LGB5028A LGB5052A 24 + or 48 + 4-Port Gigabit Managed Switch with SFP+ 10G User’s Manual BLACK BOX The switches provide 24 or 48 ports of Gigabit connectivity plus four 10G ports. Customer Support Information LGB5028A User‘s Manual ® Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S. call 724-746-5500) FREE technical support 24 hours a day, 7 days a week: Call 724-746-5500 or fax 724-746-0746 Mailing address: Black Box Corporation, 1000 Park Drive, Lawrence, PA 15055-1018 Web site: www.
Trademarks Used in this Manual Trademarks Used in this Manual Black Box and the Double Diamond logo are registered trademarks of BB Technologies, Inc. AppleTalk is a registered trademark of Apple Computer, Inc. Intel and Xerox are registered trademarks of Intel Corporation. Microsoft and Internet Explorer are registered trademarks of Microsoft Corporation. Any other trademarks mentioned in this manual are acknowledged to be the property of the trademark owners.
FCC and IC RFI Statements Federal Communications Commission and Industry Canada Radio Frequency Interference Statements This equipment generates, uses, and can radiate radio-frequency energy, and if not installed and used properly, that is, in strict accordance with the manufacturer’s instructions, may cause interference to radio communication.
NOM Statement Instrucciones de Seguridad (Normas Oficiales Mexicanas Electrical Safety Statement) 1. Todas las instrucciones de seguridad y operación deberán ser leídas antes de que el aparato eléctrico sea operado. 2. Las instrucciones de seguridad y operación deberán ser guardadas para referencia futura. 3. Todas las advertencias en el aparato eléctrico y en sus instrucciones de operación deben ser respetadas. 4. Todas las instrucciones de operación y uso deben ser seguidas. 5.
User’s Manual/Safety Instructions- User’s Manual This guide gives specific information on how to operate and use the management functions of the switch. The guide is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
Table of Contents Table of Contents 1. Specifications........................................................................................................................................................................ 11 1.1 Physical Characteristics................................................................................................................................................. 11 1.2 Switch Features..........................................................................................
Table of Contents 6. Configuration ..................................................................................................................................................................... 41 6.1 Port ..................................................................................................................................................................... 41 6.1.1 Configuration...........................................................................................................
Table of Contents 6.9 6.10 6.11 6.12 6.13 6.14 6.15 6.16 6.17 6.18 6.19 6.20 6.21 Filtering Database.....................................................................................................................................................109 6.9.1 Configuration..............................................................................................................................................
Table of Contents 7.2 7.3 7.4 7.5 7.6 7.7 7.8 7.9 7.10 7.11 ARP Inspection.......................................................................................................................................................... 174 7.2.1 Configuration.............................................................................................................................................. 174 7.2.2 Static Table.......................................
Table of Contents Appendix B. Troubleshooting...................................................................................................................................................227 B.1 Basic Troubleshooting Tips........................................................................................................................................227 B.2 Contacting Black Box.........................................................................................................................
Chapter 1: Specifications 1. Specifications 1.
Chapter 1: Specifications 1.4 Standards Standards — IEEE 802.3 10BASE-T Ethernet (twisted-pair copper), IEEEE 802.3u 100BASE-TX Ethernet (twisted-pair copper), IEEE 802.3ab 1000BASE-TX Ethernet (twisted-pair copper), IEEE 802.3z 1000BASE-X Ethernet, IEEE 802.3x Flow Control Capability, ANSI/IEEE 802.3 Auto-negotiation, IEEE 802.1Q VLAN, IEEE 802.1p Class of Service, IEEE 802.1X Access Control, IEEE 802.1D Spanning Tree, IEEE 802.1w Rapid Spanning Tree, IEEE 802.1s Multiple Spanning Tree, IEEE 802.
Chapter 2: Overview 2. Overview 2.1 Introduction The 24 + 4 or 48 + 4 Managed Gigabit Switches with 4 SFP+ 10G are easy-to-implement managed Ethernet switches. Models have 24 or 48 ports of Gigabit Ethernet connectivity plus four 10G ports. These switches deliver more intelligent features to improve the availability of your critical business applications, protect your sensitive information, and optimize your network bandwidth to deliver information and applications more effectively.
Chapter 2: Overview 2.4 Hardware Description 2.4.1 LGB5028A FIgures 2-1 and 2-2 show the front and back panels of the LGB5028A. Table 2-1 describes its components. 6 7 8 9 10 5 25 26 27 28 29 30 1 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 47 48 2 47 3 48 40 50 51 52 4 Figure 2-1. LGB5028A front panel. 11 12 Figure 2-2. LGB5028A back panel. Table 2-1. LGB5028A components.
Chapter 2: Overview 2.4.2 LGB5052A Figures 2-3 and 2-4 show the front and back panels of the LGB5052A. Table 2-2 describes its components. 6 7 8 9 10 5 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 1 25 26 27 28 29 30 2 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 47 48 47 3 48 40 50 51 52 4 Figure 2-3. LGB5052A front panel. 11 12 Figure 2-4. LGB5052A back panel. Table 2-2.
Chapter 3: Operation of Web-Based Management 3. Operation of Web-Based Management The default values of the managed switch are listed in the table below: Table 3-1. Default values for Web-based management. Value Default IP Address 192.168.1.1 Subnet Mask 255.255.255.0 Default 192.168.1.254 Username admin Password Blank (no password) After you configure the managed switch in the CLI via the switch’s serial interface, you can browse it. For instance, type http://192.168.1.
Chapter 3: Operation of Web-Based Management Figure QS-19. The switch’s Web help screen. Figure 3-2. System Information Help screen. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 4: Making Network Connections 4. Making Network Connections 4.1 Connecting Network Devices You can connect the switch to 10-, 100-, or 1000-Mbps network cards in PCs and servers, as well as to other switches and hubs. It may also be connected to remote devices using optional SFP transceivers. Twisted-pair devices Each device requires an unshielded twisted-pair (UTP) cable with RJ-45 connectors at both ends.
Chapter 5: System Configuration 5. System Configuration This chapter describes basic configuration tasks, including system Information and switch management (for example, time, account, IP, syslog, and SNMP). 5.1 System Information After you log in, a default system information screen appears.
Chapter 5: System Configuration BIOS Version: The version of the BIOS in this switch. Firmware Version: The switch’s firmware version. Hardware-Mechanical version: The figure before the hyphen is the version of electronic hardware; the one after the hyphen is the version of mechanical. Serial Number: The serial number is assigned by the manufacturer. Host IP Address: The switch’s IP address. Subnet Mask and Gateway IP Address are listed next.
Chapter 5: System Configuration System Location: The physical location of this node (e.g., telephone closet, 3rd floor). The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126. 5.1.3 CPU Load This page displays the CPU load, using an SVG graph. The load is measured as averaged over the last 100 ms, 1 sec. and 10-second intervals. The last 120 samples are graphed, and the last numbers are displayed as text as well.
Chapter 5: System Configuration Figure 5-4. The Time Configuration screen. Parameter Description Clock Source: Select the clock source for the LGB5028A or LGB5052A. Choose from“Use local Settings” or “Use NTP Server.” Local Time: Show current time of the system. Time Zone Offset: Provide the time zone offset relative to UTC/GMT. The offset is given in minutes east of GMT. The valid range is from -720 to +720 minutes.
Chapter 5: System Configuration Figure 5-5. The NTP Configuration screen. Parameter Description Server 1 to 5: Provide the switch’s NTP IPv4 or IPv6 address. IPv6 address is in 128-bit records represented as eight fields of up to four hexadecimal digits with a colon separating each field (:). For example, “fe80::215:c5ff:fe03:4dc7'’ The symbol “::” is a special syntax that can be used as a shorthand way of representing multiple 16-bit groups of contiguous zeros, but it can only appear once.
Chapter 5: System Configuration Figure 5-6. The Users Account Configuration screen. Parameter Description User Name: The name identifying the user. This is also a link to Add/Edit User. Password: Create the password. The allowed string length is 0 to 255, and the allowed content is the ASCII characters from 32 to 126. Password (again): Confirm the password. You must type the same password again in the field. Privilege Level: Show the privilege level of the user. The allowed range is 1 to 15.
Chapter 5: System Configuration Figure 5-7. The Privilege Level Configuration screen. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 5: System Configuration Parameter Description Group Name: The name identifying the privilege group. In most cases, a privilege level group consists of a single module (for example, LACP, SMTP or QoS), but a few of them contain more than one. The following description defines these privilege level groups in details: System: Contact, Name, Location, Timezone, Log.
Chapter 5: System Configuration Figure 5-8. The IP Configuration screen. Parameter Description DHCP Client: Enable the DHCP client by checking this box. If DHCP fails and the configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP address is non-zero, DHCP will stop and the configured IP settings will be used. The DHCP client will use the configured System Name as hostname to provide DNS lookup. IP Address: Provide the IP address of this switch in dotted decimal notation.
Chapter 5: System Configuration Figure 5-9. The IPv6 Configuration screen. Parameter Description Auto Configuration: Enable IPv6 auto-configuration by checking this box. If this fails, the configured IPv6 address is zero. The router may delay responding to a router solicitation for a few seconds, so the total time needed to complete auto-configuration can be significantly longer. Address: Provide the IPv6 address of this switch.
Chapter 5: System Configuration Figure 5-10. The System Log Configuration screen. Parameter Description Server Mode: Indicates the server mode operation. When the mode operation is enabled, the syslog message will be sent out to the syslog server. The syslog protocol is based on UDP communication and received on UDP Port 514. The syslog server will not send acknowledgments back to the sender since UDP is a connectionless protocol and it does not provide acknowledgments.
Chapter 5: System Configuration Figure 5-11. The System Log Information screen. Parameter Description Auto-refresh: Check the box next to auto-refresh, and the device will refresh the log automatically. The following level types are supported: Information: Information level of the system log. Warning: Warning level of the system log. Error: Error level of the system log. All: All levels. ID: ID (>= 1) of the system log entry. Level: Level of the system log entry. Time: The time of the system log entry.
Chapter 5: System Configuration Figure 5-12. Detailed System Log Information screen. Parameter Description ID: The ID (>= 1) of the system log entry. Message: The detailed message of the system log entry. Upper right icon (Refresh, clear,….): Click one of these buttons to refresh the system log or clear them manual,ly or click on the “>>” or “<<” to go the next/previous page or entry. 5.
Chapter 5: System Configuration Figure 5-13. The SNMP System Configuration screen. Parameter Description These parameters are displayed on the SNMP System Configuration page: SNMP State: SNMP here is used to activate or deactivate SNMP. Enable: Enable SNMP state operation. Disable: Disable SNMP state operation. Default: Enable. Engine ID: SNMPv3 engine ID. (syntax: 0-9,a-f,A-F, min 5 octet, max 32 octet, fifth octet, can't input 00.) If you change the Engine ID, all original users will be cleared. 5.6.
Chapter 5: System Configuration Figure 5-14. The SNMPv1/v2 Communities Security Configuration screen. Parameter Description Delete: Check to delete the entry. It will be deleted during the next save. Community: Indicate the community access string to permit access to SNMPv3 agent. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. The community string will be treated as security name and map a SNMPv1 or SNMPv2c community string.
Chapter 5: System Configuration Figure 5-15. The SNMP Users Configuration screen. Parameter Description Delete: Check to delete the entry. It will be deleted during the next save. User Name: A string identifying the user name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. Security Level: Indicate the security model that this entry should belong to.
Chapter 5: System Configuration Privacy Password: Set a string identifying the privacy password phrase. The allowed string length is 8 to 32, and the allowed content is ASCII characters from 33 to 126. 5.6.4 Groups The function is used to configure SNMPv3 group. The Entry index keys are Security Model and Security Name. To create a new group account, click on the “Add new group” button, enter the group information, then click “Save.” Max Group Number : v1: 2, v2: 2, v3:10.
Chapter 5: System Configuration Security Name: A string identifying the security name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. Group Name: A string identifying the group name that this entry should belong to. The allowed string length is 1 to 32, and the allowed content is ASCII characters from 33 to 126. 5.6.5 Views The function is used to configure SNMPv3 view. The Entry index keys are OID Subtree and View Name.
Chapter 5: System Configuration In general, if a view entry's view type is “excluded,” there should be another view entry existing with view type as “included” and its OID subtree should overstep the “excluded” view entry. OID Subtree: The OID defines the root of the subtree to add to the named view. The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk (*). Save: Click the “Save” icon to save the configuration to ROM. 5.6.
Chapter 5: System Configuration v1: Reserved for SNMPv1. v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). Security Level Indicate the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy. Read View Name: The name of the MIB view defines the MIB objects for which this request may request the current values.
Chapter 5: System Configuration Figure 5-19. The SNMP Trap Host Configuration screen. Parameter Description Delete: Click “Delete,” then click on the “Save” button, and the entry will be deleted. Trap Version: You may choose v1, v2c, or v3 trap. Server IP: To assign the SNMP Host IP address. UDP Port: Assign Port number. Default: 162 Community/Security Name: The length of “Community/Security Name” string is restricted to 1–32.
Chapter 5: System Configuration Security Level There are three kinds of choices. NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy. Authentication Protocol: You can choose MD5 or SHA for authentication. Authentication Password: The length of “MD5 Authentication Password” is restricted to 8–32. The length of “SHA Authentication Password” is restricted to 8–40. Privacy Protocol: You can set DES encryption for UserName.
Chapter 6: Configuration Chapter 6. Configuration This chapter describes all the basic network configuration tasks, including Ports, Layer 2 network protocol (for example, VLANs, QoS, IGMP, ACLs and PoE etc.) and any switch setting. 6.1 Port This section describes how to configure the Port detail parameters of the switch. You can enable or disable the switch’s port, monitor the port’s content, or show the port status. 6.1.
Chapter 6: Configuration Current Link Speed: Provide the current link speed of the port. Configured Link Speed: Select any available link speed for the given switch port. Auto Speed selects the highest speed that is compatible with a link partner. Disabled disables the switch port operation. Flow Control: When Auto Speed is selected on a port, this section indicates the flow control capability that is advertised to the link partner. When a fixed-speed setting is selected, that is what is used.
Chapter 6: Configuration Figure 6-2. The Port Configuration screen. Parameter Description Port: This is the logical port number for this row. Description: Description of device ports (cannot include “ # % & ‘ + \). Buttons Apply: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.1.3 Traffic Overview The section describes the port statistics information and provides an overview of general traffic statistics for all switch ports.
Chapter 6: Configuration Figure 6-3. The Port Statistics Overview screen. Parameter Description Port: The logical port for the settings contained in the same row. Packets: The number of received and transmitted packets per port. Bytes: The number of received and transmitted bytes per port. Errors: The number of frames received in error and the number of incomplete transmissions per port. Drops: The number of frames discarded because of ingress or egress congestion.
Chapter 6: Configuration Figure 6-4. The Detailed Port Statistics Overview screen. Parameter Description Auto-refresh: Click on this box to refresh the port statistics information automatically. Upper left scroll bar: Scroll which port to display the Port statistics with “Port-0”, “Port-1...” Receive Total and Transmit Total Rx and Tx Packets: The number of received and transmitted (good and bad) packets. Rx and Tx Octets: The number of received and transmitted (good and bad) bytes.
Chapter 6: Configuration Rx Jabber: The number of long 2 frames received with invalid CRC. Rx Filtered: Show the number of received frames filtered by the forwarding process. Short frames are frames that are smaller than 64 bytes. Long frames are frames that are longer than the configured maximum frame length for this port. Transmit Error Counters Tx Drops: The number of frames dropped because of output buffer congestion. Tx Late/Exc. Coll.
Chapter 6: Configuration Parameter Description Port: The logical port for the settings contained in the same row. Q(n): Qn is the Queue number, QoS queues per port. Q0 is the lowest priority queue. Rx/Tx: The number of received and transmitted packets per queue. Auto-refresh: Click on auto-refresh to refresh the queuing counters automatically. Upper right icon (Refresh, clear): You can click on these buttons to refresh the queuing counters or clear them manually. 6.1.
Chapter 6: Configuration Vendor SN (Serial Number): Show the serial number assigned by the manufacturer. Date Code: Show the date this SFP module was made. Temperature: Show the current temperature of the SFP module. Vcc: Show the working DC voltage of the SFP module. Mon1 (Bias): Show the bias current of the SFP module. Mon2 (TX PWR): Show the transmit power of the SFP module. Mon3 (RX PWR): Show the receiver power of the SFP module. 6.
Chapter 6: Configuration Figure 6-7. The ACL Ports Configuration screen. Parameter Description Port: The logical port for the settings contained in the same row. Policy ID: Select the policy to apply to this port. The allowed values are 1 through 8. The default value is 1. Action: Select whether forwarding is permitted (“Permit”) or denied (“Deny”). The default value is “Permit.” Rate Limiter ID: Select which rate limiter to apply on this port. The allowed values are “Disabled” or the values 1 through 16.
Chapter 6: Configuration Logging: Specify the logging operation of this port. The allowed values are: Enabled: Frames received on the port are stored in the System Log. Disabled: Frames received on the port are not logged. The default value is “Disabled.” NOTE: The system log memory size and logging rate is limited. Shutdown: Specify the shutdown operation of this port. The allowed values are: Enabled: If a frame is received on the port, the port will be disabled. Disabled: Port shut down is disabled.
Chapter 6: Configuration Figure 6-8. The ACL Rate Limiter Configuration screen. Parameter Description Rate Limiter ID: The rate limiter ID for the settings contained in the same row. Rate: The allowed values are: 0–3276700 in pps or 0, 100, 200, 300, ..., 1000000 in kbps. Unit: Specify the rate unit. The allowed values are: pps: packets per second. kbps: Kilobits per second. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.2.
Chapter 6: Configuration Web Interface To configure Access Control List in the Web interface: 1. Click “Configuration,” “ACE,” then “Configuration.” 2. Click the button to add a new ACE, or use the other ACE modification buttons to specify the editing action (that is, edit, delete, or move the relative position of entry in the list). 3. Specify the parameter of the ACE. 4. Click on the “Save” button to save the setting. 5. If you want to cancel the setting, click on the “Reset” button.
Chapter 6: Configuration Frame Type: Indicate the frame type of the ACE. Possible values are: Any: The ACE will match any frame type. Ethernet Type: The ACE will match Ethernet Type frames. NOTE: An Ethernet-type-based ACE will not get matched by IP and ARP frames. ARP: The ACE will match ARP/RARP frames. IPv4: The ACE will match all IPv4 frames. Action: Indicate the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped.
Chapter 6: Configuration MAC Parameters: SMAC Filter: (Only display when the frame type is Ethernet Type or ARP.) Specify the source MAC filter for this ACE. Any: No SMAC filter is specified. (SMAC filter status is “don't-care.”) Specific: If you want to filter a specific source MAC address with this ACE, choose this value. A field for entering an SMAC value appears. SMAC Value: When “Specific” is selected for the SMAC filter, you can enter a specific source MAC address.
Chapter 6: Configuration Figure 6-10. The ACL Status screen. Parameter Description User: Indicate the ACL user. Ingress Port: Indicate the ingress port of the ACE. Possible values are: Any: The ACE will match any ingress port. Policy: The ACE will match ingress ports with a specific policy. Port: The ACE will match a specific ingress port. Frame Type: Indicate the frame type of the ACE. Possible values are: Any: The ACE will match any frame type. EType: The ACE will match Ethernet Type frames.
Chapter 6: Configuration Conflict: Indicate the hardware status of the specific ACE. The specific ACE is not applied to the hardware because of hardware limitations. Auto-refresh: Click on this button to refresh the information automatically. Upper right icon (Refresh): Click to refresh the ACL status information manually. 6.3 Aggregation The aggregation is used to configure the Link Aggregation settings.
Chapter 6: Configuration Figure 6-11. The Aggregation Mode Configuration screen. Parameter Description Hash Code Contributors Source MAC Address: The Source MAC address can be used to calculate the destination port for the frame. Check to enable the use of the Source MAC address, or uncheck to disable. By default, Source MAC Address is enabled. Destination MAC Address: The Destination MAC Address can be used to calculate the destination port for the frame.
Chapter 6: Configuration Port Members: Each switch port is listed for each group ID. Select a radio button to include a port in an aggregation, or clear the radio button to remove the port from the aggregation. By default, no ports belong to any aggregation group. Only fullduplex ports can join an aggregation and ports must be in the same speed in each group. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.3.
Chapter 6: Configuration Figure 6-12. The LACP Port Configuration screen. Parameter Description Port: The switch port number. LACP Enabled: Click to enable LACP on this switch port. LACP will form an aggregation when two or more ports are connected to the same partner. LACP can form a maximum of 12 LLAGs per switch and 2 GLAGs. Key: The Key value incurred by the port, range 1–65535 . The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3.
Chapter 6: Configuration Reset: Click to undo any changes made locally and revert to previously saved values. System Status When you set the LACP function on the switch, system status provides a status overview for all LACP instances. Web Interface To display the LACP System status in the Web interface: 1. Click “Configuration,” “LACP,” “System Status.” 2. If you want to auto-refresh the information, click on the “Auto-refresh” button. 3. Click “Refresh” to refresh the LACP System Status. Figure 6-13.
Chapter 6: Configuration Figure 6-14. The LACP Status screen. Parameter Description Port: The switch port number. LACP: “Yes” means that LACP is enabled and the port link is up. “No” means that LACP is not enabled or that the port link is down. “Backup” means that the port could not join the aggregation group but will join if another port leaves. Meanwhile, its LACP status is disabled. Key: The key assigned to this port. Only ports with the same key can aggregate together.
Chapter 6: Configuration Partner System ID: The partner's system ID (MAC address). Partner Port: The partner's port number connected to this port. Auto-refresh: Check this box to auto-refresh to refresh the information automatically. Upper right icon (Refresh): Click this button to refresh the LACP port status information manually. Port Statistics After you set the LACP function on the switch, it provides a Port Statistics overview for all LACP instances.
Chapter 6: Configuration Parameter Description Port: The switch port number. LACP Received: Shows how many LACP frames have been received at each port. LACP Transmitted: Shows how many LACP frames have been sent from each port. Discarded: Shows how many unknown or illegal LACP frames have been discarded at each port. Auto-refresh: Check this box to auto-refresh to refresh the information automatically.
Chapter 6: Configuration 4. Click the “Save” button to save the setting. 5 .If you want to cancel the setting, click the “Reset” button. It will revert to previously saved values. Figure 6-17. The STP Bridge Configuration screen. Parameter Description Basic Settings Protocol Version: Show the STP protocol version setting. Valid values are STP, RSTP, and MSTP. Bridge Priority: Control the bridge priority. Lower numeric values have better priority.
Chapter 6: Configuration Port Error Recovery: Control whether a port in the error-disabled state automatically will be enabled after a certain time. If recovery is not enabled, ports have to be disabled and re-enabled for normal STP operation. The condition is also cleared by a system reboot. Port Error Recovery Timeout: The time to pass before a port in the error-disabled state can be enabled. Valid values are between 30 and 86400 seconds (24 hours). Buttons: Save: Click to save changes.
Chapter 6: Configuration Parameter Description Configuration Identification Configuration Name: The name identifying the VLAN to MSTI mapping. Bridges must share the name and revision, as well as the VLAN-to-MSTI mapping configuration to share spanning trees for MSTIs (Intra-region). The name must be less than 32 characters long. Configuration Revision: The revision of the MSTI configuration named above. This must be an integer between 0 and 65535. MSTI Mapping MSTI: Show the bridge instance.
Chapter 6: Configuration Figure 6-19. The MSTI Configuration screen. Parameter description: MSTI: Show the bridge instance. The CIST is the default instance (always active). Priority: Control the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch, forms a Bridge Identifier. Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values.
Chapter 6: Configuration Figure 6-20. The STP CIST Port Configuration screen. Page 68 724-746-5500 | blackbox.
Chapter 6: Configuration Parameter Description Port: The switch port number of the logical STP port. STP Enabled: Control whether STP is enabled on this switch port. Path Cost: Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, you can enter a user-defined value. The path cost is used when establishing the active topology of the network.
Chapter 6: Configuration Web Interface To configure the Spanning Tree MSTI Port Configuration parameters in the Web interface: 1. Click “Configuration,” “Spanning Tree,” “MSTI Ports.” 2. Scroll to select the MST1 or other MSTI Port. 3. Click “Get” to set the detail parameters of the MSTI Ports. 4. Scroll to set all parameters of the MSTI Port configuration. 5. Click “Save” to save the setting. 6. To cancel the setting, click the “Reset” button. It will revert to previously saved values. Figure 6-21.
Chapter 6: Configuration Parameter Description Port: The switch port number of the corresponding STP CIST (and MSTI) port. Path Cost: Control the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the “Specific” setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network.
Chapter 6: Configuration Buttons Auto-refresh: Check this box to refresh the information automatically. Upper right icon (Refresh): Click on this button to refresh the STP Bridges status information manually. 6.4.7 Port Status After you complete the STP configuration, you could request that the switch display the STP Port Status. The section explains how to display the STP CIST port status for physical ports of the currently selected switch.
Chapter 6: Configuration Parameter Description Port: The switch port number of the logical STP port. CIST Role: Show the current STP port role of the CIST port. The port role can be one of the following values: AlternatePort, Backup Port, RootPort, DesignatedPort Disabled. CIST State: Show the current STP port state of the CIST port. The port state can be one of the following values: Blocking Learning Forwarding. Uptime: The time since the bridge port was last initialized.
Chapter 6: Configuration 6.5 IGMP Snooping The function is used to enable the multicast groups to forward the multicast packet to the member ports, saving bandwidth while IP multicast packets are running over the network. This is because a switch that does not support IGMP or IGMP snooping can not distinguish the multicast packet from the broadcast packet, so it can only treat every packet as a broadcast packet.
Chapter 6: Configuration Figure 6-25. The IGMP Snooping Configuration screen. Figure 6-26. The ICMP Snooping Configuration screen closeup. Parameter description: Snooping Enabled: Enable Global IGMP Snooping. Unregistered IPMCv4 Flooding Enabled: Enable unregistered IPMCv4 traffic flooding. IGMP SSM Range: SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers to run the SSM service model for the groups in the address range. Format: (IP address/sub mask).
Chapter 6: Configuration Proxy Enabled: Enable IGMP Proxy. This feature can be used to avoid forwarding unnecessary join and leave messages to the router side. Port: Shows the physical port index of the switch. Router Port: Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or IGMP querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port.
Chapter 6: Configuration IGMP Querier: A router sends IGMP query messages onto a particular link. This router is called the querier. Enable the IGMP querier in the VLAN. Compatibility: Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of IGMP operating on hosts and routers within a network. The allowed selection is IGMP-Auto, Forced IGMPv1, Forced IGMPv2, Forced IGMPv3; default compatibility value is IGMP-Auto. Rv: Show Robustness Variable.
Chapter 6: Configuration 4. Click “Save” to save the setting. 5. To cancel the setting, click the “Reset” button. It will revert to previously saved values. Figure 6-28. The IGMP Snooping Port Group Filtering Configuration screen. Parameter Description Delete: Click to delete the entry. It will be deleted during the next save. Port: To select the port, enable the IGMP Snooping Port Group Filtering function. Filtering Groups: The IP Multicast Group that will be filtered.
Chapter 6: Configuration Figure 6-29. The IGMP Snooping Status screen. Parameter Description VLAN ID: The VLAN ID of the entry. Querier Version: Working Querier Version currently. Host Version: Working Host Version currently. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 6: Configuration Querier Status: Show the querier status is “ACTIVE” or “IDLE.” Queries Transmitted: The number of transmitted queries. Queries Received: The number of received queries. V1 Reports Received: The number of received V1 reports. V2 Reports Received: The number of received V2 reports. V3 Reports Received: The number of received V3 reports. V2 Leaves Received: The number of received V2 leaves. Auto-refresh: Check the auto-refresh box and the device will refresh the log automatically.
Chapter 6: Configuration Port Members: Ports under this group. Auto-refresh: Check the box next to auto-refresh and the device will refresh the log automatically. Upper right icon (Refresh, <<, >> ): Click the “Refresh” button to refresh the IGMP Group Status manually, or use the “<<” and “ >>” to go to the next/previous page or entry. 6.5.6 IPv4 SSM Information Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many applications, also known as broadcast applications.
Chapter 6: Configuration The switch will use the last entry of the currently displayed table as a basis for the next lookup. When the end is reached, the text “No more entries” is shown in the displayed table. Use the button to start over. IGMPv3 Information Table Columns VLAN ID: VLAN ID of the group. Group: Group address of the group displayed. Port No.: Switch port number. Mode: Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis.
Chapter 6: Configuration Listener (MLD host) Switch Figure 6-32. MLD snooping enabled. 6.6.1 Basic Configuration The section explains how to configure the MLD Snooping basic configuration and the parameters. Web Interface To configure the MLD Snooping Configuration in the Web interface: 1. Click “Configuration,” “MLD Snooping,” “Basic Configuration.” 2. Enable or disable the Global configuration parameters. Enable the port to join Router port and Fast Leave. 3.
Chapter 6: Configuration Figure 6-33. The MLD Snooping Basic Configuration screen. Page 84 724-746-5500 | blackbox.
Chapter 6: Configuration Parameter Description Snooping Enabled: Enable the Global MLD Snooping. Unregistered IPMCv6 Flooding enabled: Enable unregistered IPMCv6 traffic flooding. NOTE: Disabling unregistered IPMCv6 traffic flooding may lead to failure of Neighbor Discovery. MLD SSM Range: SSM (Source-Specific Multicast) Range enables the SSM-aware hosts and routers to run the SSM service model for the groups in the address (Using IPv6 Address) range. Proxy Enabled: Enable MLD Proxy.
Chapter 6: Configuration Snooping Enabled: Enable the per-VLAN MLD Snooping. Select up to 32 VLANs. MLD Querier: A router sends MLD Query messages onto a particular link. This router is called the querier. Enable the MLD querier in the VLAN. Compatibility: Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network. Select from MLD-Auto, Forced MLDv1, Forced MLDv2,. The default compatibility value is MLD-Auto.
Chapter 6: Configuration Figure 6-35. The MLD Snooping Port Group Filtering Configuration screen. Parameter Description Delete: Check to delete the entry. It will be deleted during the next save. Port: Show the logical port for the settings. Choose the port you want to join a filtering group. Filtering Groups: The IP Multicast Group that will be filtered. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.6.
Chapter 6: Configuration Figure 6-36. The MLD Snooping Status screen. Parameter Description VLAN ID: The VLAN ID of the entry. Querier Version: Currently working querier version. Host Version: Currenlty working host version. Querier Status: Show the querier status as “ACTIVE” or “IDLE.” Queries Transmitted: The number of transmitted queries. Queries Received: The number of received queries. Page 88 724-746-5500 | blackbox.
Chapter 6: Configuration V1 Reports Received: The number of received V1 reports. V2 Reports Received: The number of received V2 reports. V1 Leaves Received: The number of received V1 leaves. Auto-refresh: Check this box and the device will refresh the log automatically. Upper right icon (Refresh, <<, >> ): You can click the “Refresh” button to manually refresh the IGMP Group Status. Use the “<<” and “>>” buttons to go to the next/previous page or entry. 6.6.
Chapter 6: Configuration Upper right icon (Refresh, <<, >> ): Click on the “Refresh” icon to manually refresh the IGMP Group Status; use the “<<” and “ >>” keys to go to the next/previous page or entry.. 6.6.6 IPv6 SSM Information The section explains how to configure the Entries in the MLDv2 Information Table shown on this page. The MLDv2 Information Table is sorted first by VLAN ID, then by group, and then by Port No.
Chapter 6: Configuration 6.7 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLAN. In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. When a subscriber selects a channel, the set-top box or PC sends an IGMP join message to Switch A to join the appropriate multicast.
Chapter 6: Configuration Figure 6-39. The MVR Configuration screen. Parameter Description MVR Mode: Enable/Disable the Global MVR. VLAN ID: Specify the Multicast VLAN ID. Port: The physical switch port. Mode: Enable MVR on the port. Type: Specify the MVR port type on the port. Immediate Leave: Enable the fast leave on the port. Page 92 724-746-5500 | blackbox.
Chapter 6: Configuration Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.7.2 Groups Information The section describes how to display the MVR Groups detail information on the switch. Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID and then by group. Web Interface To display the MVR Groups Information in the Web interface: 1. Click “Configuration,” “MVR,” “Groups Information.” 2.
Chapter 6: Configuration Figure 6-40. The MVR Statistics Information. Parameter Description VLAN ID: The Multicast VLAN ID. V1 Reports Received: The number of received V1 reports. V2 Reports Received: The number of received V2 reports. V3 Reports Received: The number of received V3 reports. V2 Leaves Received: The number of received V2 leaves. Auto-refresh: Check the box next to “Auto-refresh” to refresh the information automatically.
Chapter 6: Configuration Figure 6-41. The LLDP Configuration screen. Parameter Description LLDP Parameters Tx Interval: The switch periodically transmits LLDP frames to its neighbors to update the network discovery information. The interval between each LLDP frame is determined by the Tx Interval value. Valid values are restricted to 5–32768 seconds. Tx Hold: Each LLDP frame contains information about how long the information in the LLDP frame is considered valid.
Chapter 6: Configuration Tx Reinit: When a port is disabled, LLDP is disabled, or the switch is rebooted, an LLDP shutdown frame is transmitted to the neighboring units, signaling that the LLDP information isn't valid anymore. Tx Reinit controls the amount of seconds between the shutdown frame and a new LLDP initialization. Valid values are restricted to 1–10 seconds. LLDP Port Configuration The LLDP port settings relate to the currently selected port, as reflected by the page header.
Chapter 6: Configuration 6.8.2 LLDP Neighbors This page provides a status overview for all LLDP neighbors. The displayed table contains a row for each port on which an LLDP neighbor is detected. The columns hold the following information: Web Interface To show LLDP neighbors: 1. Click “LLDP Neighbors.” 2. Click “Refresh” for manual update Web screen. 3. Click “Auto-refresh” for auto-update Web screen. Figure 6-42. The LLDP Neighbor Information screen.
Chapter 6: Configuration Management Address: Management Address is the neighbor unit's address that is used for higher layer entities to assist discovery by the network management. For example, this could hold the neighbor’s IP address. Auto-refresh: Check the box to auto-refresh the device information. Upper right icon (Refresh): Click this button to refresh the LLDP Neighbors information manually. 6.8.
Chapter 6: Configuration Figure 6-43. The LLDP-MED Configuration screen. Figure 6-44. Add New Policy screen. Parameter Description Fast start repeat count: Rapid startup and emergency call service location identification discovery of endpoints is a critically important aspect of VoIP systems in general. Advertise only the information that is specifically relevant to particular endpoint types (for example, only advertise the voice network policy to permitted voice-capable devices).
Chapter 6: Configuration LLDP-MED defines an LLDP-MED Fast Start interaction between the protocol and the application layers on top of the protocol so it can achieve these related properties. Initially, a network connectivity device will only transmit LLDP TLVs in an LLDPDU. Only after an LLDP-MED endpoint device is detected, will an LLDP-MED capable network connectivity device start to advertise LLDPMED TLVs in outgoing LLDPDUs on the associated port.
Chapter 6: Configuration Leading street direction: Leading street direction—Example: N. Trailing street suffix: Trailing street suffix—Example: SW. Street suffix: Street suffix—Example: Ave, Platz. House no.: House number—Example: 21. House no. suffix: House number suffix—Example: A, 1/2. Landmark: Landmark or vanity address—Example: Columbia University. Additional location info: Additional location info—Example: South Wing. Name: Name (residence and office occupant)—Example: Flemming Jahn.
Chapter 6: Configuration 5. Streaming Video 6. Control/Signalling (conditionally support a separate network policy for the media types above) A large network may support multiple VoIP policies across the entire organization, and different policies per application type. LLDP-MED allows multiple policies to be advertised per port, each corresponding to a different application type.
Chapter 6: Configuration Tagged indicates that the device is using the IEEE 802.1Q tagged frame format, and that both the VLAN ID and the Layer 2 priority values are being used, as well as the DSCP value. The tagged format includes an additional field, known as the tag header. The tagged frame format also includes priority tagged frames as defined by IEEE 802.1Q-2003. VLAN ID: VLAN identifier (VID) for the port as defined in IEEE 802.1Q-2003.
Chapter 6: Configuration Device Type: LLDP-MED devices are comprised of two primary device types: network connectivity devices and endpoint devices. LLDP-MED network connectivity device definition: LLDP-MED network connectivity devices, as defined in TIA-1057, provide access to the IEEE 802 based LAN infrastructure for LLDP-MED endpoint devices. An LLDP-MED network connectivity device is a LAN access device based on any of the following technologies: 1. LAN switch/router 2. IEEE 802.1 bridge 3. IEEE 802.
Chapter 6: Configuration 1. LLDP-MED capabilities 2. Network policy 3. Location identification 4. Extended power via MDI—PSE 5. Extended power via MDI—PD 6. Inventory 7. Reserved Application Type: Application type indicates the primary function of the application(s) defined for this network policy, advertised by an endpoint or network connectivity device. The possible application types are shown below. 1.
Chapter 6: Configuration DSCP: DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474. Contain one of 64 code point values (0 through 63). 6.8.5 EEE You can use Energy Efficient Ethernet (EEE) to save power, but this will decrease traffic latency. Latency decreases because the circuits EEE turn off to save power, and then need time to boot up before sending traffic over the link. This time is called “wakeup time.
Chapter 6: Configuration Resolved Rx Tw: The resolved Rx Tw for this link. NOTE: This is NOT the link partner. The resolved value that is the actual "tx wakeup time” and used for this link (based on EEE information exchanged via LLDP). Auto-refresh: Check the box next to “auto-refresh,” and the device will refresh the information automatically. Upper right icon (Refresh): Click on this button to refresh the LLDP Neighbors information manually. 6.8.6 Port Statistics Two types of counters are shown.
Chapter 6: Configuration Figure 6-47. The LLDP Port Statistics Information screen. Parameter Description Global Counters Neighbor entries were last changed: Shows the time when the last entry was last deleted or added. It also shows the time elapsed since the last change was detected. Total Neighbors Entries Added: Shows the number of new entries added since switch reboot. Total Neighbors Entries Deleted: Shows the number of new entries deleted since switch reboot.
Chapter 6: Configuration Total Neighbors Entries Aged Out: Shows the number of entries deleted because time-to-live expired. Local Counters The displayed table contains a row for each port. The columns hold the following information: Local Port: The port on which LLDP frames are received or transmitted. Tx Frames: The number of LLDP frames transmitted on the port. Rx Frames: The number of LLDP frames received on the port. Rx Errors: The number of received LLDP frames containing an error.
Chapter 6: Configuration MAC Table Learning 1. Click “Configuration.” 2. Specify the Port Members (“Auto,” “Disable,”“Secure”). 3. Click “Save.” Static MAC Table Configuration 1. Click “Configuration” and “Add new Static entry.” 2. Specify the VLAN IP and MAC address, Port Members. 3. Click “Save.” Figure 6-48. The MAC Address Table Configuration. Parameter Description Aging Configuration By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging.
Chapter 6: Configuration Auto: Learning occurs automatically as soon as a frame with unknown SMAC is received. Disable: No learning occurs. Secure: Only static MAC entries are learned, all other frames are dropped. NOTE: Make sure that the link used for managing the switch is added to the static MAC table before changing to secure learning mode; otherwise the management link is lost and can only be restored by using another non-secure port or by connecting to the switch via the serial interface.
Chapter 6: Configuration Parameter Description MAC Table Columns Type: Indicates whether the entry is a static or a dynamic entry. VLAN: The VLAN ID of the entry. MAC Address: The MAC address of the entry. Port Members: The ports that are members of the entry. Auto-refresh: Check the box next to auto-refresh and the device will refresh the information automatically.
Chapter 6: Configuration Figure 6-50. The VLAN Membership Configuration screen. Parameter Description Delete: To delete a VLAN entry, check this box. The entry will be deleted on the selected switch. If none of the ports of this switch are members of a VLAN, then the delete checkbox will be grayed out (you cannot delete that entry during the next save). VLAN ID: Indicate the ID of this particular VLAN. VLAN Name: Indicate the name of VLAN. VLAN Name can only contain alphabets or numbers.
Chapter 6: Configuration 6.10.2 Ports In VLAN Tag Rule Setting, users can input VID numbers 1–4094 to each port. Users can also choose ingress filtering rules for each port. There are two ingress filtering rules that can be applied to the switch. The ingress filtering rule 1 is “forward only packets with VID matching this port’s configured VID.” The ingress filtering rule 2 is “drop untagged frame.” You can also select the role of each port as “Access,” “Trunk,” or “Hybrid.
Chapter 6: Configuration Figure 6-51. The VLAN Port Configuration screen. Parameter Description Ethertype for Custom S-ports: This field specifies the Ethertype used for Custom S-ports. This is a global setting for all the Custom S-ports. Custom Ethertype enables the user to change the Ethertype value on a port to any value to support network devices that do not use the standard 0x8100 Ethertype field value on 802.1Q-tagged or 802.1p-tagged frames. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 6: Configuration Port: This is the logical port number of this row. Port Type: Port can be one of the following types: “Unaware,” “Customer port (C-port),” “Service port (S-port),” “Custom Service port (S-custom-port).” If port type is “Unaware,” all frames are classified to the Port VLAN ID and tags are not removed. Ingress Filtering: Enable ingress filtering on a port by checking the box. This parameter affects VLAN ingress processing.
Chapter 6: Configuration Parameter Description VLAN USER (You can scroll to select a VLAN user as described next.) VLAN user module uses services of the VLAN management functionality to configure VLAN memberships and VLAN port configurations such as PVID and UVID. The switch supports the following VLAN user types: Web/SNMP: These are referred to as static. NAS: NAS provides port-based authentication, which involves communications between a supplicant, authenticator, and an authentication server.
Chapter 6: Configuration Figure 6-53. The VLAN Port Status for Static User screen. Parameter Description Port: The logical port for the settings contained in the same row. PVID: Show the VLAN identifier for that port. The allowed values are 1 through 4095. The default value is 1. Port Type: Show the port type. Port type can be “Unaware,” “C-port,” “S-port,” “Custom S-port.” If port type is “Unaware,” all frames are classified to the port VLAN ID and tags are not removed.
Chapter 6: Configuration Frame Type: Show whether the port accepts all frames or only tagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on that port are discarded. Tx Tag: Show egress filtering frame status whether tagged or untagged. UVID: Show UVID (untagged VLAN ID). A port's UVID determines the packet's behavior at the egress side. Conflicts: Shows status of conflicts, whether they exist or not.
Chapter 6: Configuration Parameter Description Port Members: A checkbox is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.10.
Chapter 6: Configuration Figure 6-55. MAC-Based VLAN Membership Configuration screen. Parameter Description Delete: To delete a MAC-based VLAN entry, check this box and press “Save.” The entry will be deleted on the selected switch. MAC Address: Indicate the MAC address. VLAN ID: Indicate the VLAN ID. Port Members: A row of checkboxes for each port is displayed for each MAC-based VLAN entry. To include a port in a MACbased VLAN, check the box.
Chapter 6: Configuration 3. Display MAC-based information. Figure 6-56. The MAC-Based VLAN Membership Configuration for User Static screen. Parameter Description MAC Address: Indicate the MAC address. VLAN ID: Indicate the VLAN ID. Port Members: Port members of the MAC-based VLAN entry. Auto-refresh: Check this box and the device will refresh the information automatically. Upper right icon (Refresh): Click on this icon to refresh the MAC-based VLAN Membership information manually. 6.10.
Chapter 6: Configuration Figure 6-57. The Protocol to Group Mapping Table screen. Parameter Description Delete: To delete a Protocol to Group Name map entry, click on the “Delete” button. The entry will be deleted on the switch during the next save. Frame Type: Frame Type can have one of the following values: 1. Ethernet 2. LLC 3. SNAP NOTE: On changing the Frame type field, the valid value of the following text field will vary depending on the new frame type you selected.
Chapter 6: Configuration b. PID: If the OUI is hexadecimal 000000, the protocol ID is the Ethernet type (EtherType) field value for the protocol running on top of SNAP; if the OUI is an OUI for a particular organization, the protocol ID is a value assigned by that organization to the protocol running on top of SNAP.
Chapter 6: Configuration Parameter Description Delete: To delete a Group Name to VLAN map entry, check this box. The entry will be deleted on the switch during the next save. Group Name: A valid group name is a string of up to 16 characters that consists of a combination of letters (a–z or A–Z) and numbers (0–9). No special characters are allowed.
Chapter 6: Configuration Figure 6-59. The Voice VLAN Configuration screen. Parameter Description Mode: Indicate the Voice VLAN operation mode. You must disable the MSTP feature before you enable Voice VLAN to prevent an ingress filtering conflict. Possible modes are: Enabled: Enable Voice VLAN mode operation. Disabled: Disable Voice VLAN mode operation. Page 126 724-746-5500 | blackbox.
Chapter 6: Configuration VLAN ID: Indicate the Voice VLAN ID. It should be a unique VLAN ID in the system and cannot equal each port’s PVID. It is a conflict in configuration if the value equals management VID, MVR VID, PVID etc. The allowed range is 1 to 4095. Aging Time: Indicate the Voice VLAN secure learning aging time. The allowed range is 10 to 10000000 seconds. It is used when security mode or auto detect mode is enabled. In other cases, it will be based on hardware aging time.
Chapter 6: Configuration Figure 6-60. The Voice VLAN OUI Table screen. Parameter Description Delete: Check to delete the entry. It will be deleted during the next save. Telephony OUI: A telephony OUI address is a globally unique identifier assigned to a vendor by IEEE. It must be 6 characters long and the input format is “xx-xx-xx” (x is a hexadecimal digit). Description: Show the description of OUI address. Normally, it describes which vendor telephony device it belongs to.
Chapter 6: Configuration 6.12.1 Configuration This page allows you to configure the basic GARP Configuration settings for all switch ports. The settings relate to the currently selected unit, as reflected by the page header. Web Interface To configure GARP Port Configuration in the Web interface: 1. Click “GARP configure.” 2. Specify GARP configuration parameters. 3. Click “Save.” Figure 6-61. The GARP Port Configuration screen.
Chapter 6: Configuration Three different timers can be configured on this page: Join Timer: The default value for Join timer is 200 ms. Leave Timer: The range of values for “Leave Timer” is 600–1000 ms. The default value for leave timer is 600 ms. Leave All Timer: The default value for Leave All Timer is 10000 ms. Application: Currently, the only supported application is GVRP. Attribute Type: Currently only supported attribute type is VLAN.
Chapter 6: Configuration Figure 6-62. The GARP Port Statistics screen. Parameter Description Port: The Port column shows the list of all ports for which per-port GARP statistics are shown. Peer MAC: Peer MAC is the MAC address of the neighbor switch from which the GARP frame is received. Failed Count: Number of failed frames. Auto-refresh: Check this box and the device will refresh the information automatically.
Chapter 6: Configuration Web Interface To configure GVRP Port Configuration in the Web interface: 1. Click “GVRP configure.” 2. Specify GVRP configuration parameters. 3. Click “Save.” Figure 6-63. The GVRP Global Configuration screen. GVRP Mode: To enable the GVRP globally, select “Enable” from the menu. To disable GVRP globally, select “Disable.” Port: The Port column shows the list of ports for which you can configure per-port GVRP settings.
Chapter 6: Configuration 1. GVRP Mode This configuration enables/disables GVRP Mode on a particular port locally. • Disable: Select to disable GVRP mode on this port. • Enable: Select to enable GVRP mode on this port. The default value of configuration is disable. 2. GVRP rrole This configuration is used to configure restricted role on an interface. • Disable: Select to disable GVRP rrole on this port. • Enable: Select to enable GVRP rrole on this port. The default configuration is disable.
Chapter 6: Configuration Figure 6-64. The GVRP Port Statistics screen. Parameter Description Port: The Port column shows the list of ports for which you can see port counters and statistics. Join Tx Count: Number of Join TX frames. Leave Tx Count: Number of Leave TX frames. Auto-refresh: Click on this box to refresh the information automatically. Upper right icon (Refresh): Click on this button to refresh the GVRP Port Statistics information manually. 6.
Chapter 6: Configuration 2. Scroll to select QoS class, DP level, PCP, and DEI parameters. 3. Click on “Save” to save the setting. 4. To cancel the setting, click the “Reset” button. It will revert to previously saved values. Figure 6-65. The QoS Configuration screen. Parameter Description Port: The port number for which configuration below applies. QoS class: Controls the default QoS class, that is, the QoS class for frames not classified in any other way.
Chapter 6: Configuration Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. NOTES: DP level: Every incoming frame is classified to a Drop Precedence level (DP level), which is used throughout the device for providing congestion control guarantees to the frame according to what was configured for that specific DP level. PCP: PCP is an acronym for Priority Code Point. It is a 3-bit field storing the priority level for the 802.1Q frame.
Chapter 6: Configuration Figure 6-66. The QoS Ingress Port Policers Configuration screen. Parameter Description Port: The logical port for the settings contained in the same row. Click on the port number to configure the schedulers. Mode: Check the box next to the port that you need to enable the QoS Ingress Port Policers function. Rate: Set the Rate limit value for this port. The default is 500. Unit: Scroll to select the rate unit from kbps, Mbps, fps and kfps. The default is kbps.
Chapter 6: Configuration 6.14.3 Port Scheduler This section provides an overview of QoS Egress Port Schedulers for all switch ports. The ports belong to the currently selected unit, as reflected by the page header. Web Interface To display the QoS port schedulers in the Web interface: 1. Click “Configuration,” “QoS,” “Port Schedulers.” 2. Display the QoS egress port schedulers. Page 138 724-746-5500 | blackbox.
Chapter 6: Configuration Click the port index to set the QoS egress port schedulers. Figure 6-67. The QoS Egress Port Scheduler screen. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 6: Configuration If you select the scheduler mode with weighted, then the screen will change as shown in this figure. Figure 6-68. QoS Egress Port Scheduler and Shapers Port 1 screen. Parameter Description Port: The logical port for the settings contained in the same row. Click on the port number to configure the schedulers. Mode: Show the scheduling mode for this port. Weight (Qn): Show the weight for this queue and port.
Chapter 6: Configuration Queue Scheduler Percent: If you select the scheduler mode with weighted, then the screen will change as shown in Figure 6-69. Show the weight in percent for this queue. This parameter is only shown if “Scheduler Mode” is set to “Weighted.” Port Shaper Enable: Control whether the port shaper is enabled for this switch port. Port Shaper Rate: Control the rate for the port shaper. The default value is 500.
Chapter 6: Configuration Click on the port index to select the QoS egress port shapers. Figure 6-69. The QoS Egress Port Shapers screen. Page 142 724-746-5500 | blackbox.
Chapter 6: Configuration = If you select the scheduler mode with weighted, then the screen will change as shown in this figure. Figure 6-70. QoS Egress Port Scheduler and Shapers Port 1 screen. Parameter Description Port: The logical port for the settings contained in the same row. Click on the port number to configure the shapers. Shapers (Qn): Show “disabled” or actual queue shaper rate, for example, “800 Mbps.” Shapers (Port): Show “disabled” or actual port shaper rate, for example, “800 Mbps.
Chapter 6: Configuration Queue Scheduler Percent: Show the weight in percent for this queue. This parameter is only shown if “Scheduler Mode” is set to “Weighted.” Port Shaper Enable: Control whether the port shaper is enabled for this switch port. Port Shaper Rate: Control the rate for the port shaper. The default value is 500. This value is restricted to 100–1,000,000 when the unit is “kbps,” and it is restricted to 1–10,000 when the unit is “Mbps.
Chapter 6: Configuration Mode: Show the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level. Tag Remarking Mode: Scroll to select the tag remarking mode for this port. Classified: Use classified PCP/DEI values. Default: Use default PCP/DEI values. Mapped: Use mapped versions of QoS class and DP level. Buttons: Save: Click to save changes.
Chapter 6: Configuration Figure 6-72. The QoS Port DSCP Configuration screen. Parameter Description Port: The port column shows the list of ports for which you can configure DSCP ingress and egress settings. Ingress: In ingress settings, you can change ingress translation and classification settings for individual ports. There are two configuration parameters available in ingress: 1. Translate: To enable the ingress translation, click the checkbox. 2.
Chapter 6: Configuration Egress: Port egress rewriting can be one of the parameters listed below: • Disable: No egress rewrite. • Enable: Rewrite enable without remapped. • Remap: DSCP from analyzer is remapped, and the frame is remarked with remapped DSCP value. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.14.7 DSCP-Based QoS The section will show you how to configure the DSCP-based QoS mode.
Chapter 6: Configuration Figure 6-73. The DSCP-Based QoS Ingress Classification screen. Parameter Description DSCP: Maximum number of supported DSCP values is 64. Trust: Click to check if the DSCP value is trusted. QoS Class: QoS class value is a number between 0–7. DPL: Drop precedence level (0–3). Page 148 724-746-5500 | blackbox.
Chapter 6: Configuration Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.14.8 DSCP Translation The section describes how to configure the basic QoS DSCP translation settings for all switches. DSCP translation can be done in ingress or rgress. Web Interface To configure the DSCP Translation parameters in the Web interface: 1. Click “Configuration,” “QoS,” “DSCP Translation.” 2.
Chapter 6: Configuration Figure 6-74. The DSCP Translation screen. Parameter Description DSCP: The maximum number of supported DSCP values is 64 and valid DSCP values range from 0 to 63. Ingress: Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP translation: 1. Translate: DSCP at ingress side can be translated to any of (0–63) DSCP values. Page 150 724-746-5500 | blackbox.
Chapter 6: Configuration 2. Classify: Click to enable classification at the ingress side. Egress: Select the following configurable parameters for the egress side: 1. Remap DP0: Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63. 2. Remap DP1: Select the DSCP value from select menu to which you want to remap. DSCP value ranges form 0 to 63. Buttons: Save: Click to save changes.
Chapter 6: Configuration Parameter Description QoS Class: Available QoS class value ranges from 0 to 7. QoS class (0–7) can be mapped to the following parameters: DPL: Drop precedence level (0–1) can be configured for all available QoS classes. DSCP: Select DSCP value (0–63) from the DSCP menu to map DSCP to corresponding QoS class and DPL value. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.14.
Chapter 6: Configuration Parameter Description QCE#: Indicate the index of QCE. Port: Indicate the list of ports configured with the QCE. Frame Type: Indicate the type of frame to look for incoming frames. Possible frame types are: Any: The QCE will match all frame type. Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only LLC frames are allowed. SNAP: Only SNAP frames are allowed IPv4: The QCE will match only IPV4 frames. IPv6: The QCE will match only IPV6 frames.
Chapter 6: Configuration “x”: Deletes the QCE. “+”: The lowest plus sign adds a new entry at the bottom of the QCE listings. Port Members: Check the box next to any port to make it a member of the QCL entry. By default all ports will be checked. Key Parameters: Key configurations are described below: Tag Value of Tag field can be “Any,” “Untag,” or “Tag.” VID Valid value of VLAN ID can be any value in the range 1–4095 or ”Any.” Users can enter either a specific value or a range of VIDs.
Chapter 6: Configuration Action Configuration: Class QoS Class: “class (0-7)”; default: basic classification DP Valid DP Level: (0–3)"; default: basic classification DSCP Valid dscp value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.14.11 QCL Status The section will let you know how to configure and shows the QCL status by different QCL users.
Chapter 6: Configuration Port: Indicates the list of ports configured with the QCE. Action: Indicate the classification action taken on an ingress frame if parameters configured are matched with the frame's content. There are three action fields: Class, DP, and DSCP. Class: Classified QoS Class; if a frame matches the QCE, it will be put in the queue. DP: Drop Precedence Level; if a frame matches the QCE, then the DP level will set to value displayed under DPL column.
Chapter 6: Configuration Parameter Description Frame Type: The settings in a particular row apply to the frame type listed here: unicast, multicast, or broadcast. Enable: Enable or disable the storm control status for the given frame type. Rate: The rate unit is packets per second (pps). Valid values are: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K or 1024K, 2048K, 4096K, 8192K, 16384K or 32768K. The 1 kpps is actually 1002.1 pps.
Chapter 6: Configuration Parameter Description Queue: The queue number (QoS class) for which the configuration applies. Enable: Check or uncheck this box to enable or disable the WRED function on the switch QoS Queue. Min. Threshold: Control the lower RED threshold. If the average queue filling level is below this threshold, the drop probability is zero. This value is restricted to 0–100. Max.
Chapter 6: Configuration Web Interface To configure the sFlow agent in the Web interface: 1. Click “Configuration,” “sFlow Agent,” “Collector.” 2. Set the parameters. 3. Scroll to IP Type and choose “IPv4” or “IPv6.” 4. Click on the “Save” button to save the setting. 5. To cancel the setting, click the “Reset” button. It will revert to previously saved values. . Figure 6-81. The sFlow Receiver Configuration screen.
Chapter 6: Configuration Buttons Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.15.2 Sampler The section displays the sFlow sampler that you set, or you can edit it for your requirements. Users can set a defined sampling rate; an average of 1 out of N packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy.
Chapter 6: Configuration Figure 6-82. The sFlow Sampler Configuration screen. Parameter Description sFlow Ports: List of the port numbers on which sFlow is configured. sFlow Instance: Configured sFlow instance for the port number. Sampler Type: Configured sampler type on the port and could be any of the types: none, Rx, Tx, or all. Scroll to choose your sampler type. Default value is “None.” Sampling Rate: Configured sampling rate on the ports. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 6: Configuration Max Hdr Size: Configured size of the header of the sampled frame. Polling Interval: Configured polling interval for the counter sampling. Buttons: “e”: Edits the data source sampler configuration. Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. Cancel: Click to cancel to clear the setting. 6.16 Loop Protection Loop protection detects the presence of traffic.
Chapter 6: Configuration Figure 6-83. The Loop Protection Configuration screen. Parameter Description General Settings Enable Loop Protection: Control whether loop protection is enabled (as a whole). Transmission Time: The interval between each loop protection PDU sent on each port. Valid values are 1 to 10 seconds. Shutdown Time: The period (in seconds) for which a port will be kept disabled if a loop is detected (and the port shuts down). Valid values are 0 to 604800 seconds (7 days).
Chapter 6: Configuration Action: Configure the action performed when a loop is detected on a port. Valid values are “Shutdown Port,” “Shutdown Port and Log,” or “Log Only.” TX Mode: Control whether the port is actively generating loop protection PDUs, or whether it is just passively looking for looped PDUs. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.16.
Chapter 6: Configuration Auto-refresh: Clck the buton next to “Auto-refresh” and the device will refresh the information automatically. Upper right icon (Refresh): Click on this icon to refresh the loop protection information manually. 6.17 Easy Port Easy Port provides a convenient way to save and share common configurations. You can use it to enable features and settings based on the location of a switch in the network and for mass configuration deployments across the network.
Chapter 6: Configuration Traffic Class: Scroll to select the traffic class for the data stream priority. The available values are from 0 (Low) to 7 (High). To give the voice high priority, set the value to 7. Port Security: Scroll to enable or disable the port security function on the port. Set the port security limit to match how many devices can access the port (via MAC address). Port Security Action: When the device cannot access the switch, select the switch action.
Chapter 6: Configuration Figure 6-86. The Mirror Configuration screen. Parameter Description Port to mirror to: Port to mirror is also known as the mirror port. Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored on this port. “Disabled” disables mirroring. Port: The logical port for the settings contained in the same row. Mode: Select mirror mode. Rx only frames received on this port are mirrored on the mirror port. Frames transmitted are not mirrored.
Chapter 6: Configuration NOTE: For a given port, a frame is only transmitted once. It is not possible to mirror Tx frames on the mirror port. Because of this, the mode for the selected mirror port is limited to disabled or Rx only. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.19 Trap Event Severity The function is used to set an alarm trap and get the event log.
Chapter 6: Configuration Parameter Description Group Name: The field describes the Trap Event. Severity Level: Scroll to select the event type from “Emerg,” “Alert,” “Crit,” “Error,” “Warning,” “Notice,” “Info,” and “Debug.” Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.20 SMTP Configuration The function sets an alarm trap. Set the SMTP server to send you an alarm email.
Chapter 6: Configuration E-mail Address 1–6: Select the e-mail address that will receive the alarm message. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 6.21 UPnP UPnP is an acronym for universal plug and play.
Chapter 6: Configuration Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 7: Security 7. Security This chapter describes all the switch security configuration tasks used to enhance the security of local network, including “IP Source Guard,” “ARP Inspection,” “DHCP Snooping,” “AAA,” etc.. 7.1 IP Source Guard The section describes how to configure the switch’s IP Source Guard detail parameters. Configure the IP Source Guard to enable or disable ports on the switch. 7.1.
Chapter 7: Security Parameter Description IP source guard configuration mode: Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled. Port Mode Configuration: Specify the ports for which IP source guard is enabled. When both global mode and port mode on a given port are enabled, IP source guard is enabled on this port. Max Dynamic Clients: Specify the maximum number of dynamic clients that can be learned on given port.
Chapter 7: Security IP Address: Allowed Source IP address. IP Mask: Use this to define the enabled network with IP address. MAC address: Allowed Source MAC address. Add new entry: Click to add a new entry to the static IP source guard table. Specify the port, VLAN ID, IP address, and IP mask for the new entry. Click “Save.” Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 7.1.
Chapter 7: Security Web Interface To configure an ARP inspection configuration in the Web interface: 1. Select “Enabled” in the ARP inspection configuration mode. 2. Select “Enabled” for the specific port in the port configuration mode. 3. Click “Save.” Figure 7-4. The ARP Inspection Configuration screen. Parameter Description ARP Inspection Configuration Mode: Enable the Global ARP inspection or disable the Global ARP inspection. Port Mode Configuration: Specify which ports ARP inspection is enabled on.
Chapter 7: Security 7.2.2 Static Table The section describes how to configure the switch’s static ARP inspection table parameters. Use this table to manage the ARP entries. Web Interface To configure a static ARP inspection table configuration in the Web interface: 1. Click “Add new entry.” 2. Specify the port, VLAN ID, IP address, and MAC address in the entry. 3. Click “Save.” Figure 7-5. The Static ARP Inspection Table screen. Parameter Description Delete: Check to delete the entry.
Chapter 7: Security 7.2.3 Dynamic Table The section describes how to configure the switch’s dynamic ARP inspection table parameters. The dynamic ARP inspection table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. Web Interface To configure a dynamic ARP inspection table configuration in the Web interface: 1. Specify the “Start from port,” “VLAN ID,” “MAC Address,” and “IP Address” entries per page. 2.
Chapter 7: Security Figure 7-7. The DHCP Snooping Configuration screen. Parameter Description Snooping Mode: Indicates the DHCP snooping mode operation. Possible modes are: Enabled: Enable DHCP snooping mode operation. When DHCP snooping mode operation is enabled, the DHCP request messages will be forwarded to trusted ports and only allow reply packets from trusted ports. Disabled: Disable DHCP snooping mode operation. Port Mode: Indicates the DHCP snooping port mode.
Chapter 7: Security Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 7.3.2 Statistics The section describes how to show the switch’s DHCP snooping statistics information. The statistics show only packet counters when DHCP snooping mode is enabled and relay mode is disabled. Also, it doesn't count the DHCP packets for DHCP client. Web Interface To configure a DHCP snooping statistics configuration in the Web interface: 1.
Chapter 7: Security Upper right icon (Refresh, Clear): Click on the “Refresh” button to refresh the DHCP snooping port statistics manually. Click on the “Clear” button to clear the entries. 7.4 DHCP Relay The section describes how to forward DHCP requests to another specific DHCP servers via DHCP relay. The DHCP servers may be on another network. 7.4.
Chapter 7: Security Relay Server: Indicates the DHCP relay server IP address. A DHCP relay agent is used to forward and transfer DHCP messages between the clients and the server when they are not in the same subnet domain. Relay Information Mode: Indicates the DHCP relay information mode option operation. Possible modes are: Enabled: Enable DHCP relay information mode operation.
Chapter 7: Security Receive Missing Circuit ID: The number of packets received with the circuit ID option missing. Receive Missing Remote ID: The number of packets received with the remote ID option missing. Receive Bad Circuit ID: The number of packets whose circuit ID option did not match known circuit ID. Receive Bad Remote ID: The number of packets whose remote ID option did not match a known Remote ID. Client Statistics Transmit to Client: The number of relayed packets from server to client.
Chapter 7: Security Figure 7-11. The Network Access Server Configuration screen. Parameter Description Mode: Indicates if NAS is globally enabled or disabled on the switch. If globally disabled, all ports can forward frames. Reauthentication Enabled: Check this box to reauthenticate successfully authenticated supplicants/clients after the interval specified by the Reauthentication Period. Reauthentication for 802.
Chapter 7: Security • Multi 802.1X • MAC-Based Auth. When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module needs to check for activity on the MAC address at regular intervals and free resources if no activity occurs within a given period of time. This parameter controls this time period and can be set to a number between 10 and 1000000 seconds. If reauthentication is enabled and the port is in an 802.
Chapter 7: Security Max. Reauth. Count: The number of times the switch transmits an EAPOL Request Identity frame without response. The Guest VLAN is adjusted with this setting. The value can only be changed if the Guest VLAN option is globally enabled. Valid values are in the range [1; 255]. Allow Guest VLAN if EAPOL Seen: The switch remembers if an EAP over LAN (EAPOL) frame has been received on the port for the lifetime of the port.
Chapter 7: Security Single 802.1X: In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port (for instance through a hub) to piggy-back on the successfully authenticated client and get network access even though they really aren't authenticated. To overcome this security breach, use the Single 802.1X variant. Single 802.
Chapter 7: Security RADIUS-Assigned QoS Enabled: When RADIUS-assigned QoS is both globally enabled and enabled (checked) on a given port, the switch reacts to QoS Class information carried in the RADIUS Access-Accept packet transmitted by the RADIUS server when a supplicant is successfully authenticated. If present and valid, traffic received on the supplicant's port will be classified to the given QoS Class.
Chapter 7: Security This option is only available for EAPOL-based modes, that is: • Port-based 802.1X • Single 802.1X • Multi 802.1X For troubleshooting VLAN assignments, use the “Monitor,” “VLANs,” “VLAN Membership,” and “VLAN Port” pages. These pages show which modules have (temporarily) overridden the current Port VLAN configuration. Guest VLAN Operation: When a Guest VLAN enabled port's link comes up, the switch starts transmitting EAPOL Request Identity frames.
Chapter 7: Security 7.5.2 Switch Status The section describes how to show each port’s network access server (NAS) switch status information. The status includes Admin State Port State, Last Source, Last ID, QoS Class, and Port VLAN ID. Web Interface To configure a NAS Switch Status Configuration in the Web interface: Check the box next to “Auto-refresh.” Figure 7-12. NAS Statistics screen. Parameter Description Port: The switch port number. Click to navigate to detailed NAS statistics for this port.
Chapter 7: Security 7.5.3 Port Status The section provides detailed NAS statistics for a specific switch port running EAPOL-based IEEE 802.1X authentication. Web Interface To configure a NAS Port Status Configuration in the Web interface: 1. Specify the Port you want to check. 2. Check the box next to “Auto-refresh.” Figure 7-13. The NAS Statistics Port 1 screen. Parameter Description Port State Admin State: The port's current administrative state.
Chapter 7: Security Backend Server Counters: These back-end (RADIUS) frame counters are available for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based auth. Last Supplicant/Client Info: Information about the last supplicant/client that attempted to authenticate. This information is available for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based auth.
Chapter 7: Security 7.6 AAA This section shows you how to use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage objects that contain settings for using AAA servers. 7.6.1 Configuration This section describes how to configure AAA setting of TACACS+ or RADIUS server. Web Interface To configure a common configuration of AAA in the Web interface: 1. Set timeout (Default is 15 seconds). 2.
Chapter 7: Security Figure 7-15. The TACACS+ Authorization and Accounting Configuration screen. Figure 7-16. The RADIUS Authentication Server Configuration screen. Figure 7-17. The RADIUS Accounting Server Configuration screen. Figure 7-18. The TACACS+ Authentication Configuration screen. LGB5028A User‘s Manual 724-746-5500 | blackbox.
Chapter 7: Security Parameter Description Authentication Server Configuration Timeout: The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any). RADIUS servers are using the UDP protocol, which is unreliable by design.
Chapter 7: Security Enabled: Enable the TACACS+ authentication server by checking this box. IP Address/Hostname: The IP address or hostname of the TACACS+ authentication server. IP address is expressed in dotted decimal notation. Port: The TCP port to use on the TACACS+ authentication server. If the port is set to 0 (zero), the default port (49) is used on the TACACS+ authentication server. Secret: The secret—up to 29 characters long—shared between the TACACS+ authentication server and the switch.
Chapter 7: Security RADIUS Accounting Servers #: The RADIUS server number. Click to navigate to detailed statistics for this server. IP Address: The IP address and UDP port number (in : notation) of this server. Status: The current state of the server. This field takes one of the following values: Disabled: The server is disabled. Not Ready: The server is enabled, but IP communication is not yet up and running.
Chapter 7: Security Upper right icon (Refresh, Clear): Click on the “Refresh” button to refresh the RADIUS Statistics information manually. Click on the “Clear” button to clear all entries. 7.7 Port Security 7.7.1 Limit Control This section shows you how to configure the port security settings of the switch. Use the port security feature to restrict input to an interface by limiting and identifying MAC addresses. Web Interface To configure a system configuration of limit control in the Web interface: 1.
Chapter 7: Security Figure 7-21. The Port Security Limit Control Configuration screen. Parameter Description System Configuration Mode: Indicates if limit control is globally enabled or disabled on the switch. If globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled. Aging Enabled: If checked, secured MAC addresses are subject to aging as discussed under “Aging Period.
Chapter 7: Security To understand why aging may be desired, consider the following scenario: Suppose an end-host is connected to a third-party switch or hub, which in turn is connected to a port on this switch on which limit control is enabled. The end-host will be allowed to forward if the limit is not exceeded. Now suppose that the end-host logs off or powers down: If it wasn't for aging, the endhost would still take up resources on this switch and will be allowed to forward.
Chapter 7: Security NOTE: Clicking the reopen button causes the page to be refreshed, so unsaved changes will be lost. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 7.7.2 Switch Status This section shows the port security status. Port security is a module with no direct configuration. Configuration comes indirectly from other modules—the user modules.
Chapter 7: Security Parameter Description User Module Legend: The legend shows all user modules that may request port security services. User Module Name: The full name of a module that may request Port Security services. Abbr: A one-letter abbreviation of the user module. This is used in the Users column in the port status table. Port Status: The table has one row for each port on the selected switch and a number of columns: Port: The port number for which the status applies.
Chapter 7: Security Figure 7-23. The Port Security Port Status screen. Parameter Description MAC Address & VLAN ID: The MAC address and VLAN ID for this port. If no MAC addresses are learned, a single row stating “No MAC addresses attached” is displayed. State: Indicates whether the corresponding MAC address is blocked or forwarded. In the blocked state, it will not be allowed to transmit or receive traffic. Time of Addition: Shows the date and time when this MAC address was first detected on the port.
Chapter 7: Security Figure 7-24. The Access Management Configuration screen. Parameter Description Mode: Indicates the access management mode operation. Possible modes are: Enabled: Enable access management mode operation. Disabled: Disable access management mode operation. Delete: Check to delete the entry. It will be deleted during the next save. Start IP Address: Indicates the start IP address for the access management entry. End IP Address: Indicates the end IP address for the access management entry.
Chapter 7: Security 7.8.2 Statistics This section shows you detailed statistics of the Access Management, including HTTP, HTTPS, SSH, TELNET, and SSH. Web interface To configure access management statistics in the Web interface: 1. Check the box next to “Auto-refresh.” Figure 7-25. The Access Management Statistics screen. Interface: The interface type through which the remote host can access the switch.
Chapter 7: Security Parameter Description Mode: Indicates the SSH mode of operation. Possible modes are: Enabled: Enable SSH mode operation. Disabled: Disable SSH mode operation. Buttons: Save: Click to save changes. Reset: Click to undo any changes made locally and revert to previously saved values. 7.10 HTTPs This section shows you how to use HTTPS to securely access the switch.
Chapter 7: Security 7.11 Auth Method This page shows how to configure a user as authenticated when he logs into the switch via one of the management interfaces. Web interface To configure an authentication method in the Web interface: 1. Specify the client (console, Telnet, SSH, Web) that you want to monitor. 2. Specify the authentication method (none, local, radius, TACACS+). 3. Check the box next to “Fallback.” 4. Click ”Save.” Figure 7-28. The Authentication Method Configuration screen.
Chapter 8: Maintenance 8. Maintenance This chapter describes all the switch maintenance configuration tasks to enhance the performance of local network including restart device, firmware upgrade, save/restore, import/export, and diagnostics. 8.1 Restart Device This section describes how to restart the switch for any maintenance needs. Any configuration files or scripts that you saved in the switch should still be available afterwards.
Chapter 8: Maintenance Figure 8-2. The Firmware Update screen. Parameter Description Browse: Click the “Browse...” button to search the firmware URL and filename. Upload: Click the “Upload” butto,n then the switch will start to upload the firmware from firmware stored location PC or server. NOTE: This page starts an update of the firmware controlling the switch. Uploading software will update all managed switches to the location of a software image.
Chapter 8: Maintenance Figure 8-3. The Software Image screen. Parameter Description Activate Alternate Image: Click to use the alternate image. This button may be disabled depending on system state. Cancel: Cancel activating the backup image. Navigates away from this page. Image: The flash index name of the firmware image. The name of primary (preferred) image is “managed,” the alternate image is named “managed.bk.” Version: The version of the firmware image. Date: The date when the firmware was produced.
Chapter 8: Maintenance Web Interface To configure a Factory Default Configuration in the Web interface: 1. Click “Factory Defaults.” 2. Click “Yes.” Figure 8-4. The Factory Defaults screen. Parameter Description Buttons: Yes: Click on the “Yes” button to reset the configuration to factory defaults. No: Click to return to the Port State page without resetting the configuration. 8.3.2 Save Start This section describes how to save the Switch Start configuration.
Chapter 8: Maintenance 2. Click “Yes.” Figure 8-6. The Save as Backup Configuration screen. Parameter Description Buttons: Save: Click the “Save” button to save the current setting as Backup Configuration. 8.3.4 Restore User This section describes how to restore users’ information back to the switch. Any current configuration files will be restored via XML format. Web Interface To configure a restore user configuration in the Web interface: 1. Click “Restore User.” 2. Click “Yes.” Figure 8-7.
Chapter 8: Maintenance 2. Save the file in your device. Figure 8-8. The Restore the Backup Configuration screen. Parameter Description Save: Click the “Save” button to store the Configuration to the PC or Server. Page 212 724-746-5500 | blackbox.
Chapter 8: Maintenance 8.4.2 Import Config This section describes how to export the switch configuration for maintenance. Any current configuration files will be exported as XML format. Web Interface To configure an import config configuration in the Web interface: 1. Click “Browser” to select the config file in your device. 2. Click “Upload.” Figure 8-9. The Import Config screen. Parameter Description Browse: Click the “Browse...” button to search the Configuration URL and filename.
Chapter 8: Maintenance 8.5 Diagnostics This section provides a set of basic system diagnoses. It lets users know whether the system is healthy or needs to be fixed. The basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics. 8.5.1 Ping This section shows you how to issue ICMP PING packets to troubleshoot IPv6 connectivity issues. Web Interface To configure an ICMP PING configuration in the Web interface: 1. Specify ICMP PING IP address. 2. Specify ICMP PING size. 3. Click “Start.
Chapter 8: Maintenance 2. Specify ICMPv6 PING Size. 3. Click “Start.” Figure 8-11. The ICMPv6 Ping screen. Parameter Description IP Address: The destination IP address with IPv6. Ping Size: The payload size of the ICMP packet. Values range from 8 bytes to 1400 bytes. Start: Click the “Start” button, and the switch will start to ping the device using ICMPv6 packet size set on the switch.
Chapter 8: Maintenance Figure 8-12. The VeriPHY Cable Diagnostics screen. Parameter Description Port: The port where you are requesting VeriPHY cable diagnostics. Cable Status: Port: Port number. Pair: The status of the cable pair. Length: The length (in meters) of the cable pair. Page 216 724-746-5500 | blackbox.
Appendix A: Glossary Appendix A. Glossary A.1 Web-Based Management ACE: ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed, different parameter options that are available for individual application. ACL: ACL is an acronym for Access Control List.
Appendix A: Glossary Auto-Negotiation: Auto-Negotiation is the process where two different devices establish the mode of operation and the speed settings that can be shared by those devices for a link. CC: CC is an acronym for Continuity Check. It is an MEP functionality that is able to detect loss of continuity in a network by transmitting CCM frames to a peer MEP. CCM: CCM is an acronym for Continuity Check Message.
Appendix A: Glossary DoS: DoS is an acronym for Denial of Service. In a denial-of-service (DoS) attack, an attacker attempts to prevent legitimate users from accessing information or services. By targeting network sites or network connections, an attacker may be able to prevent network users from accessing email, web sites, online accounts (banking, etc.), or other services that rely on the affected computer.
Appendix A: Glossary IGMP: IGMP is an acronym for Internet Group Management Protocol. It is a communications protocol used to manage the membership of Internet Protocol multicast groups. IGMP is used by IP hosts and adjacent multicast routers to establish multicast group memberships. It is an integral part of the IP multicast specification, like ICMP for unicast connections. IGMP can be used for on-line video and gaming, and allows more efficient use of resources when supporting these uses.
Appendix A: Glossary MAC Table: Switching of frames is based upon the DMAC address contained in the frame. The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame ). This table contains both static and dynamic entries. The static entries are configured by the network administrator if the administrator wants to do a fixed mapping between the DMAC address and switch ports.
Appendix A: Glossary OUI: OUI is the organizationally unique identifier. An OUI address is a globally unique identifier assigned to a vendor by IEEE. You can determine which vendor a device belongs to according to the OUI address, which forms the first 24 bits of a MAC address. PCP: PCP is an acronym for Priority Code Point. It is a 3-bit field storing the priority level for the 802.1Q frame. It is also known as User Priority. PD: PD is an acronym for Powered Device.
Appendix A: Glossary Achieving the required QoS becomes the secret to a successful end-to-end business solution. Therefore, QoS is the set of techniques to manage network resources. RARP: RARP is an acronym for Reverse Address Resolution Protocol. It is a protocol that is used to obtain an IP address for a given hardware address, such as an Ethernet address. RARP is the complement of ARP. RADIUS: RADIUS is an acronym for Remote Authentication Dial-In User Service.
Appendix A: Glossary Tag Priority: Tag priority is a 3-bit field storing the priority level for the 802.1Q frame. TCP: TCP is an acronym for Transmission Control Protocol. It is a communications protocol that uses the Internet Protocol (IP) to exchange the messages between computers.
Appendix A: Glossary A.2 Networking Terms 10BASE-T — IEEE 802.3 specification for 10-Mbps Ethernet over two pairs of Category 3, 4, or 5 UTP cable. 100BASE-TX — IEEE 802.3u specification for 100-Mbps Ethernet over two pairs of Category 5 UTP cable. 1000BASE-LH — Specification for long-haul Gigabit Ethernet over two strands of 9-/125-micron core fiber cable. 1000BASE-LX — IEEE 802.3z specification for Gigabit Ethernet over two strands of 50-/125-, 62.5-/125- or 9-/125-micron core fiber cable.
Appendix A: Glossary Local Area Network (LAN) — A group of interconnected computer and support devices. Media Access Control (MAC) — A portion of the networking protocol that governs access to the transmission medium, facilitating the exchange of data between network nodes. MIB — An acronym for Management Information Base. It is a set of database objects that contains information about the device.
Appendix B: Troubleshooting Appendix B. Troubleshooting B.1 Basic Troubleshooting Tips Most problems are caused by the following situations. Check for these items first when starting your troubleshooting: Connecting to devices that have a fixed full-duplex configuration.
Appendix B: Troubleshooting Table B-1. Troubleshooting chart. Symptom Action Check connections between the switch, the power cord, and the wall outlet. System LED is OFF Contact Black Box Technical Support at 724-746-5500 or info@blackbox.com for assistance. Verify that the switch and attached device are powered on. Make sure the cable is plugged into the switch and the corresponding device.
Appendix C: Cables Appendix C. Cables C.1 Twisted-Pair Cable and Pin Assignments For 10BASE-T/100BASE-TX connections, the twisted-pair cable must have two pairs of wires. For 1000BASE-T connections, the twisted-pair cable must have four pairs of wires. Each wire pair is identified by two different colors. For example, one wire might be green and the other, green with white stripes. Also, an RJ-45 connector must be attached to both ends of the cable.
Appendix C: Cables EIA/TIA 568B RJ-45 Wiring Standard, 10/100BASE-TX Straight-through Cable 1 2 3 4 5 6 7 8 End A 1 2 3 4 5 6 7 8 End B Figure C-2. Straight-through Wiring C.4 Crossover Wiring If the twisted-pair cable is to join two ports, and both ports are labeled with an “X” (MDI-X) or neither port is labeled with an “X” (MDI), a crossover must be implemented in the wiring.
Appendix C: Cables Table C-2. 1000BASE-T MDI and MDI-X port pinouts.
Black Box Tech Support: FREE! Live. 24/7. Tech support the way it should be. Great tech support is just 30 seconds away at 724-746-5500 or blackbox.com. About Black Box Black Box provides an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 30 seconds or less. © Copyright 2012. Black Box Corporation.