFram dot1xAuthEapolLogoffFra Logoff men 167 The number of valid EAPOL frames of any type that have been received by the switch The number of valid EAPOL Response Identity frames that have been received by the switch The number of valid EAPOL response frames other than Response Identity frames that have been received by the switch The number of EAPOL Start frames that have been received by the switch The number of valid EAPOL Logoff frames that have been received by the switch User s Manual SW 24400 The number of EAPOL frames that dot1xAuthInvalidEapolFra have been received by the switch in mesRx which the frame type is not recognized The number of EAPOL frames that dot1xAuthEapLengthError have been received by the switch in FramesRx which the Packet Body Length field is invalid The number of EAPOL frames of dotixAuthEapolFramesTx any type that have been transmitted by the switch The number of EAPOL Request Identity frames t
95. An empty row is added to the table and the VLAN can be configured as needed Legal values for a VLAN ID are 1 through 4095 The VLAN is enabled on the selected stack switch unit when you click on ea a ew EN Save The VLAN is then present on other stack switch units but with no port members A VLAN without any port members on any stack unit will be deleted when you click Save The button can be used to undo the addition of new VLANs Buttons Add new ent Glick to add new VLAN Refiesh Refreshes the displayed table starting from the VLAN ID input fields Les Updates the table starting from the first entry in the VLAN Table i e the entry with the lowest VLAN ID gt gt J Updates the table starting with the entry after the last entry currently displayed Console VLAN Add Add or modify VLAN entry Parameters lt vid gt VLAN ID 1 4095 lt port_list gt Port list or all default All ports Default Setting 1 Example Add port17 to port24 in VLAN10 SWITCH gt vlan add 10 17 24 93 User s Manual SW 24400 Console VLAN Delete Delete VLAN entry lt vid gt VLAN ID 1 4095 Example Delete port17 to port24 in VLAN10 SWITCH gt vlan delete 10 4 5 6 VLAN Membership Status for User Static This page provides an overview of membership status for VLAN users VLAN Membership Status for User Static a raso ole polpe Auto Refresh O Static e a E a The page includes
96. Class c Tag Priority3 Class Tag Priority5 Class Tag Priorityb Class Tag Priority Class gt Tag Priorityd Class The page includes the following fields QCL ID Select the QCL ID to which this QCE applies VLAN Priority Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Ancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard The QCL configuration wizard is finished and the new configuration is ready for use Console QoS Classes Set or show the number of traffic classes lt class gt Number of traffic classes 1 2 or 4 Default Setting Example Set QoS classes 2 SWITCH gt qos classes 2 4 8 2 QoS Control List Configuration Manage the QCEs for a given QCL 132 User s Manual SW 24400 QoS Control List Configuration Ocoee 11 v QCE Type Type Value Traffic Class E The page includes the following fields QCL e Select a QCL to display a table that lists all the QCEs for that particular QCL Specifies which frame field the QCE processes to determine the QoS class of the frame The following QCE types are supported e Ethernet Type The Ethernet Type field If frame is tagged this is the Ethernet Type that follows the tag header QCET VLAN ID VLAN ID Only applicable if the frame is VLAN tagged ype TCP UDP Port IPv4 TCP UDP source destination port
97. Console Security Switch SNMP Trap Community Description Set or show the community string for SNMP traps Syntax Parameters lt community gt Community string Use clear or to clear the string default Show SNMP trap community Default Setting Example Set private value for SNMP trap community SNITCH security swrecihh snmp crap Community private lt ip_addr_string gt P host address a b c d or a host name string Example Set SNMP trap destination address for 192 168 0 20 SWEECH gt seCubiry switch snmp trap destination 92 oe 0 20 Console Security Switch SNMP Trap IPv6 Destination Set or Show the SNMP trap destination IPv6 address security switch snmp trap ipv6 destination lt ipv6 addr gt lt ipv6_addr gt End IPv6 address See the glossary for more details about IPv6 Default Setting Example Set SNMP trap IPv6 destination address for 2001 0001 SHITCH gt se0ur ity asma Sus Amp crap ipyve Cestinaciom 2001 0001 59 User s Manual SW 24400 Console Security Switch SNMP Trap Authentication Failure Set or show the SNMP authentication failure trap mode Syntax security switch snmp trap authentication failure enable disable Parameters enable Enable SNMP trap authentication failure disable Disable SNMP trap authentication failure default Show SNMP trap authentication failure mode Default Setting Example Disable SNMP trap authentication failure SWDTGH 7 Sseccuruty
98. Delete Voice VLAN OUI entry Modifying the OUI table will restart auto detect OUI process Syntax voice vlan oui delete lt oui addr gt Parameters lt oui_addr gt OUI address xx xx xx Example Delete Voice VLAN OUI entry SWITCH gt votee vlan oul delete 00 11 22 Console Voice VLAN OUI Clear Clear Voice VLAN OUI entry Modifying the OUI table will restart auto detect OUI process Example Clear Voice VLAN OUI entry SWITCH gt vo1ce vlan out clear Console Voice VLAN OUI Lookup Lookup Voice VLAN OUI entry voice vlan oui lookup lt oui_addr gt lt oui_addr gt OUI address xx xx xx default Show OUI address Example 145 User s Manual SW 24400 Lookup Voice VLAN OUI entry SWHITCH gt vyoLce vlan oui lookup 4 9 Access Control Lists ACL is an acronym for Access Control List a list table containing access control entries ACEs that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object contains an identifier to its ACL The privileges determine whether there are specific traffic object access rights There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application 4 9 1 Access Control List Status This page shows the ACL
99. Disable The port operates in its normal VLAN mode This is the default Q in Q Mode e MAN Port Configures IEEE 802 1Q tunneling QinQ for an uplink port to another device within the service provider network e Customer Port Configures IEEE 802 1Q tunneling QinQ for a client access port to segregate and preserve customer VLAN IDs for traffic crossing the service provider network The Tag Protocol Identifier TPID specifies the ethertype of incoming packets on a tunnel access port e 802 1Q Tag 8100 e vMAN Tag 88A8 e Default 802 1Q Tag Set Out layer VLAN tag ether type The port must be a member of the same VLAN as the Port VLAN ID Console VLAN Configuration Description Show VLAN configuration Syntax Parameters lt port_list gt Port list or all default All ports Example Show VLAN status of port 90 User s Manual SW 24400 SHITCH gt vlan configuracion 1 VLAN Configurations 2 IBEE 802 10 PVID IngrFilter FrameType LinkType Q in Q Mode Eth type Console VLAN PVID lt port_list gt Port list or all default All ports lt vid gt none Port VLAN ID 1 4095 or none default Show port VLAN ID Example Set PVID2 for port20 SWITCH gt vlan pvid 20 2 Console VLAN Frame Type Description Syntax Parameters lt port_list gt Port list or all default All ports all Allow tagged and untagged frames tagged Allow tagged frames only default Show
100. EAPOL frames have been received on a port for the lifetime of the port enable The Guest VLAN can be entered even if an EAPOL frame has been received during the lifetime of the port default Show current setting Default Setting 165 User s Manual SW 24400 Example Enable NAS guest VLAN SWITCH gt security network nas guest vlan enable Console Security Network NAS Authenticate Description Refresh restart 802 1X authentication process Syntax security network nas authenticate lt port list gt now Parameters lt port_list gt Port list or all default All ports now Force reauthentication immediately Example Start NAS authentication now for port 1 SWITCH gt security network nas authenticate 1 now 4 10 3 Network Access Overview This page provides an overview of the current NAS port states for the selected switch Network Access Overview for Switch 1 Auto refresh L Admin State Port State Last ID QoS Class Port VLAN ID 1 Force Authorized Globally Disabled 2 Force Authorized Globally Disabled 3 Force Authorized Globally Disabled 23 Force Authorized Globally Disabled 4 Force Authorized Globally Disabled The page includes the following fields Laso The source MAC address carried in the most recently received EAPOL frame for EAPOL based Last Source authentication and the most recently received frame from a new client for MAC based authentication The user name supplic
101. H security switch snmp trap security engine ad 800007e501727000011 4 2 3 SNMP System Information Configuration The switch system information is provided here system Information Configuration SSW OOP Ey The page includes the following fields w CN The textual identification of the contact person for this managed node together with System Contact information on how to contact this person The allowed string length is O to 255 and the allowed content is the ASCII characters from 32 to 126 An administratively assigned name for this managed node No space characters are System Name permitted The first character must be alphanumeric The last character must not be a minus sign The allowed string length is O to 255 System Gestion The physical location of this node e g telephone closet 3rd floor The allowed string y length is 0 to 255 and the allowed content is the ASCII characters from 32 to 126 4 2 4 SNMP Trap Configuration Configure SNMP trap 97 User s Manual SW 24400 SNMP Trap Configuration The page includes the following fields Indicates the SNMP trap mode operation Possible modes are Trap Mode e Enabled e Disabled Indicates the SNMP trap supported version Possible versions are e SNMP v1 e SNMP v2c e SNMP v3 Indicates the community access string when send SNMP trap packet The Trap Community allowed string length is 0 to 255 and the allowed content is the ASCII characters f
102. Manual SW 24400 SGwLtehn gt ip configuration IP Configurations DHCP Cliente Disabled IP Address 3 192 0 0 20 IP Mask IL NA DA IP Router Ls So Call DNS Server PLO OF OO VLAN ID Sel DNS ErOxy Disabled IPv6 AUTOCONFIG mode Disabled TEVOo Linak Local Address tes0 230 14ttt te24 1al IPv6 Address O OO IPv6 Prefix 3 96 IPv6 Router A IPv6 VLAN ID eel 4 1 3 IPv6 Configuration The Configured column is used to view or change the IPv6 configuration The Current column is used to show the active IPv6 configuration See the Glossary for more information on IPv6 addresses IPv6 Configuration a INSI DENIA EINEN Auto Configuration L F 192 166 0 100 ii Link Local Address feS0 230 4fff fe24 4d1 Prefix VLAN ID The page includes the following fields Auto Configuration Enable IPv6 auto configuration by checking this box Provide the IPv6 address of this switch Provide the IPv6 Prefix of this switch The allowed range is 1 through 128 Provide the IPv6 gateway address of this switch Router Provide the IPv6 SNTP Server address of this switch VLAN ID Provide the managed VLAN ID The allowed range is 1 through 4095 4 1 4 Users Configuration Configure and view users To login as another user on the web server is to close and reopen the browser After setup is completed click Save for changes to take effect Log on to the web interface with the new user name and password 35 User
103. P Pot LIDSCP Coca Wi The page includes the following fields Audio and Video Indicates the common servers that apply to the specific QCE Games Indicates the common games that apply to the specific QCE Indicates the user definition that applies to the specific QCE The user definitions are Ethernet Type Specify the Ethernet Type filter for this QCE The allowed User Definition range is 0x600 to OxFFFF VLAN ID The VLAN ID filter for this QCE The allowed range is 7 to 4095 UDP TCP Port Specify the TCP UDP port filter for this QCE The allowed range is Oto 65535 DSCP Specify the DSCP filter for this QCE The allowed range is 0 to 63 Buttons Cancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard The wizard will create specific QCEs QoS Control Entries automatically in accordance to the selections on the previous page First select the QCL ID for these QCEs and then select the traffic class Different parameter options are displayed depending on the frame type that you selected 129 User s Manual SW 24400 qos qclapp qos msg qclappace qos msg qclappfirst qos msg qclappdiff QCL ID w E The page includes the following fields QCL ID Select the QCL ID to which these QCEs apply Traffic Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons ancel Wizard Click to cancel the wiz
104. P Source Range See note below for details TCP UDP Source Filter Specify the TCP UDP destination filter for this ACE See note below for details TCP UDP Destination Filter e Any No TCP UDP destination filter is specified e Specific Enter a specific TCP UDP destination value e Range Enter a specific TCP UDP destination range value TCP UDP Destination Number See note below for details TCP UDP Destination Range See note below for details 154 User s Manual SW 24400 TCP FIN Specify the TCP No more data from sender FIN value for this ACE See notes below for details TCP SYN Specify the TCP Synchronize sequence numbers SYN value for this ACE See notes below for details TCP PSH Specify the TCP Push Function PSH value for this ACE See notes below for details TCP ACK Specify the TCP Acknowledgment field significant ACK value for this ACE See notes below for details TCP URG Specify the TCP Urgent Pointer field significant URG value for this ACE See notes below for details For source destination filters e Any TCP UDP filter status is don t care e Specific Enter a specific TCP UDP value A field for entering a TCP UDP vlue appears for this purpose e Range Enter a specific TCP UDP range A field for entering a TCP UDP value appears Specified source destination filter When Specific is selected for a TCP UDP filter you can enter a specific TCP UDP value The allowed ran
105. P source guard port mode for port1 4 SWITCH gt security network ip source guard port mode 1 4 enable 4 11 11 IP Source Guard Static Table This page provides Static IP Source Guard Table Static IP Source Guard Table for Switch 1 The page includes the following fields Object Description Delete Check to delete the entry It will be deleted during the next save Port The logical port for the settings VLAN ID The VLAN ID for the settings IP Address Allowed Source IP address IP Mask Used for calculating the allowed network with IP address Buttons Add new entey Click to add a new entry Console Security Network IP Source Guard Entr Add or delete IP source guard static entry Syntax security network ip source guard entry lt port_list gt add delete lt vid gt lt allowed ip gt lt ip mask gt Parameters lt port_list gt Port list or all default All ports add Add new port IP source guard static entry delete Delete existing port IP source guard static entry lt vid gt VLAN ID 1 4095 lt allowed_ip gt IP address a b c d IP address allowed for doing ARP request lt ip_mask gt IP mask a b c d IP mask for allowed IP address Default Setting unlimited 196 User s Manual SW 24400 Example Add IP source guard static entry SWITCH gt security network ip source guard entry 1 ado 1 192 168 0 20 255 255 255 0 Console Security Network IP Source Guard Status Show IP sourc
106. QCE is an acronym for QoS Control Entry lt describes QoS class associated with a particular QCE ID There are six QCE frame types Ethernet Type VLAN UDP TCP Port DSCP TOS and Tag Priority Frames can be classified by one of 4 different QoS classes Low Normal Medium and High for individual application QCL is an acronym for QoS Control List It is the list table of QCEs containing QoS control entries that classify to a specific QoS class on specific traffic objects Each accessible traffic object contains an identifier to its QCL The privileges determine specific traffic object to specific QoS class 258 User s Manual SW 24400 IEEE 802 1Q Tunneling QinQ is designed for service providers carrying traffic for multiple customers across their networks QinQ tunneling is used to maintain customer specific VLAN and Layer 2 protocol configurations even when different customers use the same internal VLAN IDs This is accomplished by inserting Service Provider VLAN SPVLAN tags into the customer s frames when they enter the service provider s network and then stripping the tags when the frames leave the network QoS is an acronym for Quality of Service It is a method to guarantee a bandwidth relationship between individual applications or protocols A communications network transports a multitude of applications and data including high quality video and delay sensitive data such as real time voice Networks must pro
107. Show RADIUS accounting server configuration enable Enable RADIUS accounting server disable Disable RADIUS accounting server default Show RADIUS server mode lt ip_addr_string gt P host address a b c d or a host name string lt secret gt Secret shared with external accounting server To set an empty secret use two quotes To uSe spaces in secret enquote the secret Quotes in the secret itself are not allowed lt server_port gt Server UDP port Use 0 to use the default RADIUS port 1813 Example Set RADIUS accounting server configuration WUTC H security aceu madiic enable ODO SU 20 7345 67 93 1G Console Security AAA TACACS Set or show TACACS authentication server setup Syntax security aaa tacacs lt server_index gt enable disable lt ip addr string gt lt secret gt lt server port gt Parameters The server index 1 5 default Show TACACS authentication server configuration enable Enable TACACS authentication server disable Disable TACACS authentication server default Show TACACS server mode 174 User s Manual SW 24400 lt ip_addr_string gt P host address a b c d or a host name string lt secret gt Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret are not allowed lt server_port gt Server TCP port Use 0 to use the default TACACS port 49 Ex
108. TCH gt security network psec port 1 Age Hold Time SIO We 4 11 7 Port Security Detail This page shows the MAC addresses secured by the Port Security module Port Security Detail for Switch 1 Port 1 Auto Refresh L Patl MAC Address LAN ID Time of Adding Age Hold No MAC addresses attached The page includes the following fields The MAC address and VLAN ID that is seen on this port If no MAC addresses are learned a single row stating No MAC addresses attached is displayed Indicates whether the corresponding MAC address is blocked or forwarding In the blocked state it will not be allowed to transmit or receive traffic Shows the date and time when this MAC address was first seen on the port If at least one user module has blocked the MAC address it will stay in the Age Hold blocked state until the hold time expires If all user modules have decided to allow this MAC address to forward and aging is enabled the Port Security module will 190 User s Manual SW 24400 periodically check that this MAC address still forwards traffic If the age period expires and no frames have been seen the MAC address will be removed from the MAC table Otherwise the age counter will reset If aging is disabled or a user module has decided to hold the MAC address indefinitely a dash will be shown 4 11 8 DHCP Snooping DHCP Snooping is used to block intruder on the untrusted ports of DUT when it tries to inter
109. Table The Start from port address VLAN IP address and IP mask input fields allow the user to select the starting point in the Dynamic IP Source Guard Table The page includes the following fields Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC address The MAC address of the entry IP Address The IP address of the entry Buttons Refreshes the displayed table starting from the Start from MAC address and VLAN input fields J Flushes all dynamic entries Lk Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address z gt gt Updates the table starting with the entry after the last entry currently displayed 207 User s Manual SW 24400 4 13 LLDP 4 13 1 Link Layer Discovery Protocol Link Layer Discovery Protocol LLDP is used to discover basic information about neighbouring devices on the local broadcast domain LLDP is a Layer 2 protocol that uses periodic broadcasts to advertise information about the sending device Link Layer Discovery Protocol Media Endpoint Discovery LLDP MED is an extension of LLDP intended for managing endpoint devices such as Voice over IP phones and network switches The LLDP MED TLVs advertise information such as network policy power inventory and device location details 4 13 2 LLDP Con
110. User s Manual SW 24400 ES 3 Enirennarionas Cortex SW 24400 24 Port PoE Managed Stackable Switch User s Manual SW 24400 Trademarks Copyright i3 International Inc 2013 Contents subject to revision without prior notice All other trademarks belong to their respective owners Disclaimer 13 International does not warrant that the hardware will work properly in all environments and applications and makes no warranty and representation either implied or expressed with respect to the quality performance merchantability or fitness for a particular purpose i3 International has made every effort to ensure that this Users Manual is accurate i3 International disclaims liability for any inaccuracies or omissions that may have occurred Information in this User s Manual is subject to change without notice and does not represent a commitment on the part of 13 International i3 International assumes no responsibility for any inaccuracies that may be contained in this User s Manual i3 International makes no commitment to update or keep current the information in this User s Manual and reserves the right to make improvements to this User s Manual and or to the products described in this User s Manual at any time without notice If you find information in this manual that is incorrect misleading or incomplete we would appreciate your comments and suggestions FCC Warning This equipment has been tested and found to comply
111. VLANs to span network devices or even the entire network provided that all network devices are 802 1Q compliant All physical ports on a switch have a PVID 802 1Q ports are also assigned a PVID for use within the switch If no VLANs are defined on the switch all ports are then assigned to a default VLAN with a PVID equal to 1 Any untagged packet is assigned the PVID of the port on which they were received Forwarding decisions are based upon this PVID in so far as VLAN are concerned Tagged packets are forwarded according to the VID contained within the tag Tagged packets are also assigned a PVID but the VID is used to make packet forwarding decisions rather than the PVID Tag aware switches must keep a table to relate PVID within the switch to a network VID The switch will compare the VID of a 87 User s Manual SW 24400 packet to be transmitted to the VID of the port that is to transmit the packet If the two VIDs are different the switch the packet is dropped Because of the existence of the PVID for untagged packets and the VID for tagged packets tag aware and tag unaware network devices are allowed to coexist on the same network A switch port can have only one PVID but can have as many VIDs as the switch has memory in its VLAN table to store them Because some devices on a network may be tag unaware a decision must be made at each port on a tag aware device before packets are transmitted If the transmitting port is connected to a ta
112. W 24400 oriented protocol which means that a connection is established and maintained until such time as the message or messages to be exchanged by the application programs at each end have been exchanged TCP is responsible for ensuring that a message is divided into the packets that IP manages and for reassembling the packets back into the complete message at the other end Common network applications that use TCP include the World Wide Web WWW e mail and File Transfer Protocol FTP TELNET TELNET is an acronym for TELetype NETwork It is a terminal emulation protocol that uses the Transmission Control Protocol TCP and provides a virtual connection between TELNET server and TELNET client TELNET enables the client to control the server and communicate with other servers on the network To start a Telnet session the client user must log in to a server by entering a valid username and password Then the client user can enter commands through the Telnet program just as if they were entering commands directly on the server console TFTP TFTP is an acronym for Trivial File Transfer Protocol It is transfer protocol that uses the User Datagram Protocol UDP and provides file writing and reading but it does not provides directory service and security features ToS ToS is an acronym for Type of Service It is implemented as the IPv4 ToS priority control It is fully decoded to determine the priority from the 6 bit ToS field in the IP heade
113. a male duplex LC connector b To connect to 1000Base LX SFP transceivers use the Single mode fibre cable One side must be a male duplex LC connector Connect the fibre cable Attach the duplex LC connector on the network cable to the SFP transceiver Connect the other end of the cable to a device switches with SFP installed fibre NIC on a workstation or a Media Converter Check the LNK ACT LED of the SFP slot on the front of the Managed Switch Ensure that the SFP transceiver is operating correctly Check the Link mode of the SFP port if the link failed To work with some fiber NICs or Media Converters setting the Link mode to 1000 Force is needed Remove the transceiver module Check with your network administrator to make sure there is no network activity If possible disable the port in advance using the management interface of the switch or converter Remove the Fibre Optic Cable Turn the handle of the MGB module to horizontal Pull out the module Figure 2 4 Pull out the SFP transceiver 18 User s Manual SW 24400 Never pull out the module without pulling the handle or the push bolts on the module Forcibly pulling out the module may damage the module and SFP module slot of the switch 2 3 Stack Installation The SW 24400 Managed Switch provides a switch stacking function to manage up to 16 switches using a single IP address Up to 384 Gigabit Ethernet ports can be managed through a stacking
114. a stack transceiver module Reset button hold down for Stack ID each switch on a less than 5 seconds for stack must have a unique reboot more than 5 identifying number seconds for factory default 2 1 2 LED Indicators The front panel LEDs indicates the status of port links when needed STX2 Console STX1 Master Se Reset PWR 115200 N 8 1 Gigabit TP interface 10 100 1000Base T Copper RJ 45 Auto MDI MDI X ports data activity and system power in order to monitor and troubleshoot Stack ID 23 Pol Y e Pol InUse 13 gt gt gt gt gt User s Manual SW 24400 System Lights to indicate that the switch is powered on PWR ney Blinks to indicate booting process Master Green Lights to indicate that the switch is the master of the stack group STX1 Green Lights to indicate the stacking link through that port is successfully established STX2 Green Lights to indicate the stacking link through that port is successfully established Alert PWR Alert Green _ Lights to indicate power supply failure FAN1 Alert Green _ Lights to indicate FAN1 failure FAN2 Alert Green Lights to indicate FAN2 failure FAN3 Alert Green Lights to indicate FANS failure 10 100 1000Base T interfaces Lights To indicate the link through that port is successfully established at a rate of 10Mbps or 100Mbps or 1000Mbps LNK ACT To indicate that the swi
115. able As the heading suggests the information in the table is as seen from the master view For each switch in the stack the following information is shown e The MAC address switch ID distance information and the primary forwarding path to the switch e For ring topology a backup path is also provided Master Forwarding Table Stack Member Switch ID o0 30 4f 24 04 0a Local Local o0 30 4f 76 27 10 Primary Auto refresh L 4 16 4 Stack Port State Overview This page provides an overview of the current switch port states Clicking on the image of a port opens the Port Statistics page The port states are illustrated as follows 242 User s Manual SW 24400 Port State Overview Master LED lit indicating Port Link Status master switch Stack Port Link Status Auto refresh L indicating connection x 18 ZU switch ID Master LED off indicating slave status 243 User s Manual SW 24400 5 ADDITIONAL CONSOLE COMMANDS Additional console commands not associated with web management pages and specific tasks are here Console Show Show configuration overviews eee O O Syntax show acl aggr igmp ip lacp 1lldp mac mirror poe port pvlan qos snmp stack stp system vlan Parameters acl ACL configuration aggr Aggregation configuration igmp IGMP snooping configuration Ip IP configuration lacp LACP configuration Illdp LLDP configuration mac MAC addre
116. able Disable aging default Show current enabledness of aging Default Setting Example Enable limit aging SWITCH gt security network limit aging enable Console Security Network Limit Agetime Syntax Parameters lt age_time gt Time in seconds between checks for activity on a MAC address 10 10000000 seconds default Show current age time Default Setting 3600 Example Set age time in 100sec SWITCH gt security network limit agetime 100 Console Security Network Limit Action Syntax Parameters lt port_list gt Port list or all default All ports none trap shut trap_ shut Action to be taken in case the number of MAC addresses exceeds the limit none No action trap Send an SNMP trap shut Shutdown the port trap_ shut Send an SNMP trap and shutdown the port default Show current action Default Setting Example Set trap mode for limit action for port 1 SWITCH gt Ssecuriey network limir action I crap Console Security Network Limit Reopen Reopen one or more ports whose limit is exceeded and shut down 182 User s Manual SW 24400 Syntax security network limit reopen lt port list gt Parameters lt port_list gt Port list or all default All ports Default Setting Example Reopen port 1 SWITCH gt security network limit reopen 1 4 11 2 Access Management Configure access management table on this page The maximum entry number is 16
117. abled Disabled Disabled Disabled Disabled Disabled Permit Disabled Disabled Disabled Disabled Permit Disabled Disabled Disabled Disabled 148 User s Manual SW 24400 S Y UV Y Urol SY O 1d Oy Y YU oo O Yo YU oa SY UU YY Y Y YO Yo y y y Y Yo Qo oo a 2 o ooo OOTOLO a2 Sd YUU o Y YO Y ees Numoer tol LES 2 Console Security Network ACL Add Add or modify Access Control Entry ACE Syntax security network acl add lt ace_id gt lt ace id next gt switch port lt port gt policy lt policy gt lt vid gt lt tag prio gt lt dmac type gt etype lt etype gt lt smac gt lt dmac gt arp lt sip gt lt dip gt lt smac gt lt arp_opcode gt lt arp flags gt ip lt sip gt lt dip gt lt protocol gt lt ip_flags gt icmp lt sip gt lt dip gt lt icmp type gt lt icmp_code gt lt ip_flags gt udp lt sip gt lt dip gt lt sport gt lt dport gt lt ip flags gt tcp lt sip gt lt dip gt lt sport gt lt dport gt lt ip flags gt lt tcp_flags gt permit deny lt rate limiter gt lt port_copy gt lt logging gt lt shutdown gt Parameters lt ace_id gt ACE ID 1 128 ACE will be modified if already exists default Next available ID lt ace_id_next gt Next ACE ID 1 128 if specified the ACE will be placed before this ACE in the list default Add ACE la
118. al info n 214 User s Manual SW 24400 ame zip_code building apartment floor room_number place type postal com_name p o box additional code lt civic value gt Parameters country Country state National subdivisions state caton region province prefecture county County parish gun JP district IN city City township shi JP district City division borough city district ward chou JP block Neighbourhood block street Street leading_street_direction Leading street direction trailing _street_suffix Trailing street suffix str_suf Street Suffix house_no House Number house_no_ suffix House number suffix landmark Landmark or vanity address additional_info Additional location information name Name residence and office occupant zip_code Postal zip code building Building structure apartment Unit apartment suite floor Floor room_number Room number place_type Placetype postal_com_name Postal community name p_o box Post office box P O Box additional_code Additional code default Show Civic Address Location configuration lt civic_value gt lldpmed value for the Civic Address Location entry gt Emergency Call Service Emergency Call Service e g E911 and others such as defined by TIA or NENA Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as Emergency Call used during emergency call setup to a traditional CAMA or ISDN trunk based PSAP Th
119. al physical ports together to form a single logical port 206 User s Manual SW 24400 LLDP is an IEEE 802 1ab standard protocol The Link Layer Discovery Protocol LLDP specified in this standard allows stations attached to an IEEE 802 LAN to advertise to other stations attached to the same IEEE 802 LAN the major capabilities provided by the system incorporating that station the management address or addresses of the entity or entities that provide management of those capabilities and the identification of the stations point of attachment to the IEEE 802 LAN required by those management entity or entities The information distributed via this protocol is stored by its recipients in a standard Management Information Base MIB making it possible for the information to be accessed by a Network Management System NMS using a management protocol such as the Simple Network Management Protocol SNMP LLDP MED LLDP MED is an extension of IEEE 802 1ab and is defined by the telecommunication industry association TIA 1057 MAC Table Switching of frames is based upon the DMAC address contained in the frame The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between th
120. all Port zero means aggregations Enable Enable MSTP protocol Disable Disable MSTP protocol Default Setting Example Disable STP function on port1 SWITCH gt 6TtO port moce 1 disable Console STP Port Edge Set or show the STP adminEdge port parameter Syntax stp port edge lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Configure MSTP adminEdge to Edge Disable Configure MSTP adminEdge to Non edge Default Setting Example Disable STP edge function on port1 SWEICHY sto port edge 1 disable Console STP Port AutoEdge Set or show the STP autoEdge port parameter Syntax stp port autoedge lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports Enable Enable MSTP autoEdge Disable Disable MSTP autoEdge Default Setting Example Disable STP edge function on port1 SWITCH gt stp port autoedge 1 disable Console STP BPDUFilter Description Set or show edge port BPDU Filtering Syntax Parameters enable disable enable or disable BPDU Filtering for Edge ports Default Setting Example 106 User s Manual SW 24400 Set edge port BPDU filtering SWEICH gt stp bodutiliter enable Console STP BPDU Guard Set or show edge port BPDU Guard enable disable enable or disable BPDU Guard for Edge ports Default Setting Example Set edge port BPDU guard SWITCH gt s
121. ample Set TACACS authentication server configuration SWIENGH gt security aaa tacacs 1L enable 192716870220 12345673 49 4 10 7 RADIUS Details This page provides detailed statistics for a particular RADIUS server RADIUS Authentication Statistics for Server 1 0 0 0 0 1812 Auto Refresh Ll Receive Packets Transmit Packets Access Accepts Access Requests Access Rejects Access Retransmissions Access Challenges Pending Requests Malformed Access Responses Timeouts Bad Authenticators Unknown Types Packets Dropped Other Info State Disable Round Trip Time O ms RADIUS Accounting Statistics for Server 1 0 0 0 0 1813 Receive Packets Transmit Packets Responses Requests Malformed Responses Retransmissions Bad Authenticators Pending Requests Unknown Types Timeouts Packets Dropped 0 Other Info State Disable Round Trip Time O ms 0 O U 0 Figure 4 9 RADIUS Server Statistics overview by Authentication Accounting The page includes the following fields gt RADIUS Authentication Servers The statistics map closely to those specified in RFC4668 RADIUS Authentication Client MIB Use the server select box to switch between the backend servers to show details for CEI pe RADIUS authentication server packet counter There are seven receive and four transmit Packet Counters counters 179 Access Accepts Access Rejects Access Challenges Malformed Access Responses Bad Authentica
122. ant identity carried in the most recently received Response Identity Last ID EAPOL frame for EAPOL based authentication and the source MAC address from the most recently received frame from a new client for MAC based authentication The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not overridden by NAS Port VLAN ID If the VLAN ID is assigned by the RADIUS server RADIUS assigned is appended to the VLAN ID If the port is moved to the Guest VLAN Guest is appended to the VLAN ID 166 User s Manual SW 24400 4 10 4 Network Access Statistics This page provides detailed NAS statistics for a specific switch port running EAPOL based IEEE 802 1X authentication For MAC based ports it shows selected backend server RADIUS Authentication Server statistics only Use the port select box to select which port details to be displayed Network Access Statistics for Switch 1 Port 1 Auto refresh L Port State Force Authorized Globally Disabled The page includes the following fields gt Port State Object Admin State Port State QoS Class The port s current administrative state The current state of the port The QoS class assigned by the RADIUS server The field is blank if no QoS class is assigned The VLAN ID that NAS has put the port in The field is blank if the Port VLAN ID is not Port VLAN ID overridden by NAS If the VLAN ID is assigned by the RADIUS server R
123. aper Configure the unit of measure for the port shaper rate as kbps or Mbps The naper Une default value is kbps For rates the default value is 500 This value is restricted to 500 1000000 when the Policer Unit is kbps and it is restricted to 1 1000 when the Policer Unit is Mbps Console QoS Rate Limiter Description Syntax Parameters lt port_list gt Port list or all default All ports enable Enable rate limiter disable Disable rate limiter default Show rate limiter mode lt bit_rate gt Rate in 1000 bits per second 500 1000000 kbps Default Setting Disabled 500kbps Example Set 1000kbps rate limiter for port17 24 SWITCH gt qos rate limiter 17 24 enable 1000 Console QoS Shaper Set or show the port shaper Syntax qos shaper lt port list gt enable disable lt bit rate gt Parameters lt port_list gt Port list or all default All ports enable Enable shaper disable Disable shaper default Show shaper mode lt bit_rate gt Rate in 1000 bits per second 500 1000000 kbps Default Setting Disabled 500kbps Example Set 1000kbps shaper for port 9 16 SWITCH gt qos shaper 9 16 enable 1000 4 8 5 Storm Control Configuration There three types of storm rate control e Unicast storm rate control O Multicast storm rate control O Broadcast storm rate control The rate is 24n where n is equal to or less than 15 or No Limit The unit of
124. appear asking you to confirm the reset Click Yes to confirm No to cancel and return to the Port Status page After the Factory button is pressed and the system rebooted the following settings will be in place e Default IP address 192 0 0 20 e Subnet mask 255 255 255 0 e Default Gateway 192 168 0 254 The other setting values will be either disabled or set to none Console System Restore Default Restore factory default configuration system restore default keep ip keep_ip Keep IP configuration default Restore full configuration Example To restore default value but not reset IP address Switch gt system restore default keep ip 4 1 20 System Reboot The Reboot page enables the device to be rebooted from a remote location Once the Reboot button is pressed re enter the login information After a sixty second delay the switch will ask for confirmation Click the Yes button to reboot or No to cancel and return to the Port Status page You can also check the SYS LED on the front panel If the SYS LED is blinking the firmware is being loaded if the SYS LED is on the web browser may be used to login to the Switch Console System Reboot Reboot the system without changing settings 4 2 Simple Network Management Protocol 4 2 1 SNMP Overview The Simple Network Management Protocol SNMP is an application layer protocol that facilitates the exchange of management information between network devic
125. ard Back Click to go back to the previous wizard step Next Click to continue the wizard 4 8 1 3 ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets 130 User s Manual SW 24400 Setup ToS Precedence Mapping Set up the traffic class mapping to the precedence part of ToS 3 bits when receiving IPv4 IPv6 packets ToS Precedence Class ToS Precedenced Class The page includes the following fields QCL ID Select the QCL ID to which this QCE applies ToS Precedence Class Select a traffic class of Low Normal Medium or High to apply to the QCE Buttons Ancel Wizard Click to cancel the wizard Back Click to go back to the previous wizard step Next Click to continue the wizard The QCL configuration wizard is finished and the new configuration is ready for use and the list of QCEs will appear in the screen below GoS Control List Configuration Re OCE Type Type Yalue Traffic Class J a 7 e 4 8 1 4 Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the User Priority value 3 bits when receiving VLAN tagged packets 131 User s Manual SW 24400 Set up VLAN Tag Priority Mapping Set up the traffic class mapping to the user priority value 3 bits when receiving LAN tagged packets OCL ID Tag Priority Class Tag Priority Class Tag Priority
126. ard Packets lis packets number from the interface under access management mode is 185 User s Manual SW 24400 Console Security Switch Access Statistics Show or clear access management statistics Syntax security switch access statistics clear Parameters clear Clear access management statistics Example Show access management statistics SWITCH gt securlity switch access statistics Access Management Statistics Receive Discard HTTPS Receive Dasecerd SNMP Receive Dascerd TELNET Receive Discard SSH Receive Da s ened 4 11 4 HTTPs Configure HTTPS HTTPS cabida weds f The page includes the following fields Indicates the HTTPS mode operation Possible modes are e Enabled Enable HTTPS mode operation e Disabled Disable HTTPS mode operation Indicates the HTTPS redirect mode operation Automatic redirect web browser to HTTPS during HTTPS mode enabled Possible modes are e Enabled Enable HTTPS redirect mode operation e Disabled Disable HTTPS redirect mode operation Automatic Redirect Console Security Switch HTTPs Configuration Show HTTPS configuration security switch https Configuration Example Show HTTPs configuration SHITCH gt securirty swLtCh httes configuration HTTPS ConfiguratLon s HTTPS Mode Disabled HTTPS Redirect Mode Disabled 186 User s Manual SW 24400 Console Security Switch HTTPs Mode set or show the https m
127. art Master Election followed by Save This causes the first two criteria to be ignored thereby basing master election only on master priority and MAC address When master election is enforced the first two Start Master Election criteria are ignored for a period of 10 15 seconds Within a managed stack one master switch or just master must be elected Any switch not being master is a slave switch or just slave Console Stack Select lt sid gt all Switch ID 1 16 or all switch Switch ID All Example Select the switch ID Swictch gt stack select 1 Console Stack SID Assign Description Assign SID and associated configuration to switch SID must be unassigned and the switch must be present Syntax stack sid assign lt sid gt lt mac_addr gt Parameters lt sid gt Switch ID 1 16 lt mac_addr gt MAC address XX XX XX XX XX XX 239 User s Manual SW 24400 Example Assign SID 10 for 00 30 4f 24 04 0a Switeh gt stack sid assign 10 00 30 4t 24 04 0a Console Stack SID Swap Swap SID values used to identify two switches lt sid gt Switch ID 1 16 default Show SID Example Change stack SID value Sta ola Ska La sic swap al Console Stack SID Delete Delete SID assignment and associated configuration lt sid gt Switch ID 1 16 Example Delete stack SID 10 Switehy gt stack sid delete 10 Console Stack Master Priority Set master election priority s
128. atic entries in the MAC table are shown in this table The static MAC table can contain 64 entries The maximum of 64 entries is for the whole stack and not per switch The MAC table is sorted first by VLAN ID and then by MAC address Static MAC Table Configuration for Switch 1 mac portmem AO mc tea Delete vran 10 mac adaress gt 3 4 5 5 7 e 9 xo s4 s2 13 14 15 16 17 18 19 20 23 22 2a 2a The page includes the following fields Check to delete the entry It will be deleted during the next save VLAN ID The VLAN ID for the entry MAC Address The MAC address for the entry Checkmarks indicate which ports are members of the entry Check or uncheck as needed Pom Mempets to modify the entry Buttons Add new statices cick to add new entry Console MAC Add Add MAC address table entry 201 User s Manual SW 24400 Parameters lt mac_addr gt MAC address XX XX XX XX XX XX lt port_list gt Port list or all or none lt vid gt VLAN ID 1 4095 default 1 Example Add Mac address 00 30 4F 01 01 02 in port1 and vid1 Suite cer ade 00 30 4F 01 01 02 1 1 Console MAC Delete Description Delete MAC address entry Syntax Parameters lt mac_addr gt MAC address XX XX XX XX XX XX lt vid gt VLAN ID 1 4095 default 1 Example Delete Mac address 00 30 4F 01 01 02 in vid1 SWITCH gt mac delete 00 30 4f 01 01 02 1 Console MAC Lookup Lookup MAC address entry lt ma
129. atically assigned once the stack cable is connected to the stack port of each SW switch and all units are powered on It is also easy to add or delete stackable switches to the stack without service interruption Using Stacking it is possible to connect a number of switches together in a stack which behaves as a single switch as seen from outside the stack Three types of stack topologies are supported gt Chain Stack A chain of switches with no redundant forwarding paths 234 User s Manual SW 24400 EN A SZ J E PS SY J 50 60Hz WS SZ IIe PS WD J 50 60Hz Figure4 13 Chain Stack topology gt Ring Stack A ring of switches providing redundant forwarding paths Figure4 14 Ring Stack topology gt Back to Back Stack Two switches interconnected on both stacking ports Figure4 15 Back to back Stack topology Multiple i3 International SW series devices may be connected together to constitute a ring or chain stack topology using the STX 5Gbps ports as interconnect links Dedicated stacking features built into the SW series makes all devices in the stack operate together as a single much larger switch Each device in the stack is in a stack context called a unit The ports connecting 235 User s Manual SW 24400 the units are called stack ports and the ports connecting to external hosts and switches are called fr
130. ations DHCP Relay Disabled DHCP Relay Server NULL DHCP Relay Information Mode Disabled DHCP Relay Information Policy replace Console Security Network DHCP Relay Mode Description Syntax Parameters enable Enable DHCP relay mode When enabled agent forwards and transfers DHCP messages between the clients and the server when if not the same subnet domain The DHCP broadcast message won t flood disable Disable DHCP relay mode default Show flow DHCP relay mode Example Enable DHCP relay mode SWITCH gt security network dhcp relay mode enable Console Security Network DHCP Relay Server Example Set DHCP relay server in 192 168 0 20 SWEECH gt secumiky network dhep relay server 192 166 0 20 Console Security Network DHCP Relay Information Mode Description Set or show DHCP relay agent information option mode When enabled adds information to DHCP message when forwarding to DHCP server and removed from message when transferring to DHCP client Syntax Parameters enable Enable DHCP relay agent information option mode disable Disable DHCP relay agent information option mode default Show DHCP relay agent information option mode Default Setting Example Enable DHCP relay agent information option mode SWITCH gt security network dhcp relay information mode enable Console Security Network DHCP Relay Information Polic Description Set or show the DHCP relay mode When DHCP relay informatio
131. atus is don t care e Specific If you want to filter a specific source MAC address with this ACE choose this value A field for entering an SMAC value appears When Specific is selected for the SMAC filter you can enter a specific source MAC SMAC Value address The legal format is XX XX XX XX XX XX A frame that hits this ACE matches this SMAC value 151 User s Manual SW 24400 Any No DMAC filter is specified DMAC filter status is don t care MC Frame must be multicast BC Frame must be broadcast UC Frame must be unicast Specific If you want to filter a specific destination MAC address with this ACE choose this value A field for entering a DMAC value appears Specify the destination MAC filter for this ACE 0 0 DMAC Filter O O DMAC value When Specific is selected for the DMAC filter you can enter a specific destination MAC DMAC Value address The legal format is XX XX XX XX XX XX A frame that hits this ACE matches this gt VLAN Parameters Object Description Specify the VLAN ID filter for this ACE VLAN ID Filter i VLAN ID When Specific is selected for the VLAN ID filter you can enter a specific VLAN ID number The allowed range is 1 to 4095 A frame that hits this ACE matches this VLAN ID value Any No VLAN ID filter is specified VLAN ID filter status is don t care Specific If you want to filter a specific VLAN ID with this ACE choose this value A field for
132. ave either source rx or destination tx mirroring enabled are mirrored to this switch Port The logical port for the settings contained in the same row Switch to mirror to User s Manual SW 24400 Select mirror mode Rx only Frames received at this port are mirrored to the mirroring port Frames transmitted are not mirrored Tx only Frames transmitted from this port are mirrored to the mirroring port Frames received are not mirrored Disabled Neither frames transmitted nor frames received are mirrored Enabled Frames received and frames transmitted are mirrored to the mirror port Console Mirror Configuration Description Show mirror configuration Syntax mirror configuration lt port list gt Parameters lt port_list gt Port list or all default All ports Default Setting disable Example Show mirror configuration SWITCH gt mirror configuration Console Mirror Port Set or show the mirror port mirror port lt port gt disable lt port gt disable Mirror port or disable default Show port Default Setting Mirror Port 1 Example Set port 2 for the mirror port SECA Suicides port 2 Console Mirror SID Set or show the mirror switch ID lt sid gt Switch ID 1 16 Default Setting Example Set SID2 for mirror switch ID SWLTCH muaa Oates SLO 2 Console Mirror SID Set or show the mirror mode mirror mode lt port list gt enable disable rx tx Parameters
133. c_addr gt MAC address XX XX XX XX XX XX lt vid gt VLAN ID 1 4095 default 1 Example Lookup state of Mac address 00 30 4F 01 01 02 SWITCH gt mac lookup 00 30 4F 01 01 02 4 12 3 MAC Address Table Status Dynamic MAC Table The MAC Table for the switch contains up to 8192 entries and is sorted first by VLAN ID then by MAC address 202 User s Manual SW 24400 MAC Address Table for Switch 1 Start fram LAN and MAC Address with ao entries per page Query by CPU M LI VLAN a J MAC Address O OO O C O Cm porte O Type vkan Mac address cruji 2 3 4 5s 6 7 8 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Static DO 30 4F 76 27 10 4 Static 33 33 FF 76 27 10 7 otatic 33 335 FF i8 00 64 Dynamic 40 61 86 04 18 69 a sae FP FF FF FF FP FF Y fof f f Mf MA AAA AAV AAV AA CAN CANA Auto Refresh L Navigating the MAC Table Each page shows up to 999 entries from the MAC table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the MAC Table The first displayed will be the one with the lowest VLAN ID and the lowest MAC address found in the MAC Table The Start from MAC address and VLAN input fields allow the user to select the starting point in the MAC Table The page includes the following fields onic The query of the MAC addresses entry The following query types are supported
134. cable and crossover cable connection Straight Cable 2 3 4 5 6 Crossover Cable SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE 1 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown Figure Straight Through and Crossover Cable SIDE2 1 White Orange 2 Orange 3 White Green 4 Blue 5 White Blue 6 Green 7 White Brown 8 Brown SIDE2 1 White Green 2 Green 3 White Orange 4 Blue 5 White Blue 6 Orange 7 White Brown 8 Brown Please make sure your connected cables are with same pin assignment and color as above picture before deploying the cables into your network 252 ACE ACL ARP User s Manual SW 24400 APPENDEX D GLOSSARY ACE is an acronym for Access Control Entry It describes access permission associated with a particular ACE ID There are three ACE frame types Ethernet Type ARP and IPv4 and two ACE actions permit and deny The ACE also contains many detailed different parameter options that are available for individual application ACL is an acronym for Access Control List It is the list table of ACEs containing access control entries that specify individual users or groups permitted or denied to specific traffic objects such as a process or a program Each accessible traffic object c
135. cates that the supplicant client has not authenticated to the backend server 802 1X based dot1xAuthBackendRespon Counts the number of times that i Responses ses the switch attempts to send a supplicant s first response packet to 168 Auth Success dot1xAuthBackendAuthSu es ccesses Rx Rx Rx Rx xX User s Manual SW 24400 the backend server Indicates the switch attempted communication with the backend server Possible retransmissions are not counted MAC based Counts all the backend server packets sent from the switch towards the backend server for a given port left most table or client right most table Possible retransmissions are not counted Information about the last supplicant client that attempted to authenticate This information is available for the following administrative states e Port based 802 1X e Single 802 1X e Multi 802 1X O MAC based Auth MAC Address a EOS The MAC address of the last supplicant client Last VLAN ID The VLAN ID on which the last frame from the eer Client last supplicant client was received nfo 802 1 X based The protocol version number carried in the most recently received EAPOL frame MAC based Not applicable 802 1X based The user name supplicant identity carried in the most recently received Response Identity EAPOL Identity fannie MAC based Not applicable gt Selected Counters The Selected Counters table is visible when the port is
136. ck global The RSTP port settings relate to the currently selected stack unit as reflected by the page header 104 User s Manual SW 24400 STP CIST Ports Configuration CIST Aggregated Ports Configuration Stack Global STP Restricted Port Enable Path Cost Admin Edge Auto Edge Role TCN BPDU Guard P d point to point no _ 18 CIST Normal Ports Configuration for Switch 1 STP Restricted Port enable Path Cost Admin Edge Auto Edge Role TEN hr he The page includes the following fields The switch port number of the logical STP port STP Enabled Controls whether RSTP is enabled on this switch port Controls the path cost incurred by the port The Auto setting will set the path cost as Path Cost appropriate by the physical link speed Using the Specific setting a user defined value can be entered Controls the port priority This can be used to control priority of ports having identical port cost See above e Default 128 e Range 0 240 in steps of 16 operEdge state Operational flag describing whether the port is connecting directly to edge devices No Bridges attached Priority flag Adidas Controls whether the operEdge flag should start as set or cleared The initial operEdge 9 state when a port is initialized AutoEdge Controls whether the bridge should enable automatic edge detection on the bridge port Restricted Bole If enabled causes the port not to be selected as
137. cludes the following fields gt Global Counters changed at shows the time elapsed since last change was detected Total Neighbours Entries Deleted Total Neighbours Entries Dropped Pii the number of LLDP frames dropped due to that the entry table was Total Neighbours Entries Aged Out Shows the number of entries deleted due to Time To Live expiring gt Local Counters The displayed table contains a row for each port The columns hold the following information Object Description Local Port The port on which LLDP frames are received or transmitted The number of LLDP frames transmitted on the port The number of LLDP frames received on the port The number of received LLDP frames containing some kind of error If an LLDP frame is received on a port and the switch s internal table has run full the LLDP frame is counted and discarded This situation is known as Too Many Neighbours in the LLDP standard LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table Entries are removed from the table when a given port links down an LLDP shutdown frame is received or when the entry ages out Frames Discarded 220 User s Manual SW 24400 Each LLDP frame can contain multiple pieces of information known as TLVs TLV TLVs Discarded is short for Type Length Value If a TLV is malformed it is counted and discarded TLVs Unrecognized The number of well
138. community gt Syntax security switch snmp community add lt community gt lt ip addr gt lt ip mask gt Parameters lt community gt Community string lt ip_addr gt P address a b c d default Show IP address lt ip_mask gt P subnet mask a b c d default Show IP mask Example Add SNMPv3 community entry 61 User s Manual SW 24400 SIE Ss aras e ns ATM commanicy ade publie SS AD 259 5 5 al Console Security Switch SNMP Community Delete Delete SNMPv3 community entry security switch snmp community delete lt index gt lt index gt entry index 1 64 Default Setting Example Delete SNMPv3 community entry SWITCH gt security switch snmp community delete 3 lt index gt entry index 1 64 Example Lookup SNMPv3 community entry SHMECH security switch sume community Lookup Tek Community Source E Source Mask POROS 0 0 LOD Dos OU 2 private 0 0 0 0 0 0 0 0 Number of entries 4 2 5 2 Users Configuration Configure SNMPv3 users table The entry index keys are Engine ID and User Name SNMPv3 Users Configuration Delete User Security Authentication Authentication Privacy Privacy Mame Level Protocol Password Protocol Password L eD0007e501 000004 default_user MoAuth MoPriw Mone Mone Mone Mone The page includes the following fields Check to delete the entry It will be deleted during the next save A octet string identifying the engine ID that this entry sho
139. counting port Unknown Types The number of RADIUS packets that were received from the server on the accounting port and dropped for some other reason radiusAccClientExtP Packets Dropped acketsDropped o The number of RADIUS Rx Bad Authenicaiors radiusAcctClientExtB packets containing invalid 177 User s Manual SW 24400 The number of RADIUS radiusAccClientExtR packets sent to the server This 1x rea equests does not include retransmissions The number of RADIUS packets retransmitted to the RADIUS accounting server PP radiusAccClientExtR Tx Retransmissions siana os The number of RADIUS packets destined for the server that have not yet timed out or received a response This variable is incremented when a Request is sent and decremented due to receipt of a Response timeout or retransmission The number of accounting timeouts to the server After a timeout the client may retry to the same server send to a Tx Timeone radiusAccClientExtTi different server or give up A meouts retry to the same server is counted as a retransmit as well as a timeout Asend to a different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running
140. ctronic equipment should understand the meaning of the crossed out wheeled bin symbol Do not dispose of WEEE as unsorted municipal waste and have to collect such WEEE separately Revision i3 International 24 Port 10 100 1000Mbps with 4 Shared SFP 24 100 1000 SFP Slots with 8 Shared TP Managed Stackable Switch User s Manual FOR MODELS SW 24400 REVISION 1 2 User s Manual SW 24400 EINTRODU CTO Reeeereerreersereerereneerre rere enert sere nrerr errr renter srerer errr r ester rer rs rte reer e str rrr er rrr er eer rr estrr 10 11 Package Contents ui a 10 1 2 Product Features and SpeciticalON sucinta a 10 2 INSTALLATION Sunset unload loas 13 2 1 Hardware Descriptio siii loe 13 2 io WIEN COME AIG ir Ati 13 Za LE JB gf Cal On erg ev ee ce a CEN Seer eee er re eS cee ern ee ener Oe ee 13 213 SWIG RearPanel kesen is eins tadstleduopeh natalia ys Hin dtetetdedyorehnatacttiscisninnetettiey 15 2 2 Installation and COnneCuon ida 15 2 21 IDSSKIOD INSTA TO Mi acia 15 E A A Ree eee Re 16 2 2 3 Installing the SFP TranscelVer onie ieee reese e eei aae e o aa Ee ee a e saana 17 2 3 Stack INStala Onil 19 2331 CONNECHNG Slacking Cable S eie a EA A E Reinado ias ade 19 2 3 2 Management aca a titi 20 3 SWITCH MANAGEMENT Tissot 22 3 1 Network and System ReguirementS ici dd 22 3 2 Management Access Overview os A A a 22 Se ACIS AMON SONS rr 22 322 Command Le NALS i ACS a A A A cele ay as AA ces ee meee eae oes 25 O22 A a eka Sl eI cache i 2 nh
141. d An optional flag to indicate that this view subtree should be View Type excluded In general if a view entry s view type is excluded another view entry should exist where the view type is included and its OID subtree oversteps the excluded view entry The OID defining the root of the subtree to add to the named view The allowed OID length is 1 to 128 The allowed string content is digital number or asterisk Buttons Add new VIEW Click to add a new view entry 4 2 5 5 SNMPv3 Accesses Configuration Configure SNMPv3 access table The entry index keys are Group Name Security Model and Security Level SNMPv3 Accesses Configuration Security Model Security Level Read View Name e View Name F default_ro_group any NoA4uth MoPriv E default rs group any No4uth NoPriw The page includes the following fields 66 User s Manual SW 24400 Check to delete the entry It will be deleted during the next save A string identifying the group name that this entry should belong to The allowed Group Name string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the security model that this entry should belong to Possible security models are any Accepted any security model v1 v2c usm security Model v1 Reserved for SNMPv1 v2c Reserved for SNMPv2c usm User based Security Model USM Indicates the security model that this entry should belong to
142. d are extended to include aspects related to end user devices Example product categories expected to adhere to this class include but are not limited to end user communication appliances such as IP Phones PC based softphones or other communication appliances that directly support the end user Discovery services defined in this class include provision of location identifier including ECS E911 information embedded L2 switch support inventory management LLDP MED Capabilities describes the neighbour unit s LLDP MED capabilities The possible capabilities are e Network Policy LLDP MED Location Identification Capabilities Extended Power via MDI PSE Extended Power via MDI PD Inventory Reserved The possible application types are shown below Voice Voice Signalling conditional for use in network topologies that require a different policy for the voice signalling than for the voice media Guest Voice support a separate limited feature set voice service for guest users and visitors Application Type Guest Voice Signalling conditional for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media Softphone Voice for use by softphone applications on typical data centric devices such as PCs or laptops Streaming Video Signalling conditional for use in network topologies that require a separate policy for the video signalling than for the video media Po
143. d belong to Example Add SNMPv3 group entry SWITCH gt security switch snmp group add usm admin snmpv3 group snmpv3 Console Security Switch SNMP Group Delete Delete SNMPv3 group entry security switch snmp group delete lt index gt lt index gt entry index 1 64 Example Delete SNMPv3 group entry SWITCH gt security switch snmp group delete 1 Console Security Switch SNMP Group Lookup Lookup SNMPv3 group entry security switch snmp group lookup lt index gt lt index gt entry index 1 64 Example Lookup SNMPv3 group entry SWERCH Sc smiecim snmp grouo Lookup Group Name private default rw group pulir cCetaulrt ro group User s Manual SW 24400 4 WA private default rw group 5 usm Cefaulrt user default rw group Number of entries 4 4 2 5 4 Views Configuration Configure SNMPv3 views table The entry index keys are View Name and OID Subtree The SNMPv3 Views SNMPv3 Views Configuration COo default_view 1 Hane iw The page includes the following fields Check to delete the entry It will be deleted during the next save A string identifying the view name that this entry should belong to The allowed View Name string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the view type that this entry should belong to Possible view types are e Included An optional flag to indicate that this view subtree should be included e Exclude
144. d on the port for the life time of the port The value can only be changed if the Guest VLAN option is globally enabled The table has one row for each port on the selected switch in the stack and a number of columns which are The port number for which the configuration below applies If NAS is globally enabled this selection controls the port s authentication mode The following modes are available Admin State RADIUS Assigned QoS Enabled Force Authorized In this mode the switch will send one EAPOL Success frame when the port link comes up and any client on the port will be allowed network access without authentication Force Unauthorized In this mode the switch will send one EAPOL Failure frame when the port link comes up and any client on the port will be disallowed network access Port based 802 1X The authenticator acts as the man in the middle forwarding requests and responses between the supplicant and the authentication server The switch simply encapsulates the EAP part of the frame into the relevant type EAPOL or RADIUS and forwards it When authentication is complete the RADIUS server sends a special packet containing a success or failure indication Besides forwarding this decision to the supplicant the switch uses it to open up or block traffic on the switch port connected to the supplicant Note that server timeout should be smaller than the supplicant s EAPOL Start frame retransmission rate Single 80
145. d time gt Parameters lt dead_time gt Time that a server is considered dead if it doesn t answer a request 0 3600 seconds default Show server dead time configuration Default Setting Example Set 1000sec for server dead time SWITCH gt security aaa deadtime 1000 Console Security AAA RADIUS Set or show RADIUS authentication server setup Syntax security aaa radius lt server index gt enable disable lt ip addr string gt lt secret gt lt server port gt Parameters The server index 1 5 default Show RADIUS authentication server configuration enable Enable RADIUS authentication server disable Disable RADIUS authentication server default Show RADIUS server mode lt ip_addr_string gt P host address a b c d or a host name string lt secret gt Secret shared with external authentication server To set an empty secret use two quotes To use spaces in secret enquote the secret Quotes in the secret itself are not allowed lt server_port gt Server UDP port Use 0 to use the default RADIUS port 1812 Example Set RADIUS authentication server configuration SWITCH securiby aaa radius I enable 197216850520 12345678 1812 Console Security AAA ACCT RADIUS Set or show RADIUS accounting server setup Syntax security aaa acct _ radius lt server_index gt enable disable lt ip addr string gt lt secret gt lt server port gt Parameters The server index 1 5 default
146. default IE7 0 or later prevents Java Applets from opening sockets The user has to explicitly modify the browser settings to enable Java Applets to use network ports Note The manager PC must be set on same the IP subnet address with the Managed Switch For example the default IP address of the SW Managed Switch is 192 0 0 20 thus the manager PC should be set at 192 0 0 x where x is a number between 1 and 254 except 100 and the default subnet mask is 255 255 255 0 gt Logging onto the switch Using a web browser enter the default IP address of the switch to access the Web interface The default IP Address is 192 0 0 20 A login screen will appear Enter the default username admin with password admin or the username password you have changed via console to login to the main screen of the Managed Switch The server 192 168 0 100 at Web Management requires a username and password Warning This server is requesting that your username and password be sent in an insecure manner basic authentication without a secure connection User name f admin e Remember my password 1 IP address changes are in effect immediately after clicking the Save button You will need to use the new IP address to access the web interface 2 For security reasons change and memorize the new password after this first setup 3 The web interface only accepts commands in lowercase letters 27 User s Manual SW 24400 3 2 3 1 Main
147. default class indicates that full 15 4 watts should be provided 1 3 indicate various required power levels and 4 is reserved for future use PDs that do not support classification are assigned class 0 Special care must be employed in the definition of class thresholds as classification may be affected by cable losses Classifying a PD according to its power consumption ideally helps a PoE system in optimizing its power distribution so that efficient power management based on classification results may reduce total system costs B 3 3 Start up Once line detection and optional classification stages are completed the PSE must switch from low voltage to its full voltage capacity 44 57 Volts over a minimal amount of time above 15 microseconds A gradual startup is required to avoid a sudden rise in voltage reaching high frequencies would introduce noise on the data lines Once provision of power is initiated it is common for an inrush current to be experienced at the PSE port due to the PD s input capacitance APD must be designed to cease inrush current consumption of over 350 mA within 50 ms of power provision startup B 3 4 Operation During normal operation the PSE provides 44 57 VDC able to support a minimum of 15 4 watts power B 3 5 Power Overloads The IEEE 802 3af standard defines the handling of overload conditions In the event of an overload a PD drawing a higher power level than the allowed 12 95 Watts or an o
148. des the following fields Rate Limiter ID The rate limiter ID for the settings contained in the same row Rate The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K 157 User s Manual SW 24400 Console Security Network ACL Rate Description Set or show the ACL rate limiter Syntax security network acl rate lt rate limiter list gt lt packet rate gt Parameters lt rate_limiter_list gt Rate limiter list 1 15 default All rate limiters lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Example Set rate limit value in 1024k for port 1 SWITCH gt Security network acl rate 1 1024k 4 10 Authentication This section is to control the access of the Managed Switch includes the user access and management control The Authentication section contains links to the following main topics Oo IEEE 802 1X Port Based Network Access Control MAC Based Authentication eo User Authentication 4 10 1 Authentication Configuration This page allows you to configure how an administrator is authenticated when he logs into the switch via TELNET SSH or the web pages Authentication Method Configuration Authentication Method Fallback console telnet ssh web The page includes the following fields Client The management client for which the configuration b
149. e Rx ACK Tx Discover Tx Offer Ts Request Tx Decline Tx ACK Tx HAK Tx Release Tx Inform Tx Lease Query Tx Lease Unassigned Tx Lease Unknown Tx Lease Active Rx HAK Rx Release Rx Inform Rx Lease Query Rx Lease Unassigned Rx Lease Unknown Rx Lease Active a O O 0 aadc OO O The page includes the following fields Object Description The number of discover option 53 with value 1 packets received and transmitted Rx and Tx Discover Rx and Tx Offer The number of offer option 53 with value 2 packets received and transmitted Rx and Tx Request The number of request option 53 with value 3 packets received and transmitted Rx and Tx Decline The number of decline option 53 with value 4 packets received and transmitted Rx and Tx ACK The number of ACK option 53 with value 5 packets received and transmitted Rx and Tx NAK The number of NAK option 53 with value 6 packets received and transmitted Rx and Tx Release The number of release option 53 with value 7 packets received and transmitted Rx and Tx Inform The number of inform option 53 with value 8 packets received and transmitted The number of lease query option 53 with value 10 packets received and Rx and Tx Lease Query transmitted Rx and Tx Lease The number of lease unassigned option 53 with value 11 packets received and Unassigned transmitted The number of lease unknown option 53 with value 12 packets received and Rx and Tx Lease Unknown transmitt
150. e DMAC address and switch ports The frames also contain a MAC address SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address have been seen after a configurable age time MD5 MD5 is an acronym for Message Digest algorithm 5 MD5 is a message digest algorithm used cryptographic hash function with a 128 bit hash value It was designed by Ron Rivest in 1991 MD5 is officially defined in RFC 1321 The MD5 Message Digest Algorithm Mirroring NAS NTP For debugging network problems or monitoring network traffic the switch system can be configured to mirror frames from multiple ports to a mirror port In this context mirroring a frame is the same as copying the frame Both incoming Source and outgoing destination frames can be mirrored to the mirror port NAS is an acronym for Network Access Server The NAS is meant to act as a gateway to guard access to a protected source A client connects to the NAS and the NAS connects to another resource asking whether the client s supplied credentials are valid Based on the answer the NAS then allows or disallows access to the protected resource An example of a NAS implementation is IEEE 802 1X 257 User s Manual SW 24400 NTP is an acronym for Network Ti
151. e SMAC address e Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address length HLN and protocol address length PLN settings e 0 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must not match this entry e 1 ARP RARP frames where the HLN is equal to Ethernet 0x06 and the PLN is equal to IPv4 0x04 must match this entry e Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP hardware address space HRD settings e 0 ARP RARP frames where the HLD is equal to Ethernet 1 must not match this entry e 1 ARP RARP frames where the HLD is equal to Ethernet 1 must match this entry e Any Any value is allowed don t care Specify whether frames can hit the action according to their ARP RARP protocol address space PRO settings e 0 ARP RARP frames where the PRO is equal to IP 0x800 must not match this entry e 1 ARP RARP frames where the PRO is equal to IP 0x800 must match this entry e Any Any value is allowed don t care The IP parameters can be configured when Frame Type IPv4 is selected IP Protocol Filter IP Protocol Value IP TTL IP Fragment IP Option Description Specify the IP protocol filter for this ACE See the Glossary for more information Any No IP protocol filter is specified don t care Sp
152. e auto detect mode lt detects whether there is VolP phone attached on the specific port and configure the Voice VLAN members automatically Forced Forced join to Voice VLAN When the function is enabled all non telephone MAC address in Voice VLAN will be blocked for 10 seconds Possible port modes are Port Security Enabled e Disabled Console VLAN Configuration Show Voice VLAN configuration Example Show Voice VLAN configuration SWITCH svorce vlan configuration Voice VLAN Configuration Voice VLAN Disabled Voice VLAN VLAN ID 2 1000 Voice VLAN Age Time seconds 86400 Voice VLAN Trate Glass 3 HLGN Voice VLAN OUI Table 13 International phones C0 03 6B Cisco phones 00 0F E2 H3C phones Q0 60 B9 Philips and NEC AG phones 00 D0 1E Pingtel phones IES Polycom phones 00 E0 BB 3Com phones Q0 01 E3 Siemens AG phones 142 User s Manual SW 24400 Volce VAN Porc e Onin moumeatevon Console Voice VLAN Mode Set or show the Voice VLAN configuration MSTP feature must be disabled before enabling Voice VLAN voice vlan mode enable disable Parameters enable Enable Voice VLAN mode disable Disable Voice VLAN mode default Show flow Voice VLAN mode Default Setting Disabled Example Enable the Voice VLAN mode SWITCH gt voice vlan mode enable Console Voice VLAN ID Set or show Voice VLAN ID lt vid gt VLAN ID 1 4095 Default Setting 1000 Example
153. e e Ethernet Type Only Ethernet Type frames can match this ACE e ARP Only ARP frames can match this ACE e Pv4 Only IPv4 frames can match this ACE Specify the action to take with a frame that hits this ACE Action e Permit The frame that hits this ACE is granted permission for the ACE operation e Deny The frame that hits this ACE is dropped Rate Limiter Specify the rate limiter in number of base units The allowed range is 1to 15 Disabled indicates that the rate limiter operation is disabled Frames that hit the ACE are copied to the port number specified here The allowed range is Port Copy the same as the switch port number range Disabled indicates that the port copy operation is disabled Specify the logging operation of the ACE The allowed values are Logging e Enabled Frames matching the ACE are stored in the System Log e Disabled Frames matching the ACE are not logged Please note that the System Log memory size and logging rate is limited Specify the port shut down operation of the ACE The allowed values are Shutdown e Enabled If a frame matches the ACE the ingress port will be disabled e Disabled Port shut down is disabled for the ACE The counter indicates the number of times the ACE was hit by a frame gt MAC Parameters Object Description Only displayed when the frame type is Ethernet Type or ARP Specify the source MAC filter for this ACE SMAC Filter e Any No SMAC filter is specified SMAC filter st
154. e guard static and dynamic entries security network ip source guard status lt port list gt lt port_list gt Port list or all default All ports Example Show IP source guard static and dynamic entries SWIUNCH security network ip source Guard status 4 11 12 ARP Inspection ARP Inspection is a secure feature This feature is used to block attacks launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches Only valid ARP requests and responses can go through DUT This page provides ARP Inspection related configuration ARP Inspection Configuration Stack Global Settings Mowe Dae Port Mode Configuration for Switch 1 Figure4 11 ARP Inspection Configuration for the stack and for a particular switch The page includes the following fields Object Mode of ARP Inspection Enable or Disable Global ARP Inspection Configuration Specify ARP Inspection is enabled on which ports Only when both Global Mode Port Mode Configuration and Port Mode on a given port are enabled ARP Inspection is enabled on this given port Console Security Network ARP Inspection Configuration Show ARP inspection configuration 197 User s Manual SW 24400 Syntax security network arp inspection configuration Example Show ARP inspection configuration SWITCH gt Security Network arp inspection configuration Console Security Network ARP Inspection Mode Description Set or s
155. e mapped to one MSTI An unused MSTI should be left empty l e not having any VLANs mapped to it Console STP CName Set or Show MSTP configuration name and revision stp cname lt config name gt lt integer gt Parameters lt config name gt MSTP Configuration name A text string up to 32 characters long Use quotes to embed spaces in name lt integer gt Integer value Default Setting Configuration name MAC address Configuration rev O Example Set MSTP configuration name and revision SWITCH gt stp cname 9f SW 24400 1 110 User s Manual SW 24400 Console STP MSTI Map Description Show or clear MSTP MSTI VLAN mapping configuration Syntax stp msti map lt msti gt clear Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 clear Clear VID to MSTI mapping Example Add MST1 priority value in 48 SWITCH gt 8tP msti priority 1 48 Console STP MSTI Add Add a VLAN to a MSTI stp msti add lt msti gt lt vid gt Parameters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt vid gt VLAN ID 1 4095 Example Add MST1 in vian1 SWITCH gt stp msti add 1 1 4 6 7 MSTI Ports Configuration The MSTI instance must be selected before displaying actual MSTI port configuration options This page contains MSTI port settings for physical and aggregated ports The aggregation settings are stack global MSTI Port Configuration Select MSTI
156. e options flag is set must not be able to match this entry e Yes Pv4 frames where the options flag is set must be able to match this entry 153 User s Manual SW 24400 4 e Any Any value is allowed don t care Specify the source IP filter for this ACE Any No source IP filter is specified Source IP filter is don t care Host Source IP filter is set to Host Specify the source IP address in the SIP Address SIP Filter field that appears Network Source IP filter is set to Network Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the source IP filter you can enter a specific SIP SIP Address address in dotted decimal notation When Network is selected for the source IP filter you can enter a specific SIP mask in SIP Mask dotted decimal notation Specify the destination IP filter for this ACE Any No destination IP filter is specified Destination IP filter is don t care Host Destination IP filter is set to Host Specify the destination IP address in the DIP DIP Filter Address field that appears Network Destination IP filter is set to Network Specify the destination IP address and destination IP mask in the DIP Address and DIP Mask fields that appear DIP Address When Host or Network is selected for the destination IP filter you can enter a specific DIP address in dotted decimal notation When Netwo
157. e power interface the SW 24400 PoE Switch can easily build a centrally controlled IP Camera system for the enterprise The SW 24400 has IEEE 802 3at mode and supplies max power up to 30 8 watts 225 ANINEXXUS Cortex Layer 2 PoE 1 5 SW 24400 System gt SNMP Port Management Link Aggregation gt VLAN gt Spanning Tree gt Multicast gt QoS Access Control List Authentication Security MAC Address Table LLDP Diagnostics w POE System Configuration Port Configuration Status Schedule LLDP PoE Neighbors Stack 4 15 1 Power Configuration for Switch 1 Power Over Ethernet Status User s Manual SW 24400 Ss 3 j INTERNATIONAL Current Power Consumption 3 8 360 VV Total Power Reserved 1 4 300 VV Temperature 1 44 C 111 F Temperature 2 47 C117 F The total value add from port 01 to 12 should not more than 190 watt The total value add from port 13 to 24 should not more than 190 watt There is 30W resvered for PoE chip set o PoE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled POE disabled PoE disabled PoE disabled PoE disabled PoE disabled PoE disabled PoE disabled PoE Search PoE ON PoE Search PoE Search PoE Search PoE Search Local Port PD Class Power Used W Current Used mA Port Status EI O 15 O 5 O ll O E O EN O BEN O 15 O ee OO ww
158. e used to assign the configuration of the failing switch to the new hardware 1 Remove the failing switch from the stack For example assume that the failing switch had Switch ID 3 2 Insert the new switch into the stack The new switch is assigned an unused Switch ID 3 To remove the automatic switch ID assignment choose Delete followed by Save The new switch is then shown with Switch ID set to 4 To assign the configuration of Switch ID 3 to the new hardware simply choose 3 in the Switch ID column and click Save 5 The new hardware has now taken over the configuration of the failing hardware gt General Switch ID Assignment Rules 236 User s Manual SW 24400 When assigning Switch IDs to the devices in the stack you must note the following 1 Switches with assigned IDs can be changed to use any other switch ID possibly by swapping Switch ID with another active switch When swapping two Switch IDs the devices will retain their own configuration except for the Switch ID Switches without an assigned Switch ID can only be assigned to any unused ID When assigning a Switch ID of an inactive switch to a new switch the new switch will inherit the former s configuration see Replacing a Switch above Deleting a switch will remove any configuration pertaining to it Deleting an active switch will leave it with an unassigned Switch ID until rebooted or manually assigning a Switch ID 4 16 1 2 Master Election
159. eceive rans mitte ia 1 a J 24 0 o 0 O Auto Refresh Dl The page includes the following fields The switch port number LACP Transmitted Shows how many LACP frames have been sent from each port LACP Received Shows how many LACP frames have been received at each port Shows how many unknown or illegal LACP frames have been discarded at each port 85 User s Manual SW 24400 Console LACP Statistics Description Show LACP Statistics Syntax lacp statistics lt port list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear LACP statistics Example Show LACP statistics of port1 4 SWITCH gt lacp statistics 1 4 Port Rx Frames Tx Frames Rx Unknown Rx Illegal 4 5 VLAN 4 5 1 VLAN Overview A Virtual Local Area Network VLAN is a network topology configured according to a logical scheme rather than the physical location VLAN can be used to combine any collection of LAN segments into an autonomous user group that appears as a single LAN VLAN also logically segment the network into different broadcast domains so that packets are forwarded only between ports within the VLAN Typically a VLAN corresponds to a particular subnet although not necessarily End nodes that frequently communicate with each other are assigned to the same VLAN regardless of where they are physically on the network Logically a VLAN can be equated to a broadcast domain because broadcast
160. eceived on a subscriber port are forwarded to the provider port with a double VLAN tag 262
161. ecific If you want to filter a specific IP protocol filter with this ACE choose this value A field for entering an IP protocol filter appears ICMP Select ICMP to filter IPv4 ICMP protocol frames Extra fields for defining ICMP parameters will appear UDP Select UDP to filter IPv4 UDP protocol frames Extra fields for defining UDP parameters will appear TCP Select TCP to filter IPv4 TCP protocol frames Extra fields for defining TCP parameters will appear When Specific is selected for the IP protocol value you can enter a specific value The allowed range is 0 to 255 A frame that hits this ACE matches this IP protocol value Specify the Time to Live settings for this ACE zero lPv4 frames with a Time to Live field greater than zero must not be able to match this entry non zero Pv4 frames with a Time to Live field greater than zero must be able to match this entry Any Any value is allowed don t care Specify the fragment offset settings for this ACE This involves the settings for the More Fragments MF bit and the Fragment Offset FRAG OFFSET field for an IPv4 frame No IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must not be able to match this entry Yes IPv4 frames where the MF bit is set or the FRAG OFFSET field is greater than zero must be able to match this entry Any Any value is allowed don t care Specify the options flag setting for this ACE e No IPv4 frames where th
162. ed The number of lease active option 53 with value 13 packets received and Rx and Tx Lease ctive transmitted Buttons llar Clear Clears the counters for the selected port Console Security Network DHCP Snooping Statistics Description Show or clear dhcp snooping statistics Syntax security network dhcp snooping statistics lt port list gt clear Parameters lt port_list gt Port list or all default All ports clear Clear DHCP snooping statistics Example Show DHCP snooping statistics of port 1 SWITCH gt security network dhcp snooping statistics 1 Port 1 STAaATLSTLCES3 193 User s Manual SW 24400 Discover Offer GC UNS ENE amp Decline ACK NAK Release Tato Lease Querys Lease Unassigned Lease Unknown Lease Active Dasecover Offer Regios Decime ACK NAK Release Inform Lease Querys Lease Unassigned Lease Unknown Lease Active ao oC oo O O oe Sor S ao ego QQ O OD 4 11 10 IP Source Guard Configuration IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings preventing IP spoofing attacks This page provides IP Source Guard related configuration IP Source Guard Configuration Stack Global Settings Port Mode Max Dynamic Clients 1 Disable Y Untmia 2 Disable irni z 2
163. ed 4 8 2 1 QoS Control Entry Configuration To add a new QCE configure a new QoS Control Entry QCE Configuration OCE Type Ethernet Type Value Traffic Class The page includes the following fields Select the available type for the specific QCE Ethernet Type Matches the received frame s EtherType against the QCE Key VLAN ID Matches the frame s VID against the QCE Key TCP UDP Port Matches the destination port and the source port against the QCE Key QCE Type DSCP Matches the received IPv4 IPv6 DSCP value 6 bits against the two DSCP values in the QCE Key ToS Uses the precedence part of the IPv4 IPv6 ToS 3 bits as an index to the eight QoS Class values in the QCE Key Tag Priority Uses the User Priority value 3 bits as an index to the eight QoS Class values in the QCE Key Configure the values according to the QCE type you select Ethernet Type The allowed values for this type range from 0x600 1536 to OxFFFF 65535 VLAN ID The allowed values for this type range from 1 to 4095 TCP UDP Port Range Specify whether there is a range or a specific port number The port range allowed is from 0 to 65535 DSCP The allowed range is 0 to 63 ToS or Tag Priority do not have type value settings Select a traffic class of Low Normal Medium or High to apply to the QCE Traffic Class If the QCE type is ToS or Tag Priority there are 8 rows of traffic class that can be configured for each priority
164. ed or a specific port number Indicates the logging operation of the ACE Possible values are Loading e Enabled Frames matching the ACE are stored in the System Log e Disabled Frames matching the ACE are not logged e Please note that the System Log memory size and logging rate is limited Indicates the port shut down operation of the ACE Possible values are Shutdown e Enabled If a frame matches the ACE the ingress port will be disabled e Disabled Port shut down is disabled for the ACE The counter indicates the number of times the ACE was hit by a frame You can modify each ACE Access Control Entry in the table using the following buttons e O Inserts a new ACE before the current row Edits the ACE row Moves the ACE up the list Moves the ACE down the list Deletes the ACE O The lowest plus sign adds a new entry at the bottom of the ACE listings Modification Buttons Buttons Auto refresh Check this box to refresh the page automatically Automatic refresh occurs at regular intervals _Remowe All Click to remove all ACEs Console Security Network ACL Configuration Show ACL Configuration security network acl configuration lt port list gt lt port_list gt Port list or all default All ports Example Show ACL Configuration SWITCA gt securitey Network acl configuration ACL Configuration Port Policy Rate Limiter Port Copy Logging Shutdown Disabled Disabled Dis
165. ed RADIUS Assigned Guest 1 Force Authorized v Globally Disabled 2 Fore Authorized vw Globally Disabled 23 Force Authorzad v Globally Disabled 24 Force Authorized Y Globally Disabled The page includes the following fields gt System Configuration Mode Indicates if NAS is globally enabled or disabled on the switch If globally disabled all ports are allowed forwarding of frames If checked successfully authenticated supplicants clients are re authenticated a Enaniga after the interval specified by the Re authentication Period Determines the period in seconds after which a connected client must be Reauthentication Period reauthenticated This is only active if the Reauthentication Enabled checkbox is checked Valid values are in the range 7 to 3600 seconds Determines the time between retransmission of Request Identity EAPOL frames EAPOL Timeout Valid values are in the range 71 to 255 seconds This has no effect for MAC based ports This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses Age Period e Single 802 1X e Multi 802 1X e MAC Based Auth This setting applies to the following modes i e modes using the Port Security functionality to secure MAC addresses e Single 802 1X LS Multi 802 1X e MAC Based Auth The Hold Time can be set to a number between 10 and 1000000 seconds ees When checked the individual ports ditto setting determines whe
166. ed limited limited limited limited limited Y Y YU0o Ub Y Yo UY Ya E da yv ev y Y y isabled unlimited LP Source Guard Entry Tables PORE IP Address VLAN IP Mask Console Security Network IP Source Guard Mode Description Set or show IP source guard mode Syntax security network ip source guard mode enable disable Parameters enable Enable IP Source Guard disable Disable IP Source Guard Default Setting Example Enable IP source guard mode SWITCH gt security network ip source guard mode enable Console Security Network IP Source Guard Limit Set or show the IP Source Guard port limitation for dynamic entries Syntax security network ip source guard limit lt port_list gt ae lt dynamic entry limit gt unlimited lt port_list gt Port list or all default All ports lt dynamic_entry_limit gt unlimited dynamic entry limit 0 2 or unlimited Example Set IP source guard limit SWITCH security network ip source Guard 1 1 195 User s Manual SW 24400 Console Security Network IP Source Guard Port Mode Set or show the IP Source Guard port mode Syntax security network ip source guard port mode lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable IP Source Guard port disable Disable IP Source Guard port default Show IP Source Guard port mode Default Setting Example Enable I
167. ed by the page header Port Isolation Configuration for Switch 1 2 3 Promiscnous w The page includes the following fields 98 User s Manual SW 24400 Port The switch interface Displays private VLAN port types e Isolated A single stand alone VLAN that contains one promiscuous port and PVLAN Port Type one or more isolated or host ports This VLAN conveys traffic between the isolated ports and a lone promiscuous port Promiscuous A promiscuous port can communicate with all the interfaces within a private VLAN This is the default setting Console PVLAN Isolate Syntax Parameters lt port_list gt Port list or all default All ports enable Enable port isolation disable Disable port isolation default Show port isolation port list Default Setting Example Enable isolate for port10 SWITCH gt pvlan isolate 10 enable 4 6 Spanning Tree Protocol 4 6 1 Theory The Spanning Tree protocol can be used to detect and disable network loops and to provide backup links between switches bridges or routers This allows the switch to interact with other bridging devices in your network to ensure that only one route exists between any two stations on the network and provide backup links which automatically take over when a primary link goes down The spanning tree algorithms supported by this switch include these versions gt STP Spanning Tree Protocol IEEE 802 1D Provides a single path between
168. edium Queue This is the medium priority queue of the 4 QoS queues High Queue This is the highest priority queue of the 4 QoS queues Receive Transmit The number of received and transmitted packets per port 4 8 7 DSCP Remarking Configure the DSCP remarking related settings for each port The classification can be controlled by Port QoS configuration page The DSCP value of incoming frames will be changed according to its mapping queue once this packet is transmitted by the egress port 140 User s Manual SW 24400 DSCP Remarking Configuration for Switch 1 i DSCP Queue Mapping DSCP Remarking Mode 2 J The page includes the following fields The logical port for the settings contained in the same row If the QoS remarking mode is set to enabled it should be with this DSCP DSGP Remarking Mode remarking correction function according to RFC2474 on this port Configure the mapping table between the queue and its DSCP value that is used for DSCP remarking if the DSCP value of incoming packets is not specified in RCF2474 e Best Effort DSCP 0 CS1 DSCP 8 DSCP Queue Mapping CS7 DSCP 56 Expedite Forward DSCP 46 Console QoS DSCP Remarking Syntax Parameters lt port_list gt Port list or all default All ports enable Enable QoS Remarking disable Disable QoS Remarking Default Setting Disabled Example Enable the status of QoS DSCP Remarking for port 1 4 SWITCH gt qos dscp
169. ee tie cit 237 4 16 14 Shornest Path POrwar ding smeni dci 238 416 2 Stack ONU O ssr aaa 239 4 TES Stake IOMA Otto O E E E S 241 4 164 Stack Port State DIM esata tele Mel e il cel ad a 242 5 ADDITIONAL CONSOLE COMMANDS snnannnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nnmnnn nnne 244 6 TROUBLESHOOTIN Gusucoarnancncaarcncadaniaindaa dde 245 APPENDIX A SWITCH FEATURE OPERATION ccccecccseeeeeeseeeeseeeeseeeeseeeeseeenseseeneneees 246 AN Address Table and Leamihg caian id 246 A2 loe AAA a 246 AS SIOFE and FOMRW al G ninia is 246 User s Manual SW 24400 Psd AUTO NCQOU MON tia 247 APPENDIX B POWER OVER ETHERNET OVERVIEW ccccesccssccneeeneeeneceneenseeneeens 248 B 1 POE INTOdUCUON ii A A ete detains vane ated a a 248 B 2 PoE System Arecnitecture arias ita erties 248 B 2 1 Power Transference through a CAT5 Ethernet Cable ccccccoconcnncccconnoncnononcnnnncnonnnnnnononnnnnnononnnnnnnnannnnnnnnnnnons 248 D 3 POE PrOVISIONINO POCOS id 249 Bl LS DECI A RAS 249 A yace A Miadeanipece cedyiessacpnces 250 A O de edocs gcc In cee 250 BoA Opera o a lt e a dd Me a a a Adve Mice iudlces 250 Bo s POWER OVENOAGS iii Aita 250 APPENDEX C ETHERNET STANDARDS wisscecesecevecstecevaccsacscecesccavecesacevacesacavecatecavecevecetscenns 251 CA SWitel s RJ 49 Pin ASSIGHINGING ciri iaaa aE a 251 6 2 10 100MbpS 10 100Base ccoo 251 APPENDEX D GLOSSARY curas 253 User s Manual
170. el of the system log e Warning Warning level of the system log e Error Error level of the system log e All All levels The time of the system log entry The message of the system log entry Buttons Hide Hide the statistics Download Download the statistics kx Updates the system log entries starting from the first available entry ID lt lt Updates the system log entries ending at the last entry currently displayed 46 User s Manual SW 24400 oe gt Updates the system log entries starting from the last entry currently displayed e Updates the system log entries ending at the last available entry ID 4 1 12 Detailed Log The switch system detailed log information is provided Detailed System Log Information for Switch 1 Dil Message Figure 4 2 Detailed Log page for a switch in a stack The page includes the following fields ID The ID gt 1 of the system log entry The message of the system log entry Buttons Refresh Click to refresh the page any changes made locally will be undone kx Updates the system log entries starting from the first available entry ID ES Updates the system log entries ending at the last entry currently displayed gt gt Updates the system log entries starting from the last entry currently displayed TI Updates the system log entries ending at the last available entry ID 47 4 1 13 Remote Syslog Configure re
171. elow applies Authentication Method can be set to one of the following values e None authentication is disabled and login is not possible Authentication Method local use the local user database on the switch stack for authentication e radius use a remote RADIUS server for authentication e tacacs use a remote TACACS server for authentication Enable fallback to local authentication by checking this box If none of the Fallback configured authentication servers are alive the local user database is used for authentication This is only possible if the Authentication Method is set to something else than none or local 158 User s Manual SW 24400 Console Security Switch Auth Configuration Show Authentication configuration Default Setting Authentication Method local Fallback disable Example Show authentication configuration SWITCH gt security switch auth configuration Auch Coni Cura tony Local Authentication Fallback console Disabled telnet Disabled ssh Disabled web Disabled Console Security Switch Auth Method Syntax security switch auth method console telnet ssh web none local radius tacacs enable disable Parameters console Settings for console telnet Settings for telnet ssh Settings for ssh web Settings for web none Authentication disabled local Use local authentication radius Use remote RADIUS authentication tacacs Use remote TACACS authentication default
172. em time is obtained through the configured SNTP Server if any System Uptime The period of time the device has been operational Switch ID The switch ID Software Version The software version of the switch Console System Log Show or clear the system log system log lt log id gt all info warning error clear Parameters lt log_id gt System log ID or range default All entries all Show all levels default info Show information warning Show warnings error Show errors clear Clear log Example System Date To show system log Switch gt system log Number of entries Info 2 Warnings 0 Birro 2 0 All 2 Level Time Message Switch Just made a cole Door e ino 1970 01 01 Thu 00 00 04 0000 Link up on porr 10 Console System Prompt Set the CLI prompt string lt prompt gt CLI prompt string Example To change CLI title Switch gt system prompt SW 24400 Console System Configuration Show system configuration system configuration all lt port_list gt Parameters all Show all switch configuration default Show system configuration lt port_list gt Port list or all default All ports Example Display system information 32 User s Manual SW 24400 SWITCH gt System configuration Day See CONTACT System Name SW 24400P System Location Timezone Offset 0 Chae Se ROMET 3 SWLTCOH MAC Address SOO SO 6 257 00 EOwertsitaias AC Powen Temperat
173. ement stack redundancy use the long stack cable SW HD200 to connect the stack port marked STX1 Cascade Down on the bottom switch to the port marked STX2 Cascade Up on the top switch of the stack The stack port is for management and data packets to be transmitted between other SW stackable switches the stack ports can t be configured with Layer 2 features via the management interface Note 4 Power up the stack switches 2 3 2 Management Stacking The stack operation of the SW Managed Switch supports Plug and Play Stacking connections and auto stack configuration 1 Once the stack is operational the Stack Master is automatically elected The Stack master is indicated by a lit green Master LED on the front panel as shown below Master LED 2 When an SW Switch is added to the stack a Switch ID is automatically assigned to the switch The automatic SID assignment can be modified by choosing a different Switch ID on the Stack Configuration page This method allows Switch IDs to be assigned so that it is easier for the user to remember the ID of each switch 3 Connect the RS 232 serial cable to the console port on the front of the Stack Master then join the SW Switch to start switch management The stack switch with lowest priority ID or MAC Address number will become Master Only the Master switch s management interface console telnet web and SNMP is accessible Note A stack of up t
174. end stations avoiding and eliminating loops gt RSTP Rapid Spanning Tree Protocol IEEE 802 1w Detects and uses of network topologies that provide faster spanning tree convergence without creating forwarding loops gt MSTP Multiple Spanning Tree Protocol IEEE 802 1s Defines an extension to RSTP to further develop the usefulness of virtual LANs VLANs This Per VLAN Multiple Spanning Tree Protocol configures a separate Spanning Tree for each VLAN group and blocks all but one of the possible alternate paths within each Spanning Tree 2 STP Parameters STP Operation Levels User s Manual SW 24400 lt is advisable to keep the default settings unless changes are absolutely necessary The user changeable parameters in the Switch are as follows The Switch allows for two levels of operation the switch level and the port level The switch level forms a spanning tree consisting of links between one or more switches The port level constructs a spanning tree consisting of groups of one or more ports The STP operates in much the same way for both levels Bridge and t On the port On the switch level STP calculates the Bridge Identifier for each switch and then sets the Root he Designated Bridges evel STP sets the Root Port and the Designated Ports The following are the user configurable STP parameters for the switch level Parameter Bridge Identifier Not user configurable except by setting priorit
175. entering a VLAN ID number appears priority is don t care Specify the tag priority for this ACE A frame that hits this ACE matches this tag priority The Tag Priority allowed number range is O to 7 The value Any means that no tag priority is specified tag gt ARP Parameters The ARP parameters can be configured when Frame Type ARP is selected ARP RARP Request Reply Sender IP Filter Sender IP Address Sender IP Mask Target IP Filter Target IP Address Target IP Mask Specify the available ARP RARP opcode OP flag for this ACE e Any No ARP RARP OP flag is specified OP is don t care e ARP Frame must have ARP RARP opcode set to ARP e RARP Frame must have ARP RARP opcode set to RARP e Other Frame has unknown ARP RARP Opcode flag Specify the available ARP RARP opcode OP flag for this ACE e Any No ARP RARP OP flag is specified OP is don t care e Request Frame must have ARP Request or RARP Request OP flag set e Reply Frame must have ARP Reply or RARP Reply OP flag Specify the sender IP filter for this ACE Any No sender IP filter is specified Sender IP filter is don t care Host Sender IP filter is set to Host Specify the sender IP address in the SIP Address field that appears Network Sender IP filter is set to Network Specify the sender IP address and sender IP mask in the SIP Address and SIP Mask fields that appear When Host or Network is selected for the sender IP
176. ers from 33 to 126 may be used The field is only applicable to SNMPv1 and SNMPv2c SNMPv3 uses USM for authentication and privacy The community string is associated with the SNMPv3 communities table The string must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed Change of the Engine ID will clear all original local users 94 User s Manual SW 24400 Console Security Switch SNMP Configuration Show SNMP configuration SEOCUELEY Switch snmp Cont rgurat ion Example Show SNMP configuration SWITCH gt Securicty swirrem snmp Configuration SNMP COnfiguratcLlons SNMP Mode Enabled SNMP Version AS Read Community 2 public Write Community private Trap Mode Disabled Trap Version zal Trap Community 3 publice Trap Destination Trap IPv6 Destination Ri Trap Authentication Failure Enabled Trap hank bis and han hole wil Enabled Trap Inform Mode Enabled Trap Inform Timeout seconds 3 1 Trap Inform Retry Times aS Trap Probe Security Engine ID Enabled Trap Security Engine LD Trap Security Name None SNMPv3 Engine ID 800007e5017f000001 SNMPv3 Communities Table TA Community Source IP Source Mask al pull 0 0 0 0 OROMOO 2 private OROROORO 0 0 00 Number of entries 2 SNMPv3 Users Table Idx Engine ID User Name Level Auth Priy 1 Local dStaw hea user NoAuth NoPriv None None Number of entries 1 SNMPv3 Groups Table
177. es e Voice e Voice Signalling e Guest Voice a separate limited voice service for guest users and visitors e Guest Voice Signalling conditional for use in network topologies that require a different policy for the guest voice signalling than for the guest voice media Softphone Voice for use by softphone applications Streaming Video Signalling conditional for use in network topologies that require a separate policy for the video signalling than for the video media Tag indicating whether the specified application type is using a tagged or an untagged VLAN VLAN ID LAN identifier VID for the port L2 Priority is the Layer 2 priority to be used for the specified application type L2 Priority L2 Priority may specify one of eight priority levels 0 through 7 A value of O represents use of the default priority DSCP value to be used to provide Diffserv node behaviour for the specified application DSCP type DSCP may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default value gt Port Policies Configuration Application Type Every port may advertise a unique set of network policies or different attributes for the same network policies based on the authenticated user identity or port configuration The port number for which the configuration applies Policy ID The set of policies that shall apply for a given port The set of policies is selected by check y marking
178. es It is part of the Transmission Control Protocol Internet Protocol TCP IP protocol suite SNMP enables network administrators to manage network performance find and solve network problems and plan for network growth Use the SNMP Menu to display or configure the Managed Switch s SNMP function The webpage has the following items 53 User s Manual SW 24400 System Configuration Configure SNMP on this page System Information The system information is provided here Trap Configuration Configure SNMP trap on this page SNMPv3 Communities Configure SNMPv3 communities table on this page SNMPv3 Users Configure SNMPv3 users table on this page SNMPv3 Groups Configure SNMPv3 groups table on this page SNMPv3 Views Configure SNMPv3 views table on this page SNMPv3 Accesses Configure SNMPv3 accesses table on this page 4 2 2 SNMP System Configuration Configure SNMP SNMP System Configuration Mode SNMP ve v The page includes the following fields Indicates the SNMP mode operation Possible modes are Mode e Enabled e Disabled Indicates the SNMP supported version Possible versions are Version oe e SNMP v2c e SNMP v3 Read Community Indicates the community read access string to permit access to SNMP agent Write Community Indicates the community write access string to permit access to SNMP agent Engine ID Indicates the SNMPv3 engine ID The allowed string length is 0 to 255 and ASCII charact
179. ew of Ethernet and RMON port statistics Port Statistics Detail Lists Ethernet and RMON port statistics in a greater detail SFP Module Information Display SFP information Port Mirror Sets the source and target ports for mirroring 4 3 1 Port Configuration Configure or display the current port configuration The port settings relate to the currently selected stack unit The table has one row for each port on the selected switch in the stack and a number of columns Port Configuration for Switch 1 Port Description Link Maximum Frame Excessive Collision Mode Power Control s x x O 9600 Enable O O O a 21 Down Auto v x x al 9600 Discard vw able Y 22 Down Auto v x x O 9600 Discard v Enable v 23 Do 1Gfdx Auto Y x x O 9600 Discard v Enable J 24 O Down Auto Y x x O 9600 Discard Enable z The logical port number for this row Indicates the per port description The current link state is displayed graphically Green indicates the link is up and red that it is down 69 User s Manual SW 24400 Current Link Speed Provides the current link speed of the port Select any available link speed for the given switch port Draw the menu bar to select the mode Auto Speed Setup Auto negotiation 10 Half Force sets 10Mbps Half Duplex mode Configured Link S
180. f SERVICE aaa A A tune uae Rad duel A 126 AB Ar OCLs GOntguration Wizard a A 126 4 01 Se Up F OCV RUSS lio Die iO Ali tae esate mee 127 4 8 1 2 NetWork Application AUS a a e ei a di DU 128 4 8 1 3 TOS Precedence Mapping siciliana se onbceccahedadedasudeuabeiadaevadoutess 130 4 3 1 4 Se Up VEAN Tag PHONY Wap DIAG cece tai titi 131 4 82 QoS Control List COMMUTATION ii A det dns A A Mente ae a bi 132 A 8 2 1 05 Control Entry COnIgUr lOs ssni tot 134 ABD POKOS E ONU dl dos 135 A SA BINGWA CONTO les td rd dolida ide olde codi 137 User s Manual SW 24400 A385 Soni COMUO Configura init eapontastine 138 SOS OLAS CS ios Oda 140 48 DS Oe eal er 0k 11 410 das 140 4 29 90 VOICE VAN SON AQUIAIO NI eases ee 142 4 89 Voice VLAN QUE Tal O e di ed cunts on ad 144 A O ACCESS CONTOLLISIS ias iaa 146 AoT Access COMPO MIST Status sokini a iS R 146 4 9 2 Access Control List COnfiQuration cccccccccccccceessseeceeeecseeeseeeeeeseeueaseeeeeesseaeaaeeeeesseseeaaeeeeessssuaaaeseeeesssaaaaaess 147 49 ACEC OMMOURAUOM seise a ten ls nad 150 A DAAC POMS CONAM ds o ad le ad o coral e dd 155 49 5 ACL Rate LE Siete ict aceace ect Raise Rade Ra ee cee 157 410 AUINGMTICATION amaia A A 158 4 10 1 Authentication DA nace arena deaueeare cote ci eee nee 158 4 10 2 Network Access Server Configuration cccccccccccccccccceessssseeeeeceeeeeeeeeceeeeuaaeaususeeeceeeeeeeeeeeeeesaauaassseeeseeeenesesees 159 4 10 3 Network ACCESS OVEIVICW
181. fault Show UPnP TTL Default Setting 4 Example Set the value 10 for TTL value of the IP header in SSDP messages SWITCH gt upnp ttl 10 Console UPnP Advertising Duration Set or show UPnP Advertising Duration lt duration gt duration range 100 86400 default Show UPnP duration range Default Setting Example Set value 1000 for UPnP Advertising Duration SWITCH gt ulpnp advertising curacion 1000 4 1 8 DHCP Relay Configure DHCP Relay DHCP Relay is used to forward and to transfer DHCP messages between the clients and the server when they are not on the same subnet domain User s Manual SW 24400 The DHCP option 82 enables a DHCP relay agent to insert specific information into a DHCP request packets when forwarding client DHCP packets to a DHCP server and remove the specific information from a DHCP reply packets when forwarding server DHCP packets to a DHCP client The DHCP server can use this information to implement IP address or other assignment policies Specifically the option works by setting two sub options e Circuit ID option 1 eo Remote ID option2 The Circuit ID sub option includes information specific to which circuit the request came in on The Remote ID sub option carries information relating to the remote host end of the circuit The definition of a Circuit ID in the switch is 4 bytes in length and the format is vlan_id module_id port_no The parameter vlan_id is the first tw
182. fied to the VLAN ID in the tag e f VLAN awareness is disabled all frames are classified to the Port VLAN ID and tags are not removed Show the ingress filtering for a port This parameter affects VLAN ingress processing If Ingress Filtering ingress filtering is enabled and the ingress port is not a member of the classified VLAN of the frame the frame is discarded Shows whether the port accepts all frames or only tagged frames This parameter affects Frame Type VLAN ingress processing If the port only accepts tagged frames untagged frames received on that port are discarded Shows egress filtering frame status whether tagged or untagged UVID Shows UVID untagged VLAN ID A port s UVID determines the packet s behaviour at the egress side This field displays whether or not a conflict exists The following conflicts are possible Conflicts Functional Conflicts between features e Conflicts due to hardware limitations e Direct conflicts between user modules A VLAN User is a module that uses services of the VLAN management functions to configure VLAN User VLAN memberships and VLAN port configuration such as PVID UVID See the VLAN Overview section for more details on the options Buttons Stic M Select VLAN Users from this drop down list Console VLAN Status VLAN Port Configuration Status Syntax vlan status lt port_list gt combined static nas mvr voice vlan mstp all conflicts Parameters lt port_l
183. figuration In multicast VLAN networks subscribers to a multicast group can exist in more than one VLAN Multicast VLAN Registration MVR is a protocol for Layer 2 IP networks that enables multicast traffic from a source VLAN to be shared with subscriber VLANSs Multicast VLAN Registration MVR routes packets received in a multicast source VLAN to one or more receive VLANs Clients are in the receive VLANs and the multicast server is in the source VLAN MVR saves bandwidth by preventing duplicate multicast streams being sent in the core network Instead the stream s are received 122 User s Manual SW 24400 on the MVR VLAN and forwarded to the VLANs where hosts have requested it them This page provides global MVR related configuration MVR Configuration Stack Global Settings VLAN ID Port Configuration for Switch 1 Port Mode Type Immediate Leave The page includes the following fields Console MVR Configuration Show the MVR configuration Example Show the MVR configuration SWITCH gt mvr configuration MYR Configurations MVR Mode Disabled MILE eee VLAN 1D 100 Port Mode Port Type Immediate Leave Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled Disabled Receive Disabled 1 2 2 4 5 6 7 8 9 123 a z ay a a gt
184. figuration Configure the current LLDP port settings LLDP Configuration LLDP Parameters Port Mode CDP aware Port Description System Name System Description System Capabilities Management Address The page includes the following fields gt LLDP Parameters ate The interval between each LLDP frame is determined by the Tx Interval value Valid values are Tx Interval restricted to 5 32768 seconds Default 30 seconds Each LLDP frame contains information about how long the information is valid The LLDP Tx Hold information valid period is set to Tx Hold multiplied by Tx Interval seconds Valid values are restricted to 2 10 times If some configuration is changed e g the IP address a new LLDP frame is transmitted but the Tx Dela time between the LLDP frames will always be at least the value of Tx Delay seconds Tx Delay y cannot be larger than 1 4 of the Tx Interval value Valid values are restricted to 1 8192 seconds 208 User s Manual SW 24400 When a port is disabled LLDP is disabled or the switch is rebooted a LLDP shutdown frame is transmitted to the neighbouring units signalling that the LLDP information isn t valid anymore Tx TA Re Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization Valid values are restricted to 1 10 seconds gt LLDP Port Configuration The LLDP port settings relate to the currently selected stack unit The switch
185. from the stack 4 16 1 4 Shortest Path Forwarding The SW Switch supports shortest path forwarding technology to optimal data flow across the stack The advantage of shortest path forwarding as below Automatic Loop Prevention Using Time To Live TTL information in the stack header SW Switch 1 Load per stack link L T SW Switch 2 SW Switch 3 Figure4 17 Path forwarding e Utilize all stack links in the ring 238 User s Manual SW 24400 4 16 2 Stack Configuration Configuration settings include assign Switch ID master priority and display the current stack member information Stack Configuration Master Delete Stack Member Sw Master Description Switch Type itch ID 00 30 4 24 04 0a Yes SGSW 24040R PLANET SGSWe24040R Managed Switch O 00 30 4 76 27 10 Yes SGSW 24040P PLANET SGSW 24040P Managed Switch Ol Start Master Election The page includes the following fields The Switch ID 1 16 assigned to a switch Indicates whether a switch is capable of being master An unmanaged switch for Maier ABADIE example will not be Master Capable The priority that the switch has in the master election process The smaller the Master Priority priority the more likely the switch will become master during the master election process Switch Type The product name of the switch By checking this option the Save operation will also start the master election process This is done by clicking St
186. g unaware device the packet should be untagged If the transmitting port is connected to a tag aware device the packet should be tagged VLAN tagged frames can pass through VLAN aware or VLAN unaware network interconnection devices but the VLAN tags should be stripped off before passing it on to any end node host that does not support VLAN tagging gt Untagged VLANs Untagged or static VLANs are typically used to reduce broadcast traffic and to increase security A group of network users assigned to a VLAN form a broadcast domain that is separate from other VLANs configured on the switch Packets are forwarded only between ports that are designated for the same VLAN Untagged VLANs can be used to manually isolate user groups or subnets 4 5 3 VLAN Basic Information Display basic information on the VLAN type supported by the Managed Switch VLAN Basic Information YLAN Basic Information Mode IEEE 8027 10 Maximum VLAN ID Maximum Number of Supported VLANs Current Number of VLANs VLAN Learning Configurable P ID Tagging The page includes the following fields Display the current VLAN mode used by this Managed Switch Maximum VLAN ID Maximum VLAN ID recognized by this Managed Switch Maximum Number of Supported VLANs Maximum number of VLANs that can be configured on this Managed Switch Current number of VLANs Display the current number of VLANs Display the VLAN learning mode The Managed Switch supports IVL IVL
187. ge is 0 to 65535 A frame that hits this ACE matches this TCP UDP source or destination value When Range is selected for a TCP UDP filter you can enter a specific TCP UDP range value The allowed range is 0 to 65535 A frame that hits this ACE matches this TCP UDP source or destination value t Specify the TCP value for this ACE e 0 TCP frames where this field is set must not be able to match this entry e 1 TCP frames where this field is set must be able to match this entry e Any Any value is allowed don t care gt Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected foie ooo Specify the Ethernet type filter for this ACE e Any No EtherType filter is specified EtherType filter status is don t care e Specific If you want to filter a specific EtherType filter with this ACE you can enter a specific EtherType value A field for entering a EtherType value appears EtherType Filter When Specific is selected for the EtherType filter you can enter a specific Ethernet Type Value EtherType value The allowed range is 0x600 to OxFFFF A frame that hits this ACE matches this EtherType value Buttons Cancel Return to the previous page 4 9 4 ACL Ports Configuration Configure the ACL parameters ACE of each switch port These parameters will affect frames received on a port unless the frame matches a specific ACE The settings relate
188. group and you can add ports and functionality as needed You can add switches as needed to support more network clients knowing that your switching fabric will scale to meet increasing traffic demands Two types of stack topologies are supported by the SW 24400 Chain topology same as a disconnected ring e Ring topology Refer to the Stack section for more details on stack topologies 2 3 1 Connecting Stacking cables Before attempting to connect stacking ports verify that you have the required stack cables The following cables are used to connect stacked switches gt SW HD50 50cm Short stack cable used to connect adjacent SW switches gt SW HD200 e 200cm Long Redundant stack cable used to connect the top and bottom SW switches of a stack There are two high performance HDMI like Stack ports on the rear panel for a proprietary management stack Only 13 International SW HD50 and SW HD200 cross over HDMI cables can be used The following are instructions for stacking using these cables 1 Plug one end of the cable in the STX1 Cascade Down port and the other end to the STX2 Cascade UP port of next device 2 Repeat the step for every device in the stack cluster tf SIX1 SIX24 S y NS Y on jsi EN an WIJ Figure2 5 A stacking connection O rove 100 240v AC IN al id Pl 4 SIX1 19 User s Manual SW 24400 3 To impl
189. hat have been transmitted by the switch The number of valid EAPOL dotixAuthEapolRegFrame Request frames other than sTx Request Identity frames that have been transmitted by the switch Rx Invalid Type Rx Invalid Length dotixAuthEapolRegldFra Request ID a oe Requests x lt x lt x lt These backend RADIUS frame counters are available for the following administrative states e Port based 802 1X Single 802 1X Multi 802 1X MAC based Auth 802 1X based Counts the number of times that the switch receives the first request from the backend server following the first response from the supplicant Indicates that the backend server has communication with the switch MAC based Counts all Access Challenges received from the backend server for this port left most table or client right most table 802 1 X based Counts the number of times that lis the switch sends an EAP Request ackend Server i i Counters Other Request dot1xAuthBackendOtherR ede gt equests ToSupplicant backend server chose an EAP method MAC based Not applicable Access Challe dotixAuthBackendAccess Challenges 802 1X and MAC based Counts the number of times that the switch receives a success indication Indicates that the supplicant client has successfully authenticated to the backend server 802 1X and MAC based Counts the number of times that the switch receives a failure Auth Failures a o message This indi
190. he entry index key are lt view_name gt and lt oid_subtree gt Syntax security switch snmp view add lt view name gt included excluded Smee A A Parameters lt view_name gt A string identifying the view name that this entry should belong to included An optional flag to indicate that this view subtree should included excluded An optional flag to indicate that this view subtree should excluded lt 0id_subtree gt The OID defining the root of the subtree to add to the named view Example Add SNMPv3 view entry SWITCH gt security switch snmp view add snmpv3 view include 1 Console Security Switch SNMP View Delete Delete SNMPv3 view entry security switch snmp view delete lt index gt lt index gt entry index 1 64 Example Delete SNMPv3 view entry SWITCH gt security switch snmp view delete 3 Console Security Switch SNMP View Lookup Lookup SNMPv3 view entry 68 User s Manual SW 24400 Syntax security switch snmp view lookup lt index gt lt index gt entry index 1 64 Example Lookup SNMPv3 view entry SWITCH gt security switch snmp view lookup Idx View Name View Type OID Subtree de raul view leal Z snmpv3_viwe ine leprae Number of entries 4 3 Port Management Use the Port menu to display or configure the Managed Switch s ports This section has the following items Port Configuration Configures port connection settings Port Statistics Overview Lists a basic overvi
191. hing except VeriPHY Diagnostics ping and VeriPHY Maintenance CLI System Reboot System Restore Default System Password Configuration Save Configuration Load and Firmware Load Web Users Privilege Levels and everything in Maintenance Debug Only present in CLI Every privilege level group has an authorization level for the following sub groups configuration read only Privilege Level configuration execute read write status statistics read only status statistics read write e g for clearing of statistics Console Security Switch Privilege Level Configuration Show privilege configuration security switch privilege level configuration Example Show privilege level SWITCH gt security switch privilege level configuration Privilege Level Configuration Privilege Current Level Group Name Privilege Level CRO CRW SRO SRW Aggregation Debug DONOS IGMP Snooping LLDP MED MAC Table MVR Maintenance MLELOLLNG Lo Luis cuba Korais Private VLANS QoS SNMP Security Spanning Tree System UPnP VLANs Voice VLAN Cu G Gal Gi Ci Gi Gi Ga Gi Gi Gi Gi Gi GI Gi Gi Gi GI Gi GI GI GI Y Cy Ey Ga 2 61 Gi Eu Eu Gi f Gi Gi Gi GI GI GI GI GI Gi GI GI Gu Y 38 User s Manual SW 24400 4 1 6 NTP Configuration Configure NTP NTP Configuration Dw E GMT 0 Casablanca Monrovia Dublin Edinburgh Lisbon London w pool ntporg Server Server Servers The page includes the following
192. how ARP inspection mode Syntax security network arp inspection mode enable disable Parameters enable Enable ARP Inspection disable Disable ARP Inspection Default Setting Example Enable ARP inspection mode SWITCH gt security network arp inspection mode enable Console Security Network ARP Inspection Port Mode Set or show the ARP Inspection port mode security network arp inspection port mode lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable ARP Inspection port disable Disable ARP Inspection port default Show ARP Inspection port mode Default Setting Example Enable the ARP inspection mode of port 1 SWITCH gt security network arp inspection port mode 1 4 11 13 ARP Inspection Static Table This page provides Static ARP Inspection Table for a single switch Static ARP Inspection Table for Switch 1 VLAN ID MAC Address IP Address Add new ento The page includes the following fields ie Check to delete the entry It will be deleted during the next save The logical port for the settings 198 User s Manual SW 24400 VLAN ID The VLAN ID for the settings MAC Address Allowed Source MAC address in ARP request packets IP Address Allowed Source IP address in ARP request packets Buttons Add new entey_ Click to add a new entry Console Security Network ARP Inspection Entr Add or delete ARP i
193. icitly configured as Edge will transmit and receive Control whether a port explicitly configured as Edge will disable itself upon Edge Port BPDU Guard reception of a BPDU Control whether a port in the error disabled state will automatically be enabled Port Error Recovery after a certain time If recovery is not enabled ports have to be disabled and re enabled for normal STP operation The time that has to pass before a port in the error disabled state can be enabled PON EOP RECOV Mineo Valid values are between 30 and 86400 seconds 24 hours The Gigabit Ethernet Switch implements the Rapid Spanning Protocol as the default spanning tree protocol While Compatible mode is selected the system uses RSTP 802 1w to work with another STP 802 1d s BPDU control packets Console STP Version Description Set or show the STP Bridge protocol version Syntax lt sip_version gt mstp rstp stp Default Setting MSTP Example Set the STP Bridge protocol version SWITCH gt sto version raste Console STP Tx Hold Set or show the STP Bridge Transmit Hold Count parameter lt holdcount gt STP Transmit Hold Count 1 10 Default Setting K 102 User s Manual SW 24400 Example Set STP Tx hold in 10 SWITCH sepelio Console STP MaxHops Set or show the MSTP Bridge Max Hop Count parameter lt maxhops gt STP BPDU MaxHops 6 40 Default Setting Example Set STP maximum hops in 25 SWITCH gt
194. ics Detail Provides detailed traffic statistics for a specific switch port On the webpage use the port select box to select which switch port details to display The selected port belongs to the currently selected stack unit The displayed counters are the totals for receive and transmit the size counters for receive and transmit and the error counters for receive and transmit 73 User s Manual SW 24400 Detailed Port Statistics for Switch 1 Port 1 Auto Refresh LJ Poti Receive Total Transmit Total Rx Packets Tx Packets 1138 Rx Octets Tx Octets 142665 Rx Unicast Tx Unicast 0 Rx Multicast Tx Multicast 1025 Rx Broadcast Tx Broadcast 113 Rx Pause Tx Pause 0 Receive Size Counters Transmit Size Counters Rx 64 Bytes Tx 64 Bytes 20 Rx 65 127 Bytes Tx 65 127 Bytes 1005 Rx 128 255 Bytes Tx 128 255 Bytes 105 Rx 256 511 Bytes Tx 256 511 Bytes 8 Rx 512 1023 Bytes Tx 512 1023 Bytes 0 Rx 1024 1526 Bytes Tx 1024 1526 Bytes 0 Rx 1527 Bytes Tx 1527 Bytes O Receive Queue Counters Transmit Queue Counters Rx Low Tx Low Rx Normal 0 Tx Normal 0 Rx Medium 0 Tx Medium 0 Rx High 0 Tx High Receive Error Counters Transmit Error Counters Rx Drops Tx Drops 0 Rx CRC Alignment Tx Late Exc Coll Rx Undersize Rx Oversize Rx Fragments Rx Jabber Rx Filtered The page includes the following fields gt Receive Total and Transmit Total Rx and Tx Packets The number of received and transmitted good and bad packets The number
195. identifying the group name that this entry should belong to lt security_model gt any any security model v1 v2c usm vi Reserved for SNMPv1 v2c Reserved forSNMPv2c usm User based Security Model USM lt security_level gt noAuthNoPriv No authentication or privacy AuthNoPriv Authentication and none privacy AuthPriv Authentication and privacy lt read_view_name gt The name of the MIB view defining the MIB objects for which this request may request the current values lt write_view_name gt The name of the MIB view defining the MIB objects for which this request may potentially SET new values Example Add SNMPy3 access entry 67 User s Manual SW 24400 SWITCH gt security switch snmp access add group snmpv3 usm authpriv snmpv3 view snmpv3 view Console Security Switch SNMP Access Delete Delete SNMPv3 access entry security switch snmp access delete lt index gt lt index gt entry index 1 64 Example Delete SNMPv3 access entry SWITCH gt security switch snmp access delete 3 Console Security Switch SNMP Access Lookup Lookup SNMPv3 access entry security switch snmp access lookup lt index gt lt index gt entry index 1 64 Example Lookup SNMPv3 access entry SWILTCH gt securirty Site ch snwo access lookup Idx Group Name Model Level ceraulrt ro groug any NoAuth NoPriv 2 default rw group any NoAuth NoPriv Number of entries 2 Console Security Switch SNMP View Add T
196. ime spent by a port in the learning and listening states waiting for a BPDU that may return the port to the blocking state The i5 seconds Forward Delay can be from 4 to 30 seconds This is the time any port on the Switch spends in the listening state while moving from the blocking state to the forwarding state The Hello Time cannot be longer than the Max Age Otherwise a configuration error will occur Note The following are the user configurable STP parameters for the port or port group level A relative priority for each port lower numbers give a higher priority and a greater chance of Port Priority a given port being elected as the root port A Port Priority can be from 0 to port will b 240 The lower the number the greater the probability the e chosen as the Root Port 100 User s Manual SW 24400 A value used by STP to evaluate paths STP calculates path costs 200 000 100Mbps l i i Fast Ethernet ports and selects the path with the minimum cost as the active path A 20 000 1000Mbps Port Cost Port Cost can be set from 0 to 200000000 The lower the number i p Gigabit Ethernet ports O Auto the greater the probability the port will be chosen to forward packets gt Default Spanning Tree Configuration Paoa o Bridge Priority Console STP Configuration Show STP configuration Example Show STP configuration SWITCH gt stp configuration STP Configurations Protocol
197. ing fields Object Description There are three modes for PoE mode e Enable enable PoE function e Disable disable PoE function e Schedule enable PoE function in schedule mode PoE Mode 229 User s Manual SW 24400 Indicates the schedule profile mode Possible profiles are e Profile1 Schedule e Profile2 e Profile3 e Profile4 There are two modes for PoE mode AF AT Mode e 802 3af enable IEEE 802 3af PoE function e 802 3at disable IEEE 802 3at high power PoE function The Priority represents the ports priority There are three levels of power priority Priority named Low High and Critical The port with the lowest priority will be turned off starting from the port with the lowest port number The maximum power in watts that can be delivered to a remote device Once power Maximum Power overload is detected the port will auto shut down and keep on detection mode until PD s power consumption is lower than the power limit value Limit the port PoE supply watts Once power overload is detected the port will auto Power Allocation shut down and keep on detection mode until PD s power consumption is lower than the power limit value The SW 24400 has IEEE 802 3at mode and supplies max power up to 30 8 watts Note Console PoE Priorit Syntax Parameters lt port_list gt Port list or all default All ports low Set priority to low high Set priority to high critical Set priority to critica
198. is Service format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling Console LLDPMED ECS Set or show LLDP MED Emergency Call Service lldpmed ecs lt ecs value gt lt ecs_value gt lldpmed The value for the Emergency Call Service Policies Network Policy Discovery enables the efficient discovery and diagnosis of mismatch issues with the VLAN configuration along with the associated Layer 2 and Layer 3 attributes which apply for a set of specific protocol applications on that port Policies are only intended for use with applications that have specific real time network policy requirements such as interactive voice and or video services The network policy attributes advertised are e Layer 2 VLAN ID IEEE 802 1Q 2003 eo Layer 2 priority value IEEE 802 1D 2004 e Layer 3 Diffserv code point DSCP value IETF RFC 2474 215 User s Manual SW 24400 LLDP MED allows multiple policies to be advertised per port each corresponding to a different application type Different ports on the same Network Connectivity Device may advertise different sets of policies based on the authenticated user identity or port configuration Check to delete the policy It will be deleted during the next save Policy ID ID for the policy This is auto generated and shall be used when selecting the polices y that shall be mapped to the specific ports Intended use of the application typ
199. ist gt Port list or all default All ports combined combined VLAN Users configuration static static port configuration nas NAS port configuration mvr MVR port configuration voice_vlan Voice VLAN port configuration mstp MSTP port configuration User s Manual SW 24400 LC all All VLAN Users configuration default combined VLAN Users configuration Example Show VLAN configuration of port10 SWITCH gt status 1 Port VLAN User Aware PVID FrameType Ing Filter Tx Tag UVID Conflicts Sali Enabled All Disabled Untag This 1 NAS MVR Voice VLAN MSIE Combined Enabled 1 All Disabled Untag This 1 4 5 8 Private VLAN Membership Configuration Private VLANs are based on the source port mask and there are no connections to VLANs This means that VLAN IDs and Private VLAN IDs can be identical A port must be a member of both a VLAN and a Private VLAN to be able to forward packets By default all ports are VLAN unaware and members of VLAN 1 and Private VLAN 1 A VLAN unaware port can only be a member of one VLAN but it can be a member of multiple Private VLANs Private VLAN Membership Configuration for Switch 1 Port Members ort embers Derete pvean w ppkn The page includes the following fields Delete To delete a VLAN entry check this box The entry will be deleted on all stack switch units during the next Save VLAN ID Indicates the ID of this particular VLAN A row of check boxes for each port is
200. itch port that specifies multicast groups that are permitted or denied on the port An IGMP filter profile can contain one or more or a range of multicast addresses but only one profile can be assigned to a port When enabled IGMP join reports received on the port are checked against the filter profile If a requested multicast group is permitted the IGMP join report is forwarded as normal If a requested multicast group is denied the IGMP join report is dropped IGMP throttling sets a maximum number of multicast groups that a port can join at the same time When the maximum number of groups is reached on a port the switch can take one of two actions either deny or replace If the action is set to deny any new IGMP join reports will be dropped If the action is set to replace the switch randomly removes an existing group and replaces it with the new multicast group IGMP Snooping Port Group Filtering Configuration for Switch 1 Figure 4 6 IGMP Snooping Port Group Filtering Configuration for a switch in a stack no groups added The page includes the following fields 120 User s Manual SW 24400 Delete Check to delete the entry It will be deleted during the next save The logical port for the settings Filtering Group The IP Multicast Group that will be filtered Buttons Delete Check to delete the entry Add new Filtering Group Click to add a new entry to the Group Filtering table Console IGMP G
201. ivacy protocol that this entry should belong to Possible privacy protocols are Privacy Protocol e None None privacy protocol e DES An optional flag to indicate that this user is using the DES authentication protocol A string identifying the privacy pass phrase The allowed string length is 8 to 32 o i and the allowed content is the ASCII characters from 33 to 126 Buttons Add new user Click to add a new user entry Authentication Password Console Security Switch SNMP User Add Description Add SNMPv3 user entry The entry index keys are lt engineid gt and lt user_name gt Modification of the keys is disallowed Syntax security switch snmp user add lt engineid gt lt user name gt md5 sha lt auth password gt des lt priv password gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string lt user_name gt A string identifying the user name that this entry should belong to md5 An optional flag to indicate that this user using MD5 authentication protocol sha An optional flag to indicate that this user using SHA authentication protocol lt auth_password gt A string identifying the authentication pass phrase des An optional flag to indicate that this user using DES privacy protocol privacy protocol should belong to lt priv_password gt A string identifying the privacy pass phrase Example Add SNMPv3 user entry SWITCH gt sec
202. k environment to significantly boost bandwidth using conventional cabling and adapters Due to the learning function of the switch the source address and corresponding port number of each incoming and outgoing packet are stored in a routing table This information is subsequently used to filter packets whose destination address is on the same segment as the source address This confines network traffic to its respective domain and reduce the overall load on the network The Switch performs Store and forward therefore no error packets occur More reliably it reduces the rate of re transmissions No packet loss will occur 246 User s Manual SW 24400 A 4 Auto Negotiation The STP ports on the Switch have built in Auto negotiation This technology automatically sets the best possible bandwidth when a connection is established with another network device usually at Power On or Reset This is done by detecting the modes and speeds both connected devices are capable of Both 10Base T and 100Base TX devices can connect with the port in either Half or Full Duplex mode If attached device is 100Base TX port will set to 10Mbps no auto negotiation 10Mbps 10Mbps with auto negotiation 10 20Mbps 10Base T Full Duplex 100Mbps no auto negotiation 100Mbps 100Mbps with auto negotiation 100 200Mbps 100Base TX Full Duplex 247 User s Manual SW 24400 APPENDIX B POWER OVER ETHERNET OVERVIEW B 1 PoE Introduction
203. l default Show PoE priority Example Set low priority for port21 24 SWETEH poe priority Z2il 24 Wow Console PoE Mode Set or show the PoE mode poe mode lt port list gt enable disable af at Parameters lt port_list gt Port list or all default All ports enable Enables PoE disable Disable PoE default Show PoE mode af PoE to af mode at PoE to at mode default Show PoE s af at mode Default Setting enable Example Disable PoE function of port 4 SWITCH gt poe model 4 disable 230 User s Manual SW 24400 Console PoE Maximum Power Description Set or show PoE maximum power per port 0 30 8 with one digit Syntax poe maximum power lt port list gt lt port power gt Parameters lt port_list gt Port list or all default All ports lt port_power gt PoE maximum power for the port 0 30 8 Default Setting Example Set maximum power in 10 watts for porti 4 SWITCH gt poe maximum power 1 4 10 Console PoE Allocated Power Description Set or show PoE maximum power allocated per port 0 30 8 with one digit Syntax poe alloc power lt port list gt lt alloc power gt Parameters lt port_list gt Port list or all default All ports lt alloc_power gt PoE maximum power allocated for the port 0 30 8 Default Setting Example Set PoE maximum power allocated in 10 watts for port1 4 SWITCH gt poe alloc power 1 4 10
204. lass low normal medium high or 1 2 3 4 Default Setting Example Set high priority for port5 SWITCH gt qos default 5 high Console QoS Tag Priorit Description Syntax Parameters lt port_list gt Port list or all default All ports lt tag_prio gt VLAN tag priority 0 7 Default Setting ae Example Set priority7 for port 3 SWITCH gt qos tagprio 3 7 Console QoS Weight Set or show the port egress scheduler weight qos weight lt port list gt lt class gt lt weight gt Parameters lt port_list gt Port list or all default All ports lt Class gt Traffic class low normal medium high or 1 2 3 4 lt weight gt Traffic class weight 1 2 4 8 4 8 4 Bandwidth Control Configure the switch port rate limit for Polices and Shapers The settings relate to the currently selected stack unit Rate Limit Configuration for Switch 1 E 4 3 O 500 kbps O 500 kbps The page includes the following fields The logical port for the settings contained in the same row Policer Enabled Enable or disable the port policer The default value is Disabled Policer Rate Configure the rate for the port policer 137 User s Manual SW 24400 Policer Unit Configure the unit of measure for the port policer rate as kbps or Mbps The default value is kbps Shaper Enabled Enable or disable the port shaper The default value is Disabled Shaper Rate Configure the rate for the port sh
205. lay reads Disabled the rate limiter operation is disabled Port Co Indicates the port copy operation of the ACE Frames matching the ACE are py copied to the port number The allowed values are Disabled or a specific port 146 User s Manual SW 24400 number Forward packet that matched the specific ACE to CPU CPU Once Forward first packet that matched the specific ACE to CPU The counter indicates the number of times the ACE was hit by a frame Conflict Indicates the hardware status of the specific ACE The specific ACE is not applied to the hardware due to hardware limitations Select the ACL status from this drop down list Console Security Network ACL Status Show ACL status Syntax security network acl status combined static dhcp upnp arp inspection ip source guard conflicts Parameters combined Shows the combined status static Shows the static user configured status dhcp Shows the status by DHCP upnp Shows the status by UPnP arp_inspection Shows the status by ARP Inspection ip_source_guard Shows the status by IP Source Guard conflicts Shows all conflict status default Shows the combined status Example Show ACL status SWITCH gt security network acl status 4 9 2 Access Control List Configuration This page shows the Access Control List ACL which is made up of the ACEs defined for this Managed Switch Each row describes the ACE that is defined e The maximum number of ACEs is 128
206. licy e Unknown The network policy for the specified application type is currently unknown e Defined The network policy is defined ms is indicating whether the specified application type is using a tagged or an untagged mo AGE Can be Tagged or Untagged VLAN ID is the VLAN identifier VID for the port A value of 1 through 4094 is used to VLAN ID define a valid VLAN ID A value of 0 Priority Tagged is used if the device is using priority tagged frames the default PVID of the ingress port is used instead Priorit Priority is the Layer 2 priority to be used for the specified application type One of eight y priority levels 0 through 7 218 User s Manual SW 24400 DSCP is the DSCP value to be used to provide Diffserv node behaviour for the specified application type as defined in IETF RFC 2474 Contain one of 64 code point values 0 through 63 Console LLDPMED Info Show LLDP MED neighbour device information lldpmed info lt port list gt lt port_list gt Port list or all default All ports 4 13 5 Neighbour This page provides a status overview for all LLDP neighbours The displayed table contains a row for each port on which an LLDP neighbour is detected LLDP Neighbor Information for Switch 1 Local Port Chassis ID Remote Port ID System Name Port Description System Capabilities Management Address Mo LLOP neighbor information found Auto Refresh Ll The page includes the following fields
207. ll load after rebooting DO NOT Power OFF the Managed Switch until the update progress is complete Do not quit the Firmware Upgrade page without press the OK button after the image be loaded Or the system won t apply the new firmware User has to repeat the firmware upgrade processes again 50 User s Manual SW 24400 4 1 16 TFTP Firmware Upgrade The Firmware Upgrade page updates the Managed Switch firmware from the TFTP server in the network Before updating make sure you have your TFTP server ready and the firmware image is on the TFTP server TFTP Firmware Upgrade Firmware File Name aa Uperace The page includes the following fields Fill in your TFTP server IP address The name of firmware image Maximum length 24 characters Buttons Upload Click to upgrade firmware DO NOT Power OFF the Managed Switch until the update is complete Do not quit the Firmware Upgrade page before the confirmation image has loaded or without pressing the OK button The changes will not be saved and firmware update must be performed again Console Firmware Load Load new firmware from TFTP server firmware load lt ip addr string gt lt ipv6 server gt lt file name gt Parameters lt ip_addr_string gt P host address a b c d or a host name string lt ipv6_server gt TFTP server IPv6 address lt file_name gt Firmware file name 4 1 17 Configuration Backup This function backs up
208. lly or on one or more ports default Show current RADIUS assigned VLAN enabledness Default Setting Example Enable NAS RADIUS VLAN TEE SSsecwiclicy melsmeide mes walls wilein sisielole Console Security Network NAS Guest VLAN Description Set or show either global parameters use global keyword or per port enabledness of Guest VLAN The lt reauth_max gt and lt allow_if_eapol_seen gt parameters will be used if global is specified Syntax security network nas guest vlan global lt port _list gt enable disable lt vid gt lt reauth_max gt lt allow if eapol seen gt Parameters global Select the global Guest VLAN setting lt port_list gt Select the per port Guest VLAN setting default Show current per port Guest VLAN enabledness enable disable enable Enable Guest VLAN either globally or on one or more ports disable Disable Guest VLAN either globally or on one or more ports default Show current Guest VLAN enabledness lt vid gt Guest VLAN ID used when entering the Guest VLAN Use the global keyword to change it default Show current Guest VLAN ID lt reauth_max gt Value can only be set if global is specified The number of times a Request Identity EAPOL frame is sent without response before considering entering the Guest VLAN default Show current Maximum Reauth Count value lt allow_if_eapol_seen gt Value can only be set if global is specified disable The Guest VLAN can only be entered if no
209. lt port_list gt Port list or all default All ports enable Enable Rx and Tx mirroring disable Disable Mirroring rx Enable Rx mirroring tx Enable Tx mirroring default Show mirror mode Default Setting Example Enable the mirror mode for port 1 4 07 User s Manual SW 24400 SWITCH gt mirror mode 1 4 enable 4 4 Link Aggregation Port Aggregation optimizes port usage by linking a group of ports together to form a single Link Aggregated Groups LAGs The device supports the following Aggregation links eo Static LAGs Port Trunk Force aggregated selected ports to be a trunk group Link Aggregation Control Protocol LACP LAGs LACP LAG negotiate Aggregated Port links with other LACP ports located on a different device If the other device ports are also LACP ports the devices establish a LAG between them Link Aggregation 4 ports aggregate up to 4Gbps Figure A conceptual Link Aggregation diagram Port link aggregations can be used to increase the bandwidth of a network connection or to ensure fault recovery Up to 4 consecutive ports may be grouped into a single dedicated connection between any two the Switch or other Layer 2 switches Be sure to specify the link aggregation on the devices at both ends prior to making any physical connections between devices When using a port link aggregation keep the following in mind The ports used in a link aggregation must all be of the same
210. me Protocol a network protocol for synchronizing the clocks of computer systems NTP uses UDP datagrams as transport layer NTP Servers can be specified and GMT Time zones may be set A LLDP frame contains multiple TLVs For some TLVs it is configurable if the switch shall include the TLV in the LLDP frame These TLVs are known as optional TLVs If an optional TLVs is disabled the corresponding information is not included in the LLDP frame OUI is the organizationally unique identifier An OUI address is a globally unique identifier assigned to a vendor by IEEE You can determine which vendor a device belongs to according to the OUI address which forms the first 24 bits of a MAC address PD is an acronym for Powered Device In a PoE gt system the power is delivered from a PSE power sourcing equipment to a remote device The remote device is called a PD PHY is an abbreviation for Physical Interface Transceiver and is the device that implement the Ethernet physical layer IEEE 802 3 A policer can limit the bandwidth of received frames It is located in front of the ingress queue PPPoE is an acronym for Point to Point Protocol over Ethernet It is a network protocol for encapsulating Point to Point Protocol PPP frames inside Ethernet frames It is used mainly with ADSL services where individual users connect to the ADSL transceiver modem over Ethernet and in plain Metro Ethernet networks Wikipedia
211. media type RJ 45 100 Mbps fibre The ports that can be assigned to the same link aggregation have certain other restrictions see below Ports can only be assigned to one link aggregation The ports at both ends of a connection must be configured as link aggregation ports None of the ports in a link aggregation can be configured as a mirror source port or a mirror target port All of the ports in a link aggregation have to be treated as a whole when moved from to added or deleted from a VLAN The Spanning Tree Protocol will treat all the ports in a link aggregation as a whole 78 User s Manual SW 24400 e Enable the link aggregation prior to connecting any cable between the switches to avoid creating a data loop Disconnect all link aggregation port cables or disable the link aggregation ports before removing a port link aggregation to avoid creating a data loop A maximum of 16 ports may be aggregated at the same time The Managed Switch supports Gigabit Ethernet ports up to 12 groups If the group is defined as a LACP static link aggregation group then any extra ports selected are placed in a standby mode for redundancy if one of the other ports fails If the group is defined as a local static link aggregation group then the number of ports must be the same as the group member ports The aggregation code ensures that frames belonging to the same frame flow for example a TCP connection are always forwarded on the same link agg
212. meters lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt priority gt STP bridge priority 0 16 32 48 224 240 Default Setting MSTI Bridge Priority CIST 128 MST1 128 MST2 128 MST3 128 MST4 128 MST5 128 MST6 128 MST7 128 Example Set MST1 priority value in 48 Sia Eos pul a AS 4 6 6 MSTI Configuration Inspect and change the current STP MSTI bridge instance priority configurations 109 User s Manual SW 24400 MSTI Configuration Add VLANs separated by spaces or comma Unmapped VLANs are mapped to the CIST The default bridge instance Configuration Identification Configuration Name 0050424041 Configuration Revision o MSTI Mapping The page includes the following fields gt Configuration Identification CI omen The name identifying the VLAN to MSTI mapping Bridges must share the name and Configuration Name revision see below as well as the VLAN to MST1I mapping configuration in order to share spanning trees for MSTI s Intra region The name is at most 32 characters n The revision of the MSTI configuration named above This must be an integer Configuration Revision between 0 and 65535 gt MSTI Mapping MSTI The bridge instance The CIST is not available for explicit mapping as it will receive the VLANs not explicitly mapped The list of VLAN s mapped to the MSTI The VLANs must be separated with comma VLANs Mapped and or space A VLAN can only b
213. modified using an editor and loaded to a switch gt Save Configuration 1 Press the Save Configuration button to save the current configuration in the manager workstation 2 Chose the file save path in management workstation Console Configuration Save Save configuration to TFTP server config save lt ip server gt lt file name gt Parameters lt ip_server gt TF TP server IP address a b c d lt file_name gt Configuration file name 4 1 18 Configuration Upload This function allows backup and reload the current configuration of the Managed Switch to the local management station Configuration Upload ee gt Configuration Upload 1 Click the Browse button of the main page the Open File dialog will appear 2 Select on the configuration file then click Upload Upload will begin 3 The message Transfer Completed will appear Console Configuration Load Description Load configuration from TFTP server Syntax config load lt ip_server gt lt file name gt check Parameters lt ip_server gt TF TP server IP address a b c d lt file_name gt Configuration file name check Check configuration file only default Check and apply file 92 User s Manual SW 24400 4 1 19 Factory Default You can reset the configuration of the stack switch on this page Only the IP configuration is retained The new configuration is available immediately which means that no restart is necessary A screen will
214. mote syslog Remote Syslog Configuration The page includes the following fields Indicates the remote syslog mode operation Possible modes are Mode Syslog Server IP 4 1 14 SMTP Configure Configure SMTP e Enabled e Disabled User s Manual SW 24400 Fill in your remote syslog server IP address SMTP Configuration SMTP Mode Enable SMTP Authentication Enable The page includes the following fields Controls whether SMTP authentication is enabled if authentication is required when an e mail is sent Type the user name for the SMTP server if Authentication is enabled Object SMTP Mode SMTP Server SMTP Port SMTP Authentication Authentication User Name 48 i lt 64 Digits i i 125 Digits 1 65535 b4 Digits lt 21 Digits 128 Digits lt 120 Digits 128 Digits User s Manual SW 24400 Authentication Password Type the password for the SMTP server if Authentication is enabled E mail From Type the sender s E mail address This address is used for reply e mails E mail Subject Type the subject title of the e mail E mail 1 To Type the receiver s e mail address E mail 2 To Buttons test Send a test mail to mail server to check this account is available or not Console SMTP Configuration Syntax Console SMTP Mode Enable or disable SMTP Syntax Parameters enable Enable SMTP mode disable Disable SMTP mode default
215. n SFP module The webpage shows the operational status such as the transceiver type speed wavelength and support distances of SFP modules on a specific interface The port number hyperlink can also be used to check the statistics of a specific interface SFP Module Information for Switch 1 Wave Length nm Distonce m 21 1000Base L 4 1000 Base 10000 1000Base Lx 1000 Base 0000 TODD Base L4 1000 Base 10000 1000Base L 1000 Base 10000 Auto Refresh The page includes the following fields CAI Display the type of current SFP module the possible types are e 1000Base SX e 1000Base LX e 100Base FX Type Display the speed of current SFP module the speed value or description is get from the SFP module Different vendors SFP modules might shows different speed information Display the wavelength of current SFP module the wavelength value is get from the Wave Length nm SFP module Use this column to check if the wavelength values of two nodes are the matched while the fibre connection is failed l Display the supports distance of current SFP module the distance value is get from mistaliee in the SFP module Console Port SFP Show SFP port information port sfp lt port_list gt Parameters Parameters lt port_list gt Port list or all default All ports Default Setting Enable Example Show SFP information for port21 24 SWNT Wels port sfp Port Type Wave Length nm Distance m 2I
216. n deliver In this mode the port power is not turned on if the PD requests more power the available gt Consumption mode In this mode the ports are shut down when the actual power consumption for all ports exceeds the amount of power that the power supply can deliver or if the actual power consumption for a given port exceeds the reserved power for that port The ports are shut down according to the ports priority If two ports have the same priority the port with the highest port number is shut down gt Priority mode In this mode the user assign the priority to the ports PD When the total POE power consumption request is over the allowed power supply limitation the system shut down PoE ports by port priority setting Ethernet Port Configuration This section allows the user to inspect and configure the current PoE port settings for Switch 1 Power Over Ethernet Configuration System PoE Admin Mode Power Management Mode Power Supply Budget ww Temperature Threshold PoE Usage Threshold The page includes the following fields System PoE Admin Mode Enable or disable PoE function for all ports There are five modes for configuring how the ports PDs may reserve power and when to shut down ports e Classification mode Power Management Mode e Allocation mode e Consumption mode e Priority mode The default POE management mode is Consumption mode Set limit value of the total PoE port provided power to the PDs Po
217. n ethtype lt port list gt man dot1g Parameters lt port_list gt Port list or all default All ports man Set out layer VLAN tag ether type MAN dot1q Set out layer VLAN tag ether type 802 1Q default Show VLAN out layer VLAN tag ether type Example Set out layer VLAN tag Ethernet type for port 10 in man Ethernet type SWITCH gt vlan ethtype 10 man 4 5 5 VLAN Membership Configuration gt Adding Static Members to VLANs VLAN Index Use the VLAN Static Table to configure port members for the selected VLAN index The VLAN membership configuration for the selected stack switch unit switch can be monitored and modified here Up to 255 VLANs are supported This page allows for adding and deleting VLANs as well as adding and deleting port members of each VLAN The VLAN Membership User s Manual SW 24400 VLAN Membership Configuration for Switch 1 Start from LAN 1 with 20 entries per page Port Members Ar 7 Berete viano a 2 la s 6 e e kojoj d 1 Mi ME ME MM aa The page includes the following fields Delete To delete a VLAN entry check this box The entry will be deleted on all stack switch units during the next Save VLAN ID Indicates the ID of this particular VLAN A row of check boxes for each port is displayed for each VLAN ID To include a Port Members port ina VLAN check the box By default no ports are members and all boxes are unchecked Click to add a new VLAN ID
218. n mode operation is enabled an agent enforces the policy received by a DHCP message containing relay agent information Parameters replace Replace original relay information on receiving DHCP message already containing it keep Keep original relay information on receiving a DHCP message already containing it security network dhcp relay information policy replace keep drop User s Manual SW 24400 MA drop Drop package when receiving a DHCP message already containing relay information default Show DHCP relay information policy Default Setting Example Keep the original relay information when receive a DHCP message that already contains it SWITCH gt security network dhcp relay information policy keep 4 1 9 DHCP Relay Statistics The webpage provides statistics for DHCP relay DHCP Relay Statistics Server Statistics Transmit to Transmit Receive from Receive Missing Agent Receive Missing Receive Missing Receive Bad Receive Bad Server Error Server Option Circuit ID Remote ID Circuit ID Remote ID O O O O Client Statistics Transmit to Client Receive from Client Receive Agent Option Replace Agent Option Keep Agent Option Drop Agent Option 0 0 0 0 O O O Auto Refresh Dl The page includes the following fields gt Server Statistics Transmit to Server The number of packets relayed from clients to server Transmit Error The number of erroneous packets sent to clients Receive from Serve
219. n set each port to run at 100M Full 100M Half 10M Full and 10M Half speed modes The Auto MDIX function will be disabled Console Port Configuration Description Syntax Parameters lt port_list gt Port list or all default All ports up Show ports which are up down Show ports which are down default Show all ports Example Display port 4 status Sms gt pores Comer omic cio eA Port Configurations Flow Control MaxFrame Power Excessive Enabled Disabled Enabled Enabled Disabled Enabled Enabled Disabled Enabled Enabled Disabled Enabled Discard 70 User s Manual SW 24400 Console Port Mode Syntax Parameters lt port_list gt Port list or all default All ports 10hdx 10 Mbps half duplex 10fdx 10 Mbps full duplex 100hdx 100 Mbps half duplex 100fdx 100 Mbps full duplex 1000fdx 1 Gbps full duplex auto Auto negotiation of speed and duplex default Show configured and current mode Default Setting Example Set 10Mbps half duplex speed for port1 SWETCH Spork mode 1 h0indx Console Port Flow Control Description Syntax Parameters lt port_list gt Port list or all default All ports enable Enable flow control disable Disable flow control default Show flow control mode Default Setting Example Enable flow control function for port1 SWITCH gt port flow control 1 enable Console Port State Syntax Parameters lt
220. nable Limit Control on the port or the stack switch 3 Click the Reopen button Trap amp Shutdown If Limit 1 MAC addresses is seen on the port both the Trap and the Shutdown actions described above will be taken This column shows the current state of the port as seen from the Limit Control s point of view The state takes one of four values Disabled Limit Control is either globally disabled or disabled on the port State Ready The limit is not yet reached This can be shown for all actions Limit Reached Indicates that the limit is reached on this port This state can only be shown if Action is set to None or Trap Shutdown Indicates that the port is shut down by the Limit Control module This state can only be shown if Action is set to Shutdown or Trap amp Shutdown If a port is shutdown by this module you may reopen it by clicking this button which will only be enabled if this is the case For other methods refer to Shutdown in the Action Reopen Button section Note that clicking the reopen button causes the page to be refreshed unsaved changes will be lost Console Security Network Limit Port Set or show per port enabledness security network limit port lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port security on this port disable Disable port security on this port default Show current port enablednes
221. nagement Station only knows the set community string it can read and write to the MIBs However if it only knows the get community string it can only read MIBs The default gets and sets community strings for the Managed Switch are public 29 User s Manual SW 24400 Switch O ape OA SNMP Agent Status Enabled cli li PC Workstation ss with E ls SNMP application H m IP Address C Figure3 6 SNMP management setup 3 3 Using this Manual Except as noted this manual provides configuration details for features of the SW 24400 managed switch in order of appearance on the ewb management s Main Navigation Pane see above for more details A screenshot is provided along with a table of the screen s interface objects buttons checkboxes etc A description of the interface object s functions is given The corresponding console commands their syntax and parameters are listed Description of interface objects common to all pages can be found in the Web Management section 30 User s Manual SW 24400 4 CONFIGURATION 4 1 System Use the System menu items to display and configure basic administrative details of the Managed Switch Under System the following topics are provided to configure and view the system information System Information The switch system information is provided here IP Configuration Configure the switch managed IP information IPv6 Configuration Configure the
222. nnnnnnnnnnnnnnnnnnnnnnnnnannennns 94 AOE VEAN POM SIAS oi aaa 94 4 5 8 Private VLAN Membership Configuration cccccccccccccceeeeseeeceeeeeeeeseeeceeeeeeaeeseeceeeeessueseeeeeeessuaaseeeeeeeessaaageeeeeees 96 45 9 Pon Isolation CONTIQUA Ossa costed an state lececeeius e peeui sl egbauetteet a 98 46 Spanning Tree Proloco ld inicia A 99 O 99 4 6 2 SR BIOS e ai 101 A A E 104 ATA O SR oO io detain a tad ieeeclueh tele cc iaedcs 104 ADO MIS WMP RORMISS aces ctensst arte toate e Meena sGen tenses deed a ses caudcnac dence ven eta a a das nasees censeccuveed ee tentateusetaccentans 108 46 0 METEO ATION ei sceccenutagtoostccdse touts os 109 AOU MS Ilr EA AA AS aniedborebtatcad sade dunceunpiestatdatamesnocecasdetea 111 A A 114 E A cccasieesceeaceUonsdvets enmsuedaiceneenceeavidU seuduceeaueendueuesteycokoalb S 115 AT WUTC ASU ica E AEEA E EE NEEE ASE EEA EENE E EAEE EEN ESE EEA A ENES E EEEE ETN EEA E 116 EXA GIMP SMOO DING aena e a E a a a a a 116 4 7 2 IGMP Snooping SON Igual at a td lee ed sc ea ocean ete 116 4 7 3 IGMP Port Related Configuration cccccccccccccceeeseeeceeeeeeeeeeeeeeeeeeeeeeeeeceeeeeesaeeeseceeeesseesaeeeeeeesesauaeeeeeeessaaaseeeeeees 118 424 GMP Snooping VLAN Configurations erens eth ie ello het le eae ie ae 119 Aoi 5 E A 120 ALO GIMP SA OI SA a 121 A Ns A e o ae aeac teem ca ie trace nae ceatadee 122 47 8 MYR Stal Sena ee leet a i ie teu ttl ale ce ae eh alec eal Neale duty teal aiyh ie cela 125 AS Quality O
223. ns Parameters lt eapol_timeout gt Time between EAPOL retransmissions 1 65535 seconds default Show current EAPOL retransmission timeout Default Setting Example Set the time between EAPOL retransmissions for 100sec SWITCH gt security network nas eapoltimeout 100 Console Security Network NAS Agetime Description Time in seconds between check for activity on successfully authenticated MAC addresses Syntax Parameters lt age_time gt Time between checks for activity on a successfully authenticated MAC address default Show current age time Default Setting Example Set NAS age time in 1000sec SWITCH gt security network nas agetime 1000 Console Security Network NAS Holdtime Description Time in seconds before a MAC address that failed authentication gets a new authentication chance Syntax Parameters lt hold_time gt Hold time before MAC addresses that failed authentication expire default Show current hold time Default Setting Example Set NAS hold time in 100sec SWITCH gt security network nas holdtime 100 Console Security Network NAS State Set or show the port security state Syntax security network nas state lt port_list gt Parameters lt port_list gt Port list or all default All ports auto Port based 802 1X Authentication authorized Port access is allowed unauthorized Port access is not allowed single Single Host 802 1X Authentication multi Multiple Host
224. ns a row for each port on which an LLDP PoE neighbour is detected 233 User s Manual SW 24400 LLDP Neighbor Power Over Ethernet Information for Switch 1 Auto refresh CI Local Port Power Type Power Priority Figure 4 12 LLDP Neighbour Power Over Ethernet settings for a switch The page includes the following fields Local Port The port for this switch on which the LLDP frame was received The Type represents whether the device is a Power Sourcing Entity PSE or Power Device PD If unknown Reserved will appear The power source being utilized by a PSE or PD device Source If the device is a PSE device it can either run on its Primary Power Source or its Backup Power Source If indeterminate Unknown will appear Priority of the PD device or the power priority of the device s port There are three levels of power Priority priority The three levels are Critical High and Low If indeterminate Unknown will appear The maximum power in watts required by a PD device or the minimum power a PSE device is Sawer capable of sourcing over a maximum length cable based on its current configuration The maximum allowed value is 102 3 W If the device indicates value higher than 102 3 W reserved will appear 4 16 Stack Stacking is an administrative method to manage multiple switches by single IP minimum 2 units The SW Switch supports auto stack configuration The stack is built and the Switch IDs are autom
225. nspection static entry Syntax security network arp inspection entry lt port_list gt add delete lt vid gt lt allowed mac gt lt allowed ip gt Parameters lt port_list gt Port list or all default All ports add Add new port ARP inspection static entry delete Delete existing port ARP inspection static entry lt vid gt VLAN ID 1 4095 lt allowed_mac gt MAC address xx xx xx xx xx xx MAC address allowed for doing ARP request lt allowed_ip gt IP address a b c d IP address allowed for doing ARP request Default Setting Example Add ARP inspection static entry SWITCH gt security network aro Lnspection entry 1 adad IO SO AE OSO AA o Console Security Network ARP Inspection Status Show ARP inspection static and dynamic entries security network arp inspection status lt port list gt lt port_list gt Port list or all default All ports Default Setting Example Show ARP inspection static and dynamic entries SWITCH gt security Network aro inspection status 4 12 Address Table The Managed Switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to based upon the DMAC address in the frame This table contains both static and dynamic entries The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports The frames also contain a MAC addre
226. o 16 i3 International SW Switches may be built If there is a space limitation or power issue and you wish to stack all the switches in different racks use long stack cables SW HD200 to connect two stacks 20 User s Manual SW 24400 2m stack cable 2m stack cable SW HD200 y SW HD200 1 3 2 3 7 i SW HD50 Figure2 6 Separated Stack connection 21 User s Manual SW 24400 3 SWITCH MANAGEMENT This chapter explains the methods that you can use to configure management access to the Managed Switch It describes the types of management applications and the communication and management protocols that deliver data between your management device workstation or personal computer and the system It also contains information about port connection options This chapter covers the following topics Requirements Management Access Overview Administration Console Access Web Management Access SNMP Access 3 1 Network and System Requirements Workstations running Windows 98 ME NT4 0 2000 XP MAC OSS9 or later Linux UNIX or other platforms compatible with TCP IP protocols Workstation installed with Ethernet NIC Network Interface Card Serial Port connection Terminal o An above PC with COM Port DB9 RS 232 or USB to RS 232 converter Ethernet Port connection o Network cables Use standard network UTP cables with RJ45 connectors Above Workstation installed with WEB Browser and JAVA runtime envir
227. o bytes represented in the VLAN ID The parameter of module_id is the third byte for the module ID in standalone switches it is always 0 in stackable switch it signifies the switch ID The parameter of port_no is the fourth byte indicating the port number The Remote ID is 6 bytes in length and the value is the DHCP relay agent s MAC address DHCP Relay Configuration Relay Mode Relay Server Relay Information Mode Relay Information Policy The page includes the following fields Indicates the DHCP relay mode operation Possible modes are Relay Mode e Enabled e Disabled Relay Server Indicates the DHCP relay server IP address Indicates the DHCP relay information mode option operation Possible modes are Relay Information Mode e Enabled e Disabled Indicates the DHCP relay information option policy Possible policies are e Replace Replace the original relay information when a DHCP message that already contains it is received Relay Information Policy e Keep Keep the original relay information when a DHCP message that already contains it is received e Drop Drop the package when a DHCP message already contains relay information Console Security Network DHCP Relay Configuration Show DHCP relay configuration security network dhcp relay configuration Example Show DHCP relay configuration 42 User s Manual SW 24400 SWITCH gt security network dhcp relay configuration DHCP Relay Configur
228. ode security switch https mode enable disable Parameters enable Enable HT TPs disable Disable HT TPs default Show HT TPs mode Default Setting Example Enable HTTPs function SWITCH gt security switch https mode enable Console Security Switch HTTPs Redirect Description Set or show the HTTPS redirect mode Automatic redirect web browser to HTTPS during HTTPS mode enabled security switch https redirect enable disable Parameters enable Enable HT TPs redirect disable Disable HT TPs redirect default Show HTTPs redirect mode Default Setting Example Enable HTTPs redirect function SWITCH gt security Switch https redirect enable 4 11 5 SSH The status webpage is divided into two sections one with a legend of user modules and one with the actual port status The page includes the following fields foe own Indicates the SSH mode operation Possible modes are Enabled Enable SSH mode operation Disabled Disable SSH mode operation Buttons Save Click to save changes 187 User s Manual SW 24400 Reset Click to undo any changes made locally and revert to previously saved values Console Security Switch SSH Configuration Show SSH configuration Syntax security switch ssh configuration Example Show SSH configuration SWITCH gt security switch ssh configuration SSH Configurations SSH Mode Disabled Console Security Switch SSH Mode Parameter
229. of firmware via TFTP 24 User s Manual SW 24400 Universal Plug and Play MVR Multicast VLAN Registration Voice VLAN Specific VLAN for voice traffic SMTP SMTP control configure Show Display the current information 3 2 2 Command Line Interface When accessing the management interface for the switch over a direct connection to the server s console port or via a Telnet connection the switch can be managed by entering command keywords and parameters at the prompt Using the switch s command line interface CLI is very similar to entering commands on a UNIX system Once the terminal has connected to the device turn the SW Managed Switch on The terminal will display that it is running testing procedures The following message asks for the login username and password The factory default password and login is Username admin Password admin 192 168 10 68 PuTTY Welcome to 13 International Inc Command Line Port Numbers 6 S33 3 aW 24400 4 4 4 4 4 4 4 2 4 6 8B 10 12 14 16 18 20 242 24 22 24 4 4 4 i 3 5 7 Stabs S 1iF7 1898 21 23 l2atl 23 Username techsupport Password Login in progress SWIT H Has Cer gt Figure3 3 SW Managed Switch Console Login screen e For security reasons change and memorize the new password after this setup e
230. of received and transmitted good and bad bytes Includes FCS but Rx and Tx Ociets excludes framing bits Rx and Tx Unicast The number of received and transmitted good and bad unicast packets Rx and Tx Multicast The number of received and transmitted good and bad multicast packets Rx and Tx Broadcast The number of received and transmitted good and bad broadcast packets A count of the MAC Control frames received or transmitted on this port that have jadi an opcode indicating a PAUSE operation gt Receive and Transmit Size Counters The number of received and transmitted packets split into categories based on their respective frame sizes gt Receive and Transmit Queue Counters These tables indicate the number of received and transmitted packets per input and output queue gt Receive Error Counters Rx Drops The number of frames dropped due to lack of receive buffers or egress p congestion Rx Filtered The number of received frames filtered by the forwarding process e Short frames are frames that are smaller than 64 bytes 74 User s Manual SW 24400 e Long frames are frames that are longer than the configured maximum frame length for this port gt Transmit Error Counters Tx Drops The number of frames dropped due to output buffer congestion Tx Late Exc Coll The number of frames dropped due to excessive or late collisions 4 3 4 SFP Module Information Check the physical or operational status of a
231. ogy Stack Topology Chain Stack Member Count z Last Topology Change 1970 01 01 Thu 00 00 17 0000 Master Switch 00 30 4f 24 04 O3 Last Master Change 1970 01 01 Thu 00 00 01 0000 The page includes the following fields Stack Topology Specifies the type of topology for the stack Stack Member Count The number of switches in the stack Last Topology Change The time of the last topology change in the stack Master Switch The MAC address of the current stack master switch Last Master Change The time of the last master change in the stack gt Stack List For each switch in the stack the following information is shown The MAC address Switch ID product name and version and 241 User s Manual SW 24400 master re election state The master re election state is normally No Only when a forced master re election is enforced by the user the master election state takes the value Yes Stack List ac PMmober Mic Nome version Priority time restart DO 30 4f 24 04 Da PLANET SGSvv 24040R Managed Switch 1 5b100625 Od 00 22 17 Mo 00 30 4f 76 27 10 PLANET SGS 24040P Managed Switch 1 5b100623 Mo Console Stack List Show the list of switches in stack Syntax stack list detailed productinfo detailed productinfo Show product information Example Show the stack list Switchn gt stack List Distance Master Stack Member SID Type Port 25 Port 26 Prio Reelect i S Or ITSS gt Master Forwarding T
232. on port and dropped for some other reason The number of RADIUS Access Request packets sent to the server This does not include retransmissions The number of RADIUS Access Request packets retransmitted to the RADIUS authentication server The number of RADIUS Access Request packets destined for the server that have not yet timed out or received a response This variable is incremented when an Access Request is sent and decremented due to receipt of an Access Accept Access Reject Access Challenge timeout or retransmission The number of authentication timeouts to the server After a timeout the client may retry to the same server send toa different server or give up A retry to the same server is counted as a retransmit as well as atimeout Asendtoa User s Manual SW 24400 different server is counted as a Request as well as a timeout This section contains information about the state of the server and the latest round trip time Shows the state of the server It takes one of the following values Disabled The selected server is disabled Not Ready The server is enabled but IP communication is not yet up and running Ready The server is enabled IP communication is up and running and the RADIUS module is ready to State accept access attempts Other Info Dead X seconds left Access attempts were made to this server but it did not reply within the configured timeout The server has temporarily
233. on 1 4 LLDP MED Configurations Fast Start Repeat Count 4 Locacion Coordinates 2 barcicuce 0 0000 North Longitude 0 0000 East Altitude 0 0000 meter s Map datum WGS84 Civie Address Location Polietes none none none none Console LLDPMED Fast Set or show LLDP MED Fast Start Repeat Count lldpmed fast lt count gt lt count gt The number of times the fast start LLDPDU are being sent during the activation of the fast start mechanism defined by LLDP MED 1 10 gt Coordinates Location Latitude Latitude SHOULD be normalized to within 0 90 degrees with a maximum of 4 digits It is possible to specify the direction to either North of the equator or South of the equator Longitude Longitude SHOULD be normalized to within 0 180 degrees with a maximum of 4 digits It is possible to specify the direction to either East of the prime meridian or West of the prime meridian Altitude Altitude SHOULD be normalized to within 32767 to 32767 with a maximum of 4 digits It is possible to select between two altitude types floors or meters Meters Representing meters of Altitude defined by the vertical datum specified Floors Inside a building 0 0 represents the floor level associated with ground level at the main entrance Map Datum The Map Datum used for the coordinates given in this Option WGS84 Geographical 3D World Geodesic System 1984 CRS Code 4327 Prime Meridian Name Greenwich NAD83 NAVD88 This datum pair is to be
234. onfiguration Stack Global Settings Global Configuration Snooping Enabled Unregistered IPMC Flooding enabled Leave Proxy Enabled d YLAN ID Snooping Enabled IGMP Querier 1 d Figure 4 5 IGMP Snooping Configuration Global settings The page includes the following fields Unregistered IPMC Flooding enabled Snooping Enabled Enable per VLAN IGMP Snooping Enable the IGMP Querier in the VLAN The Querier will send out if no Querier received in 255 seconds after IGMP Querier Enabled Each Querier s interval is 125 second and it will stop acting as an IGMP Querier upon receiving any Querier from other devices IGMP Querier Console IGMP Configuration Show IGMP snooping configuration igmp configuration lt port list gt lt port_list gt Port list or all default All ports Example 116 User s Manual SW 24400 Show IGMP snooping configuration Sieh gt emer Cont Retiree roid Console IGMP Mode Set or show the IGMP snooping mode Parameters enable Enable IGMP snooping disable Disable IGMP snooping default Show IGMP snooping mode Default Setting Example Enable IGMP mode SWITCH gt igmp mode enable Console IGMP Flooding Set or show the IGMP snooping unregistered flood operation Parameters enable Enable IGMP flooding disable Disable IGMP flooding default Show IGMP flood mode Default Setting Example Enable IGMP flooding function SWEIGHy
235. onment Plug in 3 2 Management Access Overview The following methods can be used to manage the switch An administration console Web browser interface An external SNMP based network management application The administration console and Web browser interface supports are embedded in the Managed Switch software and are avallable for immediate use Each of these management methods has their own advantages The table below compares the three management methods 3 2 1 Administration Console The console port is a DB9 RS 232 male serial port connector for direct connection to a terminal device Diagnostic information 22 User s Manual SW 24400 including IP Address setting factory reset port management link status and system settings are provided through this interface Users can use the attached RS 232 cable in the package and connect to the console port on the device After the connection users an run any terminal emulation program Hyper Terminal ProComm Plus PuTTY Telix Winterm and so on to enter the startup screen of the device The administration console is an internal character oriented and command line user interface for performing system administration such as displaying statistics or changing option settings Using this method you can view the administration console from a terminal personal computer Apple Macintosh or workstation connected to the switch s console serial port There are two ways to use thi
236. ont ports 4 16 1 Stacking Architecture This section provides information for understand stacking architecture include the below items e Switch IDs Assigning and Swapping Switch IDs e Removing a Switch From the Stack Replacing a Switch General Switch ID Assignment Rules Master Election e Stack Redundancy e Shortest Path Forwarding 4 16 1 1 Switch IDs The Switch ID 1 16 assigned to a SW Switch gt Assigning and Swapping Switch IDs When a switch is added to the stack a Switch ID is automatically assigned to the switch The automatic SID assignment can be modified by choosing a different Switch ID on the Stack Configuration page This method allows Switch IDs to be assigned so that it is easier for the user to remember the ID of each switch The Switch IDs of two switches can be swapped by simply interchanging the values in the Switch ID column Changing Switch IDs does not result in any interruption of the stack operation gt Removing a Switch From the Stack When a switch is removed from the stack the configuration for the switch is preserved and the switch still appears on the Stack Configuration page If the configuration of the switch is not to be transferred to another switch then the configuration may be deleted by choosing Delete followed by Save gt Replacing a Switch If a switch is to be replaced with another switch for example replacing failing hardware the following procedure must b
237. ontains an identifier to its ACL The privileges determine whether there are specific traffic object access rights ACL implementations can be quite complex for example when the ACEs are prioritized for the various situation In networking the ACL refers to a list of service ports or network services that are available on a host or server each with a list of hosts or servers permitted or denied to use the service ACL can generally be configured to control inbound traffic and in this context they are similar to firewalls There are 3 web pages associated with the manual ACL configuration ACL Access Control List The web page shows the ACEs in a prioritized way highest top to lowest bottom Default the table is empty An ingress frame will only get a hit on one ACE even though there are more matching ACEs The first matching ACE will take action permit deny on that frame and a counter associated with that ACE is incremented An ACE can be associated with a Policy 1 ingress port or any ingress port the whole switch If an ACE Policy is created then that Policy can be associated with a group of ports under the Ports web page There are number of parameters that can be configured with an ACE Read the Web page help text to get further information for each of them The maximum number of ACEs is 64 ACL Ports The ACL Ports configuration is used to assign a Policy ID to an ingress port This is useful to group ports to obey the same traffic
238. ooping IF LLDP LLOP MED MAC Table MWF Maintenance Mirroring PoE Port Security Parts Private WLANs oS oNMF Security spanning Tree stack system UPnP VLANs Voice VLAN Privilege Levels Configuration Privilege Levels Configuration Configuration Execute Status Statistics Status Statistics Read only lr lt The page includes the following fields Read write D 4 D ol el Sl ESES A Dl S xj D So Sl SEESE lt o el XL a 4 oll el E Ax D 4 oS S lt G lt Save d 37 Read only Mo 0 ft haad ti aid asd oe tr Baad Basss kar tr asid aad o ai AAA A A A A A A A A A A A A A A AAA A NANA A Read write D lt gt lt ol el ois 4 NA AA oo 4 A gt lt Sl ola 4 4 4 lt ol el E gt lt ol el S x ES E D lt ES 4 gt lt User s Manual SW 24400 The name identifying the privilege group In most cases a privilege level group consists of a single module e g LACP RSTP or QoS but a few of them contain more than one The level groups e System Contact Name Location Timezone and Log e Security Authentication System Access Management Port contains Dot1x port MAC based and the MAC Address Limit ACL HTTPS SSH ARP Inspection and IP source guard Group Name IP Everything except ping Port Everyt
239. orter requested aging period is used The Aging Period can be set to a number between 10 and 10 000 000 seconds gt Port Configuration The table has one row for each port on the selected switch in the stack and a number of columns which are The port number for which the configuration below applies Controls whether Limit Control is enabled on this port Both this and the Global Mode must Mode be set to Enabled for Limit Control to be in effect Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port Limit The maximum number of MAC addresses that can be secured on this port This number cannot exceed 1024 If the limit is exceeded the corresponding action is taken If Limit is reached the switch can take one of the following actions None Do not allow more than Limit MAC addresses on the port but take no further action Trap If Limit 1 MAC addresses is seen on the port send an SNMP trap If Aging is disabled only one SNMP trap will be sent With Aging enabled new SNMP traps will be sent every time the limit gets exceeded Shutdown If Limit 1 MAC addresses is seen shut down the port All secured MAC Action addresses will be removed from the port and no new addresses will be learned even if the link is physically disconnected and reconnected There are three ways to re open the port 1 Boot the stack or elect a new master switch 2 Disable and re e
240. otocol It is part of the Transmission Control Protocol Internet 209 SNTP User s Manual SW 24400 Protocol TCP IP protocol for network management SNMP allow diverse network objects to participate in a network management architecture It enables network management systems to learn network problems by receiving traps or change notices from network devices implementing SNMP An SNMP community is the group that devices and management stations running SNMP belong to It helps define where information is sent The community name is used to identify the group ASNMP device or agent may belong to more than one SNMP community It will not respond to requests from management stations that do not belong to one of its communities SNMP default communities are SNTP is an acronym for Simple Network Time Protocol a network protocol for synchronizing the clocks of computer systems SNTP uses UDP datagrams as transport layer SPROUT SSID SSH y Stack Protocol using ROUting Technology An advanced protocol for almost instantaneous discovery of topology changes within a stack as well as election of a master switch SPROUT also calculates parameters for setting up each switch to perform shortest path forwarding within the stack Service Set Identifier is a name used to identify the particular 802 11 wireless LANs to which a user wants to attach A client device will receive broadcast messages from all access points within range adverti
241. ow configured and current mode Example Add access management list from 2001 0001 to 2001 0100 via web interface SWITCH gt security switch access add 2001 0001 2001 0100 web Console Security Switch Access Delete Description Delete access management entry Syntax security switch access delete lt access_ id gt 184 User s Manual SW 24400 lt access_id gt entry index 1 16 Example Delete access management ID 1 SWITCH gt securirty switch access delete 1 Console Security Switch Access Lookup Lookup access management entry security switch access lookup lt access id gt lt access_id gt entry index 1 16 Example Lookup access management entry SWITCH gt security switch access lookup 1 Console Security Switch Access Clear Description Clear access management entry Syntax security switch access clear Example Clear access management entry SUILTCH gt 86e0curLty switch access clear 4 11 3 Access Management Statistics This page provides statistics for access management Access Management Statistics Receive Packets Allow Packets Discard Packets Auto Refresh L The page includes the following fields The interface that allowed remote host can access the switch Acedia Packet ns a packets number from the interface under access management mode is Allow Packets The allowed packets number from the interface under access management mode is enabled Disc
242. p inform retransmitted times 0 255 default Show SNMP trap inform retry times Default Setting Example Set SNMP trap inform retry times in 10 60 User s Manual SW 24400 SWITCH gt security Switen samp crap intorn cerry cimes 10 Console Security Switch SNMP Trap Security Name Set or show SNMP trap security name security switch snmp trap security name lt security name gt Parameters lt security_name gt A string representing the security name for a principal default Show SNMP trap security name Example Set the SNMP trap security name SWIUCGH gt security switch sump trap security name 12345678 4 2 5 SNMPv3 Configuration 4 2 5 1 Communities Configuration Configure the SNMPv3 communities table The entry index key is Community SNMPv3 Communities Configuration O public 0 0 0 0 0 0 0 0 d private 0 0 0 0 0 0 0 0 The page includes the following fields Check to delete the entry It will be deleted during the next save Communi Indicates the community access string to permit access to SNMPv3 agent The allowed y string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 Indicates the SNMP access source address Indicates the SNMP access source address mask Buttons Add new community Click to add a new community entry Console Security Switch SNMP Community Add Description Add or modify SNMPv3 community entry The entry index key is lt
243. packets are forwarded to only members of the VLAN on which the broadcast was initiated Currently we support following VLAN types e CLI Web SNMP These are referred to as static NAS NAS provides port based authentication which involves communications between a Supplicant Authenticator and an Authentication Server Voice VLAN Voice VLAN is a VLAN configured specifically for voice traffic typically originating from IP phones e MVR MVR is used to eliminate the need to duplicate multicast traffic for subscribers in each VLAN Multicast traffic for all channels is sent only on a single multicast VLAN e MSTP The 802 1s Multiple Spanning Tree protocol MSTP uses VLANs to create multiple spanning trees in a network which significantly improves network resource utilization while maintaining a loop free environment No matter what basis is used to uniquely identify end nodes and assign these nodes VLAN membership packets cannot cross VLAN without a network device performing a routing function between the VLAN The Managed Switch supports IEEE 802 1Q VLAN The port untagging function can be used to remove the 802 1 tag from packet headers to maintain compatibility with devices that are tag unaware The Switch s default is to assign all ports to a single 802 1Q VLAN named DEFAULT_VLAN As new VLANs are created the member ports assigned to a new VLAN will be removed from the DEFAULT VLAN port member list The DEFAULT VLAN has a VID
244. peed 10 Full Force sets 10Mbps Full Duplex mode 100 Half Force sets 100Mbps Half Duplex mode 100 Full Force sets 100Mbps Full Duplex mode 1000 Full Force sets 10000Mbps Full Duplex mode Disable Shutdown the port manually Auto Speed indicates the flow control capability that is advertised to the link partner e When a fixed speed setting is specified that speed will be advertised e Current Rx column indicates whether pause frames on the port are obeyed Flow Control e Current Tx column indicates whether pause frames on the port are transmitted e The Rx and Tx settings are determined by the result of the last Auto Negotiation e Check the configured column to use flow control e This setting is related to the setting for Configured Link Speed Enter the maximum frame size allowed for the switch port including FCS The allowed range is 1518 bytes to 9600 bytes Configure port transmit collision behaviour Excessive Collision Mode e Discard Discard frame after 16 collisions default e Restart Restart back off algorithm after 16 collisions The Usage column shows the current percentage of the power consumption per port The Configured column allows for changing the power savings mode parameters per port Power Control e Disabled All power savings mechanisms disabled e ActiPHY Link down power savings enabled e Dynamic Link up power savings enabled e Enabled Link up and link down power savings enabled Whe
245. port number of the logical LLDP port Select LLDP mode Rx only The switch will not send out LLDP information but LLDP information from neighbour units is analyzed Tx only The switch will drop LLDP information received from neighbours but will send Mode out LLDP information Disabled The switch will not send out LLDP information and will drop LLDP information received from neighbours Enabled The switch will send out LLDP information and will analyze LLDP information received from neighbours Select CDP awareness The CDP operation is restricted to decoding incoming CDP frames CDP frames are only decoded if LLDP for the port is enabled Only CDP TLVs that can be mapped into a corresponding field in the LLDP neighbours table are decoded All other TLVs are discarded CDP TLVs are mapped into LLDP neighbours table as shown below CDP TLV Device ID is mapped into the LLDP Chassis ID field CDP TLV Address is mapped into the LLDP Management Address field The CDP address TLV can contain multiple addresses but only the first address is shown in the LLDP neighbours table CDP Aware CDP TLV Port ID is mapped into the LLDP Port ID field CDP TLV Version and Platform is mapped into the LLDP System Description field Both the CDP and LLDP supports system capabilities but the CDP capabilities cover capabilities that are not part of the LLDP These capabilities are shown as others in the LLDP neighbours table If all
246. ports have CDP awareness disabled the switch forwards CDP frames received from neighbour devices If at least one port has CDP awareness enabled all CDP frames are terminated by the switch Note When CDP awareness for a port is disabled the CDP information isn t removed immediately but will be removed when the hold time is exceeded Check to include port description in LLDP transmission Check to include system name in LLDP transmission Check to include system description in LLDP transmission Sue Gapa Check to include system capability in LLDP transmission y p This identifies the primary function s of the system and whether or not they are enabled Check to include management address in LLDP information transmitted tomt Addr The management address protocol packet includes the IPv4 address of the switch If no 9 management address is available the address should be the MAC address for the CPU or for the port sending this advertisement Console LLDP Configuration Show LLDP configuration Syntax lldp configuration lt port list gt Parameters lt port_list gt Port list or all default All ports Example Show LLDP configuration of port1 4 209 SHITCH gt Llcio Configuration I 4 LLD Configurations Interval Hold Tx Delay Reinit Delay POLE Mode Enabled Enabled Enabled Enabled User s Manual SW 24400 Port Descr System Name System Descr System Capa Mgmt Addr CDP awareness Enabled
247. pplications on typical data centric devices such as PCs or laptops video_conferencing Video Conferencing for use by dedicated Video Conferencing equipment and other similar appliances streaming_video for use by broadcast or multicast based video content distribution and other similar applications supporting streaming video services that require specific network policy treatment video_ signaling Video Signalling conditional for use in network topologies that require a separate policy for the video signalling than for the video media tagged The device is using tagged frames untagged The device is using untagged frames lt vian_id gt VLAN id lt 2_priority gt This field may specify one of eight priority levels 0 through 7 lt dscp gt DSCP value to be used to provide Diffserv node behaviour for the specified application type This 6 bit field may contain one of 64 code point values 0 through 63 A value of 0 represents use of the default DSCP value 4 13 4 LLDP MED Neighbour This page provides a status overview for all LLDP MED neighbours The displayed table contains a row for each port on which an LLDP neighbour is detected LLDP MED Neighbor Information for Switch 1 Mo LLOP MED neighbor information found Auto Refresh Ll The page includes the following fields gt Fast start repeat count The port on which the LLDP frame was received 217 User s Manual SW 24400 LLDP MED Devices are comprised of two
248. r The most significant 6 bits of the ToS field are fully decoded into 64 possibilities and the singular code that results is compared against the corresponding bit in the IPv4 ToS priority control bit 0 63 TLV TLV is an acronym for Type Length Value ALLDP frame can contain multiple pieces of information Each of these pieces of information is known as TLV UDP UDP is an acronym for User Datagram Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers UDP is an alternative to the Transmission Control Protocol TCP that uses the Internet Protocol IP Unlike TCP UDP does not provide the service of dividing a message into packet datagrams and UDP doesn t provide reassembling and sequencing of the packets This means that the application program that uses UDP must be able to make sure that the entire message has arrived and is in the right order Network applications that want to save processing time because they have very small data units to exchange may prefer UDP to TCP UDP provides two services not provided by the IP layer It provides port numbers to help distinguish different user requests and optionally a checksum capability to verify that the data arrived intact Common network applications that use UDP include the Domain Name System DNS streaming media applications such as IPTV Voice over IP VoIP and Trivial File Transfer Protocol TFTP 261 User
249. r The number of packets received from clients Receive Missing Agent Option The number of packets received without agent information options Receive Missing Circuit ID The number of packets received in which the Circuit ID option was missing Receive Missing Remote ID The number of packets received in which the Remote ID option was missing Receive Bad Circuit ID The number of packets received in which the Circuit ID option did not match known circuit ID The number of packets received in which the Remote ID option did not match Receive Bad Remote ID known Remote ID gt Client Statistics Transmit to Client The number of packets relayed from server to client Transmit Error The number of erroneous packets sent to servers Receive form Client The number of packets received from server Receive Agent Option The number of packets received with relay agent information option The number of packets replaced in received packets with relay agent information Replace Agent Option option 44 User s Manual SW 24400 Keep Agent Option The number of packets kept in received packets with relay agent information option The number of packets dropped in received packets with relay agent information option Drop Agent Option Console Security Network DHCP Relay Statistics clear Clear DHCP relay statistics Example Show DHCP relay statistics SWIICGH gt Ssecurity network dhcp relay Statistics 4 1 10 CPU
250. ransmission interval 5 32768 Syntax Parameters Default Setting Example 210 User s Manual SW 24400 Set transmission interval in 10 SWITCH gt 1Llcp interval 10 Console LLDP Hold Set or show LLDP Tx hold value lt hold gt LLDP hold value 2 10 Default Setting Example Set LLDP hold value in 10 SW Ter leiden bolted lO Console LLDP Dela Set or show LLDP Tx delay lt delay gt LLDP transmission delay 1 8192 Default Setting Example Set LLDP delay value in 1 SWITCH gt lldp delay 1 Console LLDP Reinit Set or show LLDP reinit delay lt reinit gt LLDP reinit delay 1 10 Default Setting Example Set LLDP reinit delay value in 3 SUMNECE Tide rca Console LLDP CDP Aware Description Set or show if discovery information from received CDP Cisco Discovery Protocol frames is added to the LLDP neighbour table Syntax lldp cdp aware lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable CDP awareness CDP discovery information is added to the LLDP neighbour table disable Disable CDP awareness default Show CDP awareness configuration Default Setting Example Enable CDP aware function for port1 4 SWITCH gt lldp cdp aware 1 4 enable 211 User s Manual SW 24400 4 13 3 LLDPMED Configuration Configure the LLDP MED LLDPMED Configuration Fast Start Repeat Count Fast start
251. rature of PoE chip unit 1 FOr Temperature son 1 The unit 1 is in charge of PoE Port 1 Port 12 PoE Temperature Unit 2 Display the current operating temperature of PoE chip unit 2 The unit 1 is in charge of PoE Port 13 Port 24 Local Port This is the logical port number for this row Display the class of the PD attached to the port as established by the classification process PD Class Class 0 is the default for PDs The PD is classified based on power The classification of the PD is the maximum power that the PD will draw across all input voltages and operational modes A PD shall return Class 0 to 3 in accordance with the maximum power draw as specified by Table 4 16 1 232 User s Manual SW 24400 Console PoE Status Show PoE status 4 15 4 PoE Schedule This page allows the user to define PoE schedule Power Over Ethernet Schedulefor Switch 1 rae ae Delete Week Day Start end week bay 00 01 02 03 04 05 06 07 08 09 x0 34 12 13 44 15 16 17 8 39 20 21 22 29 The page includes the following fields Set the schedule profile mode Possible profiles are e Profile Profile e Profile2 e Profile3 e Profile4 Week Day Show the PoE schedule mode usage of week day Buttons Add new Rule click to add new rule Delete Check to delete the entry 4 15 5 LLDP Neighbour Power Over Ethernet This page provides a status overview for all LLDP PoE neighbours The displayed table contai
252. reason the client will remain in the unauthenticated state for Hold Time seconds er Shows the date and time of the last authentication of the client successful as well as Last Authentication unsuccessful Buttons Car Click to clear the counters for the selected port This button is available in the following modes e Force Authorized Force Unauthorized e Port based 802 1X Single 802 1X Car Al Click to clear both the port counters and all of the attached client s counters The Last Client will not be cleared This button is available in the following modes Multi 802 1X e MAC based Auth X Clear This This button is available in the following modes e Multi 802 1X e MAC based Auth X e Click to clear only the currently selected client s counters Console Security Network NAS Statistics Description Show or clear 802 1X statistics Syntax security network nas statistics lt port list gt clear eapol radius Parameters lt port_list gt Port list or all default All ports clear Clear statistics eapol Show EAPOL statistics radius Show Backend Server statistics default Show all statistics Example Show 802 1X statistics in port 1 SWITCH gt se0curity network nas statistics 1 Port 1 EAPOL Statistics TOTALS oie Response Id Request Id Response Reames in STALT g IOC Orr ie Invalid Type Invalid Length Port 1 Backend Server Statistics Rx Access Challenges
253. regation member port Reordering of frames within a flow is therefore not possible The aggregation code is based on the following information Source MAC e Destination MAC e Source and destination IPv4 address e Source and destination TCP UDP ports for IPv4 packets Normally all contributions to the aggregation code should be enabled to obtain the best traffic distribution among the link aggregation member ports Each link aggregation may consist of up to 16 member ports Any quantity of link aggregation s may be configured for the device only limited by the quantity of ports on the device To configure a proper traffic distribution the ports within a link aggregation must use the same link speed 4 4 1 Static Aggregation Configuration Configure the Aggregation hash mode and the aggregation group The aggregation hash mode settings are global whereas the aggregation group settings relate to the currently selected stack unit as reflected by the page header gt Hash Code Contributors Aggregation Mode Configuration Hash Code Contributors Source MAC Address Destination MAC Address C IP Address TCRVUDP Port Number The page includes the following fields Check to enable the use of the Source MAC address to calculate the destination Source MAG Address port for the frame By default Source MAC Address is enabled fags Check to enable the use of the Destination MAC Address to calculate the OPA Min pages destination
254. relate to the currently selected stack unit as reflected by the page header 127 User s Manual SW 24400 Set up Policy Rules for Switch 1 Group ports into several types according to different CL policies yy Port Members The page includes the following fields Frames that hit this QCE are set to match this specific QCL A row of radio buttons for each port is displayed for each QCL ID To include a port Pon memper in a QCL member click the radio button Buttons Ancel Wizard Click to start the wizard again Back Click to get more information Next Click to continue the wizard Once the QCL configuration wizard is finished a confirmation message is displayed Click Finish to confirm your settings and Wizard Again to reconfigure QCL 4 8 1 2 Network Application Rules Set up the specific QCL for different typical network application quality control by selecting the network application type for your rule 128 User s Manual SW 24400 Set up Typical Network Application Rules Set up the specific QCL for different typical network application quality control by selecting the network application type for your rule o Audio and Video Cl QuickTime 4 Server LIMSN Messenger Phone C Yahoo Messenger Phone CI Napster C Real Audio o Games O Blizzard Battlenet Diablo2 and StarCraft LJ Fighter Ace Il CL Quake2 Cl Quake3 LJMSN Game Zone o User Definition ClEthernet Type CLIVLANID TCP UD
255. repeat count Coordinates Location Civic Address Location ay tender Additional location info Leading street direction Trailing street suffix Emergency Call Service Policies Additional code Add new policy Policy Port Configuration for Switch 1 The page includes the following fields gt Fast start repeat count With Fast start repeat count it is possible to specify the number of times the fast start transmission is repeated The recommended value is 4 times giving that 4 LLDP frames with a 1 second interval will be transmitted when a LLDP frame with new information is received We recommend that fast start transmission is repeated multiple times to increase the Fast start repeat possibility the neighbours receive the LLDP frame count LLDP MED and the LLDP MED Fast Start mechanism are only intended to run on links between LLDP MED Network Connectivity Devices and Endpoint Devices and NOT to links between LAN infrastructure elements including between Network Connectivity Devices or to other types of links Console LLDPMED Configuration Show LLDP MED configuration lldpmed configuration lt port list gt lt port_list gt Port list or all default All ports Example Show LLDP MED configuration of port1 4 212 User s Manual SW 24400 SWITCH gt lldpmed configurati
256. rk is selected for the destination IP filter you can enter a specific DIP mask DIP Mask i in dotted decimal notation gt ICMP Parameters C Specify the ICMP filter for this ACE e Any No ICMP filter is specified ICMP filter status is don t care e Specific If you want to filter a specific ICMP filter with this ACE you can enter a specific ICMP value A field for entering an ICMP value appears ICMP Type Value When Specific is selected for the ICMP filter you can enter a specific ICMP value The yp allowed range is 0 to 255 A frame that hits this ACE matches this ICMP value Specify the ICMP code filter for this ACE e Any No ICMP code filter is specified ICMP code filter status is don t care e Specific If you want to filter a specific ICMP code filter with this ACE you can enter a specific ICMP code value A field for entering an ICMP code value appears ICMP Type Filter ICMP Code Filter When Specific is selected for the ICMP code filter you can enter a specific ICMP code ICMP Code Value value The allowed range is 0 to 255 A frame that hits this ACE matches this ICMP code value gt TCP UDP Parameters oe teen Specify the TCP UDP source filter for this ACE See note below for details e Any No TCP UDP source filter is specified e Specific Enter a specific TCP UDP source value e Range Enter a specific TCP UDP source range value TCP UDP Source No See note below for details TCP UD
257. rom 33 to 126 Trap Destination Address Indicates the SNMP trap destination address Trap Destination IPv6 Address Provide the trap destination IPv6 address of this switch Indicates the SNMP entity is permitted to generate authentication failure Trap Authentication Failure ag a Monee ang e Disabled Trap Version Indicates the SNMP trap link up and link down mode operation Possible Trap Link up and Link down Mec e Disabled Indicates the SNMP trap inform mode operation Possible modes are Trap Inform Mode e Enabled e Disabled Trap Inform Timeout seconds Indicates the SNMP trap inform timeout The allowed range is 0 to 2147 Trap Inform Retry Times Indicates the SNMP trap inform retry times The allowed range is 0 to 255 Console Security Switch SNMP Trap Mode Set or show the SNMP trap mode security switch snmp trap mode enable disable Parameters enable Enable SNMP traps disable Disable SNMP traps default Show SNMP trap mode Example 58 User s Manual SW 24400 Enable SNMP trap mode SWITCH gt security switch snmp trap mode enable Console Security Switch SNMP Trap Version Set or show the SNMP trap protocol version Security switch snmp trap version 1 2ec13 Parameters 1 SNMP version 1 2c SNMP version 2c 3 SNMP version 3 default Show SNMP trap version Default Setting Example Set SNMP trap version in version 2c SWITCH gt security switch snmp trap version 2c
258. roups Show IGMP groups lt vid gt VLAN ID 1 4095 Console IGMP Filtering Syntax igmp filtering lt port list gt add del group addr Parameters lt port_list gt Port list or all default All ports add Add new port group filtering entry del Del existing port group filtering entry default Show IGMP port group filtering list IP multicast group address a b c d Default Setting No filtering Example Set the IGMP port group filtering list for port 1 Sola gt Leo filtering 1 ado 239 0 0 1 4 7 6 IGMP Snooping Status This page provides IGMP Snooping status divided into statistics IGMP groups and ports The page reflects the status of the currently selected stack unit as reflected by the page header 121 User s Manual SW 24400 ISMP Snooping Status for Switch 1 Auto Refresh Ll 5tatistics VLAN ID Querier Status Querier Transmit Querier Receive vi Reports Receive 2 Reports Receive V3 Reports Receive V2 Leave Receive IGMP Groups Port Members ATA es caia erws klepne _No IGMP groups OO No fGMP grouns Router Port The page includes the following fields Querier Status Show the Querier status is ACTIVE or IDLE V2 Reports Receive The number of Received V2 Reports V3 Reports Receive The number of Received V3 Reports V2 Leave Receive The number of Received V2 Leave Console IGMP Status Description Syntax Parameters Default Setting 4 7 7 MVR Con
259. rovides general traffic statistics for all switch ports The ports belong to the currently selected stack unit Port Statistics Overview for Switch 1 o 0 0 0 0 0 0 0 0 O 0 O O 0 O 0 O O O 0 O O O 0 I I I I I I I I E 00 hat O 606845 0 A A 0 A A 00000500000 a O 00000000 Auto Refresh L 72 User s Manual SW 24400 The displayed counters are Errors The number of frames received in error and the number of incomplete transmissions per port Drops The number of frames discarded due to ingress or egress congestion Filtered The number of received frames filtered by the forwarding process Buttons ear Clear Clears the counters for all ports Console Port Statistics Show port statistics port statistics lt port list gt lt command gt up down Parameters lt port_list gt Port list or all default All ports lt command gt The command parameter takes the following values clear Clear port statistics packets Show packet statistics bytes Show byte statistics errors Show error statistics discards Show discard statistics filtered Show filtered statistics low Show low priority statistics normal Show normal priority statistics medium Show medium priority statistics high Show high priority statistics default Show all port statistics up Show ports which are up down Show ports which are down default Show all ports 4 3 3 Port Statist
260. rt BPDU Guard Default Setting Example Disable BPDU guard on port SWDECHY stp port bpduguard 1 enable Console STP Port Statistic stp port statistics lt port list gt lt port_list gt Port list or all default All ports Example Show STP port statistics SUNIL SIS Soo opt a Suecle Sued ers EOS MS Rx ROTP T ROTP RX STP Tx ST RX TON Tx TCN RX ILL Rx Unk lt port_list gt Port list or all default All ports Example Set the STP mCheck Migration Check variable for port 1 SWITCH gt stp port mcheck 1 4 6 5 MSTI Priorities A MSTI port is a virtual port which is instantiated separately for each active CIST physical port for each MSTI instance configured and applicable for the port The MSTI Priority Configuration webpage allows the user to inspect the current STP MSTI bridge instance priority configurations and possibly change them as well 108 User s Manual SW 24400 MSTI Configuration MSTI Priority Configuration CIST MSTI MSTI2 MSTIS 32768 MSTI4 MSTIS MSTIE MSTIF The page includes the following fields MSTI The bridge instance The CIST is the default instance which is always active Controls the bridge priority Lower numerical values have higher priority The bridge priority plus Priority the MSTI instance number concatenated with the 6 byte MAC address of the switch forms a Bridge Identifier Console STP MSTI Priorit Description Syntax Para
261. rt address VLAN MAC address and IP address input fields allow the user to select the starting point in the Dynamic ARP Inspection Table The page includes the following fields Port The port number for which the status applies Click the port number to see the status for this particular port VLAN ID The VLAN ID of the entry MAC address The MAC address of the entry IP Address The IP address of the entry Buttons Refreshes the displayed table starting from the Start from MAC address and VLAN input fields J Flushes all dynamic entries m Updates the table starting from the first entry in the MAC Table i e the entry with the lowest VLAN ID and MAC address eo gt Updates the table starting with the entry after the last entry currently displayed 206 User s Manual SW 24400 4 12 6 Dynamic IP Source Guard Table The Dynamic IP Source Guard Table is sorted first by port then by VLAN ID then by IP address and then by IP mask Dynamic IP Source Guard Table for Switch 1 start from Port Y LAN 1 and IP Address 0 0 00 and IP Mask 0 0 0 0 with entries per page no more entries Auto Refresh L Navigating the ARP Inspection Table Each page shows up to 999 entries from the Dynamic IP Source Guard table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic IP Source Guard
262. rules Traffic Policy is created under the Access Control List page You can you also set up specific traffic properties Action Rate Limiter Port copy etc for each ingress port They will though only apply if the frame gets past the ACE matching without getting matched In that case a counter associated with that port is incremented See the Web page help text for each specific port property ACL Rate Limiters Under this page you can configure the rate limiters There can be 15 different rate limiters each ranging from 1 1024K packets per seconds Under Ports and Access Control List web pages you can assign a Rate Limiter ID to the ACE s or ingress port s ARP is an acronym for Address Resolution Protocol It is a protocol that used to convert an IP address into a physical address such as an Ethernet address ARP allows a host to communicate with other hosts when only the Internet address of its neighbours is known Before using IP the host sends a broadcast ARP request containing the Internet address of the 253 User s Manual SW 24400 desired destination system ARP Inspection ARP Inspection is a secure feature Several types of attacks can be launched against a host or devices connected to Layer 2 networks by poisoning the ARP caches This feature is used to block such attacks Only valid ARP requests and responses can go through the switch device Auto Negotiation CDP Auto negotiation is the process where t
263. s based Location Configuration Information Civic Address LCI The two letter ISO 3166 country code in capital ASCII letters Example DK DE or US National subdivisions state canton region province prefecture County parish gun Japan district City township shi Japan Example Copenhagen City district City division borough city district ward chou Japan Block Neighbourhood Neighbourhood block Street Example Poppelvej Leading street Leading street direction Example N Trailing SUGE Trailing street suffix Example SW Additional location info Q vV S OlJO O O Olg o D O lt e pls a D 5 MD 5 Sel 3 5 lt O O o O Additional location info Example South Wing Name Name residence and office occupant Example Flemming Jahn Building Building structure Example Low Library Unit Apartment suite Example Apt 42 Floor Floor Example 4 Room no Room number Example 450F Place type Place type Example Office Postal communit i i Se Y Postal community name Example Leonia P O Box Post office box P O BOX Example 12345 Additional code Additional code Example 1320300003 suffix Apartment Console LLDPMED Civic Description Set or show LLDP MED Civic Address Location Syntax lldpmed civic country state county city district block street leading street direction trai ling street suffix str suf house no house no suffix landmark addition
264. s enable Enable SSH disable Disable SSH default Show SSH mode Example Enable SSH function SWITCH gt security switch ssh mode enable 4 11 6 Port Security Status This webpage shows the Port Security status The status page is divided into two sections one with a legend of user modules and one with the actual port status Por Security Status Auto Refresh User Module Legend User Module Name abbr Limit Control 902 1 DHCP Snooping Voice WLAN Port Status for Switch 1 MAC Count Disabled Disabled User s Manual SW 24400 The page includes the following fields gt User Module Legend The legend shows all user modules that may request Port Security services User Module Name The full name of a module that may request Port Security services A one letter abbreviation of the user module This is used in the Users column in Abbr the port status table gt Port Status The table has one row for each port on the selected switch in the switch and a number of columns which are Port The port number for which the status applies Click the port number to see the status for this particular port Displays whether a module has enabled Port Security or not A means that the Users corresponding user module is not enabled whereas a letter indicates that the user module abbreviated by that letter see Abbr has enabled port security Shows the current state of the port It can
265. s management method via direct access or modem port access PC Workstation Switch with Terminal emulation software E 4 Ly a eae AY Serial Port Serial Port 115200 8 n 1 Figure3 1 Console management connection Direct Access Direct access to the administration console is achieved by directly connecting a terminal or a PC equipped with a terminal emulation program such as HyperTerminal to the Managed Switch console serial port A straight DB9 RS 232 cable is required to connect the switch to the PC After making this connection configure the terminal emulation program to use the following parameters The default parameters are e 115200 bps 8 data bits e No parity e 1 stop bit 23 User s Manual SW 24400 COM Properties Port Settings Bits per second ERE y Data bits Parity Stop bits Flow contrat Restore Defaults Figure3 2 Terminal parameter settings as seen on Windows XP You can change these settings after you log on A Macintosh or PC attachment can use any terminal emulation program for connecting to the terminal serial port A workstation attachment under UNIX can use an emulator such as TIP The CLI groups all the commands in appropriate modes according to the nature of the command A sample of the CLI command modes are described below Each of the command modes supports specific software commands Command Groups e pomarina OOOO Firmware Download
266. s of port security limit control Default Setting disable Example Enable port limit for port 1 180 User s Manual SW 24400 SWITCH gt security network limit port 1 enable Console Security Network Limit Set or show the max number of MAC addresses that can be learned on this set of ports Syntax security network limit limit lt port_list gt lt limit gt Parameters lt port_list gt Port list or all default All ports lt limit gt Max number of MAC addresses on this port default Show current limit Default Setting Example Set limit in 5 Site secumiey me two Mamma ts lin Sd Console Security Network Limit Configuration Show Limit Control configuration Syntax lt port_list gt Port list or all default All ports Example Show Limit Control configuration SWITCH gt security network limit configuration Port security Limie Control Ee oir Malt ate ete Disabled Aging Disabled Age Period Pore im Action Ca i O Cll 649 A fate e e Se Ue Ue a e pe H H H H H dy 0 YY E Odd YE E OO E O uy Y y aa ya E E E SS SI SS User s Manual SW 24400 disable Globally disable port security default Show current global enabledness of port security limit control Default Setting Example Enable the limit mode SWITCH gt security network limit mode enable Console Security Network Limit Aging Parameters enable Enable aging dis
267. s to 1400 bytes Be sure the target IP Address is within the same network subnet of the switch and that the IP address is set correctly Buttons Start Click to transmit ICMP packets 222 User s Manual SW 24400 Console IP Pina Ping IP address ICMP echo ip ping lt ip_addr_string gt lt ping length gt lt ip_addr_string gt IP host address a b c d or a host name string lt ping_length gt Ping data length 8 1400 excluding MAC IP and ICMP headers Example Saito so ola ez OS 0 21 PING server 192 168 0 bytes from 192 168 0 21 icmp sec 0 bytes trom 192 168 0 21 icmp se bytes from 192 168 0 21 icmp seg 2 bytes from 192 168 00 21 Lemp seg 3 bytes from 192 168 0 21 icmp soca Sent 5 packets received 5 OK 0 bad 4 14 2 IPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues 5 ICMPv6 packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs ICMPv6 Ping L The page includes the following fields IPv6 Address The destination IPv6 Address The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes Buttons Sen Click to transmit ICMP packets Console IP IPv6 Ping Ping IPv6 address ICMPv6 echo lt ipv6_addr gt Pv6 host addre
268. same credentials for authentication from any point within the network IGMP is an acronym for Internet Group Management Protocol It is a communications protocol used to manage the membership of Internet Protocol multicast groups IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships It is an integral part of the IP multicast specification like ICMP for unicast connections IGMP can be used for online video and gaming and allows more efficient use of resources when supporting these uses A router sends IGMP Query messages onto a particular link This router is called the Querier IP Source Guard is a secure feature used to restrict IP traffic on DHCP snooping untrusted ports by filtering traffic based on the DHCP Snooping Table or manually configured IP Source Bindings It helps prevent IP spoofing attacks when a host tries to spoof and use the IP address of another host IPv6 addresses are in the form of 128 bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field fe80 215 c5ff fe03 4dc7 is an example of an IPv6 address The symbol is used as a shorthand way of representing multiple 16 bit groups of contiguous zeros but it can only appear once It is also used heading a legal IPv4 address For example 192 1 2 34 LACP is an IEEE 802 3ad standard protocol The Link Aggregation Control Protocol allows bundling sever
269. sing their SSIDs and can choose one to connect to based on pre configuration or by displaying a list of SSIDs in range and asking the user to select one Wikipedia SSH is an acronym for Secure SHell It is a network protocol that allows data to be exchanged using a secure channel between two networked devices The encryption used by SSH provides confidentiality and integrity of data over an insecure network The goal of SSH was to replace the earlier rlogin TELNET and rsh protocols which did not provide strong authentication or guarantee confidentiality Wikipedia TACACS TCP TACACS is an acronym for Terminal Access Controller Access Control System Plus It is a networking protocol which provides access control for routers network access servers and other networked computing devices via one or more centralized servers TACACS provides separate authentication authorization and accounting services TCP is an acronym for Transmission Control Protocol It is a communications protocol that uses the Internet Protocol IP to exchange the messages between computers The TCP protocol guarantees reliable and in order delivery of data from sender to receiver and distinguishes data for multiple connections by concurrent applications for example Web server and e mail server running on the same host The applications on networked hosts can use TCP to create connections to one another It is Known as a connection 260 User s Manual S
270. smitEnable variable to false default Show medTansmitEnable variable value 4 14 Network Diagnostics This section provides the Physical layer and IP layer network diagnostics tools for troubleshooting Use the Diagnostics menu items to display and configure basic administrative details of the Managed Switch This section has the following items o Ping o Pv6 Ping 221 User s Manual SW 24400 e Cable Diagnostic PING The ping and IPv6 ping allow you to issue ICMP PING packets to troubleshoot IP connectivity issues The Managed Switch transmits ICMP packets and the sequence number and roundtrip time are displayed upon reception of a reply Cable Diagnostics Cable Diagnostics is provided for performing tests on copper cables These functions identify the cable length and operating conditions and isolate a variety of common faults that can occur on the Cat5 twisted pair cabling Buttons Str Click to start to transmit ICMP packets 4 14 1 Ping ICMP PING packets can be issued to troubleshoot IP connectivity issues 5 ICMP packets are transmitted on pressing Start and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs ICMP Ping E Ping Size The page includes the following fields IP Address The destination IP Address The payload size of the ICMP packet Values range from 8 byte
271. ss lt ping_length gt Ping data length 8 1400 excluding MAC IP and ICMP headers Example Sui o aip e jamie 200000 PING6 server 2001 2 bytes trom 2001 32 Lemp seg 0 time 0ms bytes trom 2001 2 Lemp seg l time 0ms bytes from 2001 32 Lemp seg 2 time 0ms bytes from 2001 2 Lemp seg 3 time 0ms byces trom 2001 32 Lemp Ses time 0ms Sent 5 packets received 5 OK 0 bad 223 User s Manual SW 24400 4 14 3 Remote IP Ping Test This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues on special port 5 ICMP packets are transmitted and the sequence number and roundtrip time are displayed upon reception of a reply The page refreshes automatically until responses to all packets are received or until a timeout occurs Remote IP Ping Test Remote IP Address Ping Button The page includes the following fields Port The logical port for the settings Remote IP Address The destination IP Address Ping Size The payload size of the ICMP packet Values range from 8 bytes to 1400 bytes Result Display the ping result 4 14 4 Cable Diagnostics This page is used for running Cable Diagnostics Press to run the diagnostics Tests can take approximately 5 15 seconds depending on the number of tested ports When completed the page refreshes automatically and results are displayed in a status table Note that Cable Diagnostics is only accurate for cables of length 7
272. ss SMAC address which shows the MAC address of the equipment sending the frame The SMAC address is used by the switch to automatically update the MAC table with these dynamic MAC addresses Dynamic entries are removed from the MAC table if no frame with the corresponding SMAC address has been seen after a configurable age time 199 User s Manual SW 24400 4 12 1 MAC Address Table Configuration The MAC Address Table is configured on this page Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here MAC Address Table Configuration O The page includes the following fields Disable Automatic Aging Enables disables the automatic aging of dynamic entries The time after which a learned entry is discarded By default dynamic entries are Aging Time removed from the MAC after 300 seconds This removal is also called aging Range 10 10000000 seconds Default 300 seconds Console MAC Configuration Syntax Parameters Example Show Mac address state SWITCH gt mac configuration MAC Configurations MAC Address 00 30 4 24 04 dl MAC Age Time 300 Port Learning 00 014 O NE 200 User s Manual SW 24400 Description Syntax Parameters lt age_time gt MAC address age time 0 10 1000000 O disable default Show age time Default Setting Example Set agetime value in 30 SWITCH gt mac agetime 30 4 12 2 Static MAC Table Configuration The st
273. ss table configuration mirror Mirror configuration poe PoE configuration port Port configuration pvian Private VLAN configuration qos QoS configuration snmp SMNP configuration stack List of switches in stack stp STP port configuration system System configuration vlan VLAN configuration 244 User s Manual SW 24400 6 TROUBLESHOOTING This chapter contains information to help you solve problems If the Ethernet Switch is not functioning properly make sure the Ethernet Switch was set up according to instructions in this manual gt The Link LED is not lit e Solution Check the cable connection and remove duplex mode of the Ethernet Switch gt Some stations cannot talk to other stations located on the other port e Solution Please check the VLAN settings trunk settings or port enabled disabled status gt Performance is bad e Solution Check the full duplex status of the Ethernet Switch If the Ethernet Switch is set to full duplex and the partner is set to half duplex then the performance will be poor Please also check the in out rate of the port gt The switch will not connect to a network e Solution 1 Check the LNK ACT LED on the switch Try another port on the Switch Make sure the cable is installed properly Make sure the cable is the right type oh gee gt UN Turn off the power After a while turn on power again gt 100Base TX port link LED is lit but the traffic is irregular
274. ssible from the webpage helps you set up a QCL quickly 126 User s Manual SW 24400 Welcome to the QCL Configuration Wizard Please select an action Set up Port Policies Group ports into several types according to diferent CL policies Set up Typical Network Application Rules set up the specific CCL for different typical network application quality control Set up ToS Precedence Mapping setup the traffic class mapping to the precedence part of Tos 3 bits when receiving Py4 lPv6 packets Set up VLAN Tag Priority Mapping set up the traffic class mapping to the user priority value 3 bits when receiving VLAN tagged packets To continue click Next Hegt Figure 4 7 The first page of the QCL Configuration Wizard The page includes the following fields Set up Port Policies Group ports into several types according to different QCL policies Set up Typical Network a dl Application Rules Set up the specific QCL for different typical network application quality control Set up ToS Precedence Set up the traffic class mapping to the precedence part of ToS 3 bits when Mapping receiving IPv4 IPv6 packets Set up VLAN Tag Priority Set up the traffic class mapping to the User Priority value 3 bits when receiving Mapping VLAN tagged packets Buttons Nert Click to continue the wizard 4 8 1 1 Set up Policy Rules Group ports into several types according to different QCL policies The settings
275. st switch Switch ACE keyword Rule will be applied to entire switch port Port ACE keyword Rule will be applied to specified port lt port gt Port number policy Policy ACE keyword Rule will be applied to all ports configured with specified policy lt policy gt Policy number 1 8 lt vid gt VLAN ID 1 4095 or any lt tag_prio gt VLAN tag priority 0 7 or any lt dmac_type gt DMAC type any unicast multicast broadcast etype Ethernet Type keyword lt etype gt Ethernet Type or any lt smac gt Source MAC address xx Xxx Xx XX XX Xx or any lt dmac gt Destination MAC address xx xx Xx XX XX XX or any arp ARP keyword lt sip gt Source IP address a b c d n or any lt dip gt Destination IP address a b c d n or any lt arp_opcode gt ARP operation code anylarp rarplother 149 User s Manual SW 24400 lt arp_flags gt ARP flags request smac tmac len ip ether 0 1 any ip IP keyword lt protocol gt P protocol number 0 255 or any lt ip_flags gt P flags ttlloptions fragment 0 1 any icmp ICMP keyword lt icmp_type gt ICMP type number 0 255 or any lt icmp_code gt ICMP code number 0 255 or any udp UDP keyword lt sport gt Source UDP TCP port range 0 65535 or any lt dport gt Destination UDP TCP port range 0 65535 or any tcp TCP keyword lt tcp_flags gt TCP flags fin syn rst psh ack urg 0 1 any permit Permit forwarding default deny
276. st VLAN if EAPOL Seen is enabled the port will now be placed in the Guest Augst EOS IAN if disabled the switch will firsbcheck its histony loses fan EAPOL trameshas previously been received on the port this history is cleared if the port link goes down or the port s Admin State is changed and if not the port will be placed in the Guest VLAN Otherwise it will not move to the Guest VLAN but continue transmitting EAPOL Request Identity frames at the rate given by EAPOL Timeout Once in the Guest VLAN the port is considered authenticated and all attached clients on the port are allowed access on this VLAN The switch will not transmit an EAPOL Success frame when entering the Guest VLAN While in the Guest VLAN the switch monitors the link for EAPOL frames and if one such frame is received the switch immediately takes the port out of the Guest VLAN and starts authenticating the supplicant according to the port mode If an EAPOL frame is received the port will never be able to go back into the Guest VLAN if the Allow Guest VLAN if EAPOL Seen is disabled The current state of the port It can undertake one of the following values Globally Disabled NAS is globally disabled Link Down NAS is globally enabled but there is no link on the port Authorized The port is in Force Authorized or a single supplicant mode and the Port State supplicant is authorized Unauthorized The port is in Force Unauthorized or a single supplicant mode and
277. stem Information Configuration c ccccccccccccccsssseeececceeeasseeeeeccseeaaeeceeeessseauseeeeeeesseaaseceeeeseseassseeetess 57 4 24 SNMP Trap GO TUL ANON Mic ec ce ca ate a id eta od sc eae do 57 4 2 S SNWIPVS GC ONMGULATON cdt ltd ltd dd a 61 A251 Communities CON UA UL 61 AA e medseaausecenge 62 4 20 30 GUDS CON QUO nro a oline 64 ad MeWws COMIQUIa ON td a 66 4 2 5 5 ONMPvYS Accesses CONTIQUIATION ii A A A db sade 66 AS POP MANAG GING dt 69 ALS POr GC OMiOURAU OM x5 terete ines a ale deal A 69 4 3 2 F A eae E A ie ace sree ee ae 72 Ao SPOOLS ono gt Fo Ener emtrnnes am ter a cert ee TOP Mee TREY ONE eer et ee mE ETE eet RE eto Pe Pee tee 73 ASA SFP Module INTONMAUION arrolla uns stilo lira lcd datos 75 43 0 oo A hc i eek eld elie ldecde e elec 76 AAI AOOFEG AON ao 78 44 1 Staic Aggregation CONQUE A tte 79 44 2 LACP GCOMMGUIANOM 0 A A A A A wees ieee dae eee ad 81 AAD WAGE SY StS Mi OM Sa US a a a a 84 rsa Wel ANE PROS gt o gt o 85 BE A A acacia anew seeaseh aaa OaE Aa aa aaa aa aa E aaa 86 User s Manual SW 24400 Al NANT OVEIVICW cosirer doddtessuctbanetsisitaraust ghana dsigibentns tlaeeetsimtensuslnenad a 86 452 IEEE BOZO VILA Naci 87 45 39 VLAN Bas CNO Mal Mirra 88 ADAN LAN POM COMTIQUIA ION iS Ai 89 4 5 5 VLAN Membership COn gu a eG alee ed asada eG cena aides 92 4 5 6 VLAN Membership Status for User StatiC cccoooocnnnccnnnccconoonncnnnnonononanennnnnonononancnnnnnnonnnnn
278. stp maxhops 25 Console STP MaxAge Description Set or show the CIST MSTI bridge maximum age Syntax Parameters lt max_age gt STP maximum age time 6 40 and max_age lt forward_delay 1 2 Default Setting Example Set STP maximum age time in 10 SWITCH gt stp maxage 10 lt delay gt MSTP forward delay 4 30 and max_age lt forward_delay 1 2 Example Set STP forward delay value in 25 SWITCH gt stp fwddelay 25 Console STP Recover Set or show edge port error recovery timeout Parameters lt timeout gt Time before error disabled ports are reenabled 30 86400 seconds 0 disables default Show recovery timeout Default Setting Example Set STP recovery value in 30 sec SWITCH gt stp recovery 30 103 User s Manual SW 24400 4 6 3 Bridge Status This page provides a status overview for all STP bridge instances The displayed table contains a row for each STP bridge instance STP Bridges Bridge ID Ll m O Topology Flag Topology Change Last CIST 60 00 00 30 4F 244 04 01 60 00 00 30 4F 00 00 00 18 20000 Steady Od 03 11 06 Auto Refresh LI The page includes the following fields sum of the Port Path Costs on the least cost path to the Root Bridge 4 7 4 CIST Port Configuration This page allows the user to change and inspect the current STP CIST port configurations This page contains settings for aggregations and physical ports The aggregation settings are sta
279. t port_list gt Port list or all default All ports Example Show 802 1X configuration of port 1 SWITCH gt security network nas configuration 1 S02 1X no ct Disabled Reauth 3 Disabled Reauth Period 3 36000 EAPOL Timeout 8 30 Age Period 3 300 Hod Time 3 LO RADIUS QoS Disabled RADIUS VLAN Disabled Guest VLAN 3 Disabled Guest VLAN ID ral Max Resauth Counts 2 Allow Guest VLAN if EAPOL Frame Seen Disabled Port Admin Port State 1 Force Authorized Globally Disabled Console Security Network NAS Reauthentication Set or show Reauthentication enabledness Syntax security network nas reauthentication enable disable Parameters enable Enable reauthentication disable Disable reauthentication default Show current reauthentication mode Default Setting Example Enable reauthentication function SWITCH gt security network nas reauthentication enable Console Security Network NAS ReauthPeriod Set or show the period between reauthentications Syntax security network nas reauthperiod lt reauth_period gt Parameters lt reauth_period gt Period between reauthentications 1 3600 seconds default Show current reauthentication period Default Setting 3600 Example Set reauthentication period in 3000sec 163 User s Manual SW 24400 SWITCH gt security network nas reauthperiod 3000 Console Security Network NAS EapolTimeout Set or show the time between EAPOL retransmissio
280. tack master priority lt sid gt local lt mst elect prio gt lt sid gt local Switch ID 1 16 or local switch lt mst_elect_prio gt Master election priority 1 4 1 gt Highest master probability Example Set the master election priority Switen sstack master prvuority 11 Console Stack Master Reelect Description Force master reelection ignoring master time Syntax stack master re elect Example Force master re election Switch gt stack master reelect After the Stack Master and Members have been configured any switch in the stack can be managed from the web agent by choosing the desired Member ID from the Switch drop down menu 240 User s Manual SW 24400 Cor rt L yer J PoE ps SW 24400 INE WY 4 400 z M SW 24400 SNMP Port Management Link Aggregation VLAN Figure 4 18 Managing member switches Slave switch IPs will be covered by Masters and disappear temporarily The slave IP address can be the same as Master IP address allowing access to slave switches in case of a Master switch malfunction If you have difficulty selecting another switch you may be connecting to the slave switch s web interface close the browser window use the arp d DOS command to clear the ARP table and then reopen the web interface 4 16 3 Stack Information This page provides an overview of the stack topology as detected by SPROUT gt Stack Topology Stack Topol
281. tch is actively sending or receiving data over that port The L10 100 NK ACT LED indicates that the port is operating at 10Mbps or 100Mbps When the LNK ACT LED is off it indicates that the port is link down Lights Lights To indicate the port is providing 48VDC in line power Orange Off To indicate the connected device is not a POE Powered Device PD 1000Base SX LX SFP interfaces Shared Port 21 Port 24 Lights To indicate the link through that SFP port is successfully established at a rate of 1000Mbps Of To indicate that the SFP port is link down 10 100 1000Base T interfaces Lights To indicate the link through that port is successfully established at a rate of 10Mbps or 100Mbps or 1000Mbps LNK ACT To indicate that the switch is actively sending or receiving data over that port The L10 100 NK ACT LED indicates that the port is operating at 10Mbps or 100Mbps When the LNK ACT LED is off it indicates that the port is link down Lights To indicate the port is providing 48VDC in line power Orange Off To indicate the connected device is not a PoE Powered Device PD 14 User s Manual SW 24400 gt 1000Base SX LX SFP interfaces Shared Port 21 Port 24 haha To indicate the link through that SFP port is successfully established at a rate g of 1000Mbps Of To indicate that the SFP port is link down gt 7 Segment LED Display Stack ID 1 9 A F 0 indicates the Switch ID Switch IDs are
282. the rate can be either pps packets per second or 138 User s Manual SW 24400 kpps kilopackets per second The configuration indicates the permitted packet rate for unicast multicast or broadcast traffic across the switch Storm Control Configuration Frame Type Rate pps O Unicast Multicast Broadcast The page includes the following fields The settings in a particular row apply to the frame type listed here e unicast e multicast e broadcast Status Enable or disable the storm control status for the given frame type The rate unit is packet per second pps configure the rate as 1 2 4 8 16 32 Rate 64 128 256 512 1K 2K 4K 8K 16K 32K 64K 128K 256K 512K or 1024K The 1 kpps is actually 1002 1 pps Frame Type Console QoS Storm Unicast Set or show the unicast storm rate limiter Syntax Parameters enable Enable unicast storm control disable Disable unicast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k Default Setting Disabled 1pps Example Enable unicast storm rate limiter in 1kpps SWITCH gt qos storm unicast enable 1k Console QoS Storm Multicast Set or show the multicast storm rate limiter qos storm multicast enable disable lt packet rate gt Parameters enable Enable multicast storm control disable Disable multicast storm control lt packet_rate gt Rate in pps 1 2 4 512 1k 2k 4k 1024k
283. ther RADIUS arises Assigned QoS assigned QoS Class is enabled for that port When unchecked RADIUS server assigned QoS Class is disabled for all ports hess When checked the individual ports ditto setting determines whether RADIUS dt Aena assigned VLAN is enabled for that port When unchecked RADIUS server assigned VLAN is disabled for all ports 160 Guest VLAN Enabled Guest VLAN ID Max Reauth Count Allow Guest VLAN if EAPOL Seen gt Port Configuration User s Manual SW 24400 When checked the individual ports ditto setting determines whether the port can be moved into Guest VLAN When unchecked the ability to move to the Guest VLAN is disabled for all ports This is the value that a port s Port VLAN ID is set to if a port is moved into the Guest VLAN It is only changeable if the Guest VLAN option is globally enabled Valid values are in the range 1 4095 The number of times that the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting The value can only be changed if the Guest VLAN option is globally enabled Valid values are in the range 1 255 If disabled unchecked default the switch will only enter the Guest VLAN if an EAPOL frame has not been received on the port for the life time of the port If enabled checked the switch will consider entering the Guest VLAN even if an EAPOL frame has been receive
284. tings Settings for Switch 1 Ingress Configuration Egress Contiguration Medium High ai Biv as ail e ivi Figure 4 8 Port QoS Configuration Global and Switch settings 135 User s Manual SW 24400 The page includes the following fields Set the number of classes 1 2 or 4 Number of Classes The default value is 4 matching any of the QCEs in the QCL Queuing Mode Select a Queuing mode for this port Queue Weighted a i may be weighted Low Normal Medium High if the Queuing Mode is Console QoS Configuration Show QoS Configuration Syntax lt port_list gt Port list or all default All ports Example Show QoS Configuration of port 1 4 Sal gt Gos CO mts iouica waite me de 4 QoS Configuracion s Prat pare Classes dl Storm Mulcicasts Disabled ls Storm Broadcast Disabled Ib pps Storm Unicast Dirisablec 1 pps Detaudis EO Rate Limiter Shaper Disabled Disabled Gi ried 1 2 4 8 Disabled Disabled STELCE 1 2 41 Disabled Disabled Str Tete ie ys Disabled Disabled Strict 1 2 4 8 Parameters lt port_list gt Port list or all default All ports lt qcl_id gt QCL ID Example Set QCL ID5 for port10 SWITCH gt G08 amp el port 10 5 Console QoS Default Set or show the default port priority 136 User s Manual SW 24400 qos default lt port list gt lt class gt Parameters lt port_list gt Port list or all default All ports lt Class gt Traffic c
285. to traffic priority Rules comprise a service level and a classifier to define how the Switch will treat certain classes of traffic A QoS Profile subsequently is multiple sets of rules which can be applied to a port To implement QoS on your network you need to carry out the following actions 1 2 Define a service level to determine the priority that will be applied to a set of traffic Apply a classifier to determine how the incoming traffic will be classified and thus treated by the Switch Traffic classifications are determined by protocol application source destination and so on You can create and modify classifications The Switch then groups classified traffic in order to schedule them with the appropriate service level Create a QoS profile sets of rules which associates a service level and a classifier Apply a QoS profile to one or more ports For any given QCL the following QCEs may be adjusted Frames can be classified by 4 different QoS classes Low Normal Medium and High The classification is controlled by a QoS assigned to each port A QCL consists of an ordered list of up to 12 QCEs Each QCE can be used to classify certain frames to a specific QoS class This classification can be based on parameters such as VLAN ID UDP TCP port IPv4 IPv6 DSCP or Tag Priority Frames not matching any of the QCEs are classified to the default QoS Class for the port 4 8 1 QCL Configuration Wizard The wizard acce
286. tors Unknown Types Packets Dropped Access Requests Access Retransmissions Timeouts radiusAuthClientExtAc cessAccepts radiusAuthClientExtAc cessRejects radiusAuthClientExtAc cessChallenges radiusAuthClientExtM alformedAccessRespo nses radiusAuthClientExtBa dAuthenticators radiusAuthClientExtUn known Types radiusAuthClientExtPa cketsDropped radiusAuthClientExtAc cessRequests radiusAuthClientExtAc cessRetransmissions radiusAuthClientExtPe ndingRequests radiusAuthClientExtTi meouts User s Manual SW 24400 The number of RADIUS Access Accept packets valid or invalid received from the server The number of RADIUS Access Reject packets valid or invalid received from the server The number of RADIUS Access Challenge packets valid or invalid received from the server The number of malformed RADIUS Access Response packets received from the server Malformed packets include packets with an invalid length Bad authenticators or Message Authenticator attributes or unknown types are not included as malformed access responses The number of RADIUS Access Response packets containing invalid authenticators or Message Authenticator attributes received from the server The number of RADIUS packets that were received from the server on the authentication port and dropped for some other reason The number of RADIUS packets that were received from the server on the authenticati
287. tp bpduguard enable Console STP Port P2P Set or show the STP point2point port parameter Syntax stp port p2p lt port list gt enable disable auto Parameters lt port_list gt Port list or all default All ports enable Enable MSTP point2point disable Disable MSTP point2point auto Automatic MSTP point2point detection Default Setting Example Disable STP P2P function on port1 SWEITCGH gt stp port p2p 1 disable Console STP Port RestrictedRole Syntax Parameters lt port_list gt Port list or all default All ports enable Enable MSTP restricted role disable Disable MSTP restricted role Default Setting Example Disable STP restricted role on port1 SWLTCH gt StO port mestricredrole 1 enable Console STP Port RestrictedTcn Set or show the MSTP restrictedTcn port parameter Syntax stp port restrictedtcn lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable MSTP restricted TCN disable Disable MSTP restricted TCN Default Setting Example Disable STP restricted TCN on port 107 User s Manual SW 24400 SWITCH gt stp port restrictedtcn 1 enable Console STP Port RestrictedTcn Set or show the bpduGuard port parameter stp port bpduguard lt port list gt enable disable Parameters lt port_list gt Port list or all default All ports enable Enable port BPDU Guard disable Disable po
288. tp server delete lt server index gt Parameters lt server_index gt The server index 1 5 lt server_ipv6 gt Pv6 server address Example To delete NTP server SWITCH gt 1ip nto server celere 1 4 1 7 UPnP Configuration Configure UPnP to simplify the implementation of networks and installation of computer components The page includes the following fields CINE Indicates the UPnP operation mode Possible modes are Enabled Disabled When the mode is enabled two ACEs are added automatically to trap UPNP related packets to CPU The ACEs are automatically removed when the mode is disabled The TTL value is used by UPnP to send SSDP advertisement messages Valid values are in the range 7 to 255 Advertising Duration this switch Specify how often control points should receive a SSDP advertisement message from Console UPnP Configuration Show UPnP configuration upnp configuration 40 User s Manual SW 24400 Example Show UPnP configuration SWITCH gt upnp Configuracion UPnP Configurations UPnP Mode Disabled URAD MI 7 4 UPoP Advertisungd Duracion s 00 Console UPnP Mode Parameters enable Enable UPnP disable Disable UPnP default Show UPnP mode Default Setting Example Enable the UPnP mode SWITCH gt upnp mode enable Console UPnP TTL Set or show the TTL value of the IP header in SSDP messages upnp ttl lt ttl gt lt ttl gt ttl range 1 255 de
289. tus for physical ports in the currently selected switch STP Port Status for Switch 1 1 DesignatedPot Forwarding Od 01 56 44 Disabled Discarding Discarding q DesignatedPort Forwarding Ud 00 32 05 Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Disabled Discarding Auto Refresh _ ses es ba pa ba Mi hi gt E O M 0000 The page includes the following fields The switch port number of the logical STP port The current STP port role of the ICST port The port role can be one of the following values AlternatePort CIST Role BackupPort RootPort DesignatedPort The current STP port state of the CIST port The port state can be one of the following values Disabled Blocking Learning Forwarding Non STP Uptime The time since the bridge port was last initialized 114 User s Manual SW 24400 Console STP Status Show STP Bridge status stp status lt msti gt lt port list gt lt msti gt STP bridge instance no 0 7 CIST 0 MSTI1 1 lt port_list gt Port list or all default All ports Default Setting Example Show STP Bridge status SWITCH gt stp status CS E aS Bridge ID 2 80 00 00 3034F 24304 s DI ROCED 3 80 00 00 30347 243 045 DI Parameters ROON Port Root PathCost Regional Root i pie eee ae NCOs Le 20 Steady 0 Max Hops
290. twork devices Connect one end of a standard network cable to the 10 100 1000 RJ 45 ports on the front of the Managed Switch b Connect the other end of the cable to the network devices Connection to the switch requires UTP Category 5 network cabling with RJ 45 tips For more information please see the Cabling Specifications in Appendix A 5 Supply power to the switch a Connect one end of the power cable to the switch b Connect the power plug of the power cable to a standard wall outlet c When the switch receives power the Power LED should remain solid Green 2 2 2 Rack Mounting To install the switch in a 19 inch standard rack follow the instructions described below 1 Place the switch on a hard flat surface with the front panel positioned towards the front side 2 Attach the rack mount bracket to each side of the switch with supplied screws attached to the package See the illustration below for a diagram on how to attach brackets to one side of the switch O lus 1399 q oo oe gt 2 gt 00933333 1398 O ocalonego SS 2004323137333 Sar eae E o o o Figure2 1 Attach brackets to the switch You must use the screws supplied with the mounting brackets Damage caused to the parts by using incorrect screws will invalidate the warranty 3 Secure the brackets tightly 4 Follow the same steps to attach the second bracket to the opposite side 5 After the brackets are attached to the s
291. uld belong to The string Engine ID must contain an even number between 10 and 64 hexadecimal digits but all zeros and all F s are not allowed A string identifying the user name that this entry should belong to The allowed User Name string length is 1 to 32 and the allowed content is the ASCII characters from 33 to 126 62 User s Manual SW 24400 Indicates the security model that this entry should belong to Possible security models are e NoAuth NoPriv No authentication and no privacy Security Level e Auth NoPriv Authentication and no privacy e Auth Priv Authentication and privacy e The value of security level cannot be modified if entry already exists Ensure that the value is set correctly Indicates the authentication protocol that this entry should belong to Possible authentication protocols are None No authentication protocol MD5 An optional flag to indicate that this user is using the MD5 authentication Authentication Protocol protocol SHA An optional flag to indicate that this user is using the SHA authentication protocol The value of security level cannot be modified if entry already exists Ensure that the value is set correctly A string identifying the authentication pass phrase For MD5 authentication protocol the allowed string length is 8 to 32 For SHA authentication protocol the allowed string length is 8 to 40 The allowed content is the ASCII characters from 33 to 126 Indicates the pr
292. unctions 28 User s Manual SW 24400 t System SNMP Port Management Link Aggregation VLAN Spanning Tree Multicast toos Access Control List Authentication Security MAC Address Table LLDP Diagnostics POE Stack gt Navigating web management screens Common interface features encountered in web management are given below with a description of their function Exceptions and unique interface items will be specified in their corresponding sections Auto refresh Check this box to enable an automatic refresh of the page at regular intervals Refresh Click to refresh the page any changes made locally will be undone lear _ Gear Clear all statistics By default clears all counters except where noted Save Click to save changes Except where noted changes are applied only after clicking Save Reset Click to undo any changes made locally and revert to previously saved values Renew Renew Click to undo any changes made locally and revert to previously saved values 3 2 4 SNMP Based Network Management You can use an external SNMP based application to configure and manage the switch This management method requires the SNMP agent on the switch and the SNMP Network Management Station to use the same community string This management method in fact uses two community strings the get community string and the set community string If the SNMP Network ma
293. ure fe ee ene Geel aL E System Time 3 1970 01 01 Thu 003063068 0000 System Uptime 3 00 083 06 Software Version 1 5b b100623 Software Date 3 2010 06 25 15343 02 t0OSO0OQ Previous Restart Cold 1 59100623 Console System Name Description Set or show the system name Syntax system name lt name gt Parameters lt name gt System name or clear to clear Only dashes and alphanumeric characters are permitted The first character must be alphabetic and the last character must not be a dash Example To set device title Switch gt System name SW 24400 LAB Console System Contact Set or show the system contact Parameters lt contact gt System contact string Use clear or to clear the string No blank or space characters are permitted as part of a contact only in CLI Default Setting Example To set device contact Switch gt System contact SW 24400 Test Console System Location Set or show the system location Parameters lt location gt System location string Use clear or to clear the string In CLI no blank or space characters are permitted as part of a contact Default Setting empty Example To set device location Switch gt System location 9F LAB Console System Timezone Set or show the system timezone offset system timezone lt offset gt User s Manual SW 24400 lt offset gt Time zone offset in minutes 720 to 720 relative to UTC Default Setting
294. urity network acl action lt port_list gt permit deny lt rate_limiter gt lt port copy gt lt logging gt lt shutdown gt Parameters lt port_list gt Port list or all default All ports permit Permit forwarding default deny Deny forwarding lt rate_limiter gt Rate limiter number 1 15 or disable lt port_copy gt Port number for copy of frames or disable lt logging gt System logging of frames log log_disable lt shutdowns Shut down ingress port shut shut_disable Default Setting Example Show ACL action in port 1 SWEICH gt security network acl action 1 Shutdown Counter Permit Disabled Disabled Disabled Disabled 156 User s Manual SW 24400 Console Security Network ACL Polic Description Set or show the ACL port policy Syntax security network acl policy lt port list gt lt policy gt Parameters lt port_list gt Port list or all default All ports lt policy gt Policy number 1 8 Default Setting Example Set ACL policy 2 for port 1 SWETCH gt Security network acl policy 1 2 Console Security Network ACL Clear Clear all ACL counters Example Clear all ACL counters SWITCH gt security network acl clear 4 9 5 ACL Rate Limiter Configuration Configure the rate limiter for the ACL of the switch ACL Rate Limiter Configuration Rate Limiter ID Rate pps 1 ka l l l l l l l l l l l l l l l The page inclu
295. urity switch snmp user add 800007e5017 000003 admin snmpv3 md5 12345678 des abcdefgh Console Security Switch SNMP User Delete Delete SNMPv3 user entry Syntax security switch snmp user delete lt index gt Parameters lt index gt entry index 1 64 63 User s Manual SW 24400 Example Delete SNMPv3 user entry SWERCH gt securmey sui cas amo user delete 1 Console Security Switch SNMP User Changekey Description Change SNMPv3 user password Syntax security switch snmp user changekey lt engineid gt lt user_ name gt lt auth_password gt lt priv_password gt Parameters lt engineid gt Engine ID the format may not be all zeros or all ff H and is restricted to 5 32 octet string lt user_name gt A string identifying the user name that this entry should belong to lt auth_password gt A string identifying the authentication pass phrase lt priv_password gt A string identifying the privacy pass phrase Example Delete SNMPv3 user entry SWITCH gt security switch snmp user changekey 800007e5017f000003 admin snmpv3 87654321 12345678 Console Security Switch SNMP Community Lookup Lookup SNMPv3 user entry Syntax lt index gt entry index 1 64 Example Lookup SNMPv3 user entry Snes ce sSwLtCh sae user looko Idx Engine ID User Name Auth Privy Remote admin snmpv3 Auth Priy MD5 DES Number of entries 1 4 2 5 3 Groups Configuration Configure SNMPv3 groups table The
296. used to uniquely identify the SW 24400 switches within a stack The Switch ID of each switch is shown on the display on the front and is used widely on web pages as well as in the CLI commands of the Stack A A A A 2 1 3 Switch Rear Panel The rear panel of the switch indicates an AC inlet power socket which accepts input power from 100 to 240V AC 50 60Hz gt AC Power Receptacle The power supply automatically adjusts to line power in the range of 100 240VAC and 50 60 Hz Plug the female end of the power cord firmly into the receptacle on the rear panel of the switch Plug the other end of the power cord into an electrical outlet The device will not work until it is powered If your networks are active all the time consider using a UPS Uninterrupted Power Supply for your device to better avoid network data loss or network downtime In some areas installing a surge suppression device may also help to protect your Managed Switch from being damaged by unregulated surges to the switch or the power adapter 2 2 Installation and Connection 2 2 1 Desktop Installation To install the switch on desktop or shelf 1 Attach the rubber feet to the recessed areas on the bottom of the switch 2 Place the switch on the desktop or the shelf near an AC power source as shown below 15 User s Manual SW 24400 3 Keep enough ventilation space between the switch and the surrounding objects 4 Connect the switch to ne
297. used when referencing locations on land not near tidal water which would use Datum NAD83 MLLW NAD83 MLLW This datum pair is to be used when referencing locations on water sea ocean Console LLDPMED Coordinates Set or show LLDP MED Location Syntax lldpmed Coordinates latitude longitude altitude north south west east meters floor coordinate value Parameters latitude Latitude 0 to 90 degrees with max 4 digits Positive numbers are north of the equator and negative numbers are south of the equator longitude Longitude 0 to 180 degrees with max 4 digits Positive values are East of the prime meridian and negative numbers are West of the prime meridian altitude Altitude Meters or floors with max 4 digits default Show coordinate location configuration north south west east meters floor North North Valid for latitude South South Valid for latitude West West Valid for longitude East East Valid for longitude Meters Meters Valid for altitude Floor Floor Valid for altitude lldpmed Coordinate value coordinate_value lidpmed Coordinate value 213 User s Manual SW 24400 Console LLDPMED Datum Description Set or show LLDP MED Coordinates map datum Syntax lldpmed datum wgs84 nad83 navd88 nad83 mllw Parameters wgs84 nad83_navd88 nad83_mllw wgs84 WGS84 nad83_navd88 NAD83_NAVD88 nad83_mllw NAD83_MLLW lldomed Coordinate datum gt Civic Address Location IETF Geopriv Civic Addres
298. utright short circuit caused by a failure in cabling or in the PD the PSE must shut down power within 50 to 75 milliseconds while limiting current drain during this period to protect the cabling infrastructure Immediate voltage drop is avoided to prevent shutdown due to random fluctuations 250 User s Manual SW 24400 APPENDEX C ETHERNET STANDARDS C 1 Switch s RJ 45 Pin Assignments 1000Mbps 1000Base T pin assignment Contact MDI Implicit implementation of the crossover function within a twisted pair cable or at a wiring panel while not expressly forbidden is beyond the scope of this standard C 2 10 100Mbps 10 100Base TX When connecting your 10 100Mbps Ethernet Switch to another switch a bridge or a hub a straight or crossover cable is necessary Each port of the Switch supports auto MDI MDI X detection That means you can directly connect the Switch to any Ethernet devices without making a crossover cable The following table and diagram show the standard RJ 45 receptacle connector and their pin assignments RJ 45 Connector pin assignment Contact MDI MDI X Media Dependant Interface Media Dependant Interface Cross Te rane je wee AT The standard cable RJ 45 pin assignment 251 User s Manual SW 24400 Figure C 1 Standard RJ 45 receptacle connector There are 8 wires on a standard UTP STP cable and each wire is color coded The following shows the pin allocation and color of straight
299. vene by injecting a bogus DHCP reply packet to a legitimate conversation between the DHCP client and server Configure DHCP Snooping on this page DHCP Snooping Configuration Stack Global Settings Snooping Model Dest E Port Mode Configuration for Switch 1 Figure 4 10 DHCP Snooping Configuration for the stack and for a particular switch The page includes the following fields Indicates the DHCP snooping mode operation Possible modes are e Enabled Enable DHCP snooping mode operation Requested DHCP messages will be forwarded to trusted ports and only allowed reply packets from trusted ports e Disabled Disable DHCP snooping mode operation Snooping Mode Indicates the DHCP snooping port mode Possible port modes are Port Mode e Trusted Configures the port as trusted sources of the DHCP message e Untrusted Configures the port as untrusted sources of the DHCP message Console Security Network DHCP Snooping Configuration Show DHCP snooping configuration security network dhcp snooping configuration Example SWITCH gt security network dhcp snooping configuration DHCP Snooping Configurations DHCP Snooping Mode Disabled 191 User s Manual SW 24400 Port Mode trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted trusted Console Security
300. vide secure predictable measurable and sometimes guaranteed services Achieving the required QoS becomes the secret to a successful end to end business solution Therefore QoS is the set of techniques to manage network resources RARP is an acronym for Reverse Address Resolution Protocol It is a protocol that is used to obtain an IP address for a given hardware address such as an Ethernet address RARP is the complement of ARP RADIUS is an acronym for Remote_Authentication Dial In User Service It is a networking protocol that provides centralized access authorization and accounting management for people or computers to connect and use a network service In 1998 the IEEE with document 802 1w introduced an evolution of STP the Rapid Spanning Tree Protocol which provides for faster spanning tree convergence after a topology change Standard IEEE 802 1D 2004 now incorporates RSTP and obsoletes STP while at the same time being backwards compatible with STP SHA is an acronym for Secure Hash Algorithm It designed by the National Security Agency NSA and published by the NIST as a U S Federal Information Processing Standard Hash algorithms compute a fixed length digital representation known as a message digest of an input data sequence the message of any length A shaper can limit the bandwidth of transmitted frames It is located after the ingress queues SNMP is an acronym for Simple Network Management Pr
301. vlan_id gt Private VLAN ID Example Delete PVLAN10 97 User s Manual SW 24400 SWITCH gt pvlan delete 10 Console PVLAN Lookup Lookup Private VLAN entry lt pvlan_id gt Private VLAN ID Example Lookup PVLAN WEC gt lookup EVTAN LD POTS 4 5 9 Port Isolation Configuration gt Overview When a VLAN is configured to be a private VLAN communication between ports within that VLAN can be prevented For private VLANs to be applied the switch must first be configured for standard VLAN operation Ports in a private VLAN fall into one of these two groups gt Promiscuous ports e Ports from which traffic can be forwarded to all ports in the private VLAN e Ports which can receive traffic from all ports in the private VLAN gt Isolated ports eo Ports from which traffic can only be forwarded to promiscuous ports in the private VLAN e Ports which can receive traffic from only promiscuous ports in the private VLAN The configuration of promiscuous and isolated ports applies to all private VLANs When traffic comes in on a promiscuous port in a private VLAN the VLAN mask from the VLAN table is applied When traffic comes in on an isolated port the private VLAN mask is applied in addition to the VLAN mask from the VLAN table This reduces the ports to which forwarding can be done to just the promiscuous ports within the private VLAN The port settings relate to the currently selected stack unit as reflect
302. vw O O v UnTag vw 22 23 24 All v UnTag Disable v Disable v Al UnTag Disable v 000 po lt S 3 lt User s Manual SW 24400 The page includes the following fields This is the logical port number for this row Assign PVID for selected port The range for the PVID is 1 4094 PVID The PVID will be inserted into all untagged frames entering the ingress port The PVID must as same as the VLAN ID that the port belong to VLAN group or the untagged traffic will be dropped ae Enable ingress filtering for a port by checking the box By default ingress filtering Ingress Filtering is disabled no checkmark Determines whether the port accepts all frames or only tagged frames If the port Accept Frame Type only accepts tagged frames untagged frames received on the port are discarded By default the field is set to All Allow 802 1Q Untagged or Tagged VLAN for selected port When adding a VLAN to selected port it tells the switch whether to keep or Link Type remove the tag from a frame on egress e Untag outgoing frames without VLAN Tagged e Tagged outgoing frames with VLAN Tagged Sets the Managed Switch to QinQ mode and allows the QinQ tunnel port to be configured The default is for the Managed Switch to function in Disabled mode e
303. wer Supply Budget W The available max value is 360 22 User s Manual SW 24400 Allows setting over temperature protection threshold value It system temperature was over it then system lower total PoE power budget automatically PoE Usage Threshold Allows setting how much PoE power budget could be limited Temperature Threshold The total PoE power reservation from Port 1 24 is up to 360W Console PoE Configuration Description Show PoE configuration Syntax Parameters lt port_list gt Port list or all default All ports Example Show PoE configuration SWITCH poe contiguo Port Priority Max Power W PowerAlloc W Enabled Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High Enabled High 09 dh Qu Bs 0 Om H gt Es Es dE Es Es Es Es Es Es Es Es Es Es Es Es Es Bs gs Es ds Es Bs Bs A E E gS E PS E E eS E E eS E PSS E E ES Power management mode Power management mode automode Console PoE Management Mode Syntax Parameters mgt_class handle power allocation according to PD class mgt_alloc power allocated according to values entered in power allocation mgt_consumption allocated according to PD actual need with a maximum of 15 4 W
304. witch use suitable screws to securely attach the brackets to the rack as shown 16 User s Manual SW 24400 below a 000000 Figure2 2 Mounting to a Rack 6 Refer to steps 4 and steps 5 of section 2 2 1 Desktop Installation to connect network cabling and supply power 2 2 3 Installing the SFP transceiver This section describes how to insert an SFP transceiver into an SFP slot SFP transceivers are hot pluggable and hot swappable You can plug in and out the transceiver to from any SFP port without having to power down the switch MGB SX LX sy 1000Base SX LX LC Fiber Figure 2 3 Plug in the SFP transceiver gt Approved i3 International SFP Transceivers This i3 International Managed Switch supports both Single mode and Multi mode SFP transceivers Check with technical support supportOi3international for the current list of approved transceivers 17 User s Manual SW 24400 Use i3 International approved SFPs on the switch Unsupported SFP transceivers will not be recognized Before connecting other switches workstations or Media Converters 1 2 gt l 2 3 4 gt 1 Ensure both sides of the SFP transceiver are with the same media type for example 1000Base SX to 1000Base SX 1000Bas LX to 1000Base LX Check whether the fibre optic cable type matches the SFP transceiver model a To connect to 1000Base SX SFP transceivers use the Multi mode fibre cable One side must be
305. witch is added to the Static Mac Table before changing to secure learning mode otherwise the management link is lost and can only be restored by using another non secure port or by connecting to the switch via the serial interface Console MAC Learning Description Set or show the port learn mode Syntax mac learning lt port list gt auto disable secure Parameters lt port_list gt Port list or all default All ports auto Automatic learning disable Disable learning secure Secure learning default Show learn mode Default Setting Example Set secure learning mode in port1 SWITCH gt mac learning 1 secure 205 User s Manual SW 24400 4 12 5 Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page The Dynamic ARP Inspection Table contains up to 1024 entries and is sorted first by port then by VLAN ID then by MAC address and then by IP address Dynamic ARP Inspection Table for Switch 1 start fram Port 1 v LAN J MAC Address and IP Address 0 000 with 20 entries per page Port YLAN ID MAC Address IP Address Auto Refresh L Navigating the ARP Inspection Table Each page shows up to 999 entries from the Dynamic ARP Inspection table default being 20 selected through the entries per page input field When first visited the web page will show the first 20 entries from the beginning of the Dynamic ARP Inspection Table The Start from po
306. with the limits for a Class A digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the Instruction manual may cause harmful interference to radio communications Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at whose own expense CE Mark Warning This is a Class A product In a domestic environment this product may cause radio interference in which case the user may be required to take adequate measures Energy Saving Note of the Device This power required device does not support Standby mode operation For energy saving remove the power cable to disconnect the device from the power circuit Without removing power cable the device will still consume power from the power source In the view of Saving the Energy and reduce the unnecessary power consuming it is strongly suggested to remove the power connection for the device if this device is not intended to be active WEEE Warning To avoid the potential effects on the environment and human health as a result of the presence of hazardous substances in electrical and electronic equipment end users of electrical and ele
307. wo different devices establish the mode of operation and the speed settings that can be shared by those devices for a link CDP is an acronym for Cisco Discovery Protocol DES DES is an acronym for Data Encryption Standard It provides a complete description of a mathematical algorithm for encrypting enciphering and decrypting deciphering binary coded information Encrypting data converts it to an unintelligible form called cipher Decrypting cipher converts the data back to its original form called plaintext The algorithm described in this standard specifies both enciphering and deciphering operations which are based on a binary number called a key DHCP DHCP is an acronym for Dynamic Host Configuration Protocol It is a protocol used for assigning dynamic IP addresses to devices on a network DHCP used by networked computers clients to obtain IP addresses and other parameters such as the default gateway subnet mask and IP addresses of DNS servers from a DHCP server The DHCP server ensures that all IP addresses are unique for example no IP address is assigned to a second client while the first client s assignment is valid its lease has not expired Therefore IP address pool management is done by the server and not by a human network administrator Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task This means that a new computer
308. x mode selection Port configuration Flow Control disable enable Bandwidth control on each port storm control Power saving mode control Display each port s speed duplex mode link status Flow control status Auto negotiation status trunk status 802 1Q Tagged Based VLAN up to 255 VLAN groups Q in Q VLAN Private VLAN Voice VLAN IEEE 802 3ad LACP Static Trunk Hott WEL Support 12 groups of 16 Port trunk support QS Ingress Shaper and Egress Rate Limit per port bandwidth control 11 User s Manual SW 24400 Traffic classification based Strict priority and WRR 4 level priority classifications Port Number 802 1p priority DS TOS field in IP Packet Typical network applications Supports QoS and In Out bandwidth control on each port QoS configuration wizard for easy QoS Control List creation DSCP remarking IGMP v1 v2 Snooping up to 255 multicast Groups IGMP Snooping IGMP Querier mode support IP Based ACL MAC Based ACL Access Control List Up to 256 entries Source MAC IP address binding DHCP Snooping Dynamic ARP Inspection IP Source Guard Auto DoS IP address access management RFC 1213 MIB II IF MIB RFC 1493 Bridge MIB RFC 1643 Ethernet MIB RFC 2863 Interface MIB RFC 2665 Ether Like MIB RFC 2737 Entity MIB RFC 2618 RADIUS Client MIB RFC 2933 IGMP STD MIB RFC3411 SNMP Frameworks MIB IEEE 802 1X PAE LLDP MAU MIB Regulation Compliance FCC Part 15 Class A CE IEEE 802
309. y below Hello Time Maximum Age Timer Forward Delay Timer A combination of the User set priority and the switch s MAC address The Bridge Identifier consists of two parts 32768 MAC a 16 bit priority and a 48 bit Ethernet MAC address 32768 MAC A relative priority for each switch lower numbers give a higher priority and a greater chance of a given switch being 30768 elected as the root bridge A Priority for the switch can be set from 0 to 65535 0 is equal to the highest Priority The length of time between broadcasts of the hello message by the switch The Hello Time can be from 1 to 10 seconds This is the interval between two transmissions of BPDU packets sent by the Root Bridge to tell all other Second Switches that it is indeed the Root Bridge If you set a Hello Time for your Switch and it is not the Root Bridge the set Hello Time will be used if and when your Switch becomes the Root Bridge The Max Age can be from 6 to 40 seconds At the end of the Max Age if a BPDU has still not been received from the Root Bridge your Switch will start sending its own BPDU to all other Switches for permission to become the Root Bridge If it ag seconde turns out that your Switch has the lowest Bridge Identifier it will become the Root Bridge Measures the age of a received BPDU for a port and ensures that the BPDU is discarded when its age exceeds the value of the maximum age timer The amount t
Download Pdf Manuals
Related Search