Software User’s Manual Version 3.
Software User's Manual – Version 3.0 Table of Contents CLI Management ........................................................................... 1 Configuration by serial console .................................................................... 1 Configuration by Telnet console ................................................................... 2 Web Management .......................................................................... 3 Connecting to the Web Console Interface..........................
Software User's Manual – Version 3.0 Configuration > Ports ................................................................................ 19 Port Configuration ....................................................................................... 19 Configuration > DHCP > Server > Mode ..................................................... 22 DHCP Server Mode Configuration .................................................................. 22 Global Mode ...................................................
Software User's Manual – Version 3.0 Access Management Configuration ................................................................ 41 Configuration > Security > Switch > SNMP > System ................................ 42 SNMP System Configuration ......................................................................... 42 Configuration > Security > Switch > SNMP > Trap .................................... 44 Trap Configuration...............................................................................
Software User's Manual – Version 3.0 Configuration > Security > Network > ACL > Ports ................................... 72 ACL Ports Configuration ............................................................................... 72 Configuration > Security > Network > ACL > Rate Limiters ....................... 75 ACL Rate Limiter Configuration ..................................................................... 75 Configuration > Security > Network > ACL > Access Control List ..............
Software User's Manual – Version 3.0 TACACS+ Server Configuration ................................................................... 103 Global Configuration ...................................................................................................... 103 Server Configuration ...................................................................................................... 103 Configuration > Aggregation > Static ......................................................
Software User's Manual – Version 3.0 IGMP Snooping VLAN Configuration ............................................................. 126 Configuration > IPMC > IGMP Snooping > Port Filtering Profile .............. 128 IGMP Snooping Port Filtering Profile Configuration ......................................... 128 Configuration > IPMC > MLD Snooping > Basic Configuration ................. 129 MLD Snooping Configuration .......................................................................
Software User's Manual – Version 3.0 Instance Data ............................................................................................................... 151 Instance Configuration ................................................................................................... 151 Functional Configuration ................................................................................................. 153 TLV Configuration .........................................................................
Software User's Manual – Version 3.0 Instance Command ........................................................................................................ 176 Instance State............................................................................................................... 176 ERPS VLAN Configuration # ............................................................................................ 177 Configuration > MAC Table .....................................................................
Software User's Manual – Version 3.0 QoS Egress Port Shapers ............................................................................ 198 Configuration > QoS > Port Tag Remarking ............................................. 199 QoS Egress Port Tag Remarking .................................................................. 199 Configuration > QoS > Port DSCP ............................................................ 200 QoS Port DSCP Configuration ....................................................
Software User's Manual – Version 3.0 Diagnostics > Ping6 ................................................................................. 219 ICMPv6 Ping ............................................................................................. 219 Diagnostics > VeriPHY ............................................................................. 220 VeriPHY Cable Diagnostics .......................................................................... 220 Maintenance ....................................
Software User's Manual – Version 3.0 © Copyright 2018 Antaira Technologies, Co. Ltd. All Rights Reserved This document contains information, which is protected by copyright. Reproduction, adaptation or translation without prior permission is prohibited, except as allowed under the copyright laws. Disclaimer Antaira Technologies, Co. Ltd.
Software User's Manual – Version 3.0 CLI Management Configuration by serial console ANTAIRA Ethernet switches support CLI management. You can use console or telnet to manage the switches by CLI. Before configuring RS-232 serial console, connect the RS-232 port of the switches to your PC Com port using a RJ45 to DB9-Female cable. 1. Connect your PC to the switches’ Console port. 2. Launch the serial terminal program. 3.
Software User's Manual – Version 3.0 Configuration by Telnet console 1. Connect your PC and the switches on the same logical subnetwork. 2. Launch the Telnet program. 3. Configure the switches’ default settings of the Telnet program: IP Address: 192.168.1.254 Subnet Mask: 255.255.255.0 Default Gateway: none 4. The administrator username / password are admin / admin by default. Enter the username and password to login the Telnet console.
Software User's Manual – Version 3.0 Web Management Besides CLI-based management, ANTAIRA Ethernet switches also support Web-based management. This section describes the Web console interface for a series of Industrial Management Switches. This is a user-friendly design with advanced management features that allows you to manage switches through an Internet browser.
Software User's Manual – Version 3.0 Connecting to the Web Console Interface 1. Initiate a connection from a browser to the default IP address: http://192.168.1.254 The Login page appears. 2. The administrator username / password is admin / admin by default. Enter the username and password and then click the Login button. NOTE: Make sure that the PC and switches are on the same logical subnetwork.
Software User's Manual – Version 3.0 Monitor Configuration > System > Information Switch State Overview When logged into the Web GUI Interface, the Switch State Overview page provides an overview of the current switch system and port states.
Software User's Manual – Version 3.0 Port Status Port State RJ45 Disabled Down Link SFP Disabled Down Link Check Box Check Box Auto-refresh Description Check this box to refresh the page automatically. Automatic refresh occurs every 3 seconds. Buttons Button Refresh Description Click to refresh the page.
Software User's Manual – Version 3.0 Configuration Configuration > System > Information System Information Configuration The switch system information is provided here. System Contact Factory Default Setting Description Max. 255 Characters The textual identification of the contact person for this managed node, together with information on how to contact this person. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126.
Software User's Manual – Version 3.0 Configuration > System > IP IP Configuration Configure IP basic settings, control IP interfaces, and IP routes. The maximum number of interfaces supported is 8 and the maximum number of routes is 32. Mode Configure whether the IP stack should act as a Host or a Router. Factory Default Setting Description Host Router IP traffic between interfaces will not be routed. IP traffic is routed between all interfaces.
Software User's Manual – Version 3.0 From this DHCPv6 interface From any DHCPv6 interfaces Specify from which DHCPv6-enabled interface a provided DNS server should be preferred. The first DNS server offered from a DHCPv6 lease to a DHCPv6enabled interface will be used. DNS Proxy When DNS proxy is enabled, the system will relay DNS requests to the currently configured DNS server, and reply as a DNS resolver to the client devices on the network. Only IPv4 DNS proxy is supported.
Software User's Manual – Version 3.0 IPv4 Mask DHCPv6 Enable DHCPv6 Rapid Commit DHCPv6 Current Lease IPv6 Address IPv6 Mask Resolving IPv6 DAD The IPv4 network mask in number of bits (prefix length). Valid values are between 0 and 30 bits for an IPv4 address. If DHCP is enabled, this field configures the fallback address network mask. The field may be left blank if IPv4 operation on the interface is not desired - or no DHCP fallback address is desired. Enable the DHCPv6 client by checking this box.
Software User's Manual – Version 3.0 IP Routes Click the Add Route button to add a new IP route. A maximum of 32 routes is supported. Setting Delete Network Mask Length Gateway Next Hop VLAN (Only for IPv6) Description Select this option to delete an existing IP route. The destination IP network or host address of this route. Valid format is dotted decimal notation or a valid IPv6 notation. A default route can use the value 0.0.0.0 or IPv6 :: notation.
Software User's Manual – Version 3.0 Configuration > System > NTP NTP Configuration Mode Setting Description Factory Default Enabled Disabled Enable NTP client mode operation. Disable NTP client mode operation. Disabled Setting Description Factory Default IPv4 or IPv6 address of an NTP server IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, fe80::215:c5ff:fe03:4dc7.
Software User's Manual – Version 3.0 Configuration > System > Time Time Zone Configuration Setting Time Zone Acronym Factory Default Description Lists various time zones worldwide. Select appropriate Time Zone from the drop down and click Save to set. User can set the acronym of the time zone. This is a User configurable acronym to identify the time zone.
Software User's Manual – Version 3.0 Daylight Saving Time Mode Setting Description Factory Default Daylight Saving Time This is used to set the clock forward or backward according to the configurations set below for a defined Daylight Saving Time duration. Select Disable to disable the Daylight Saving Time configuration. Select Recurring and configure the Daylight Saving Time duration to repeat the configuration every year.
Software User's Manual – Version 3.0 Configuration > System > Log System Log Configuration Server Mode Indicates the server mode operation. When the mode operation is enabled, the syslog message will send out to syslog server. The syslog protocol is based on UDP communication and received on UDP port 514 and the syslog server will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments.
Software User's Manual – Version 3.0 Configuration > System > Event Warning > Relay Relay Warning Events Settings The Relay Warning function uses relay output to alert the user when certain user-configured events take place. System Events Indicates power down mode operation. Warning Relay output is triggered when a switch is powered down. Factory Setting Description Default Enabled Enable system event mode operation. Disabled Disabled Disable system event mode operation.
Software User's Manual – Version 3.0 Configuration > Green Ethernet > Port Power Savings Port Power Saving Configuration What is EEE EEE is a power saving option that reduces the power usage when there is low or no traffic utilization. EEE works by powering down circuits when there is no traffic. When a port gets data to be transmitted, all circuits are powered up. The time it takes to power up the circuits is named Wakeup Time.
Software User's Manual – Version 3.0 Port Configuration Setting Port ActiPHY PerfectReach EEE EEE Urgent Queues Description The switch port number of the logical port. Link down power savings enabled. ActiPHY works by lowering the power for a port when there is no link. The port is powered up for a short moment in order to determine if a cable is inserted. Cable length power savings enabled. PerfectReach works by determining the cable length and lowering the power for ports with short cables.
Software User's Manual – Version 3.0 Configuration > Ports Port Configuration This page displays current port configurations. Ports can also be configured here. Port This is the logical port number for this row. Description Factory Default Setting Description Max. 256 Characters The description of the port. It is an ASCII string no longer than 256 characters. None Link The current link state is displayed graphically. Color Description Green Link is up. Red Link is down.
Software User's Manual – Version 3.0 100Mbps HDX 100Mbps FDX 1Gbps FDX Forces the current port to 100Mbps half-duplex mode. Forces the current port to 100Mbps full-duplex mode. Forces the current port to 1Gbps full-duplex. Advertise Duplex When Duplex is set as Auto (i.e. auto negotiation), the port will only advertise the specified duplex as either Fdx or Hdx to the link partner. By default, the port will advertise all the supported duplexes if the Duplex is set as Auto.
Software User's Manual – Version 3.0 bytes) for values of 1536 and below. If the EtherType/Length field is above 1536, it indicates that the field is used as an EtherType (indicating which protocol is encapsulated in the payload of the frame). Factory Setting Description Default Checked Frames with payload size less than 1536 bytes are dropped if the EtherType/Length field doesn’t match the actual payload length. Unchecked Frames are not dropped due to frame length mismatch.
Software User's Manual – Version 3.0 Configuration > DHCP > Server > Mode DHCP Server Mode Configuration This page configures global mode and VLAN mode to enable/disable DHCP server per system and per VLAN. Global Mode Setting Description Factory Default Enabled Disabled Enable DHCP server per system. Disable DHCP server per system. Disabled VLAN Mode VLAN Range Indicate the VLAN range in which DHCP server is enabled or disabled.
Software User's Manual – Version 3.0 Configuration > DHCP > Server > Excluded IP DHCP Server Excluded IP Configuration This page configures excluded IP addresses. DHCP server will not allocate these excluded IP addresses to DHCP clients. Excluded IP Address IP Range Define the IP range to be excluded IP addresses. The first excluded IP must be smaller than or equal to the second excluded IP.
Software User's Manual – Version 3.0 Configuration > DHCP > Server > Pool DHCP Server Pool Configuration This page manages DHCP pools. According to the DHCP pool, DHCP server will allocate the IP address and deliver configuration parameters to DHCP clients. Pool Setting Adding a pool and giving a name is creating a new pool with "default" configuration. If you want to configure all settings including type, IP subnet mask and lease time, you can click the pool name to go into the configuration page.
Software User's Manual – Version 3.0 Pool Setting Configuration page Pool Pool Setting Name Description Select a pool by pool name.
Software User's Manual – Version 3.0 Setting Name Type IP Subnet Mask Lease Time Domain Name Broadcast Address Default Router DNS Server Description Display the selected pool name. Specify which type of the pool it is: Network: the pool defines a pool of IP addresses to service more than one DHCP client. Host: the pool services for a specific DHCP client identified by client identifier or hardware address. Specify network number of the DHCP address pool. Specify subnet mask of the DHCP address pool.
Software User's Manual – Version 3.0 NetBIOS Node Type NetBIOS Scope NetBIOS Name Server NIS Domain Name Specify NetBIOS node type option to allow Netbios over TCP/IP clients which are configurable to be configured as described in RFC 1001/1002. Specify the NetBIOS over TCP/IP scope parameter for the client as specified in RFC 1001/1002. Specify a list of NBNS name servers listed in order of preference. Specify the name of the client’s NIS domain.
Software User's Manual – Version 3.0 Configuration > DHCP > Snooping DHCP Snooping Configuration Snooping Mode Setting Enabled Disabled Description Factory Default Enable DHCP snooping mode operation. When DHCP snooping mode operation is enabled, the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports. Disable DHCP snooping mode operation.
Software User's Manual – Version 3.0 Configuration > DHCP > Relay DHCP Relay Configuration A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. It stores the incoming interface IP address in the GIADDR (Gateway IP Address) field of the DHCP packet. The DHCP server can use the value of GIADDR field to determine the assigned subnet.
Software User's Manual – Version 3.0 Factory Default Setting Description Enabled Enable DHCP relay information mode operation. When DHCP relay information mode operation is enabled, the agent inserts specific information (option 82) into a DHCP message when forwarding to DHCP server and removes it from a DHCP message when transferring to DHCP client. It only works when DHCP relay operation mode is enabled. Disabled Disable DHCP relay information mode operation.
Software User's Manual – Version 3.0 Configuration > Security > Switch > Users This page provides an overview of the current users. Currently the only way to login as another user on the web server is to close and reopen the browser. Users Configuration Factory Default None Setting Description User Name The name identifying the user. Privilege Level 0~15 The privilege level of the user. The allowed range is 0 to 15. If the privilege level value is 15, it can access all groups, i.e.
Software User's Manual – Version 3.0 Add/Edit User Click the Add New User button to add a new user. Also, you can click User Name to edit a user. User Name Factory Default Setting Description Max. 31 Characters A string identifying the user name that this entry should belong to. The allowed string length is 1 to 31. The valid user name allows letters, numbers, and underscores. None Password Factory Default Setting Description Max. 31 Characters The password of the user.
Software User's Manual – Version 3.
Software User's Manual – Version 3.0 Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few of them contain more than one. The following description defines these privilege level groups in detail: System: Contact, Name, Location, Time Zone, Daylight Saving Time, Log.
Software User's Manual – Version 3.0 Configuration > Security > Switch > Auth Method Authentication Method Configuration The authentication section allows you to configure how a user is authenticated when he logs into the switch via one of the management client interfaces. Setting Client Methods Description The management client for which the configuration below applies. Method can be set to one of the following values: no: Authentication is disabled and login is not possible.
Software User's Manual – Version 3.0 Command Authorization Method Configuration The command authorization section allows you to limit the CLI commands available to a user. Setting Client Methods Cmd Lvl (0~15) Cfg Cmd Description The management client for which the configuration below applies. Method can be set to one of the following values: no: Command authorization is disabled. User is granted access to CLI commands according to his privilege level.
Software User's Manual – Version 3.0 Cmd Lvl (0~15) Exec Enable accounting of all commands with a privilege level higher than or equal to this level. Valid values are in the range 0 to 15. Leave the field empty to disable command accounting. Enable exec (login) accounting.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SSH SSH Configuration Setting Description Enabled Disabled Enable SSH mode operation. Disable SSH mode operation.
Software User's Manual – Version 3.0 Configuration > Security > Switch > HTTPS HTTPS Configuration This page allows you to configure the HTTPS settings and maintain the current certificate on the switch. Mode Setting Description Factory Default Enabled Disabled Enable HTTPS mode operation. Disable HTTPS mode operation. Disabled Automatic Redirect Indicate the HTTPS redirect mode operation. It is only significant when “HTTPS Mode Enabled” is selected.
Software User's Manual – Version 3.0 Certificate Pass Phrase Factory Default Setting Description Pass phrase Enter the pass phrase in this field if your uploading certificate is protected by a specific passphrase. None Certificate Upload Upload a certificate PEM file into the switch. The file should contain the certificate and private key together. If you have two separated files for saving certificate and private key, use the Linux cat command to combine them into a single PEM file.
Software User's Manual – Version 3.0 Configuration > Security > Switch > Access Management Access Management Configuration Configure access management table on this page. The maximum number of entries is 16. If the application's type matches any one of the access management entries, it will allow access to the switch. Mode Indicates the access management mode operation. Setting Description Factory Default Enabled Disabled Enable access management mode operation.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > System SNMP System Configuration Mode Setting Description Enabled Disabled Enable SNMP mode operation. Disable SNMP mode operation. Factory Default Enabled Version Factory Default Setting Description SNMP v1 SNMP v2c SNMP v3 Set SNMP supported version 1. Set SNMP supported version 2c. Set SNMP supported version 3. SNMP v2c Read Community Factory Default Setting Description Max.
Software User's Manual – Version 3.0 Write Community Factory Default Setting Description Max. 255 characters The field is applicable only when SNMP version is SNMPv1 or SNMPv2c. If SNMP version is SNMPv3, the community string will be associated with SNMPv3 communities table. It provides more flexibility to configure a security name than a SNMPv1 or SNMPv2c community string. In addition to community string, a particular range of source addresses can be used to restrict source subnet.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Trap Trap Configuration Global Settings Mode Setting Description Factory Default Enabled Disabled Enable SNMP trap mode operation. Disable SNMP trap mode operation. Disabled Trap Destination Configurations Name Indicates the Trap Configuration’s name. Indicates the Trap Destination’s name. Enable Indicates the Trap Destination mode operation.
Software User's Manual – Version 3.0 Destination Address Indicates the SNMP trap destination address. It allows a valid IP address in dotted decimal notation (‘x.y.z.w’). And it also allows a valid hostname. A valid hostname is a string drawn from the alphabet (A-Za-z), digits (0-9), dot (.), and dash (-). Spaces are not allowed, the first character must be an alpha character, and the first and last characters must not be a dot or a dash. Indicates the SNMP trap destination IPv6 address.
Software User's Manual – Version 3.0 Trap Version Setting Description Factory Default SNMP v1 SNMP v2c SNMP v3 Set SNMP supported version 1. Set SNMP supported version 2c. Set SNMP supported version 3. SNMP v2c Setting Description Factory Default 0 ~ 255 characters Indicates the community access string when sending SNMP trap packet. The allowed string length is 0 to 255, and the allowed content is ASCII characters from 33 to 126.
Software User's Manual – Version 3.0 Trap Inform Timeout (seconds) Factory Default Setting Description 0~2147 Indicates the SNMP trap inform timeout. The allowed range is 0 to 2147. 3 Trap Inform Retry Times Factory Default Setting Description 0~255 Indicates the SNMP trap inform retry times. The allowed range is 0 to 255. 5 Trap Probe Security Engine ID Factory Default Setting Description Enabled Enable SNMP trap probe security engine ID mode of operation.
Software User's Manual – Version 3.0 System Enable/disable that the Interface group's traps. Setting Description Warm Start Cold Start Enable/disable Warm Start trap. Enable/disable Cold Start trap. Factory Default Disabled Disabled Interface Indicates the Interface group's traps. Possible traps are: Indicates that the SNMP entity is permitted to generate authentication failure traps. Factory Setting Description Default Link Up Enable/disable Link Up trap.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Communities SNMPv3 Community Configuration Configure SNMPv3 community table on this page. The entry index key is Community. Add New Entry Setting Delete Community Source IP Source Mask Description Check to delete the entry. It will be deleted during the next save. Indicates the community access string to permit access to SNMPv3 agent.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Users SNMPv3 User Configuration Configure SNMPv3 user table on this page. The entry index keys are Engine ID and User Name. Add New Entry Setting Delete Engine ID User Name Security Level Description Check to delete the entry. It will be deleted during the next save. An octet string identifying the engine ID that this entry should belong to.
Software User's Manual – Version 3.0 Authentication Protocol Authentication Password Privacy Protocol Privacy Password Indicates the authentication protocol that this entry should belong to. Possible authentication protocols are: None: No authentication protocol. MD5: An optional flag to indicate that this user uses MD5 authentication protocol. SHA: An optional flag to indicate that this user uses SHA authentication protocol. The value of security level cannot be modified if entry already exists.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Groups SNMPv3 Group Configuration Configure SNMPv3 group table on this page. The entry index keys are Security Model and Security Name. Add New Entry Setting Delete Security Model Security Name Group Name Description Check to delete the entry. It will be deleted during the next save. Indicates the security model that this entry should belong to. Possible security models are: v1: Reserved for SNMPv1.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Views SNMPv3 View Configuration Configure SNMPv3 view table on this page. The entry index keys are View Name and OID Subtree. Add New Entry Setting Delete View Name View Type OID Subtree Description Check to delete the entry. It will be deleted during the next save. A string identifying the view name that this entry should belong to.
Software User's Manual – Version 3.0 Configuration > Security > Switch > SNMP > Access SNMPv3 Access Configuration Configure SNMPv3 access table on this page. The entry index keys are Group Name, Security Model, and Security Level. Add New Entry Setting Delete Description Check to delete the entry. It will be deleted during the next save. A string identifying the group name that this entry should belong to.
Software User's Manual – Version 3.0 Configuration > Security > Switch > RMON > Statistics RMON statistics Configuration Configure RMON Statistics table on this page. The entry index key is ID. Add New Entry Setting Delete ID Data Source Description Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000000*(switch ID-1).
Software User's Manual – Version 3.0 Configuration > Security > Switch > RMON > History RMON History Configuration Configure RMON History table on this page. The entry index key is ID. Add New Entry Setting Delete ID Data Source Interval Buckets Buckets Granted Description Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Indicates the port ID which wants to be monitored.
Software User's Manual – Version 3.0 Configuration > Security > Switch > RMON > Alarm RMON Alarm Configuration Configure RMON Alarm table on this page. The entry index key is ID. Add New Entry Setting Delete ID Data Source Interval Variable Description Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Indicates the port ID which wants to be monitored. If in stacking switch, the value must add 1000000*(switch ID-1).
Software User's Manual – Version 3.0 Sample Type Value Startup Alarm Rising Threshold Rising Index Falling Threshold Falling Index OutQLen: The length of the output packet queue (in packets). The method of sampling the selected variable and calculating the value to be compared against the thresholds, possible sample types are: Absolute: Get the sample directly. Delta: Calculate the difference between samples (default). The value of the statistic during the last sampling period.
Software User's Manual – Version 3.0 Configuration > Security > Switch > RMON > Event RMON Event Configuration Configure RMON Event table on this page. The entry index key is ID. Add New Entry Setting Delete ID Desc Type Community Event Last Time Description Check to delete the entry. It will be deleted during the next save. Indicates the index of the entry. The range is from 1 to 65535. Indicates this event, the string length is from 0 to 127, default is a null string.
Software User's Manual – Version 3.0 Configuration > Security > Network > Limit Control Port Security Limit Control Configuration Limit Control allows for limiting the number of users on a given port. A user is identified by a MAC address and VLAN ID. If Limit Control is enabled on a port, the limit specifies the maximum number of users on the port. If this number is exceeded, an action is taken. The action can be one of the four different actions as described below.
Software User's Manual – Version 3.0 Port Configuration The table has one row for each port on the switch and a number of columns. Setting Port Mode Limit Action Description The port number to which the configuration below applies. Controls whether Limit Control is enabled on this port. Both this and the Global Mode must be set to enabled for Limit Control to be in effect. Notice that other modules may still use the underlying port security features without enabling Limit Control on a given port.
Software User's Manual – Version 3.0 disconnected and reconnected on the port (by disconnecting the cable), the port will remain shut down. There are three ways to re-open the port: 1. Boot the switch, 2. Disable and re-enable Limit Control on the port or the switch, 3. Click the Reopen button. Trap & Shutdown: If Limit + 1 MAC addresses are seen on the port, both the Trap and the Shutdown actions described above will be taken.
Software User's Manual – Version 3.0 Configuration > Security > Network > NAS Network Access Server Configuration This page allows you to configure the IEEE 802.1X and MAC-based authentication system and port settings. The IEEE 802.1X standard defines a port-based access control procedure that prevents unauthorized access to a network by requiring users to first submit credentials for authentication.
Software User's Manual – Version 3.0 Reauthentication Enabled Reauthentication Period EAPOL Timeout Aging Period Hold Time If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached.
Software User's Manual – Version 3.0 The Hold Time can be set to a number between 10 and 1000000 seconds RADIUS-Assigned QoS Enabled RADIUS-Assigned VLAN Enabled Guest VLAN Enabled Guest VLAN ID RADIUS-assigned QoS provides a means to centrally control the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch.
Software User's Manual – Version 3.0 Max. Reauth. Count The number of times the switch transmits an EAPOL Request Identity frame without response before considering entering the Guest VLAN is adjusted with this setting. The value can only be changed if the Guest VLAN option is globally enabled. Valid values are in the range [1:255]. The switch remembers if an EAPOL frame has been received on the port for the life-time of the port.
Software User's Manual – Version 3.0 Admin State If NAS is globally enabled, this selection controls the port’s authentication mode. Setting Description In this mode, the switch will send one EAPOL Success frame when the port Force link comes up, and any client on the port will be allowed network access Authorized without authentication. Force In this mode, the switch will send one EAPOL Failure frame when the port link Unauthorized comes up, and any client on the port will be disallowed network access.
Software User's Manual – Version 3.0 Multi 802.1X MAC-based Auth. supplicant can get authenticated on the port at a time. Normal EAPOL frames are used in the communication between the supplicant and the switch. If more than one supplicant is connected to a port, the one that comes first when the port’s link comes up will be the first one considered. If that supplicant doesn’t provide valid credentials within a certain amount of time, another supplicant will get a chance.
Software User's Manual – Version 3.0 maximum number of clients that can be attached to a port can be limited using the Port Security Limit Control functionality. RADIUS-Assigned QoS Enabled When RADIUS-Assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated.
Software User's Manual – Version 3.0 The switch looks for the first set of these attributes that have the same Tag value and fulfill the following requirements (if Tag == 0 is used, the Tunnel-Private-Group-ID does not need to include a Tag): o Value of Tunnel-Medium-Type must be set to IEEE-802. o Value of Tunnel-Type must be set to VLAN. o Value of Tunnel-Private-Group-ID must be a string of ASCII chars in the range 0 - 9, which is interpreted as a decimal string representing the VLAN ID.
Software User's Manual – Version 3.0 Unauthorized: The port is in Force Unauthorized or a single-supplicant mode and the supplicant is not successfully authorized by the RADIUS server. X Auth/Y Unauth: The port is in a multi-supplicant mode. Currently X clients are authorized and Y are unauthorized. Restart Two buttons are available for each row. The buttons are only enabled when authentication is globally enabled and the port’s Admin State is in an EAPOL-based or MAC-based mode.
Software User's Manual – Version 3.0 Configuration > Security > Network > ACL > Ports ACL Ports Configuration Configure the Access Control List (ACL) parameters Access Control Entitiy (ACE) of each switch port. These parameters will affect frames received on a port unless the frames match a specific ACE. Port The logical port for the settings contained in the same row. Policy ID Factory Default Setting Description 0~255 Select the policy to apply to this port. The allowed values are 0 through 255.
Software User's Manual – Version 3.0 Action Setting Description Permit Deny Forwarding is permitted. Forwarding is denied. Factory Default Permit Rate Limiter ID Setting Description Factory Default Disabled 1~16 Rate Limiter is disabled. Select which Rate Limiter to apply on this port. Disabled Setting Description Factory Default Disabled Port X Port Redirect is disabled. Select which port frames are redirected on.
Software User's Manual – Version 3.0 State Setting Description Disabled Disable this port policy. Factory Default Enabled Enabled Enable this port policy. Counter Counts the number of frames that match this ACE.
Software User's Manual – Version 3.0 Configuration > Security > Network > ACL > Rate Limiters ACL Rate Limiter Configuration Rate Limiter ID The rate limiter ID for the settings contained in the same row. Its range is 1 to 16. Rate Factory Default Setting Description 0-3276700 The valid rate is 0-3276700 in pps. OR 0, 100, 200, 300, ...
Software User's Manual – Version 3.0 Configuration > Security > Network > ACL > Access Control List Access Control List Configuration This page shows the Access Control List (ACL), which is made up of the Access Control Entry (ACE) defined on this switch. Each row describes the ACE that is defined. The maximum number of ACEs is 256 on each switch. Click on the lowest plus sign to add a new ACE to the list.
Software User's Manual – Version 3.0 An ACE consists of several parameters. These parameters vary according to the frame type that you select. First select the ingress port for the ACE, and then select the frame type. Different parameter options are displayed depending on the frame type selected. A frame that hits this ACE matches the configuration that is defined here. Ingress Port Factory Default Setting Description All The ACE applies to all ports.
Software User's Manual – Version 3.0 Ethernet Type ARP IPv4 IPv6 Only Ethernet Type frames can match this ACE. The IEEE 802.3 describes the value of Length/Type Field specifications to be greater than or equal to 1536 decimal (equal to 0600 hexadecimal) and the value should not be equal to 0x800(IPv4), 0x806(ARP), or 0x86DD(IPv6). Only ARP frames can match this ACE. Notice the ARP frames won’t match the ACE with Ethernet type. Only IPv4 frames can match this ACE.
Software User's Manual – Version 3.0 Logging Specify the logging operation of the ACE. Notice that the logging message doesn't include the 4 bytes CRC information. Factory Setting Description Default Enabled Frames matching the ACE are stored in the System Log. Disabled Disabled Frames matching the ACE are not logged. NOTE: The logging feature only works when the packet length is less than 1518(without VLAN tags) and the System Log memory size and logging rate is limited.
Software User's Manual – Version 3.0 When Specific is selected for the SMAC filter, you can enter a specific source MAC address. The legal format is xx-xx-xx-xxxx-xx or xx.xx.xx.xx.xx.xx or xxxxxxxxxxxx (x is a hexadecimal digit). A frame that hits this ACE matches this SMAC value. 00-00-0000-00-01 Setting Description Factory Default Any MC BC UC No DMAC filter is specified. Frame must be multicast. Frame must be broadcast. Frame must be unicast.
Software User's Manual – Version 3.0 1~4095 When Specific is selected for the VLAN ID filter, you can enter a specific VLAN ID number. The allowed range is 1 to 4095. A frame that hits this ACE matches this VLAN ID value. 1 Tag Priority Factory Default Setting Description Any 0~7, 0-1, 2-3, 45, 6-7, 0-3, 4-7 No tag priority is specified Specify the tag priority for this ACE. A frame that hits this ACE matches this tag priority.
Software User's Manual – Version 3.0 IP address Sender IP Mask Setting IP address When Host or Network is selected for the sender IP filter, you can enter a specific sender IP address in dotted decimal notation. Notice the invalid IP address configuration is acceptable too, i.e. 0.0.0.0. Normally, an ACE with an invalid IP address will explicitly add deny action. Description 0.0.0.
Software User's Manual – Version 3.0 Target IP Address Factory Default Setting Description IP address When Host or Network is selected for the target IP filter, you can enter a specific target IP address in dotted decimal notation. Notice the invalid IP address configuration is acceptable too, i.e. 0.0.0.0. Normally, an ACE with an invalid IP address will explicitly add deny action.
Software User's Manual – Version 3.0 Ethernet Specify whether frames can hit the action according to their ARP/RARP protocol address space (PRO) settings. Factory Setting Description Default 0 ARP/RARP frames where the PRO is not equal to IP (0x800). 1 ARP/RARP frames where the PRO is equal to IP (0x800). Any Any Any value is allowed. IP Parameters The IP parameters can be configured when Frame Type IPv4 is selected.
Software User's Manual – Version 3.0 IP Fragment Specify the fragment offset settings for this ACE. This involves the settings for the More Fragments (MF) bit and the Fragment Offset (FRAG OFFSET) field for an IPv4 frame. Factory Setting Description Default IPv4 frames where the MF bit is set or the FRAG OFFSET field is No greater than zero must not be able to match this entry. IPv4 frames where the MF bit is set or the FRAG OFFSET field is Any Yes greater than zero must be able to match this entry.
Software User's Manual – Version 3.0 Factory Default Setting Description Any No source IP filter is specified. Source IP filter is set to Host. Specify the source IP address in the SIP Address field that appears. Host Network Any Source IP filter is set to Network. Specify the source IP address and source IP mask in the SIP Address and SIP Mask fields that appear.
Software User's Manual – Version 3.0 Next Header Value Factory Default Setting Description 0~255 When Next Header Filter > Other is selected for the IPv6 next header value, you can enter a specific value. The allowed range is 0 to 255. A frame that hits this ACE matches this IPv6 protocol value. 0 SIP Filter Specify the source IPv6 filter for this ACE. Factory Default Setting Description Any No source IPv6 filter is specified. Specific Source IPv6 filter is set to Network.
Software User's Manual – Version 3.0 ICMP Type Value Factory Default Setting Description 0~255 When Specific is selected for the ICMP filter, you can enter a specific ICMP value. The allowed range is 0 to 255. A frame that hits this ACE matches this ICMP value. 0 ICMP Code Filter Factory Default Setting Description Any No ICMP code filter is specified. If you want to filter a specific ICMP code filter with this ACE, you can enter a specific ICMP code value.
Software User's Manual – Version 3.0 TCP/UDP Source Range Factory Default Setting Description 0 ~ 65535 When Range is selected for the TCP/UDP source filter, you can enter a specific TCP/UDP source range value. The allowed range is 0 to 65535. A frame that hits this ACE matches this TCP/UDP source value.
Software User's Manual – Version 3.0 TCP SYN Specify the TCP "Synchronize sequence numbers" (SYN) value for this ACE. Setting 0 1 Any Factory Default Description TCP frames where the SYN field is set must not be able to match this entry. TCP frames where the SYN field is set must be able to match this entry. Any value is allowed. Any TCP RST Specify the TCP "Reset the connection" (RST) value for this ACE.
Software User's Manual – Version 3.0 1 Any TCP frames where the URG field is set must be able to match this entry. Any value is allowed. Ethernet Type Parameters The Ethernet Type parameters can be configured when Frame Type Ethernet Type is selected. EtherType Filter Factory Default Setting Description Any No EtherType filter is specified. If you want to filter a specific EtherType filter with this ACE, you can enter a specific EtherType value. A field for entering an EtherType value appears.
Software User's Manual – Version 3.0 Configuration > Security > Network > IP Source Guard > Configuration IP Source Guard Configuration ********************************************************************* DHCP Snooping must be Enabled for IP Source Guard to function. ********************************************************************* Mode Setting Enabled Disabled Factory Default Description Enable the Global IP Source Guard. All configured ACEs will be disabled when the mode is enabled.
Software User's Manual – Version 3.0 Port Mode Configuration Mode Setting Description Factory Default Enabled Disabled Port Mode is enabled. Port Mode is disabled. Disabled Max Dynamic Clients Setting Description Factory Default 0,1,2,Unlimited Specify the maximum number of dynamic clients that can be learned on a given port. This value can be 0, 1, 2, or unlimited.
Software User's Manual – Version 3.0 Configuration > Security > Network > IP Source Guard > Static Table Static IP Source Guard Table Add New Entry Setting Delete Port VLAN ID IP Address MAC address Description Check to delete the entry. It will be deleted during the next save. The logical port for the settings. The VLAN ID for the settings. Allowed Source IP address. Allowed Source MAC address.
Software User's Manual – Version 3.0 Configuration > Security > Network > ARP Inspection > Port Configuration ARP Inspection Configuration ********************************************************************* DHCP Snooping must be Enabled for ARP Inspection to function. ********************************************************************* Mode Setting Description Factory Default Enabled Disabled Enable the Global ARP Inspection. Disable the Global ARP Inspection.
Software User's Manual – Version 3.0 Port Mode Configuration Specify ARP Inspection is enabled on which ports. Only when both Global Mode and Port Mode on a given port are enabled, ARP Inspection is enabled on this given port.
Software User's Manual – Version 3.0 Mode Setting Description Factory Default Enabled Disabled Enable ARP Inspection operation. Disable ARP Inspection operation. Disabled Check VLAN If you want to inspect the VLAN configuration, you have to enable the setting of “Check VLAN”. The default setting of “Check VLAN” is disabled. When the setting of “Check VLAN” is disabled, the log type of ARP Inspection will refer to the port setting.
Software User's Manual – Version 3.0 Configuration > Security > Network > ARP Inspection > VLAN Configuration VLAN Mode Configuration Navigating the VLAN Configuration Each page shows up to 9999 entries from the VLAN table, default being 20, selected through the “entries per page” input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.
Software User's Manual – Version 3.0 Configuration > Security > Network > ARP Inspection > Static Table Static ARP Inspection Table This page shows the static ARP Inspection rules. The maximum number of rules is 256 on the switch. Add New Entry Setting Delete Port VLAN ID MAC address IP Address Description Check to delete the entry. It will be deleted during the next save. The logical port for the settings. The VLAN ID for the settings. Allowed Source MAC address in ARP request packets.
Software User's Manual – Version 3.0 Configuration > Security > Network > ARP Inspection > Dynamic Table Dynamic ARP Inspection Table Entries in the Dynamic ARP Inspection Table are shown on this page. The Dynamic ARP Inspection Table contains up to 256 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. All dynamic entries are learning from DHCP Snooping.
Software User's Manual – Version 3.0 Configuration > Security > AAA > RADIUS RADIUS Server Configuration Global Configuration Setting Timeout Retransmit Deadtime Key NAS-IP-Address NAS-IPv6Address NAS-Identifier Description Timeout is the number of seconds, in the range 1 to 1000, to wait for a reply from a RADIUS server before retransmitting the request. Retransmit is the number of times, in the range 1 to 1000, a RADIUS request is retransmitted to a server that is not responding.
Software User's Manual – Version 3.0 Server Configuration The table has one row for each RADIUS server and a number of columns. Setting Delete Hostname Auth Port Acct Port Timeout Retransmit Key Description To delete a RADIUS server entry, check this box. The entry will be deleted during the next save. The IP address or hostname of the RADIUS server. The UDP port to use on the RADIUS server for authentication. Set to 0 to disable authentication. The UDP port to use on the RADIUS server for accounting.
Software User's Manual – Version 3.0 Configuration > Security > AAA > TACACS+ TACACS+ Server Configuration Global Configuration Setting Timeout Deadtime Key Description Timeout is the number of seconds, in the range 1 to 1000, to wait for a reply from a TACACS+ server before it is considered to be dead. Deadtime, which can be set to a number between 0 to 1440 minutes, is the period during which the switch will not send new requests to a server that has failed to respond to a previous request.
Software User's Manual – Version 3.0 “Add New Server” Button Click “Add New Server” button to add a new TACACS+ server. An empty row is added to the table, and the TACACS+ server can be configured as needed. Up to 5 servers are supported. The “Delete” button can be used to undo the addition of the new server.
Software User's Manual – Version 3.0 Configuration > Aggregation > Static Aggregation Mode Configuration Hash Code Contributors Setting Description The Source MAC address can be used to calculate the destination port for Source MAC the frame. Check to enable the use of the Source MAC address or uncheck to Address disable. By default, Source MAC Address is enabled. The Destination MAC Address can be used to calculate the destination port Destination MAC for the frame.
Software User's Manual – Version 3.0 Aggregation Group Configuration Setting Group ID Port Members Description Indicates the group ID for the settings contained in the same row. Group ID “Normal” indicates there is no aggregation. Only one group ID is valid per port. Each switch port is listed for each group ID. Select a radio button to include a port in an aggregation or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group.
Software User's Manual – Version 3.0 Configuration > Aggregation > LACP LACP Port Configuration Setting Port LACP Enabled Key Role Timeout Prio Description The switch port number. Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. The Key value incurred by the port, range 1-65535. The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3.
Software User's Manual – Version 3.0 Configuration > Loop Protection Loop Protection Configuration General Settings Setting Enable Loop Protection Transmission Time Shutdown Time Description Controls whether loop protections are enabled (as a whole). The interval between each loop protection PDU sent on each port. Valid values are 1 to 10 seconds. Default value is 5 seconds.
Software User's Manual – Version 3.0 Enable Action Tx Mode Controls whether loop protection is enabled on this switch port. Configures the action performed when a loop is detected on a port. Valid values are Shutdown Port, Shutdown Port and Log, or Log Only. Controls whether the port is actively generating loop protection PDU's, or whether it is just passively looking for looped PDU's.
Software User's Manual – Version 3.0 Configuration > Spanning Tree > Bridge Settings STP Bridge Configuration This page allows you to configure STP system settings. The settings are used by all STP Bridge instances in the switch. Basic Settings Setting Protocol Version Bridge Priority Hello Time Forward Delay Description The MSTP / RSTP / STP protocol version setting. Valid values are STP, RSTP, and MSTP. Controls the bridge priority. Lower numeric values have better priority.
Software User's Manual – Version 3.0 Max Age Maximum Hop Count Transmit Hold Count Advanced Settings Setting Edge Port BPDU Filtering Edge Port BPDU Guard Port Error Recovery Port Error Recovery Timeout The maximum age of the information transmitted by the Bridge when it is the Root Bridge. Valid values are in the range 6 to 40 seconds, and MaxAge must be <= (FwdDelay-1)*2. This defines the initial value of remaining Hops for MSTI information generated at the boundary of an MSTI region.
Software User's Manual – Version 3.0 Configuration > Spanning Tree > MSTI Mapping MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations. Configuration Identification Setting Description The name identifying the VLAN to MSTI mapping. Bridges must share the Configuration name and revision (see below), as well as the VLAN-to-MSTI mapping Name configuration in order to share spanning trees for MSTI's (Intra-region).
Software User's Manual – Version 3.0 VLANs Mapped The list of VLANs mapped to the MSTI. The VLANs can be given as a single (xx, xx being between 1 and 4094) VLAN, or a range (xx-yy), each of which must be separated with comma and/or space. A VLAN can only be mapped to one MSTI. An unused MSTI should just be left empty (i.e. not having any VLANs mapped to it). Example: 2,5,20-40.
Software User's Manual – Version 3.0 Configuration > Spanning Tree > MSTI Priorities MSTI Configuration This page allows the user to inspect the current STP MSTI bridge instance priority configurations. MSTI Priority Configuration Setting Description MSTI The bridge instance. The CIST is the default instance, which is always active. Controls the bridge priority. Lower numeric values have better priority.
Software User's Manual – Version 3.0 Configuration > Spanning Tree > CIST Ports STP CIST Port Configuration This page allows the user to inspect the current STP CIST port configurations, and possibly change them as well. This page contains settings for physical and aggregated ports. CIST Aggregated/ Normal Port Configuration Setting Description Port The switch port number of the logical STP port. STP Enabled Controls whether STP is enabled on this switch port. Controls the path cost incurred by the port.
Software User's Manual – Version 3.0 operEdge (state flag) AdminEdge AutoEdge Restricted Role Restricted TCN BPDU Guard Point-to-Point Operational flag describing whether the port is connecting directly to edge devices (no Bridges attached). Transition to the forwarding state is faster for edge ports (having operEdge true) than for other ports. The value of this flag is based on AdminEdge and AutoEdge fields. This flag is displayed as Edge in Monitor > Spanning Tree > STP Detailed Bridge Status.
Software User's Manual – Version 3.0 Configuration > Spanning Tree > MSTI Ports MSTI Port Configuration Select MSTI Select MSTI port number and click “Get” Button to configuration. (MST#) MSTI Port Configuration An MSTI port is a virtual port, which is instantiated separately for each active CIST (physical) port for each MSTI instance configured on and applicable to the port. The MSTI instance must be selected before displaying actual MSTI port configuration options.
Software User's Manual – Version 3.0 MSTI Aggregated/ Normal Ports Configuration Setting Description Port The switch port number of the corresponding STP CIST (and MSTI) port. Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can Path Cost be entered. The path cost is used when establishing the active topology of the network.
Software User's Manual – Version 3.0 Configuration > IPMC Profile > Profile Table IPMC Profile Configurations This page provides IPMC Profile related configurations. The IPMC profile is used to deploy the access control on IP multicast streams. It is allowed to create at maximum 64 Profiles with at maximum 128 corresponding rules for each. Global Profile Mode Enable/Disable the Global IPMC Profile. IPMC Profile Table Setting “Add New IPMC Profile” button Click to add new IPMC profile.
Software User's Manual – Version 3.0 Configuration > IPMC Profile > Address Entry IPMC Profile Address Configuration This page provides address range settings used in IPMC profile. The address entry is used to specify the address range that will be associated with IPMC Profile. It is allowed to create at maximum 128 address entries in the system. “Add New Address (Range) Entry” button Setting Description Delete Check to delete the entry. It will be deleted during the next save.
Software User's Manual – Version 3.0 Configuration > MVR MVR Configurations The MVR (Multicast VLAN Registration) feature enables multicast traffic forwarding on the Multicast VLANs. In a multicast television application, a PC, a network television, or a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port.
Software User's Manual – Version 3.0 IGMP Address Mode edited for the existing MVR VLAN entries or it can be added to the new entries. Define the IPv4 address as source address used in IP header for IGMP control frames. The default IGMP address is not set (0.0.0.0). When the IGMP address is not set, the system uses IPv4 management address of the IP interface associated with this VLAN. When the IPv4 management address is not set, the system uses the first available IPv4 management address.
Software User's Manual – Version 3.0 Immediate Leave Setting Setting Enabled Disabled Description Enable the fast leave on the port. Disable the fast leave on the port.
Software User's Manual – Version 3.0 Configuration > IPMC > IGMP Snooping > Basic Configuration IGMP Snooping Configuration Global Configuration Setting Description Snooping Enable the Global IGMP Snooping. Enabled Unregistered Enable unregistered IPMCv4 traffic flooding. IPMCv4 The flooding control takes effect only when IGMP Snooping is enabled. Flooding When IGMP Snooping is disabled, unregistered IPMCv4 traffic flooding is Enabled always active in spite of this setting.
Software User's Manual – Version 3.0 Port Related Configuration Setting Router Port Fast Leave Throttling Description Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Enable the fast leave on the port. Enable to limit the number of multicast groups to which a switch port can belong.
Software User's Manual – Version 3.0 Configuration > IPMC > IGMP Snooping > VLAN Configuration IGMP Snooping VLAN Configuration Navigating the IGMP Snooping VLAN Table Each page shows up to 99 entries from the VLAN table, default being 20, selected through the “entries per page” input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.
Software User's Manual – Version 3.0 QI QRI LLQI (LMQI for IGMP) URI The Robustness Variable allows tuning for the expected packet loss on a network. The allowed range is 1 to 255. The default robustness variable value is 2. Query Interval. The Query Interval is the interval between General Queries sent by the Querier. The allowed range is 1 to 31744 seconds. The default query interval is 125 seconds. Query Response Interval.
Software User's Manual – Version 3.0 Configuration > IPMC > IGMP Snooping > Port Filtering Profile IGMP Snooping Port Filtering Profile Configuration Setting Port Filtering Profile Profile Management Button Description The logical port for the settings. Select the IPMC Profile as the filtering condition for the specific port. Summary about the designated profile will be shown by clicking the view button. List the rules associated with the designated profile.
Software User's Manual – Version 3.0 Configuration > IPMC > MLD Snooping > Basic Configuration MLD Snooping Configuration Global Configuration Setting Description Snooping Enable the Global MLD Snooping. Enabled Unregistered Enable unregistered IPMCv6 traffic flooding. IPMCv6 The flooding control takes effect only when MLD Snooping is enabled. Flooding When MLD Snooping is disabled, unregistered IPMCv6 traffic flooding is Enabled always active in spite of this setting.
Software User's Manual – Version 3.0 Port Releated Configuration Setting Router Port Fast Leave Throttling Description Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Enable the fast leave on the port. Enable to limit the number of multicast groups to which a switch port can belong.
Software User's Manual – Version 3.0 Configuration > IPMC > MLD Snooping > VLAN Configuration MLD Snooping VLAN Configuration Navigating the MLD Snooping VLAN Table Each page shows up to 99 entries from the VLAN table, default being 20, selected through the “entries per page” input field. When first visited, the web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.
Software User's Manual – Version 3.0 QRI LLQI URI Query Response Interval. The Maximum Response Delay used to calculate the Maximum Response Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds. The default query response interval is 100 in tenths of seconds (10 seconds). Last Listener Query Interval.
Software User's Manual – Version 3.0 Configuration > IPMC > MLD Snooping > Port Filtering Profile MLD Snooping Port Filtering Profile Configuration Setting Port Filtering Profile Profile Management Button Description The logical port for the settings. Select the IPMC Profile as the filtering condition for the specific port. Summary about the designated profile will be shown by clicking the view button. List the rules associated with the designated profile.
Software User's Manual – Version 3.0 Configuration > LLDP > LLDP LLDP Configuration LLDP Parameters Tx Interval Factory Default Setting Description 5 ~ 32768 The switch periodically transmits LLDP frames to its neighbors for having the network discovery information up-to-date. The interval between each LLDP frame is determined by the Tx Interval value. Valid values are restricted to 5 - 32768 seconds.
Software User's Manual – Version 3.0 Tx Reinit Factory Default Setting Description 1 ~ 10 When an interface is disabled, LLDP is disabled, or the switch is rebooted; an LLDP shutdown frame is transmitted to the neighboring units, signaling that the LLDP information isn’t valid anymore. Tx Reinit controls the number of seconds between the shutdown frame and a new LLDP initialization. Valid values are restricted to 1 - 10 seconds.
Software User's Manual – Version 3.0 CDP Aware Port Descr Sys Name Sys Descr Sys Capa Mgmt Addr Select CDP awareness. The CDP operation is restricted to decoding incoming CDP frames (the switch doesn’t transmit CDP frames). CDP frames are only decoded if LLDP on the interface is enabled. Only CDP TLVs that can be mapped to a corresponding field in the LLDP neighbors’ table are decoded. All other TLVs are discarded (unrecognized CDP TLVs and discarded CDP frames are not shown in the LLDP statistics).
Software User's Manual – Version 3.0 Configuration > LLDP > LLDP-MED LLDP-MED Configuration This page allows you to configure the LLDP-MED. This function applies to VoIP devices which support LLDP-MED. Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints are critically important aspects of VoIP systems.
Software User's Manual – Version 3.0 Transmit TLVs It is possible to select which LLDP-MED information that shall be transmitted to the neighbors. When the checkbox is checked, the information is included in the frame transmitted to the neighbor. Setting Interface Capabilities Policies Location PoE Description The interface name to which the configuration applies. When checked, the switch's capabilities are included in LLDP-MED information transmitted.
Software User's Manual – Version 3.0 Longitude Altitude Map Datum Longitude should be normalized to within 0-180 degrees with a maximum of 4 digits. It is possible to specify the direction to either East of the prime meridian or West of the prime meridian. Altitude should be normalized to within -2097151.9 to 2097151.9 with a maximum of 1 digit. It is possible to select between two altitude types (meters or floors): Meters: Representing meters of Altitude defined by the vertical datum specified.
Software User's Manual – Version 3.0 Setting Country code State County City City district Block (Neighborhood) Street Leading street direction Trailing street suffix Street suffix House no. House no. suffix Landmark Additional location info Name Zip code Building Apartment Floor Room no. Place type Postal community name P.O. Box Additional code Description The two-letter ISO 3166 country code in capital ASCII letters Example: DK, DE, or US.
Software User's Manual – Version 3.0 Emergency Call Service Emergency Call Service ELIN identifier data format is defined to carry the ELIN identifier as used during emergency call setup to a traditional CAMA or ISDN trunk-based PSAP. This format consists of a numerical digit string corresponding to the ELIN to be used for emergency calling.
Software User's Manual – Version 3.0 Setting Delete Policy ID Application Type Description Check to delete the policy. It will be deleted during the next save. ID for the policy. This is auto generated and shall be used when selecting the policies that shall be mapped to the specific interfaces. Intended use of the application types: 1. Voice - for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services.
Software User's Manual – Version 3.0 Tag VLAN ID L2 Priority DSCP Adding a new policy 8. Video Signaling (conditional) - for use in network topologies that require a separate policy for the video signaling than for the video media. This application type should not be advertised if all the same network policies apply as those advertised in the Video Conferencing application policy. Tag indicating whether the specified application type is using a 'tagged' or an 'untagged' VLAN.
Software User's Manual – Version 3.0 Configuration > PoE > Power Budget Power Over Ethernet Configuration Setting Reserved Power determined by Power Management Mode Description There are three modes for configuring how the ports/PDsmay reserve power: 1. Allocated mode: In this mode, the user allocates the amount of power that each port may reserve. The allocated/reserved power for each port/PD is specified in the Maximum Power fields. 2.
Software User's Manual – Version 3.0 PoE Power Supply Configuration Setting Primary Power Supply [W] Description For being able to determine the amount of power the PD may use, it must be defined what amount of power a power source can deliver. Valid values are in the range 0 to 2000 watts. PoE Port Configuration Setting PoE Mode Description The PoE Mode represents the PoE operating mode for the port: Disabled: PoE disabled for the port. PoE: Enables PoE IEEE 802.3af (Class 4 PDs limited to 15.
Software User's Manual – Version 3.0 Priority Maximum Power The Priority represents the ports’ priority. There are three levels of power priority named Low, High, and Critical. The priority is used in the case where the remote devices require more power than the power supply can deliver. In this case, the port with the lowest priority will be turned off starting from the port with the highest port number.
Software User's Manual – Version 3.0 Configuration > PoE > Ping Alive PoE Ping Alive This page allows the user to have control over the system's Powered Device failure check. Port Configuration Setting Description Port The switch port number of the port. Enable Controls whether PoE Ping Alive is enabled on this switch port. IP Address The IP for the Powered Device. Interval The time for IP checking period.
Software User's Manual – Version 3.0 Configuration > PoE > PoE Schedule PoE Schedule Port Setting This page is divided into Port Configuration and Schedule Setting. Port Configuration allows the user to set PoE schedule identifier and PoE schedule mode for each PoE port. Schedule Setting allows the user to add new schedule timetabling. Port Configuration Setting Description Port The switch port number of the port. Disable: Disable schedule operation.
Software User's Manual – Version 3.0 Schedule ID Schedule Setting Setting Schedule ID Status Controls whether schedule needs to be executed. Schedule id is ranged from 1 to 32. Description PoE schedule id. Schedule id is ranged from 1 to 32. PoE schedule status. PoE Schedule Time Configuration Click “Scheduled Setting” schedule ID number to edit PoE schedule time configuration Setting Schedule ID Time Description The schedule id number of the schedule. Start Time: Time tabling start time.
Software User's Manual – Version 3.0 Configuration > MEP Maintenance Entity Point Setting Delete Instance Domain Mode Direction Residence Port Level Flow Instance Tagged VID This MAC Alarm Description This box is used to mark a MEP for deletion in the next save operation. The ID of the MEP. Click on the ID of a MEP to enter the configuration page. The range is from 1 through 100. Port: This is a MEP in the Port Domain. MEP: This is a Maintenance Entity End Point.
Software User's Manual – Version 3.0 Instance Data Setting Instance Domain Mode Direction Residence Port Flow Instance Description The ID of the MEP. Port: This is a MEP in the Port Domain. MEP: This is a Maintenance Entity End Point. MIP: This is a Maintenance Entity Intermediate Point. Down: This is a Down MEP - monitoring ingress OAM and traffic on Residence Port. Up: This is an Up MEP. The port where MEP is monitoring - see 'Direction'. For an EVC MEP, the port must be a port in the EVC.
Software User's Manual – Version 3.0 Setting Level Format Domain Name MEG Id MEP Id Tagged VID VOE cLevel cMEG cMEP cAIS cLCK cDEG cSSF aBLK aTSD aTSF Delete Peer MEP ID Unicast Peer MAC cLOC cRDI cPeriod Description The MEG level of this MEP. This is the configuration of the two possible Maintenance Association Identifier formats: ITU ICC: This is defined by ITU (Y1731 Fig. A3). 'Domain Name' is not used. 'MEG ID' must be a maximum of 13 characters. IEEE String: This is defined by IEEE (802.
Software User's Manual – Version 3.0 cPriority Fault Cause indicating that a CCM is received with a priority different than what is configured for this MEP - from this peer MEP. Functional Configuration Setting Continuity Check Description Enable: Continuity Check based on transmitting/receiving CCM PDU can be enabled/disabled. The CCM PDU is always transmitted as Multicast Class 1. Priority: The priority to be inserted as PCP bits in TAG (if any).
Software User's Manual – Version 3.0 Type: a. R-APS: APS PDU is transmitted as R-APS - this is for ERPS. b. L-APS: APS PDU is transmitted as L-APS - this is for ELPS. Last Octet: This is the last octet of the transmitted and expected RAPS multi-cast MAC. In G.8031 (03/2010), a RAPS multi-cast MAC is defined as 01-19-A7-00-00-XX. In current standard the value for this last octet is '01' and the usage of other values is for further study. TLV Configuration Configuration of the OAM PDU TLV.
Software User's Manual – Version 3.0 TLV Status Display of the last received TLV. Currently only TLV in the CCM is supported.
Software User's Manual – Version 3.0 Fault Management This page allows the user to inspect and configure the Fault Management of the current MEP Instance. Loop Back Setting Enable DEI Priority Cast Peer MEP Unicast MAC To Send Size Description Loop Back based on transmitting/receiving LBM/LBR PDU can be enabled/disabled. Loop Back is automatically disabled when all 'To Send' LBM PDU has been transmitted - waiting 5 sec. for all LBR from the end. The DEI to be inserted as PCP bits in TAG (if any).
Software User's Manual – Version 3.0 Interval The interval between transmitting LBM PDU. In 10ms. in case 'To Send' != 0 (max 100 - '0' is as fast as possible) In 1us. in case 'To Send' == 0 (max 10.
Software User's Manual – Version 3.0 Loop Back State Setting Transaction ID Transmitted Reply MAC Received Out Of Order Description The transaction id of the first LBM transmitted. For each LBM transmitted, the transaction ID in the PDU is incremented. The total number of LBM PDU transmitted. The MAC of the replying MEP/MIP. In case of multi-cast LBM, replies can be received from all peer MEP in the group. This MAC is not shown in case of 'To Send' == 0.
Software User's Manual – Version 3.0 Link Trace State Setting Transaction ID Time To Live Mode Direction Forwarded Relay Last MAC Next MAC Description The transaction ID is incremented for each LTM send. This value is inserted in the transmitted LTM PDU and is expected to be received in the LTR PDU. Received LTR with wrong transaction ID is ignored. There are five transactions in one Link Trace activated.
Software User's Manual – Version 3.0 Test Signal Setting Enable DEI Priority Peer MEP Rate Size Pattern Description Test Signal based on transmitting TST PDU can be enabled/disabled. The DEI to be inserted as PCP bits in TAG (if any). The priority to be inserted as PCP bits in TAG (if any). The TST frame destination MAC will be taken from the 'Unicast Peer MAC' configuration of this peer. The TST frame transmission bit rate - in Megabits per second. Limit is 400 Mbps.
Software User's Manual – Version 3.0 Test Signal State Setting Description TX frame count The number of transmitted TST frames since last 'Clear'. RX frame The number of received TST frames since last 'Clear'. count The current received TST frame bit rate in Kbps. This is calculated on a 1 s. RX rate basis, starting when the first TST frame is received after 'Clear'. The frame size used for this calculation is the first received after 'Clear'.
Software User's Manual – Version 3.0 AIS Setting Enable Frame Rate Protection Description Insertion of AIS signal (AIS PDU transmission) in client layer flows can be enable/disabled. Selecting the frame rate of AIS PDU. This is the inverse of transmission period as described in Y.1731. Selecting this means that the first 3 AIS PDU is transmitted as fast as possible - in case of using this for protection in the end point.
Software User's Manual – Version 3.0 Performance Monitoring This page allows the user to inspect and configure the performance monitor of the current MEP Instance. Performance Monitoring Data Set Setting Enable Description When enabled this MEP instance will contribute to the 'PM Data Set' gathered by the PM Session. Loss Measurement Setting Tx Rx Priority Cast Peer MEP Rate Description Transmitting/receiving CCM or LMM/LMR or SLM/SLR/1SL PDUs - see 'Synthetic' and 'Ended'.
Software User's Manual – Version 3.0 Size Synthetic Ended FLR Interval Meas Interval Loss Threshold SLM Test ID In case of enable of Continuity Check and Loss Measurement both implemented on SW based CCM, 'Frame Rate' has to be the same. The 'Synthetic' SLM/1SL frame size. This is entered as the wanted size (in bytes) of an untagged frame containing LM OAM PDU - including CRC (four bytes).
Software User's Manual – Version 3.0 Loss Measurement State Setting Peer MEP Tx Rx Near End Loss Count Far End Loss Count Interval Elapsed Description The Peer MEP ID that the following state relates to. The accumulated transmitted LM PDUs - since last 'clear'. The accumulated received LM PDUs - since last 'clear'. The accumulated near end frame loss count - since last 'clear'. The accumulated far end frame loss count - since last 'clear'.
Software User's Manual – Version 3.0 Loss Measurement Availability Setting Enable Interval FLR Threshold Maintenance Description Enable/disable of loss measurement availability. Availability interval - number of measurements with same availability in order to change availability state. Availability frame loss ratio threshold in per mille. Enable/disable of loss measurement availability maintenance.
Software User's Manual – Version 3.0 Consecutive Interval High Loss Interval consecutive interval (number of measurements). Loss Measurement High Loss Interval Status Setting Near Count Far Count Near Consecutive Count Far Consecutive Count Description Near end high loss interval count - number of measurements where availability state is available and FLR is above high loss interval FLR threshold.
Software User's Manual – Version 3.0 Delay Measurement Setting Enable Priority Cast Peer MEP Ended Tx Mode Calc Gap Count Unit Synchronized Counter Overflow Action Description Delay Measurement based on transmitting 1DM/DMM PDU can be enabled/disabled. Delay Measurement based on receiving and handling. 1DM/DMR PDU is always enabled. The priority to be inserted as PCP bits in TAG (if any). Selection of 1DM/DMM PDU transmitted unicast or multicast. The unicast MAC will be configured through 'Peer MEP'.
Software User's Manual – Version 3.0 Delay Measurement State Setting Tx Rx Rx Timeout Rx Error Av Delay Tot Av Delay last N Delay Min. Delay Max. Av Delay-Var Tot Av Delay-Var last N Delay-Var Min. Delay-Var Max. Overflow Clear Far-end-to-nearend one-way delay Near-end-to-farend one-way delay Description The accumulated transmit count - since last 'clear'. The accumulated receive count - since last 'clear'. The accumulated receive timeout count for two-way only - since last 'clear'.
Software User's Manual – Version 3.0 Delay Measurement Bins A Measurement Bin is a counter that stores the number of delay measurements falling within a specified range during a Measurement Interval. Setting Measurement Bins for FD Measurement Bins for IFDV Measurement Threshold Description Configurable number of Frame Delay Measurement Bins per Measurement Interval. The minimum number of FD Measurement Bins per Measurement Interval supported is 2.
Software User's Manual – Version 3.0 Delay Measurement Bins for FD A Measurement Bin is a counter that stores the number of delay measurements falling within a specified range during a Measurement Interval. Below is the following example: if the measurement threshold is 5000 us and the total number of Measurement Bins is four.
Software User's Manual – Version 3.0 Configuration > ERPS Ethernet Ring Protection Switching ********************************************************************* Spanning-Tree and LLDP must be disabled on the ring ports. MEPs must be created to configure ERPS. Management VLAN 1 cannot be used when configuring ERPS. Please create a new Management VLAN when configuring ERPS. A separate VLAN must be created for RAPS Control Frames.
Software User's Manual – Version 3.0 Virtual Channel Major Ring ID Alarm Sub-rings can either have virtual channel or not on the interconnected node. This is configured using Virtual Channel checkbox. “Yes” indicates it is a sub-ring with virtual channel. “No” indicates sub-ring doesn't have virtual channel. Major ring group ID for the interconnected sub-ring. It is used to send topology change updates on major ring. If ring is major, this value is the same as the protection group ID of this ring.
Software User's Manual – Version 3.0 ERPS Configuration Instance Data Setting ERPS ID Port 0 Port 1 Port 0 SF MEP Port 1 SF MEP Port 0 APS MEP Port 1 APS MEP Ring Type Description The ID of the Protection Group. This is a Port 0 of the switch in the ring. This is a Port 1 of the switch in the ring. The Port 0 Signal Fail reporting MEP instance. The Port 1 Signal Fail reporting MEP instance. The Port 0 APS PDU handling MEP instance. The Port 1 APS PDU handling MEP instance. Type of Protecting ring.
Software User's Manual – Version 3.0 Hold Off Time Version Revertive VLAN config The period of the WTR time can be configured by the operator in 1-minute steps between 5 and 12 minutes with a default value of 1 minutes. The timing value to be used to make persistent checks on Signal Fail before switching. The range of the hold off timer is 0 to 10 seconds in steps of 100 ms. ERPS Protocol Version - v1 or v2.
Software User's Manual – Version 3.0 Instance Command Setting Command Forced Switch Manual Switch Clear Port Description Administrative command. A port can be administratively configured to be in either manual switch or forced switch state. Forced Switch command forces a block on the ring port where the command is issued. In the absence of a failure or FS, Manual Switch command forces a block on the ring port where the command is issued.
Software User's Manual – Version 3.0 Port 0 Block Status Port 1 Block Status FOP Alarm Block status for Port 0 (Both traffic and R-APS block status). R-APS channel is never blocked on sub-rings without virtual channel. Block status for Port 1 (Both traffic and R-APS block status). R-APS channel is never blocked on sub-rings without virtual channel. Failure of Protocol Defect(FOP) status. If FOP is detected, red LED glows; otherwise green LED glows.
Software User's Manual – Version 3.0 Configuration > MAC Table MAC Address Table Configuration The MAC Address Table is configured on this page. Set timeouts for entries in the dynamic MAC Table and configure the static MAC table here. Aging Configuration Setting Disable Automatic Aging Description Disable the automatic aging of dynamic entries by checking Disable automatic aging. Aging Time By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging.
Software User's Manual – Version 3.0 management link is lost and can only be restored by using another non-secure port or by connecting to the switch via the serial interface. Static MAC Table Configuration The static entries in the MAC table are shown in this table. The static MAC table can contain 64 entries. The MAC table is sorted first by VLAN ID and then by MAC address. Setting Delete VLAN ID MAC Address Port Members Description Check to delete the entry. It will be deleted during the next save.
Software User's Manual – Version 3.0 Configuration > VLANs This page allows for controlling VLAN configuration on the switch. The page is divided into a global section and a per-port configuration section. **************************************************************************************************************** Management VLAN 1 cannot be used on Trunk Ports. Please create a new Management VLAN when configuring Trunk Ports.
Software User's Manual – Version 3.
Software User's Manual – Version 3.0 Setting Description The port mode (default is Access) determines the fundamental behavior of the port in question. A port can be in one of three modes as described below. Whenever a particular mode is selected, the remaining fields in that row will be either grayed out or made changeable depending on the mode in question. Grayed out fields show the value that the port will get when the mode is applied. Access: Access ports are normally used to connect to end stations.
Software User's Manual – Version 3.0 Port VLAN Determines the ports VLAN ID (a.k.a. PVID). Allowed VLANs are in the range 1 through 4095. The default being 1. On ingress, frames get classified to the Port VLAN if the port is configured as VLAN unaware, the frame is untagged, or VLAN awareness is enabled on the port, but the frame is priority tagged (VLAN ID = 0). On egress, frames classified to the Port VLAN do not get tagged if Egress Tagging configuration is set to untag Port VLAN.
Software User's Manual – Version 3.0 Note: If the Custom S-port is configured to accept Tagged and Untagged frames (see Ingress Acceptance below), frames with a C-tag are treated like frames with a custom S-tag. If the Custom S-port is configured to accept Untagged Only frames, custom Stagged frames will be discarded (except for priority custom S-tagged frames). C-tagged frames are initially considered untagged and will therefore not be discarded.
Software User's Manual – Version 3.0 The trick is to mark such VLANs as forbidden on the port in question. The syntax is identical to the syntax used in the Enabled VLANs field. By default, the field is left blank, which means that the port may become a member of all possible VLANs.
Software User's Manual – Version 3.0 Configuration > Private VLANs > Membership Private VLAN Membership Configuration The Private VLAN membership configurations for the switch can be monitored and modified here. Private VLANs can be added or deleted here. Port members of each Private VLAN can be added or removed here. Private VLANs are based on the source port mask, and there are no connections to VLANs. This means that VLAN IDs and Private VLAN IDs can be identical.
Software User's Manual – Version 3.0 Configuration > Private VLANs > Port Isolation Port Isolation Configuration This page is used for enabling or disabling port isolation on ports in a Private VLAN. A port member of a VLAN can be isolated to other isolated ports on the same VLAN and Private VLAN. Port Number Factory Default Setting Description Checked Unchecked Port isolation is enabled on that port. Port isolation is disabled on that port.
Software User's Manual – Version 3.0 Configuration > VCL > MAC-based VLAN MAC-Based VLAN Membership Configuration The MAC address to VLAN ID mappings can be configured here. This page allows adding and deleting MAC-based VLAN Classification List entries and assigning the entries to different ports. Setting Delete MAC Address VLAN ID Port Members Description To delete a MAC to VLAN ID mapping entry, check this box and press Save. The entry will be deleted in the stack.
Software User's Manual – Version 3.0 Configuration > VCL > Protocol-based VLAN > Protocol to Group Protocol to Group Mapping Table This page allows you to add new Protocol to Group Name (each protocol can be part of only one Group) mapping entries as well as allowing you to see and delete already mapped entries for the switch. Setting Delete Frame Type Value Description To delete a Protocol to Group Name map entry, check this box. The entry will be deleted from the switch during the next save.
Software User's Manual – Version 3.0 Group Name organization to the protocol running on top of SNAP. In other words, if the value of OUI field is 00-00-00 then the value of PID will be etype (0x0600-0xffff) and if the value of OUI is anything other than 00-00-00 then valid values of PID will be any value between 0x0000 and 0xffff. A valid Group Name is a 16-character long string, unique for every entry, which consists of a combination of alphabets (a-z or A-Z) and integers (0-9).
Software User's Manual – Version 3.0 Configuration > VCL > Protocol-based VLAN > Group to VLAN Group Name to VLAN mapping Table This page allows you to map a Group Name (already configured or to be configured in the future) to a VLAN for the switch. Setting Delete Group Name VLAN ID Port Members Description To delete a Group Name to VLAN mapping, check this box. The entry will be deleted from the switch during the next save.
Software User's Manual – Version 3.0 Configuration > VCL > IP Subnet-based VLAN IP Subnet-based VLAN Membership Configuration The IP subnet to VLAN ID mappings can be configured here. This page allows adding, updating, and deleting IP subnet to VLAN ID mapping entries and assigning them to different ports. Setting Delete IP Address Mask Length VLAN ID Port Members Description To delete a mapping, check this box and press save. The entry will be deleted in the stack.
Software User's Manual – Version 3.0 Configuration > QoS > Port Classification QoS Ingress Port Classification Setting Port CoS DPL PCP Description The port number for which the configuration below applies. Controls the default class of service. All frames are classified to a CoS. There is a one-to-one mapping between CoS, queue, and priority. A CoS of 0 (zero) has the lowest priority. If the port is VLAN aware, the frame is tagged and Tag Class.
Software User's Manual – Version 3.0 DEI Tag Class. DSCP Based Address Mode Controls the default DEI value. All frames are classified to a DEI value. If the port is VLAN aware and the frame is tagged, then the frame is classified to the DEI value in the tag. Otherwise the frame is classified to the default DEI value. Shows the classification mode for tagged frames on this port. Disabled: Use default CoS and DPL for tagged frames. Enabled: Use mapped versions of PCP and DEI for tagged frames.
Software User's Manual – Version 3.0 Configuration > QoS > Port Policing QoS Ingress Port Policers Setting Port Enable Rate Unit Flow Control Description The port number for which the configuration below applies. Enable or disable the port policer for this switch port. Controls the rate for the port policer. This value is restricted to 100-3276700 when unit is kbps or fps, and 1-3276 when unit is Mbps or kfps (kilo-frames per second).
Software User's Manual – Version 3.0 Configuration > QoS > Queue Policing QoS Ingress Queue Policers Setting Port Enable Rate Unit Description The port number for which the configuration below applies. Enable or disable the queue policer for this switch port. Controls the rate for the queue policer. This value is restricted to 100-3276700 when unit is kbps, and 1-3276 when unit is Mbps. The rate is internally rounded up to the nearest value supported by the queue policer.
Software User's Manual – Version 3.0 Configuration > QoS > Port Scheduler QoS Egress Port Schedulers Setting Port Mode QX Description The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers. Shows the scheduling mode for this port. Shows the weight for this queue and port.
Software User's Manual – Version 3.0 Configuration > QoS > Port Shaping QoS Egress Port Shapers Setting Port QX Port Description The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers. Shows "-" for disabled or actual queue shaper rate - e.g. "800 Mbps". Shows "-" for disabled or actual port shaper rate - e.g. "800 Mbps".
Software User's Manual – Version 3.0 Configuration > QoS > Port Tag Remarking QoS Egress Port Tag Remarking Setting Port Mode Description The logical port for the settings contained in the same row. Click on the port number in order to configure tag remarking. Shows the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level.
Software User's Manual – Version 3.0 Configuration > QoS > Port DSCP QoS Port DSCP Configuration Setting Port Ingress Egress Description The Port column shows the list of ports for which you can configure DSCP ingress and egress settings. Translate: To Enable the Ingress Translation click the checkbox. Classify: Classification for a port has 4 different values. 1. Disable: No Ingress DSCP Classification. 2. DSCP=0: Classify if incoming (or translated if enabled) DSCP is 0. 3.
Software User's Manual – Version 3.0 Configuration > QoS > DSCP-Based QoS DSCP-based QoS Ingress Classification ● ● ● Setting DSCP Trust QoS Class DPL Description Maximum number of supported DSCP values are 64. Controls whether a specific DSCP value is trusted. Only frames with trusted DSCP values are mapped to a specific QoS class and Drop Precedence Level. Frames with untrusted DSCP values are treated as a non-IP frame.
Software User's Manual – Version 3.0 Configuration > QoS > DSCP Translation DSCP Translation ● ● ● Setting DSCP Ingress Description Maximum number of supported DSCP values are 64 and valid DSCP value ranges from 0 to 63. Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. Translate: DSCP at Ingress side can be translated to any of (0-63) DSCP values. Classify: Click to enable Classification at Ingress side.
Software User's Manual – Version 3.0 Egress Remap DP0: Select the DSCP value from select menu to which you want to remap. DSCP value ranges from 0 to 63. Remap DP1: Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63.
Software User's Manual – Version 3.0 Configuration > QoS > DSCP Classification DSCP Classification Setting QoS Class DSCP DP0 DSCP DP1 Description Actual QoS class. Select the classified DSCP value (0-63) for Drop Precedence Level 0. Select the classified DSCP value (0-63) for Drop Precedence Level 1.
Software User's Manual – Version 3.0 Configuration > QoS > QoS Control List QoS Control List Configuration This page shows the QoS Control List(QCL) which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch. Click on the lowest plus sign to add a new QCE to the list. You can modify each QCE (QoS Control Entry) in the table using the following buttons: : Inserts a new QCE before the current row. : Edits the QCE. : Moves the QCE up the list.
Software User's Manual – Version 3.0 PCP DEI Frame Type Action Priority Code Point: Valid values of PCP are specific (0, 1, 2, 3, 4, 5, 6, 7) or a range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or 'Any'. Drop Eligible Indicator: Valid value of DEI are 0, 1 or 'Any'. Indicates the type of frame. Possible values are: 1. Any: Match any frame type. 2. Ethernet: Match EtherType frames. 3. LLC: Match (LLC) frames. 4. SNAP: Match (SNAP) frames. 5. IPv4: Match IPv4 frames. 6. IPv6: Match IPv6 frames.
Software User's Manual – Version 3.0 Port Members Check the checkbox button to include the port in the QCL entry. By default all ports are included. Key Parameters Setting DMAC SMAC Tag VID PCP DEI Frame Type Description Destination MAC address. Possible values are Unicast, Multicast, Broadcast or Any. Source MAC address: xx-xx-xx-xx-xx-xx or Any. If a port is configured to match on DMAC/DIP, this field is the Destination MAC address.
Software User's Manual – Version 3.0 Sport: Source TCP/UDP port:(0-65535) or ‘Any’, specific or port range applicable for IP protocol UDP/TCP. Dport: Destination TCP/UDP port:(0-65535) or ‘Any’, specific or port range applicable for IP protocol UDP/TCP. 6. IPv6 Protocol: IP protocol number: (0-255, ‘TCP’ or ‘UDP’) or ‘Any’. Source IP: 32 LS bits of IPv6 source address in value/mask format or ‘Any’. If a port is configured to match on DMAC/DIP, this field is the Destination IP address.
Software User's Manual – Version 3.0 Configuration > QoS > Storm Policing Global Storm Policer Configuration There is a unicast storm policer, multicast storm policer, and a broadcast storm policer. These only affect flooded frames, i.e. frames with a (VLAN ID, DMAC) pair not present in the MAC Address table. Setting Frame Type Enable Rate Unit Description The frame type for which the configuration below applies. Enable or disable the global storm policer for the given frame type.
Software User's Manual – Version 3.0 Configuration > Mirroring Mirroring & Remote Mirroring Configuration Mirroring is a feature for switched port analyzer. The administrator can use the Mirroring to debug network problems. The selected traffic can be mirrored or copied on a destination port where a network analyzer can be attached to analyze the network traffic. Remote Mirroring is an extend function of Mirroring.
Software User's Manual – Version 3.0 Source VLAN(s) Configuration The switch can support VLAN-based Mirroring. If you want to monitor some VLANs on the switch, you can set the selected VLANs on this field. NOTE: The Mirroring session shall have either ports or VLANs as sources, but not both. Port Configuration Setting Port Description The logical port for the settings contained in the same row.
Software User's Manual – Version 3.0 Source Intermediate Destination Select mirror mode. Disabled: Neither frames transmitted nor frames received are mirrored. Both: Frames received and frames transmitted are mirrored on the Intermediate/Destination port. Rx only: Frames received on this port are mirrored on the Intermediate/Destination port. Frames transmitted are not mirrored. Tx only: Frames transmitted on this port are mirrored on the Intermediate/Destination port.
Software User's Manual – Version 3.0 Configuration > GVRP > Global config GVRP Configuration Enable GVRP The GVRP feature is globally enabled by setting the check mark in the checkbox named Enable GVRP and pressing the Save button. Join-time Factory Default Setting Description 1 ~ 20 Join-time is a value in the range of 1-20cs, i.e. in units of one hundredth of a second. 20 Leave-time Factory Default Setting Description 60 ~ 300 Leave-time is a value in the range of 60-300cs, i.e.
Software User's Manual – Version 3.0 Configuration > GVRP > Port config GVRP Port Configuration This configuration can be performed either before or after GVRP is configured globally - the protocol operation will be the same. Setting Port Mode Description The logical port that is to be configured. Mode can be either Disabled or GVRP enabled. These values turn the GVRP feature off or on respectively for the port in question.
Software User's Manual – Version 3.0 Configuration > sFlow This page allows for configuring sFlow. The configuration is divided into two parts: Configuration of the sFlow receiver (a.k.a. sFlow collector) and configuration of per-port flow and counter samplers. sFlow configuration is not persisted to non-volatile memory which means that a reboot will disable sFlow sampling.
Software User's Manual – Version 3.0 If sFlow is configured through SNMP, all controls - except for the Release-button - are disabled to avoid inadvertent reconfiguration. The “Release” button allows for releasing the current owner and disable sFlow sampling. The button is disabled if sFlow is currently unclaimed. If configured through SNMP, the release must be confirmed (a confirmation request will appear).
Software User's Manual – Version 3.0 Port Configuration Setting Port Flow Sampler Enabled Description The port number for which the configuration below applies. Enables/disables flow sampling on this port. The statistical sampling rate for packet sampling. Set to N to sample on average 1/Nth of the packets transmitted/received on Flow Sampler the port. Not all sampling rates are achievable.
Software User's Manual – Version 3.0 Diagnostics Diagnostics > Ping ICMP Ping This page allows you to issue ICMP PING packets to troubleshoot IP connectivity issues. After you press Start, ICMP packets are transmitted, and the sequence number and round trip time are displayed upon reception of a reply. The amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).
Software User's Manual – Version 3.0 Diagnostics > Ping6 ICMPv6 Ping This page allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues. After you press Start, ICMPv6 packets are transmitted, and the sequence number and round trip time are displayed upon reception of a reply. The page refreshes automatically until responses to all packets are received or until a timeout occurs.
Software User's Manual – Version 3.0 Diagnostics > VeriPHY VeriPHY Cable Diagnostics This page is used for running the VeriPHY Cable Diagnostics for 10/100 and 1G copper ports. Press Start to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table.
Software User's Manual – Version 3.0 Maintenance Maintenance > Restart Device Restart Device You can restart the switch on this page. After restart, the switch will boot normally. Click Yes to restart device. Click No to return to the Port State page without restarting.
Software User'Manual – Version 3.0 Software User's Maintenance > Factory Defaults Factory Defaults You can reset the configuration of the switch on this page. Only the IP configuration is retained. The new configuration is available immediately which means that no restart is necessary. Click Yes to reset the configuration to Factory Defaults. Click No to return to the Port State page without resetting the configuration.
Software User'Manual – Version 3.0 Software User's Maintenance > Software > Upload Software Upload This page facilitates an update of the firmware controlling the switch. Chick Choose File to the location of a software image and click Upload. After the software image is uploaded, a page announces that the firmware update is initiated. After about a minute, the firmware is updated and the switch restarts. WARNING: While the firmware is being updated, Web access appears to be defunct.
Software User'Manual – Version 3.0 Software User's Maintenance > Software > Image Select Software Image Selection This page provides information about the active and alternate (backup) firmware images in the device and allows you to revert to the alternate image. NOTE: In case the active firmware image is the alternate image, only the “Active Image” table is shown. In this case, the Activate Alternate Image button is also disabled.
Software User'Manual – Version 3.0 Software User's Maintenance > Configuration > Save startup-config Save Running Configuration to startup-config This copies running-config to startup-config, thereby ensuring that the currently active configuration will be used at the next reboot.
Software User'Manual – Version 3.0 Software User's Maintenance > Configuration > Download Download Configuration It is possible to download any of the files on the switch to the web browser. Select the file and click Download Configuration. running-config: A virtual file that represents the currently active configuration on the switch. This file is volatile. default-config: A read-only file with vendor-specific configuration. This file is read when the system is restored to default settings.
Software User'Manual – Version 3.0 Software User's Maintenance > Configuration > Upload Upload Configuration It is possible to upload a file from the web browser to all the files on the switch, except default-config which is read-only. Select the file to upload, select the destination file on the target, then click Upload Configuration. If the destination is running-config, the file will be applied to the switch configuration.
Software User'Manual – Version 3.0 Software User's Maintenance > Configuration > Activate Activate Configuration It is possible to activate any of the configuration files present on the switch, except for running-config which represents the currently active configuration. Select the file to activate and click Activate Configuration. This will initiate the process of completely replacing the existing configuration with that of the selected file.
Software User'Manual – Version 3.0 Software User's Maintenance > Configuration > Delete Delete Configuration File It is possible to delete any of the writable files stored in flash including startup-config. If this is done and the switch is rebooted without a prior save operation, this effectively resets the switch to default configuration.
