LGB5128A SFP Managed Switch Eco User’s Manual Provides (20) Gigabit Ethernet SFP, (4) Gigabit BOXSFP+ Ethernet Combo RJ-45/SFP, andBLACK (4) 1G/10G connections. ® This manual contains information for firmware version 1.59. Customer Support Information Order toll-free in the U.S.: Call 877-877-BBOX (outside U.S.
LGB5128A User's Manual SFP Managed Switch Eco Firmware version 1.59 Compatible Black Box SFPs. Part Number Product Name LFP401–LFP404 155-Mbps Extended Diagnostic SFP LFP411–LFP414, LFP416* 1250-Mbps Extended Diagnostic SFP LSP421–LSP422 10GBASE-SR SFP, 10GBASE-LR SFP *Supports LFP416 with auto mode of link speed on Ports 1–20 and does not support LFP415.
About This Manual Purpose This manual gives specific information on how to operate and use the management functions of the LGB5128A. Audience The manual is intended for use by network administrators who are responsible for operating and maintaining network equipment; consequently, it assumes a basic working knowledge of general switch functions, the Internet Protocol (IP), and Simple Network Management Protocol (SNMP).
CAUTION: Alerts you to a potential hazard that could cause loss of data, or damage the system or equipment.
Table of Contents INTRODUCTION ................................................................................................................................................... 1 CHAPTER 1 OPERATION OF WEB-BASED MANAGEMENT .............................................................. 2 CHAPTER 2 SYSTEM CONFIGURATION ............................................................................................. 4 2-1 SYSTEM INFORMATION ...................................................................
3-5.1 Instance .............................................................................................................................................. 63 3-5.2 Port Configuration ............................................................................................................................. 65 3-5.3 Port Status .......................................................................................................................................... 67 3-6 IGMP SNOOPING....................
3-16.9 DSCP Classification ....................................................................................................................... 145 3-16.10 QoS Control List Configuration ................................................................................................... 146 3-16.11 QCL Status ................................................................................................................................... 149 3-16.12 Storm Control .........................................
5-3.3 Save User .......................................................................................................................................... 228 5-3.4 Restore User ..................................................................................................................................... 228 5-4 EXPORT / IMPORT ...................................................................................................................................... 229 5-4.1 Export Config .................
DELETE THIS PAGE ix
INTRODUCTION Overview This user’s manual explains how to install and connect your network system to configure and monitor the LGB5128A through its built-in CLI and Web via the RS-232 serial interface and Ethernet ports. Examples of hardware and software functions are shown as well as the examples of the operation for Web-based interface and commandline interface (CLI). The LGB5128A L2+ managed switch from Black Box, provides a reliable infrastructure for your business network.
Chapter 1 Initial Configuration Operation of Web-based Management This chapter instructs you how to configure and manage the LGB5128A through the Web user interface. With this facility, you can easily access and monitor status of all switches through any one port of the switch, including MIBs status, each port activity, Spanning tree status, port aggregation status, multicast traffic, VLAN and priority status, illegal access record, and so on.
NOTE: DHCP is enabled on the LGB5128A, but if you do not have a DHCP server to provide IP addresses to the switch, use the switch default ip 192.168.1.
Chapter 2 System Configuration This chapter describes all of the basic configuration tasks, including the switch’s system information and management (for example, Time, Account, IP, Syslog, and SNMP.) 2-1 System Information After you login, the switch shows you the system information. This is the default page.
Parameter description: Model name: The model name of this device. System description: 8-port 10/100/1000BASE-T + 2-Port TP/(100/1G) SFP Combo L2 Plus Managed Switch. Location: Where this switch is located. User-defined. Contact: Write down the contact person and phone here for help managing and maintaining the switch. You can configure this parameter through the device’s user interface or SNMP. Device name: The name of the switch. User-defined.
2-1.2 Configuration You can identify the system by configuring the contact information, name, and location of the switch. Web interface To configure System Information in the Web interface: 1. Click System, System Information, Configuration. 2. Write System Contact , System Name, System Location information in this page. 3. Click Save. Figure 2-1.
2-2 Time This page configures the switch time. Time configuration includes Time Configuration and NTP Configuration. 2-2.1 Manual The switch provides manual and automatic ways to set the system time via NTP. Manual setting is simple—just input Year, Month, Day, Hour, Minute, and Second within the valid value range indicated in each item. Web Interface To configure Time in the Web interface: 1. Click Time , Manual. 2. Specify the Time parameter in manual parameters. 3. Click Save. Figure 2-2.
Time Set Offset: Provides the Daylight saving time set offset. The offset is given in minutes east of GMT. The valid range is from 1 to 1440 minutes. default is 60 minutes. Daylight Savings Type: Provide the Daylight savings type selection. You can select “By Dates” or “Recurring” for Daylight saving type. From: To configure Daylight saving start date and time, use the format “YYYY-MM-DD HH:MM.” To: To configure Daylight saving end date and time, use the format “YYYY-MM-DD HH:MM.
2-2.2 NTP NTP is Network Time Protocol and is used to sync the network time based on Greenwich Mean Time (GMT). If you use the NTP mode and select a built-in NTP time server or manually specify an user-defined NTP server as well as Time Zone, the switch will sync the time in shortly after pressing button. Though it synchronizes the time automatically, NTP does not update the time periodically without user’s processing. Time Zone is an offset time off GMT.
2-3 Account In this function, only the administrator can create, modify, or delete the username and password. The administrator can modify other guest identities’ passwords without confirming the password but will also need to modify the administrator-equivalent identity. Guestequivalent identity can modify his password only. NOTE: You must confirm administrator/guest identity in the Authorization field before configuring the username and password.
Privilege Level : The privilege level of the user. The allowed range is 1 to 15. If the privilege level value is 15, the user can access all groups, i.e. he is granted the full control of the device. Other values need to refer to each group privilege level. A user’s privilege should be same or greater than the group privilege level to access that group. By default, most groups privilege level 5 has read-only access and privilege level 10 has read-write access.
Figure 2-3.2: The Privilege Level configuration Parameter description: Group Name The name identifying the privilege group. In most cases, a privilege level group consists of a single module (e.g. LACP, RSTP or QoS), but a few groups contain more than one. The following defines these privilege level groups in detail: System: Contact, Name, Location, Timezone, Log.
Maintenance: CLI: System Reboot, System Restore Default, System Password, Configuration Save, Configuration Load, and Firmware Load. Web: Users, Privilege Levels, and everything in Maintenance. Debug: Only present in CLI. Privilege Levels Every group has an authorization Privilege level for the following sub groups: configuration read-only, configuration/execute read-write, status/statistics read-only, status/statistics read-write (e.g. to clear statistics).
Figure2- 4.1: The IP configuration Parameter description: DHCP Client : Enable the DHCP client by checking this box. If DHCP fails and the configured IP address is zero, DHCP will retry. If DHCP fails and the configured IP address is non-zero, DHCP will stop and the configured IP settings will be used. The DHCP client will announce the configured System Name as hostname to provide DNS lookup. IP Address : Provide the IP address of this switch in dotted decimal notation.
2-4.2 IPV6 This section describes how to configure the switch-managed IPv6 information. The Configured column is used to view or change the IPv6 configuration. The Current column is used to show the active IPv6 configuration. Configure the switch-managed IPv6 information on this page. The Configured column is used to view or change the IPv6 configuration. The Current column is used to show the active IPv6 configuration. Web Interface To configure Management IPv6 of the switch in the Web interface: 1.
2-5 Syslog The Syslog is a standard for logging program messages. It allows separation of the software that generates messages from the system that stores them and the software that reports and analyzes them. It can be used as well a generalized informational, analysis, and debugging messages. It is supported by a wide variety of devices and receivers across multiple platforms. 2-5.
2-5.2 Log This section how to display the system log information of the switch Web Interface To display the log configuration in the Web interface: 1. Click Syslog, Log. 2. Display the log information. Figure 2-5.2: The System Log configuration Parameter description: Auto-refresh When you click on the auto-refresh icon, the device will refresh the log automatically. Level Information level of the system log entry. The following level types are supported: Warning: Warning level of the system log.
2-5.3 Detailed Log This section describes that display the detailed log information of the switch Web Interface To display the detailed log configuration in the Web interface: 1. Click Syslog, Detailed Log. 2. Display the log information. Figure 2-5.3: The Detailed System Log Information Parameter description: ID The ID (>= 1) of the system log entry. Message The detailed message of the system log entry. Upper right icon (Refresh, clear,….
2-6 SNMP Any Network Management System (NMS) running the Simple Network Management Protocol (SNMP) can manage the Managed devices equipped with SNMP agent, provided that the Management Information Base (MIB) is installed correctly on the managed devices. The SNMP is a protocol that is used to govern the transfer of information between SNMP manager and agent and traverses the Object Identity (OID) of the management Information Base (MIB), described in the form of SMI syntax.
2-6.2 Communities The function is used to configure SNMPv3 communities. The Community and User Name is unique. To create a new community account, please check button, and enter the account information, then check . Max Group Number : 4. Web Interface To display the configure SNMP Communities in the Web interface: 1. Click SNMP, Communities. 2. Click Add new community. 3. Specify the SNMP communities parameters. 4. Click Save. 5.
2-6.3 Users The function is used to configure SNMPv3 user. The Entry index key is UserName. To create a new UserName account, click on the button, and enter the user information then check . Max Group Number : 10. Web Interface To display the configure SNMP Users in the Web interface: 1. Click SNMP, Users. 2. Specify the Privilege parameter. 3. Click Save. Figure 2-6.3: The SNMP Users Configuration Parameter description: Delete Click on this button to delete the entry.
MD5: An optional flag to indicate that this user uses MD5 authentication protocol. SHA: An optional flag to indicate that this user uses SHA authentication protocol. The value of security level cannot be modified if entry already exists. That means must first ensure that the value is set correctly. Authentication Password A string identifying the authentication password phrase. For MD5 authentication protocol, the allowed string length is 8 to 32.
2-6.4 Groups The function is used to configure SNMPv3 group. The Entry index key are Security Model and Security Name. To create a new group account, please check button, and enter the group information then check . Max Group Number : v1: 2, v2: 2, v3:10. Web Interface To display the configure SNMP Groups in the web interface: 1. Click SNMP, Groups. 2. Specify the Privilege parameter. 3. Click Save. Figure 2-6.
2-6.5 Views The function is used to configure SNMPv3 view. The Entry index keys are OID Subtree and View Name. To create a new view account, please click on the button, and enter the view information then click on . Max Group Number : 28. Configure SNMPv3 view table on this page. The entry index keys are View Name and OID Subtree. Web Interface 1. 2. 3. 4. 5. Click SNMP, Views. Click Add new View. Specify the SNMP View parameters. Click Save.
OID Subtree The OID defining the root of the subtree to add to the named view. The allowed OID length is 1 to 128. The allowed string content is digital number or asterisk(*). Save Click the Save icon to save the configuration to ROM. 2-6.6 Access The function is used to configure SNMPv3 accesses. The Entry index keys are Group Name, Security Model, and Security level. To create a new access account, click on the button, enter the access information, then clcik on .
v2c: Reserved for SNMPv2c. usm: User-based Security Model (USM). Security Level Indicates the security model that this entry should belong to. Possible security models are: NoAuth, NoPriv: No authentication and no privacy. Auth, NoPriv: Authentication and no privacy. Auth, Priv: Authentication and privacy. Read View Name The name of the MIB view defining the MIB objects for which this request may request the current values.
Parameters description: Delete: Check entry then click on the button, and the entry will be deleted. Trap Version: You may choose v1, v2c, or v3 trap. Server IP: Assign the SNMP Host IP address. UDP Port: Assign the Port number. Default: 162 Community/Security Name: The length of “Community/Security Name” string is restricted to 1–32. Security Level: Indicates what kind of message will be sent to Security Level.
Privacy Protocol: You can set DES encryption for UserName. Privacy Password: The length of “Privacy Password” is restricted to 8–32.
Chapter 3. Configuration This chapter describes all of the basic network configuration tasks, including the Ports, Layer 2 network protocol (e.g., VLANs, QoS, IGMP, ACLs, and PoE, etc.), and any setting of the switch. 3-1 Port The section describes how to configure the Port detail parameters of the switch, to enable or disable switch Ports, and monitor the ports’ content or status. 3-1.
Parameter description: Port : This is the logical port number for this row. Link : The current link state is displayed graphically. Green indicates the link is up and red that it is down. Current Link Speed : Provides the current link speed of the port. Configured Link Speed : Select any available link speed for the given switch port. Auto Speed selects the highest speed that is compatible with a link partner. Disabled disables the switch port operation.
3-1.2 Port Description The section describes how to configure the Port’s alias or any description for the Port Identity. The user can write down an alphanumeric string describing the full name and version identification for the system’s hardware type, software version, and networking application. Web Interface To configure a Port Description in the Web interface: 1. Click Configuration, Port, then Port Description. 2.
3-1.3 Traffic Overview The section describes the Port statistics information and provides an overview of general traffic statistics for all switch ports. The ports belong to the currently selected stack unit, as reflected by the page header. Web Interface To Display the Port Statistics Overview in the Web interface: 1. Click Configuration, Port, then Traffic Overview. 2. To auto-refresh, check the “Auto-refresh” box. 3.
3-1.4 Detailed Statistics The section describes how to provide detailed traffic statistics for a specific switch port. Use the port select box to select which switch port details to display. The selected port belongs to the currently selected stack unit, as reflected by the page header. The displayed counters are the totals for receive and transmit, the size counters for receive and transmit, and the error counters for receive and transmit.
Rx and Tx Multicast : The number of received and transmitted (good and bad) multicast packets. Rx and Tx Broadcast : The number of received and transmitted (good and bad) broadcast packets. Rx and Tx Pause : A count of the MAC Control frames received or transmitted on this port that have an opcode indicating a PAUSE operation.
3-1.5 Qos Statistics The section describes how a switch displays the QoS detailed Queuing counters for a specific switch port, and for the different queues for all switch ports. The ports belong to the currently selected stack unit, as reflected by the page header. Web Interface To Display the Queueing Counters in the Web interface: 1. Click Configuration, Port, then QoS Statistics. 2. If you want to auto-refresh the information, then you need to evoke the “Auto-refresh.” 3.
3-1.6 SFP Information The section describes how a switch displays the SFP module detail information that you use to connect it to the switch. The information includes: Connector type, Fiber type, wavelength, baud rate, and Vendor OUI etc. Web Interface To Display the SFP information in the Web interface: 1. Click Configuration, Port, then SFP Information. 2. The switch displays the SFP Information. Figure 3-1.
Vendor Rev (Revision): Display the module revision. Vendor SN (Serial Number): Show the serial number assigned by the manufacturer. Date Code: Show the date this SFP module was made. Temperature: Show the current temperature of SFP module. Vcc: Show the working DC voltage of SFP module. Mon1(Bias) mA: Show the Bias current of SFP module. Mon2(TX PWR): Show the transmit power of SFP module. Mon3(RX PWR): Show the receiver power of SFP module. 3-1.
Figure 3-1.7: The EEE Configuration Parameter description: EEE Port Configuration: The EEE port settings relate to the currently selected stack unit, as reflected by the page header. Port : The switch port number of the logical EEE port. EEE Enabled : Controls whether EEE is enabled for this switch port. EEE Urgent Queues : Queues set will activate transmission of frames as soon as any data is available.
3-2.1 Ports The section describes how to configure the ACL parameters (ACE) of each switch port. These parameters will affect frames received on a port unless the frame matches a specific ACE. Web Interface To configure the ACL Ports Configuration in the Web interface: 1. Click Configuration, ACL, then Ports. 2. Scroll to the specific parameter value to select the correct value for port ACL setting. 3. Click the save button to save the setting 4. To cancel the setting, click the Reset button.
Mirror : Specify the mirror operation of this port. The allowed values are: Enabled: Frames received on the port are mirrored. Disabled: Frames received on the port are not mirrored. The default value is “Disabled.” Logging : Specify the logging operation of this port. The allowed values are: Enabled: Frames received on the port are stored in the System Log. Disabled: Frames received on the port are not logged. The default value is “Disabled.
Figure 3-2.2: The ACL Rate Limiter Configuration Parameter description: Rate Limiter ID : The rate limiter ID for the settings contained in the same row. Rate The allowed values are: 0-3276700 in pps or 0, 100, 200, 300, ..., 1000000 in kbps. Unit : Specify the rate unit. The allowed values are: pps: packets per second. kbps: Kbits per second. Buttons Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-2.
Web Interface To configure Access Control List in the Web interface: 1. Click Configuration, ACL, then Configuration. 2. Click the “+” button to add a new ACL, or use the other ACL modification buttons to specify the editing action (i.e., edit, delete, or moving the relative position of entry in the list). 3. Specify the parameter of the ACE. 4. Click the save button to save the setting. 5. If you want to cancel the setting, then click the reset button. It will revert to previously saved values. 6.
Action : Indicates the forwarding action of the ACE. Permit: Frames matching the ACE may be forwarded and learned. Deny: Frames matching the ACE are dropped. Rate Limiter : Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled. Port Copy : Indicates the port copy operation of the ACE. Frames matching the ACE are copied to the port number. The allowed values are Disabled or a specific port number.
Buttons Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. Auto-refresh: To evoke the auto-refresh to refresh the information automatically. Upper right icon (Refresh, clear, Remove All) Click on these icons to refresh theACL configuration or clear them by manual. Others remove all to clean up all ACL configurations on the table. 3-2.4 ACL Status The section describes how to show the ACL status by different ACL users.
Deny: Frames matching the ACE are dropped. Rate Limiter : Indicates the rate limiter number of the ACE. The allowed range is 1 to 16. When Disabled is displayed, the rate limiter operation is disabled. Port Copy : Indicates the port copy operation of the ACE. Frames matching the ACE are copied to the port number. The allowed values are Disabled or a specific port number. When Disabled is displayed, the port copy operation is disabled. Mirror : Specify the mirror operation of this port.
Web Interface To configure the Trunk Aggregation Hash mode and Aggregation Group in the Web interface: 1. Click Configuration, Static Trunk, and then Aggregation Mode Configuration. 2. Evoke to enable or disable the aggregation mode function. Evoke Aggregation Group ID and Port members 3. Click the save button to save the setting 4. To cancel the setting, click the Reset button. It will previously saved values. revert to Figure 3-3.1.
Aggregation Group Configuration Locality : Indicates the aggregation group type. This field is only valid for stackable switches. Global: The group members may reside on different units in the stack. The device supports two 8-port global aggregations. Local: The group members reside on the same unit. Each local aggregation may consist of up to 16 members. Group ID : Indicates the group ID for the settings contained in the same row. Group ID “Normal” indicates there is no aggregation.
Figure 3-3.2.1: The LACP Port Configuration Parameter description: Port : The switch port number. LACP Enabled : Controls whether LACP is enabled on this switch port. LACP will form an aggregation when 2 or more ports are connected to the same partner. LACP can form max 12 LLAGs per switch and 2 GLAGs per stack. Key : The Key value incurred by the port, range 1–65535. The Auto setting will set the key as appropriate by the physical link speed, 10Mb = 1, 100Mb = 2, 1Gb = 3.
3-3.2.2 System Status This section describes how to set LACP function on the switch to provide a status overview for all LACP instances. Web Interface To display the LACP System status in the Web interface: 1. Click Configuration, LACP, System Status. 2. If you want to auto-refresh the information then you need to evoke the “Auto-refresh.” 3. Click “ Refresh“ to refresh the LACP System Status. Figure 3-3.2.
3-3.2.3 Port Status This section describes how to set LACP function on the switch then to provide a Port Status overview for all LACP instances. Web Interface To display the LACP Port status in the Web interface: 1. Click Configuration, LACP, Port Status. 2. If you want to auto-refresh the information then you need to select “Auto-refresh.” 3. Click “Refresh” to refresh the LACP Port Status. Figure 3-3.2.3: The LACP Status Parameter description: Port : The switch port number.
3-3.2.4 Port Statistics This section describes how to set LACP function on the switch to provide a Port Statistics overview for all LACP instances. Web Interface To display the LACP Port status in the Web interface: 1. Click Configuration, LACP, Port Statistics. 2. If you want to auto-refresh the information, click on the “Auto refresh” button. 3. Click “ Refresh“ to refresh the LACP Statistics. Figure 3-3.2.4: The LACP Statistics Parameter description: Port : The switch port number.
3-4 Spanning Tree The Spanning Tree Protocol (STP) can be used to detect and disable network loops, and to provide backup links between switches, bridges, or routers. This allows the switch to interact with other bridging devices (that is, an STP-compliant switch, bridge, or router) in your network to ensure that only one route exists between any two stations on the network, and provide backup links that automatically take over when a primary link goes down.
Figure 3-4.1: The STP Bridge Configuration Parameter description: Basic Settings Protocol Version : The STP protocol version setting. Valid values are STP, RSTP, and MSTP. Bridge Priority : Controls the bridge priority. Lower numeric values have better priority. The bridge priority plus the MSTI instance number, concatenated with the 6-byte MAC address of the switch, forms a Bridge Identifier. For MSTP operation, this is the priority of the CIST.
Advanced Settings Edge Port BPDU Filtering : Control whether a port explicitly configured as Edge will transmit and receive BPDUs. Edge Port BPDU Guard : Control whether a port explicitly configured as Edge will disable itself upon reception of a BPDU. The port will enter the error-disabled state, and will be removed from the active topology. Port Error Recovery : Control whether a port in the error-disabled state automatically will be enabled after a certain time.
Figure 3-4.2: The MSTI Configuration Parameter description: Configuration Identification Configuration Name : The name identifying the VLAN to MSTI mapping. Bridges must share the name and revision (see below), as well as the VLAN-to-MSTI mapping configuration in order to share spanning trees for MSTI's (Intra-region). The name is at most 32 characters. Configuration Revision : The revision of the MSTI configuration named above. This must be an integer between 0 and 65535.
Web Interface To configure the Spanning Tree MSTI Priorities parameters in the Web interface: 1. Click Configuration, Spanning Tree, MSTI Priorities. 2. Scroll the Priority. The maximum is 240. Default is 128. 3. Click the save button to save the setting 4. If you want to cancel the setting, then you need to click the Reset button. It will revert to previously saved values Figure 3-4.3: The MSTI Configuration Parameter description: MSTI : The CIST is the default bridge instance, which is always active.
Figure 3-4.4: The STP CIST Port Configuration Parameter description: Port : The switch port number of the logical STP port. STP Enabled : Controls whether STP is enabled on this switch port. Path Cost : Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, you can enter a user-defined value.
Restricted Role : If enabled, this causes the port not to be selected as Root Port for the CIST or any MSTI, even if it has the best spanning tree priority vector. Such a port will be selected as an Alternate Port after the Root Port has been selected. If set, it can cause lack of spanning tree connectivity.
Figure 3-4.5: The MSTI Port Configuration Parameter description: Port : The switch port number of the corresponding STP CIST (and MSTI) port. Path Cost : Controls the path cost incurred by the port. The Auto setting will set the path cost as appropriate by the physical link speed, using the 802.1D recommended values. Using the Specific setting, a user-defined value can be entered. The path cost is used when establishing the active topology of the network.
3-4.6 Bridge Status After you complete the MSTI Port configuration, you could to ask the switch to display the Bridge Status. The Section provides a status overview of all STP bridge instances. The displayed table contains a row for each STP bridge instance, where the column displays the following information: Web Interface To display the STP Bridges’ status in the Web interface: 1. Click Configuration, Spanning Tree, STP Bridges. 2.
3-4.7 Port Status After you complete the STP configuration, you could to ask the switch to display the STP Port Status. The section explains how to ask the switch to display the STP CIST port status for physical ports of the currently selected switch.: Web Interface To display the STP Port status in the Web interface: 1. Click Configuration, Spanning Tree, STP Port Status. 2. If you want to auto-refresh the information then you need to check the “Auto-refresh” box. 3.
3-4.8 Port Statistics After you complete the STP configuration, then you can to enable the switch to display the STP Statistics. The section explains how to ask the switch to display the STP Statistics detail counters of bridge ports in the currently selected switch. Web Interface To display the STP Port status in the Web interface: 1. Click Configuration, Spanning Tree, Port Statistics. 2. If you want to auto-refresh the information then you need to check the “Auto-refresh” box. 3.
It means the switch supports the MRSTP. Several spanning trees exist at the same time and these spanning trees won’t affect each other. A switch supports MRSTP and accepts two or more RSTP in signal equipment. These two RSTP group have different ports to join them and between different Hello Time, Max Age, Forwarding Delay. The MRSTP configuration method was the same as RSTP, but it needs to set for several times. Otherwise each MRSTP could be set for differential parameters. 3-5.
Priority : The priority parameter used in the CIST (Common and Internal Spanning Tree) connection. 0 / 4096 / 8192 / 12288 / 16384 / 20480 / 24576 / 28672 / 32768 / 36864 / 40960 / 45056 / 49152 / 53248 / 57344 / 61440. Hello-time : Available value range: 1 / 2 In contrast with RSTP, Hello Time in MRSTP that needs per port setting for the CIST. Max-age : Available value range: 6-40 sec. The same definition was as in the RSTP protocol.
3-5.2 Port Configuration The chapter describes how to configure the MRSTP port. After you configure the MRSTP instance, then you can assign the port to join the instance and set the parameters to implement MRSTP. Web Interface To configure the MRSTP Port configuration in the Web interface: 1. Click Configuration, MRSTP, Port Configuration. 2. Scroll to select the instance you want to assign to the Port. 3. Scroll to select includes Path Cost, Priority, Admin Edge, and Admin P2P parameters. 4.
Parameter description: Port: The physical port index available value is 1 to 24. Instance : Every MRSTP instance must have a unique instance ID. Path Cost : Select “Auto” or “Specific.” If you select Specific, then you need to assign the path cost value. The available range is from 1 to 200,000,000. The same definition as in the RSTP specification. But in MRSTP, this parameter can be respectively applied to ports of CIST and ports of any MSTI.
3-5.3 Port Status The section describes how to configure a MRSTP Port status table. You will see the MRSTP configuration result, each port that joins the MRSTP group, and its statistics. Web Interface To view the MRSTP Port status in the Web interface: 1. Click Configuration, MRSTP, Port Status. 2. Check the “Auto-refresh” box, then the switch will update the table automatically. 4. Click the Refresh button, then it will update the table manually. Figure 3-5.3: The MRSTP Port Status.
Displays the port priority. Priority here means Port Priority. Port Priority and Port Number are mixed to form the Port ID. Port IDs are often compared in order to determine which port of a bridge would become the Root Port. The range is 0–240. Admin Edge : Displays the port admin edge status. If you don’t set any value, then it will show default value is Edge. Admin P2P : Displays the port admin P2P status. If you don’t set any value, then it will show default value is Auto.
Figure 3-5.1: The IGMP Snooping Configuration. Parameter description: Snooping Enabled: Enable the Global IGMP Snooping. Unregistered IPMCv4 Flooding enabled : Enable unregistered IPMCv4 traffic flooding. IGMP SSM Range : SSM (Source-Specific Multicast) Range allows the SSM-aware hosts and routers to run the SSM service model for the groups in the address range. Format: (IP address/sub mask). Proxy Enabled : Enable IGMP Proxy.
3-5.2 VLAN Configuration The section describes the VLAN configuration setting process integrated with the IGMP Snooping function. Each setting page shows up to 99 entries from the VLAN table (the default is 20) selected through the "entries per page" input field. When first visited, the Web page will show the first 20 entries from the beginning of the VLAN Table. The first displayed will be the one with the lowest VLAN ID found in the VLAN Table.
QRI : Query Response Interval. The Max. Response Time used to calculate the Max. Resp. Code inserted into the periodic General Queries. The allowed range is 0 to 31744 in tenths of seconds; default query response interval is 100 in tenths of seconds (10 seconds). LLQI (LMQI for IGMP) : Last Member Query Interval. The Last Member Query Time is the time value represented by the Last Member Query Interval, multiplied by the Last Member Query Count.
Figure 3-5.3: The IGMP Snooping Port Group Filtering Configuration. Parameter description: Delete : Check to delete the entry. It will be deleted during the next save. Port : Enable the IGMP Snooping Port Group Filtering function on the port. Filtering Groups : The IP Multicast Group that will be filtered. Buttons: Save—Click to save changes. Reset—Click to undo any changes made locally and revert to previously saved values.
3-5.4 Status After you complete the IGMP Snooping configuration, the switch can display the IGMP Snooping Status. The section explains how to display the IGMP Snooping detail status. Web Interface To display the IGMP Snooping status in the Web interface: 1. Click Configuration, IGMP Snooping, Status. 2. If you want to auto-refresh the information, click on the “Auto-refresh” box. 3. Click “Refresh“ to refresh the IGMP Snooping Status. 4. Click “Clear“ to clear the IGMP Snooping Status. Figure 3-5.
V2 Leaves Received : The number of Received V2 Leaves. Auto-refresh Click the box next to auto-refresh and the device will refresh the log automatically. Upper right icon (Refresh, clear) Click on these icons to refresh the Status or clear manually. 3-5.5 Group Information After you set the IGMP Snooping function then you can display the IGMP Snooping Group Information. Entries in the IGMP Group Table are shown on this page. The IGMP Group Table is sorted first by VLAN ID, and then by group.
3-5.6 IPv4 SSM information Source Specific Multicast (SSM) is a datagram delivery model that best supports one-to-many applications, also known as broadcast applications. SSM is a core network technology of IP multicast targeted for audio and video broadcast application environments. For the SSM delivery mode, an IP multicast receiver host must use IGMP Version 3 (IGMPv3) to subscribe to channel (S, G).
Port : Switch port number. Mode : Indicates the filtering mode maintained per (VLAN ID, port number, Group Address) basis. It can be either Include or Exclude. Source Address : IP Address of the source. Currently, system limits the total number of IP source addresses for filtering to be 128. Type : Indicates the Type. It can be either Allow or Deny. Auto-refresh Click on the auto-refresh box and the device will refresh the log automatically.
3-6.1 Basic Configuration The section explains how to configure the MLD Snooping basic configuration and the parameters. Web Interface To configure the MLD Snooping Configuration in the Web interface: 1. Click Configuration, MLD Snooping, Basic Configuration. 2. Enable or disable the Global configuration parameters. Select the port to join Router port and Fast Leave. 3. Scroll to select the Throttling mode with unlimited or 1 to 10. 4. Click the save button to save the setting. 5.
Port: The Port index to enable or disable the MLD Snooping function. Fast Leave : Enable the fast leave on the port. Router Port : Specify which ports act as router ports. A router port is a port on the Ethernet switch that leads towards the Layer 3 multicast device or MLD querier. If an aggregation member port is selected as a router port, the whole aggregation will act as a router port. Throttling : Enable to limit the number of multicast groups to which a switch port can belong.
Compatibility : Compatibility is maintained by hosts and routers taking appropriate actions depending on the versions of MLD operating on hosts and routers within a network. The allowed selection is MLD-Auto, Forced MLDv1, Forced MLDv2, default compatibility value is MLDAuto. Rv : Robustness Variable. The Robustness Variable allows tuning for the expected packet loss on a network. The allowed range is 1 to 255; default robustness variable value is 2. QI : Query Interval.
Figure 3-7.3: The MLD Snooping Port Group Filtering Configuration Parameter description: Delete : Check to delete the entry. It will be deleted during the next save. Port : The logical port for the settings. You can enable the port to join filtering groups. Filtering Groups The IP Multicast Group that will be filtered. Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-6.
Figure 3-6.4: The MLD Snooping Status Parameter description: VLAN ID : The VLAN ID of the entry. Querier Version : The currently working Querier Version. Host Version : The currently working Host Version. Querier Status : Show the Querier status is "ACTIVE" or "IDLE." Queries Transmitted : The number of Transmitted Queries. Queries Received : The number of Received Queries. V1 Reports Received : The number of Received V1 Reports.
Web Interface To display the MLD Snooping Group information in the Web interface: 1. 2. 3. 4. Click Configuration, MLD Snooping, Group Information. If you want to auto-refresh the information then you need to check the “Auto-refresh” box. Click “ Refresh“ to refresh an entry of the MLD Snooping Group Information. Click “ Clear“ to clear the MLD Snooping Groups information. Figure 3-6.
3-6.6 IPv6 SSM Information The section describes how to configure the Entries in the MLDv2 Information Table are shown on this page. The MLDv2 Information Table is sorted first by VLAN ID, then by group, and then by Port No. Different source addresses that belong to the same group are treated as a single entry. Each page shows up to 64 entries from the MLDv2 SSM (Source Specific Multicast) Information table, selected through the "entries per page" input field.
3-7 MVR The MVR feature enables multicast traffic forwarding on the Multicast VLAN. In a multicast television application, a PC or a television with a set-top box can receive the multicast stream. Multiple set-top boxes or PCs can be connected to one subscriber port, which is a switch port configured as an MVR receiver port. When a subscriber selects a channel, the set-top box or PC sends an IGMP join message to Switch A to join the appropriate multicast.
Immediate Leave : Enable the fast leave on the port. Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-7.2 Groups Information The section describes how to display the MVR Groups detail information on the switch. Entries in the MVR Group Table are shown on this page. The MVR Group Table is sorted first by VLAN ID, and then by group Web Interface To display the MVR Groups Information in the Web interface: 1.
3-7.3 Statistics The section describes how the switch will display the MVR detail Statistics after you configured MVR on the switch. It provides the detail MVR Statistics Information. Web Interface To display the MVR Statistics Information in the Web interface: 1. Click Configuration, MVR, Statistics. 2. To auto-refresh the information, check the “Auto-refresh” box. 3. Click the “ Refresh“ button to refresh a entry of the MVR Statistics Information. 4. Click “<< or >> “ to move to previous or next entry.
3-8 LLDP The switch supports the LLDP. For current information on your switch model, the Link Layer Discovery Protocol (LLDP) provides a standards-based method for enabling switches to advertise themselves to adjacent devices and to learn about adjacent LLDP devices.
Tx Hold : Each LLDP frame contains information about how long the information in the LLDP frame will be considered valid. The LLDP information valid period is set to Tx Hold multiplied by Tx Interval seconds. Valid values are restricted to 2–10 times. Tx Delay : If some configuration is changed (e.g. the IP address) a new LLDP frame is transmitted, but the time between the LLDP frames will always be at least the value of Tx Delay seconds. Tx Delay cannot be larger than 1/4 of the Tx Interval value.
NOTE: When CDP awareness on a port is disabled, the CDP information isn't removed immediately, but gets when the hold time is exceeded. Port Descr : Optional TLV: When checked the "port description" is included in LLDP information transmitted. Sys Name : Optional TLV: When checked the "system name" is included in LLDP information transmitted. Sys Descr : Optional TLV: When checked the "system description" is included in LLDP information transmitted.
Parameter description: Local Port : The port on which the LLDP frame was received. Chassis ID : The Chassis ID is the identification of the neighbor's LLDP frames. Remote Port ID : The Remote Port ID is the identification of the neighbor port. System Name : System Name is the name advertised by the neighbor unit. Port Description : Port Description is the port description advertised by the neighbor unit.
3-8.3 LLDP-MED Configuration Media Endpoint Discovery is an enhancement of LLDP, known as LLDP-MED, that provides the following facilities: Auto-discovery of LAN policies (such as VLAN, Layer 2 Priority, and Differentiated services (Diffserv) settings) enabling plug-and-play networking. Device location discovery to allow creation of location databases and, in the case of Voice over Internet Protocol (VoIP), Enhanced 911 services.
Parameter description: Fast start repeat count Rapid startup and Emergency Call Service Location Identification Discovery of endpoints is a critically important aspect of VoIP systems in general.
NAD83/MLLW: North American Datum 1983, CRS Code 4269, Prime Meridian Name: Greenwich; The associated vertical datum is Mean Lower Low Water (MLLW). This datum pair is to be used when referencing locations on water/sea/ocean. Civic Address Location IETF Geopriv Civic Address based Location Configuration Information (Civic Address LCI). Country code : The two-letter ISO 3166 country code in capital ASCII letters—Example: DK, DE, or US.
Floor : Floor - Example: 4. Room no. : Room number - Example: 450F. Place type : Place type - Example: Office. Postal community name : Postal community name - Example: Leonia. P.O. Box : Post office box (P.O. BOX) - Example: 12345. Additional code : Additional code - Example: 1320300003. Emergency Call Service: Emergency Call Service (e.g. E911 and others), such as defined by TIA or NENA.
NOTE: LLDP-MED is not intended to run on links other than between Network Connectivity Devices and Endpoints, so it does not need to advertise the multitude of network policies that frequently run on an aggregated link interior to the LAN. Delete : Check to delete the policy. It will be deleted during the next save. Policy ID : ID for the policy. This is auto generated and shall be used when selecting the polices that will be mapped to the specific ports.
L2 Priority : L2 Priority is the Layer 2 priority to be used for the specified application type. L2 Priority may specify one of eight priority levels (0 through 7), as defined by IEEE 802.1D-2004. A value of 0 represents use of the default priority as defined in IEEE 802.1D-2004. DSCP : DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474. DSCP may contain one of 64 code point values (0 through 63).
LLDP-MED Network Connectivity Devices, as defined in TIA-1057, provide access to the IEEE 802 based LAN infrastructure for LLDP-MED Endpoint Devices. An LLDP-MED Network Connectivity Device is a LAN access device based on any of the following technologies: 1. LAN Switch/Router 2. IEEE 802.1 Bridge 3. IEEE 802.3 Repeater (included for historical reasons) 4. IEEE 802.11 Wireless Access Point 5. Any device that supports the IEEE 802.
2. Network Policy 3. Location Identification 4. Extended Power via MDI - PSE 5. Extended Power via MDI - PD 6. Inventory 7. Reserved Application Type : Application Type indicating the primary function of the application(s) defined for this network policy, advertised by an Endpoint or Network Connectivity Device. The possible application types are shown below. 1. Voice - for use by dedicated IP Telephony handsets and other similar appliances supporting interactive voice services.
Priority : Priority is the Layer 2 priority to be used for the specified application type. Choose one of the eight priority levels (0 through 7). DSCP : DSCP is the DSCP value to be used to provide Diffserv node behavior for the specified application type as defined in IETF RFC 2474. Contain one of 64 code point values (0 through 63). 3-8.5 EEE By using EEE, power savings can be achieved at the expense of traffic latency.
Echo Tx Tw : The link partner's Echo Tx Tw value. The respective echo values will be defined as the local link partner’s reflection (echo) of the remote link partner’s respective values. When a local link partner receives its echoed values from the remote link partner, it can determine whether or not the remote link partner has received, registered, and processed its most recent values.
3-8.6 Port Statistics Two types of counters are shown. Global counters are counters that refer to the whole stack of switches, while local counters refer to per port counters for the currently selected switch. Web Interface To show LLDP Statistics: 1. Click LLDP, than click Port Statistics to show LLDP counters. 2. Click Refresh for manual update Web screen. 3. Click Auto-refresh for auto-update Web screen. 4. Click Clear to clear all counters. Figure 3-8.
Rx Frames : The number of LLDP frames received on the port. Rx Errors : The number of received LLDP frames containing some kind of error. Frames Discarded : If an LLDP frame is received on a port, and the switch's internal table is full, the LLDP frame is counted and discarded. This situation is known as "Too Many Neighbors" in the LLDP standard. LLDP frames require a new entry in the table when the Chassis ID or Remote Port ID is not already contained within the table.
3- 9 Filtering Data Base Filtering Data Base Configuration gathers many functions that cannot be categorized to some function type, including MAC Table Information and Static MAC Learning. MAC table Frame switching is based upon the DMAC address contained in the frame. The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame). This table contains both static and dynamic entries.
Parameter description: Aging Configuration : By default, dynamic entries are removed from the MAC table after 300 seconds. This removal is also called aging. Configure aging time by entering a value here in seconds; for example, Age time seconds. The allowed range is 10 to 1000000 seconds. To disable the automatic aging of dynamic entries, check Disable automatic aging.
3- 9.2 Dynamic MAC Table Entries in the MAC Table are shown on this page. The MAC Table contains up to 8192 entries, and is sorted first by VLAN ID, then by MAC address. Web Interface To Display the MAC Address Table in the Web interface: 1. Click Dynamic MAC Table. 2. Specify the VLAN and MAC Address. 3. Display the MAC Address Table. Figure 3- 9.2: The Dynamic MAC Address Table information 1. 2. Parameter description: MAC Table Columns Switch (stack only). The stack unit where the entry is learned.
3-10 VLAN Assign a specific VLAN for management. The management VLAN is used to establish an IP connection to the switch from a workstation connected to a port in the VLAN. This connection supports a VSM, SNMP, and Telnet session. By default, the active management VLAN is VLAN 1, but you can designate any VLAN as the management VLAN using the Management VLAN window. Only one management VLAN can be active at a time.
Port Members : A row of check boxes for each port is displayed for each VLAN ID. To include a port in a VLAN, check the box. To remove or exclude the port from the VLAN, make sure the box is unchecked. By default, no ports are members, and all boxes are unchecked. Adding a New VLAN : Click to add a new VLAN ID. An empty row is added to the table, and the VLAN can be configured as needed. Legal values for a VLAN ID are 1 through 4095.
Figure 3-10.2: The VLAN Port Configuration Parameter description: Ethertype for Custom S-ports : This field specifies the ether type used for Custom S-ports. This is a global setting for all the Custom S-ports. Custom Ethertype enables the user to change the Ethertype value on a port to any value to support network devices that do not use the standard 0x8100 Ethertype field value on 802.1Q-tagged or 802.1p-tagged frames. Port : This is the logical port number of this row.
If Specific (the default value) is selected, a Port VLAN ID can be configured (see below). Untagged frames received on the port are classified to the Port VLAN ID. If VLAN awareness is disabled, all frames received on the port are classified to the Port VLAN ID. If the classified VLAN ID of a frame transmitted on the port is different from the Port VLAN ID, a VLAN tag with the classified VLAN ID is inserted in the frame. Port VLAN ID : Configures the VLAN identifier for the port.
spanning trees in a network, which significantly improves network resource use while maintaining a loop-free environment. VLAN ID : Indicates the ID of this particular VLAN. VLAN Membership : The VLAN Membership Status Page will show the current VLAN port members for all VLANs configured by a selected VLAN User (selected via a Combo Box). When ALL VLAN Users are selected, it will show this information for all the VLAN Users by default.
ingress filtering is enabled and the ingress port is not a member of the classified VLAN, the frame is discarded. Frame Type : Shows whether the port accepts all frames or only tagged frames. This parameter affects VLAN ingress processing. If the port only accepts tagged frames, untagged frames received on that port are discarded. Tx Tag : Shows egress filtering frame status whether tagged or untagged. UVID : Shows UVID (untagged VLAN ID).
Figure 3-10.5.1: The Private VLAN Membership Configuration Parameter description: Delete : To delete a private VLAN entry, check this box. The entry will be deleted during the next save. Private VLAN ID : Indicates the ID of this particular private VLAN. Port Members : A row of check boxes for each port is displayed for each private VLAN ID. To include a port in a Private VLAN, check the box. To remove or exclude the port from the Private VLAN, make sure the box is unchecked.
Figure 3-10.5.2: The Port Isolation Configuration Parameter description: Port Members : A check box is provided for each port of a private VLAN. When checked, port isolation is enabled on that port. When unchecked, port isolation is disabled on that port. By default, port isolation is disabled on all ports. Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-10.
Figure 3-10.6.1: The MAC-based VLAN Membership Configuration Parameter description: Delete : To delete a MAC-based VLAN entry, check this box and press save. The entry will be deleted on the selected switch in the stack. MAC Address : Indicates the MAC address. VLAN ID : Indicates the VLAN ID. Port Members : A row of check boxes for each port is displayed for each MAC-based VLAN entry. To include a port in a MAC-based VLAN, check the box.
3-10.6.2 Status This section shows MAC-based VLAN entries configured by various MAC-based VLAN users. Currently, we support following VLAN User types: NAS : NAS provides port-based authentication, which involves communications between a Supplicant, Authenticator, and an Authentication Server. Web Interface To Display MAC-based VLAN configured in the Web interface: 1. Click MAC-based VLAN Status. 2. Specify the Static NAS Combined. 3. Display MAC-based information. Figure 3-10.6.
3-10.7 Protocol -based VLAN This section describes Protocol -based VLAN, Protocols supported by the switch include Ethernet LLC and SNAP. LLC The Logical Link Control (LLC) data communication protocol layer is the upper sub-layer of the Data Link Layer (which is itself layer 2, just above the Physical Layer) in the sevenlayer OSI reference model.
2. 3. LLC SNAP NOTE: On changing the Frame type field, valid value of the following text field will vary depending on the new frame type you selected. Value : Valid value that can be entered in this text field depends on the option selected from the preceding Frame Type selection menu. Listed below are the criteria for three different Frame Types: 1. For Ethernet: Values in the text field when Ethernet is selected as a Frame Type is called etype. Valid values for etype ranges from 0x0600-0xffff 2.
3-10.7.2 Group to VLAN This section allows you to map a already-configured Group Name to a VLAN for the selected switch unit in the switch stack. Web Interface To Display Group Name to VLAN mapping table configured in the Web interface: 1. Click Group Name VLAN configuration and add new entry. 2. Specify the Group Name and VLAN ID. 3. Click Save. Figure 3-12.7.2: The Group Name of VLAN Mapping Table Parameter description: Delete : To delete a Group Name to VLAN map entry, check this box.
Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. Auto-refresh : Check the box next to auto-refresh and the device will refresh the information automatically. Upper right icon (Refresh): Click on this icon to refresh the Protocol Group Mapping information manually. 3-12 GARP The Generic Attribute Registration Protocol (GARP) provides a generic framework that devices in a bridged LAN, e.g.
Parameter description: Port : The Port column shows the list of ports for which you can configure GARP settings. There are 2 types configuration settings that can be configured on per port bases. • • • • Timer Values Applicantion Attribute Type GARP Applicant Timer Values : To set the GARP join timer, leave timer, and leave all timers, unit is Micro-second. Three different timers can be configured on this page: Join Timer :The default value for Join timer is 200 ms.
3-12.2 Statistics The section describes GARP port statistics http://192.0.2.1/help/glossary.htm - qosfor all switch ports. The port statistics relate to the currently selected stack unit, as reflected by the page header. Web Interface To display GARP Port statistics in the Web interface: 1. Click GARP statistics. 2. Scroll to the port for which you want to display the GARP Counter information. 3. Click Refresh to modify the GARP statistics information. Figure 3-12.
3-13 GVRP GVRP is an application based on Generic Attribute Registration Protocol (GARP), mainly used to automatically and dynamically maintain the VLAN group membership information. The GVRP provides the VLAN registration service through a GARP application. It uses GARP Information Declaration (GID) to maintain the ports associated with their attribute database and GARP Information Propagation (GIP) to communicate among switches and end stations.
1. GVRP Mode This configuration is to enable/disable GVRP Mode on particular port locally. Disable: Select to Disable GVRP mode on this port. Enable: Select to Enable GVRP mode on this port. The default value of configuration is disable. 2. GVRP rrole This configuration is used to configure restricted role on an interface. Disable: Select to Disable GVRP rrole on this port. Enable: Select to Enable GVRP rrole on this port. The default configuration is disable.
3-13.2 Statistics The section describes how to show the basic GVRP Port statistics for all switch ports. The statistics relate to the currently selected stack unit, as reflected by the page header. Web Interface To display GVRP Port statistics in the Web interface: 1. Click GVRP statistics. 2. Scroll to the port for which you want to display the GVRP Counter information. 3. Click Refresh to modify the GVRP statistics information. Figure 3-13.
3-14 MRP This standard specifies protocols, procedures, and managed objects to support the Multiple Registration Protocol (MRP). MRP allows participants in a MRP Application to register attributes with other participants in a Bridged Local Area Network. The definition of attribute types, their values, and the semantics associated with values when registered are specific to each MRP application. Two Applications are defined to register VLANs (MVRP) and Group MAC addresses (MMRP). 3-14.
Application : Currently the only supported application is MVRP. Attribute Type : Currently the only supported Attribute Type is VLAN. MRP Applicant : This configuration is used to configure the Applicant state machine behavior for MRP on a perticular port locally. • • normal-participant: In this mode the Applicant state machine will operate normally in MRP protocol exchanges. non-participant: In this mode the Applicant state machine will not participate in the protocol operation.
3-14.2 Statistics This page provides MRP port statistics for all switch ports. The port statistics relate to the currently selected stack unit, as reflected by the page header. Web Interface To display MRP Port statistics in the Web interface: 1. Click MRP statistics. 2. Scroll to the port you want to display the MRP Counter information. 3. Click Refresh to modify the MRP statistics information. Figure 3-14.
3-15 MVRP The Multiple VLAN Registration Protocol (MVRP) defines an MRP application that provides the VLAN registration service. MVRP provides a mechanism for dynamic maintenance of the contents of Dynamic VLAN Registration Entries for each VLAN, and for propagating the information they contain to other Bridges.
Disable: Select to Disable MVRP mode on this port. Enable: Select to Enable MVRP mode on this port. The default value of configuration is disable. 2. MVRP rrole This configuration is used to configure restricted role on an interface. Disable: Select to Disable MVRP rrole on this port. Enable: Select to Enable MVRP rrole on this port. The default configuration is disable. Auto-refresh : Check the box next to auto-refresh and the device will refresh the information automatically.
3-15.2 Statistics This page shows the basic MVRP Port statistics for all switch ports. The statistics relate to the currently selected stack unit, as reflected by the page header. Web Interface To display MVRP Port statistics in the Web interface: 1. Click MVRP statistics. 2. Scroll to the port for which you want to display the MVRP Counter information. 3. Click Refresh to modify the MVRP statistics information. Figure 3-17.
3-16 QoS The switch supports four QoS queues per port with strict or weighted fair queuing scheduling. It supports QoS Control Lists (QCL) for advanced programmable QoS classification, based on IEEE 802.1p, Ethertype, VID, IPv4/IPv6, DSCP, and UDP/TCP ports and ranges. Classifying incoming frames to a QoS class is very flexible. The QoS classification looks for information up to Layer 4, including IPv4 and IPv6 DSCP, IPv4 TCP/UDP port numbers, and user priority of tagged frames.
Parameter description: Port : The port number for which the configuration below applies. QoS class : Controls the default QoS class, i.e., the QoS class for frames not classified in any other way. There is a one to one mapping between QoS class, queue and priority. A QoS class of 0 (zero) has the lowest priority. DP level : Controls the default DP level, i.e., the DP level for frames not classified in any other way. PCP : Controls the default PCP for untagged frames.
3-16.2 Port Policing This section provides an overview of QoS Ingress Port Policers for all switch ports The Port Policing is useful in constraining traffic flows and marking frames above specific rates. Policing is primarily useful for data flows and voice or video flows because voice and video usually maintain a steady rate of traffic. Web Interface To display the QoS Port Schedulers in the Web interface: 1. Click Configuration, QoS, Port Policing. 2.
3-16.3 Port Scheduler This section provides an overview of QoS Egress Port Schedulers for all switch ports. and the ports belong to the currently selected stack unit, as reflected by the page header. Web Interface To display the QoS Port Schedulers in the Web interface: 1. Click Configuration, QoS, Port Schedulers. 2. Display the QoS Egress Port Schedulers. Figure 3-16.
If you select the scheduler mode with wighted then the screen will change as the figure. Parameter description: Port : The logical port for the settings contained in the same row. Click on the port number in order to configure the schedulers. Mode : Shows the scheduling mode for this port. Weight (Qn) : Shows the weight for this queue and port.
Queue Scheduler Percent : Shows the weight in percent for this queue. This parameter is only shown if "Scheduler Mode" is set to "Weighted." Port Shaper Enable : Controls whether the port shaper is enabled for this switch port. Port Shaper Rate : Controls the rate for the port shaper. The default value is 500. This value is restricted to 1– 1000 when the "Unit" is "kbps", and it is restricted to 100 when the "Unit" is "Mbps". .
If you select the scheduler mode with wighted then the screen will change as the figure.
Parameter description: Port : The logical port for the settings contained in the same row. Click on the port number in order to configure the shapers. Shapers (Qn) : Shows "disabled" or actual queue shaper rate - e.g. "800 Mbps". Shapers (Port) : Shows "disabled" or actual port shaper rate - e.g. "800 Mbps". Scheduler Mode : Controls whether the scheduler mode is "Strict Priority" or "Weighted" on this switch port.
3-16.5 Port Tag Remarking The Section provides user to get an overview of QoS Egress Port Tag Remarking for all switch ports. Others the ports belong to the currently selected stack unit, as reflected by the page header. Web Interface To display the QoS Port Tag Remarking in the Web interface: 1. Click Configuration, QoS, Port Tag Remarking. Figure 3-16.
3-16.6 Port DSCP The section will teach the user how to set the QoS Port DSCP configuration that allowed you to configure the basic QoS Port DSCP Configuration settings for all switch ports. The settings relate to the currently selected stack unit, as reflected by the page header. Web Interface To configure the QoS Port DSCP parameters in the Web interface: 1. Click Configuration, QoS, Port DSCP. 2. Evoke to enable or disable the Ingress Translate and Scroll the Classify Parameter configuration. 3.
• All: Classify all DSCP. Egress : Port Egress Rewriting can be one of these parameters: • • • • Disable: No Egress rewrite. Enable: Rewrite enable without remapped. Remap: DSCP from analyzer is remapped and frame is remarked with remapped DSCP value. Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-16.
Figure 3-16.7: The DSCP-Based QoS Ingress Classification Configuration Parameter description: • DSCP : Maximum number of supported DSCP values are 64. • Trust : Click to check if the DSCP value is trusted. • QoS Class : QoS Class value can be between 0–7. • DPL : Drop Precedence Level can be between 0 and 3. • Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values.
3-16.8 DSCP Translation The section describes how to configure the basic QoS DSCP Translation settings for all switches. DSCP translation can be done in Ingress or Egress. Web Interface To configure the DSCP Translation parameters in the Web interface: 1. Click Configuration, QoS, DSCP Translation. 2. Scroll to set the Ingress Translate and Egress Remap DP0 and Remap DP1 Parameters. 3. Enable or disable Classify. 4. Click on the save button to save the setting. 5.
Ingress : Ingress side DSCP can be first translated to new DSCP before using the DSCP for QoS class and DPL map. There are two configuration parameters for DSCP Translation – 1. Translate : DSCP at Ingress side can be translated to any of (0–63) DSCP values. 2. Classify : Click to enable Classification at Ingress side. Egress : There are two configurable parameters for Egress side – 1. Remap DP0 : Select the DSCP value from the menu that you want to remap. DSCP value ranges from 0 to 63. 2.
3-16.9 DSCP Classification This section describes how to configure and map a DSCP value to a QoS Class and DPL value. The settings relate to the currently selected stack unit, as reflected by the page header. Web Interface To configure the DSCP Classification parameters in the Web interface: 1.Click Configuration, QoS, DSCP Translation. 2. Scroll to set the DSCP Parameters. 3. Click the save button to save the setting. 4. To cancel the setting, click the Reset button.
3-16.10 QoS Control List Configuration The section shows the QoS Control List (QCL), which is made up of the QCEs. Each row describes a QCE that is defined. The maximum number of QCEs is 256 on each switch. Click on the lowest plus sign to add a new QCE to the list. Web Interface To configure the QoS Control List parameters in the Web interface: Click Configuration, QoS, QoS Contol List. 1. Click Configuration, QoS, QoS Contol List, 2. Click the “+” button to add a new QoS Control List, 3.
Ethernet: Only Ethernet frames (with Ether Type 0x600-0xFFFF) are allowed. LLC: Only (LLC) frames are allowed. SNAP: Only (SNAP) frames are allowed IPv4: The QCE will match only IPV4 frames. IPv6: The QCE will match only IPV6 frames. SMAC : Displays the OUI field of Source MAC address, i.e. first three octet (byte) of MAC address. DMAC : Specify the type of Destination MAC addresses for incoming frame. Possible values are: Any: All types of Destination MAC addresses are allowed.
VID: Valid value of VLAN ID can be any value in the range 1-4095 or “Any”; a user can enter either a specific value or a range of VIDs. PCP Priority Code Point: Valid value PCP are specific (0, 1, 2, 3, 4, 5, 6, 7) or range (0-1, 2-3, 4-5, 6-7, 0-3, 4-7) or “Any.” DEI Drop Eligible Indicator: Valid value of DEI can be any of values between 0, 1 or “Any.” SMAC: Source MAC address: 24 MS bits (OUI) or “Any.
Action Configuration : Class QoS Class: "class (0-7)", default- basic classification. DP: Valid DP Level can be (0-3)", default- basic classification. DSCP: Valid dscp value can be (0-63, BE, CS1-CS7, EF or AF11-AF43) . Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-16.11 QCL Status The section will explain how to configure and display the QCL status by different QCL users. Each row describes the QCE that is defined.
Action : Indicates the classification action taken on ingress frame if parameters configured are matched with the frame's content. There are three action fields: Class, DPL, and DSCP. Class: Classified QoS Class; If a frame matches the QCE, it will be put in the queue. DPL: Drop Precedence Level; If a frame matches the QCE, then the DP level will be set to value displayed under DPL column. DSCP: If a frame matches the QCE, then DSCP will be classified with the value displayed under DSCP column.
Parameter description: Frame Type : The settings in a particular row apply to the frame type listed here: Unicast, Multicast, or Broadcast. Enable : Enable or disable the storm control status for the given frame type. Rate : The rate unit is packets per second (pps). Valid values are: 1, 2, 4, 8, 16, 32, 64, 128, 256, 512, 1K, 2K, 4K, 8K, 16K, 32K, 64K, 128K, 256K, 512K or 1024K, 2048K, 4096K, 8192K, 16384K, or 32768K. The 1 kpps is actually 1002.1 pps. Buttons: Save – Click to save changes.
Parameter description: Receiver Id : The “Receiver ID” input fields allow the user to select the receiver ID. It indicates the ID of this particular sFlow Receiver. Currently, one ID is supported and one collector is supported. IP Type : A drop-down list to select the type of IP of Collector is displayed. By default, IPv4 is the type of Collector IP type. You could use IPv4 or IPv6. IP Address : Enter the address of a reachable IP into the text box.
3-18.2 Sampler The section displays the sFlow sampler what you set or you can edit it for your requirement. That will help user based on a defined sampling rate, an average of 1 out of N packets/operations is randomly sampled. This type of sampling does not provide a 100% accurate result, but it does provide a result with quantifiable accuracy Web Interface To configure the sFlow Agent in the Web interface: 1. Click Configuration, sFlow Agent, sampler 2.
Max Hdr Size : Configured size of the header of the sampled frame. Polling Interval : Configured polling interval for the counter sampling. Buttons: Circle-E button—Edits the Data source sampler configuration. Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. Cancel- Click to cancel your setting. Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically.
Figure 3-20.1: The Mirror Configuration Parameter description: Port to mirror on : Port to mirror is also known as the mirror port. Frames from ports that have either source (rx) or destination (tx) mirroring enabled are mirrored on this port. Disabled disables mirroring. Mirror Port Configuration The following table is used for Rx and Tx enabling. Port : The logical port for the settings contained in the same row. Mode : Select mirror mode.
Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 3-20 Trap Event Severity Use this function to set a Alarm trap and get the Event log. The Trap Events Configuration function enables the switch to send out the trap information when pre-defined trap events occur. Web Interface To configure the Trap Event Severity Configuration in the Web interface: 1. Click Configuration, Trap Event Severity Configuration. 2.
3-21 SMTP Configuration Use this function to set a Alarm trap. When the switch alarm goes off, you can set the SMTP server to send you the alarm mail. Web Interface To configure the SMTP Configuration in the Web interface: 1. Click Configuration, SMTP Configuration. 2. Scroll to select the Severity Level. 3. Specify the parameters in each blank field. 4. Click the save button to save the setting. 5. To cancel the setting, click the Reset button. It will revert to previously saved values Figure 3-22.
3-22 802.3ah OAM For Carrier Ethernet applications, you can reduce operating costs and increase the remote access for maintenance. Using Ethernet as a metropolitan and wide-area networking technology requires a new set of OAM protocols. Service provider networks are large and complex with a wide user base, and they often involve different operators that must work together to provide end-to-end services to enterprise customers.
Parameter description: Port Members : The switch port number and index for port configuration IEEE 802.3ah OAM. OAM Enabled : You can set OAM enable or disable on the Port. Controls whether Link OAM is enabled on this switch port. Enabling Link OAM enables the network operators to monitor the health of the network and quickly determine the location of failing links or fault conditions. OAM Mode : Scroll to select OAM mode. You can configure the OAM Mode as Active or Passive.
3-22.2 Event Config This chapter explains how to inspect and change the current Link OAM Event configurations. It allows you to set what kind of event triggers the 802.3ah OAM monitor and management function. Web Interface To configure the Link event configuration in the Web interface: 1. Click Configuration, 802.3ah OAM, then Event config. 2. Check the box next auto-refresh to update the Link Event data. 3. Set all parameters on Link event field. 4. Click the save button to save the setting. 5.
Frame Period Error Event: The Errored Frame Period Event TLV counts the number of errored frames detected during the specified period. The period is specified by a number of received frames. This event is generated if the errored frame count is greater than or equal to the specified threshold for that period (for example, if the errored frame count is greater than or equal to 10 for the last 1,000,000 frames received).
3-22.3 Port Status When you configure the IEEE802.3ah OAM, then the switch will display the Port Status in this page. It provides Link OAM configuration operational status. The displayed field shows the active configuration status for the selected port. Web Interface To display the Port Status in the Web interface: 1. Click Configuration, 802.3ah OAM, then Port status. 2. Scroll to select which port you want to monitor the Link OAM Status. 3. Evoke auto-refresh to update the detailed Link OAM Status data.
Link Monitoring Support : If status is enabled, DTE supports interpreting Link Events. The field will show enabled. MIB Retrieval Support : If status is enabled, DTE supports sending Variable Response OAMPDUs.. The field will show enabled. MTU Size : This represents the largest OAMPDU, in octets, supported by the DTE. This value is compared to the remotes Maximum PDU Size and the smaller of the two is used.
3-22.4 Link Events This chapter explains how to inspect and change the current Link OAM Link Event configurations. The Link OAM Link Event status relate to the currently selected stack unit, as reflected by the page header. The left pane displays the Event status for the Local OAM unit, while the right pane displays the status for the Peer for the respective port. Web Interface To display the Link Events in the Web interface: 1. Click Configuration, 802.3ah OAM, then Link Events. 2.
Total Frame Error Events : This four-octet field indicates the number of Errored Frame Event TLVs that have been generated since the OAM sub-layer was reset. Frame Period Error Event Timestamp : This two-octet field indicates the time reference when the event was generated, in 100 ms intervals. Frame Period Error Event Window : This field shows this four-octet field indicates the duration of period of frames.
Event Seconds Summary Error Total : This four-octet field indicates the sum of errored frame seconds that have been detected since the OAM sub-layer was reset. Event Seconds Summary Event Total : This four-octet field indicates the number of Errored Frame Seconds Summary Event TLVs that have been generated since the OAM sub-layer was reset, encoded as a 32bit unsigned integer.. Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically.
3-22.5 Statistics This chapter explains how to provide detailed OAM traffic statistics for a specific switch port. Use the port select box to select which switch port details to display. The displayed counters represent the total number of OAM frames received and transmitted for the selected port. Discontinuities of these counters can occur when you re-intialize the management system. Web Interface To display the Statistics in the Web interface: 1. Click Configuration, 802.3ah OAM then Statistics. 2.
Rx and Tx Variable Response : A count of the number of Variable Response OAMPDUs received and transmitted on this interface. Rx and Tx Org Specific PDU’s : A count of the number of Organization Specific OAMPDUs transmitted on this interface. Rx and Tx Unsupported Codes : A count of the number of OAMPDUs transmitted on this interface with an unsupported op-code. Rx and Tx Link fault PDU’s : A count of the number of Link fault PDUs received and transmitted on this interface.
3-23 Ethernet OAM The chapter describes the Ethernet OAM configuration. Before you configure the Ethernet OAM, you need to understand MEP (Maintenance Entity Point). The MEP means the Points at the edge of the domain define the boundary for the domain. A MEP sends and receives CFM frames through the relay function, and drops all CFM frames of its level or lower that come from the wire side. Web Interface To configure the Ethernet OAM in the Web interface: 1. Click Configuration, Ethernet OAM. 2.
Ingress: This is a Ingress (down) MEP—monitoring ingress traffic on “Residence Port.” Egress: This is a Egress (up) MEP—monitoring egress traffic on “Residence Port.” Residence Port : The port where MEP is monitoring—see “Direction.” You need to assign a port to monitor the MEP status. Level : This is the MEG level of this MEP. Shared MEGs are ETH frames that are encapsulated differently between subscriber’s frames and SP’s frames.
3-23 EPS The chapter describes the Ethernet Protection Switching (EPS). Ethernet (Linear) Protection Switch instances are configured here. Web Interface To configure the EPS in the Web interface: 1. Click Configuration, EPS. 2. Click “Add new EPS,” then you can create a new EPS entry on the switch. 3. Assign each parameter to add new EPS. 4. To cancel the setting, click the Reset button. It will revert to previously saved values 5. Click Refresh and switch will update the EPS table manually. Figure 3-24.
W SF MEP: This field assigns the working Signal Fail reporting MEP. P SF MEP: This field assigns the protecting Signal Fail reporting MEP. APS MEP: This field assigns the APS PDU handling MEP. Alarm: There is an active alarm on the EPS. When you complete the setting, then the switch will show the alarm status. Buttons: Add new EPS - Click to add a new EPS entry. Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values.
3-23 ERPS The chapter describes Ethernet Ring Protection Switching (ERPS). ITU-T under G.8032 recommended this to provide sub-50ms protection and recovery switching for Ethernet traffic in a ring topology, and at the same time ensuring that there are no loops formed at the Ethernet layer. Ethernet Ring Protection Switch instances are configured here. Web Interface To configure the ERPS in the Web interface: 1. Click Configuration, ERPS. 2.
The West APS PDU handling MEP. Only one APS MEP is associated with interconnected sub-ring without virtual channel, and it is configured as "0" for such ring instances. "0" in this field indicates that no west APS MEP is associated with this instance. Ring Type: To scroll to select the type of Protection ring. It can be either major ring or sub-ring. . Interconnected Node: Interconnected Node indicates that the ring instance is interconnected. Click on the checkbox to configure this.
3-22 PTP For Carrier Ethernet application, PTP is an acronym for Precision Time Protocol, a network protocol for synchronizing the clocks of computer systems. The chapter explains how to configure and inspect the current PTP clock settings. 3-22.1 Configuration This chapter allows the user to configure the PTP clock setting on the switch and the parameters’ setting values. Web Interface To configure the PTP in the Web interface: 1. Click Configuration, PTP then Configuration. 2.
External Enable : This Selection box will allow you to configure the External Clock output. The following values are possible: 1. True : Enable the external clock output. 2. False : Disable the external clock output. VCXO_Enable : This Selection box will allow you to configure the External VCXO rate adjustment. The following values are possible: 1. True : Enable the external VCXO rate adjustment. 2. False : Disable the external VCXO rate adjustment.
NOTE: IPv4 unicast protocol only works in Master only and Slave only clocks. See parameter Device Type. In a unicast Slave, the only clocks you need to configure are the master clocks to request Announce and Sync messages from. See: Unicast Slave Configuration. VLAN Tag Enable: Enables the VLAN tagging for the PTP frames. NOTE: Packets are only tagged if the port is configured for vlan tagging. i.e.: Port Type! = Unaware and PortVLAN mode== None. VID: VLAN Identifier used for tagging the PTP frames.
3-22.2 Status This chapter allows the user to monitor the PTP configuration status and inspect the current PTP clock settings. Web Interface To monitor the PTP status in the Web interface: 1. Click Configuration, PTP then status. 2. Evoke “Auto-refresh” to enable the switch to update the PTP status automatically. 3. Click Refresh to update the Status information manually. . Figure 3- 22.1: The PTP status Parameter description: One_pps_mode: Shows the current One_pps_mode configured. 1.
5.SlaveOnly - Clock's Device Type is Slave Only. Port List: Shows the ports configured for that Clock Instance. Auto-refresh : Click the box next to auto-refresh and to enable an automatic refresh of the page at regular intervals. Upper right icon (Refresh): Click to refresh the page immediately.
Chapter 4. Security This chapter describes all of the switch security configuration tasks that enhance the security of local networks, including IP Source Guard, ARP Inspection, DHCP Snooping, AAA, etc. 4-1 IP Source Guard The section describes how to configure the IP Source Guard detail parameters of the switch. Use the IP Source Guard to enable or disable a switch port. 4-1.
Parameter description: Mode of IP Source Guard Configuration : Enable the Global IP Source Guard or disable the Global IP Source Guard. All configured ACEs will be lost when the mode is enabled. Port Mode Configuration : Specify which ports IP Source Guard is enabled on. Only when both Global Mode and Port Mode on a given port are enabled, IP Source Guard is enabled on this given port. Max Dynamic Clients : Specify the maximum number of dynamic clients that can be learned on given port.
4-1.2 Static Table The section describes how to configure the Static IP Source Guard Table parameters of the switch. You could use the Static IP Source Guard Table configure to manage the entries. Web Interface To configure a Static IP Source Guard Table Configuration in the web interface: 1. Click “Add new entry.” 2. Specify the Port, VLAN ID, IP Address, and MAC address in the entry. 3. Click Save. Figure 4-1.
4-1.3 Dynamic Table The section describes hhow to configure the Dynamic IP Source Guard Table parameters of the switch. You could use the Dynamic IP Source Guard Table configure to manage the entries. Web Interface To configure a Dynamic IP Source Guard Table Configuration in the Web interface: 1. Specify the Start from port, VLAN ID, IP Address, and entries per page. 2. Check “Auto-refresh.” Figure 4-1.
4-2 ARP Insprction The section describes how to configure the ARP Inspection parameters of the switch. You could use the ARP Inspection configure to manage the ARP table. 4-2.1 Configuration This section describes how to configure ARP Inspection setting including: Mode (Enabled and Disabled) Port (Enabled and Disabled) Web Interface To configure an ARP Inspection Configuration in the Web interface: 1. Select “Enabled” in the Mode of ARP Inspection Configuration. 2.
4-2.2 Static Table The section describes how to configure the Static ARP Inspection Table parameters of the switch. You could use the Static ARP Inspection Table configure to manage the ARP entries. Web Interface To configure a Static ARP Inspection Table Configuration in the Web interface: 1. Click “Add new entry.” 2. Specify the Port, VLAN ID, IP Address, and MAC address in the entry. 3. Click Save. Figure 4-2.
4-2.3 Dynamic Table The section describes how to configure the Dynamic ARP Inspection Table parameters of the switch. The Dynamic ARP Inspection Table contains up to 1024 entries, and is sorted first by port, then by VLAN ID, then by MAC address, and then by IP address. Web Interface To configure a Dynamic ARP Inspection Table Configuration in the web interface: 1. Specify the Start from port, VLAN ID, MAC Address, IP Address, and entries per page. 2. Check “Auto-refresh.” . Figure 4-2.
4-3 DHCP Snooping The section describes how to configure the DHCP Snooping parameters of the switch. The DHCP Snooping can prevent attackers from adding their own DHCP servers to the network. 4-3.1 Configuration This section describes how to configure DHCP Snooping setting including: Snooping Mode (Enabled and Disabled) Port Mode Configuration (Trusted, Untrusted) Web Interface To configure DHCP Snooping in the Web interface: 1. Select “Enabled” in the DHCP Snooping Configuration Mode. 2.
4-3.2 Statistics The section describes how to show the DHCP Snooping Statistics information of the switch. The statistics show only packet counters when DHCP snooping mode is enabled and relay mode is disabled. And it doesn't count the DHCP packets for DHCP client. Web Interface To configure a DHCP Snooping Statistics Configuration in the Web interface: 1. Specify the Port that you want to monitor. 2. Check “Auto-refresh.” Figure 4-3.
Rx and Tx Lease Active : The number of lease active (option 53 with value 13) packets received and transmitted. Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically. Upper right icon (Refresh, Clear ): Click on these icons to refresh the DHCP Snooping Port Statistics manually or to clear the entries.
4-4 DHCP Relay The section describes how to forward DHCP requests to another specific DHCP servers via DHCP relay. The DHCP servers may be on another network. 4-4.1 Configuration This section describes how to configure DHCP Relay setting including: Relay Mode (Enabled and Disabled) Relay Server IP setting Relay Information Mode (Enabled and Disabled) Relay Information Mode Policy (Replace, Keep and Drop) Web Interface To configure a DHCP Relay in the Web interface: 1.
Indicates the DHCP relay information option policy. When DHCP relay information mode operation is enabled, if agent receives a DHCP message that already contains relay agent information it will enforce the policy. And it only works under DHCP if relay information operation mode is enabled. Possible policies are: Replace: Replace the original relay information when a DHCP message that already contains it is received.
4-4.2 Statistics The section describes the switch’s DHCP Relay Statistics information. The statistics show both Server and Client packet counters when DHCP Relay mode is enabled. Web Interface To configure a DHCP Snooping Statistics Configuration in the Web interface: 1. Check “Auto-refresh.” Figure 4-4.2: The DHCP Relay Statistics Parameter description: Transmit to Server : The number of packets that are relayed from client to server.
The number of packets that were replaced with relay agent information option. Keep Agent Option : The number of packets whose relay agent information was retained. Drop Agent Option : The number of packets that were dropped which were received with relay agent information. Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically.
4-5 NAS The section describes how to configure the NAS parameters of the switch. You can use the NAS server to connect users to a variety of resources including Internet access, conference calls, printing documents on shared printers, or by simply logging on to the Internet. 4-5.1 Configuration This section describes how to configure NAS setting of IEEE 802.1X, MAC-based authentication system and port settings. The NAS configuration consists of two sections, a system- and a port-wide.
Mode : Indicates if NAS is globally enabled or disabled on the switch stack. If globally disabled, all ports are allowed to forward frames. Reauthentication Enabled : If checked, successfully authenticated supplicants/clients are reauthenticated after the interval specified by the Reauthentication Period. Reauthentication for 802.1X-enabled ports can be used to detect if a new device is plugged into a switch port or if a supplicant is no longer attached.
RADIUS-assigned QoS centrally controls the traffic class to which traffic coming from a successfully authenticated supplicant is assigned on the switch. The RADIUS server must be configured to transmit special RADIUS attributes to take advantage of this feature (see RADIUS-Assigned QoS Enabled below for a detailed description). The "RADIUS-Assigned QoS Enabled" checkbox provides a quick way to globally enable/disable RADIUS-server assigned QoS Class functionality.
In this mode, the switch will send one EAPOL Success frame when the port link comes up, and any client on the port will be allowed network access without authentication. Force Unauthorized : In this mode, the switch will send one EAPOL Failure frame when the port link comes up, and any client on the port will be disallowed network access. Port-based 802.1X : In the 802.1X-world, the user is called the supplicant, the switch is the authenticator, and the RADIUS server is the authentication server.
In port-based 802.1X authentication, once a supplicant is successfully authenticated on a port, the whole port is opened for network traffic. This allows other clients connected to the port (for instance through a hub) to piggyback on the successfully authenticated client and get network access even though they really aren't authenticated. To overcome this security breach, use the Multi 802.1X variant. Multi 802.
order to successfully identify a QoS Class. The User-Priority-Table attribute defined in RFC4675 forms the basis for identifying the QoS Class in an Access-Accept packet. Only the first occurrence of the attribute in the packet will be considered, and to be valid, it must follow this rule: • All 8 octets in the attribute's value must be identical and consist of ASCII characters in the range 0–3, which translates into the desired QoS Class in the range [0; 3].
Request Identity frames. If the number of transmissions of such frames exceeds Max. Reauth. Count and no EAPOL frames have been received in the meantime, the switch considers entering the Guest VLAN. The interval between transmission of EAPOL Request Identity frames is configured with EAPOL Timeout. If Allow Guest VLAN if EAPOL Seen is enabled, the port will now be placed in the Guest VLAN.
4-5.2 Switch Status The section describes each switch port’s NAS status information. The status includes Admin State Port State, Last Source, Last ID, QoS Class, and Port VLAN ID. Web Interface To configure a NAS Switch Status Configuration in the Web interface: 1.Check “Auto-refresh,” Figure 4-5.2: The Network Access Server Switch Status Parameter description: Port : The switch port number. Click to navigate to detailed NAS statistics for this port.
Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically. Upper right icon (Refresh): Click on these icons to refresh the NAS Switch Status manually.
4-5.3 Port Status The section provides detailed NAS statistics for a specific switch port running EAPOL-based IEEE 802.1X authentication. Web Interface To configure a NAS Port Status Configuration in the Web interface: 1. Specify the Port that you want to check. 2. Check “Auto-refresh.” Figure 4-5.3: The NAS Statistics Parameter description: Port State Admin State : The port's current administrative state. Refer to NAS Admin State for a description of possible values.
• Single 802.1X • Multi 802.1X Backend Server Counters : These backend (RADIUS) frame counters are available for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based Auth. Last Supplicant/Client Info : Information about the last supplicant/client that attempted to authenticate. This information is available for the following administrative states: • Port-based 802.1X • Single 802.1X • Multi 802.1X • MAC-based Auth.
Shows the date and time of the last authentication of the client (successful as well as unsuccessful). Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically. Upper right icon (Refresh, Clear): Click on these icons to refresh the NAS Statistics manually or to clear all entries.
4-6 AAA This section shows you to use an AAA (Authentication, Authorization, Accounting) server to provide access control to your network. The AAA server can be a TACACS+ or RADIUS server to create and manage objects that contain settings for using AAA servers. 4-6.1 Configuration This section describes how to configure AAA setting of TACACS+ or RADIUS server. Web Interface To configure a Common Configuration of AAA in the Web interface: 1. Set Timeout (Default is 15 seconds). 2.
Figure 4-5.3.3: The RADIUS Configuration Figure 4-5.3.4: The RADIUS Accounting Configuration Figure 4-5.3.4: The TACACS+ Authentication Configuration Parameter description: Timeout : The Timeout, which can be set to a number between 3 and 3600 seconds, is the maximum time to wait for a reply from a server. If the server does not reply within this timeframe, we will consider it to be dead and continue with the next enabled server (if any).
RADIUS Authentication Server Configuration The table has one row for each RADIUS Authentication Server and a number of columns, which are: #: The RADIUS Authentication Server number for which the configuration below applies. Enabled : Enable the RADIUS Authentication Server by checking this box. IP Address/Hostname : The IP address or hostname of the RADIUS Authentication Server. IP address is expressed in dotted decimal notation.
Secret : The secret—up to 29 characters long—shared between the TACACS+ Authentication Server and the switch stack. Buttons: Save – Click to save changes. Reset- Click to undo any changes made locally and revert to previously saved values. 4-6.2 Radius Overview This section shows you an overview of the RADIUS Authentication and Accounting servers status to ensure the function is workable. Web Interface To configure a RADIUS Overview Configuration in the Web interface: 1. Check “Auto-refresh.
The IP address and UDP port number (in : notation) of this server. State : The current state of the server. This field has one of the following values: Disabled: The server is disabled. Not Ready: The server is enabled, but IP communication is not yet up and running. Ready: The server is enabled, IP communication is up and running, and the RADIUS module is ready to accept accounting attempts.
Parameter description: Auto-refresh : Click the box next to auto-refresh and the device will refresh the information automatically. Upper right icon (Refresh, Clear): Click on these icons to refresh the RADIUS Statistics information by manual or to clear all entries. 4-7 Port Security This section shows you how to configure the Port Security settings of the Switch. You can use the Port Security feature to restrict input to an interface by limiting and identifying MAC addresses. 4-7.
Parameter description: System Configuration Mode : Indicates if Limit Control is globally enabled or disabled on the switch stack. If globally disabled, other modules may still use the underlying functionality, but limit checks and corresponding actions are disabled. Aging Enabled : If checked, secured MAC addresses are subject to aging as discussed under Aging Period . Aging Period : If Aging Enabled is checked, then the aging period is controlled with this input.
1) Boot the stack or elect a new master switch, 2) Disable and re-enable Limit Control on the port or the switch stack. 3) Click the Reopen button. Trap & Shutdown: If Limit + 1 MAC addresses is seen on the port, both the "Trap" and the "Shutdown" actions described above will be taken. State : This column shows the current state of the port as seen from the Limit Control's point of view. The state takes one of four values: Disabled: Limit Control is either globally disabled or disabled on the port.
4-7.2 Switch Status This section shows the Port Security status. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules—the user modules. When a user module has enabled port security on a port, the port is set up for software-based learning. In this mode, frames from unknown MAC addresses are passed on to the port security module, which in turn asks all user modules whether to allow this new MAC address to forward or block it.
Each of the user modules has a column that shows whether that module has enabled Port Security or not. A '-' means that the corresponding user module is not enabled, whereas a letter indicates that the user module abbreviated by that letter (see Abbr) has enabled port security. State : Shows the current state of the port. It can take one of four values: Disabled: No user modules are currently using the Port Security service.
4-7.3 Port Status This section shows the MAC addresses secured by the Port Security module. Port Security is a module with no direct configuration. Configuration comes indirectly from other modules—the user modules. When a user module has enabled port security on a port, the port is set up for software-based learning. In this mode, frames from unknown MAC addresses are passed on to the port security module, which in turn asks all user modules whether to allow this new MAC address to forward or block it.
4-8 Access Management This section shows you to configure access management table of the Switch including HTTP/HTTPS, SNMP, and TELNET/SSH. You can manage the Switch over an Ethernet LAN, or over the Internet. 4-8.1 Configuration This section shows you how to configure access management table of the Switch. The maximum entry number is 16. If the application's type matches any one of the access management entries, it will allow access to the switch.
HTTP/HTTPS : Indicates that the host can access the switch from HTTP/HTTPS interface if the host IP address matches the IP address range provided in the entry. SNMP : Indicates that the host can access the switch from SNMP interface if the host IP address matches the IP address range provided in the entry. TELNET/SSH : Indicates that the host can access the switch from TELNET/SSH interface if the host IP address matches the IP address range provided in the entry.
4-8.2 Statistics This section describes detailed statistics for the Access Management including HTTP, HTTPS, SSH. TELNET, and SSH. Web Interface To configure an Assess Management Statistics in the Web interface: 1. Check “Auto-refresh.” Figure 4-8.2: The Access Management Statistics Parameter description: Interface : The interface type through which the remote host can access the switch. Received Packets : Number of received packets from the interface when access management mode is enabled.
4-9 SSH This section shows you to use SSH (Secure SHell) to securely access the Switch. SSH is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication. Web Interface To configure a SSH Configuration in the Web interface: 1. Select “Enabled” in the SSH Configuration Mode. 2. Click Save. Figure 4-9.1: The SSH Configuration Parameter description: Mode : Indicates the SSH mode operation.
4-10 HTTPs This section shows you how to use HTTPS to securely access the Switch. HTTPS is a secure communication protocol that combines authentication and data encryption to provide secure encrypted communication via the browser. Web Interface To configure a HTTPS Configuration in the Web interface: 1. Select “Enabled” in the Mode of HTTPS Configuration. 2. Select “Enabled” in the HTTPS Configuration Automatic Redirect field. 3. Click Save. Figure 4-10.
4-11 Auth Method This page shows how a user is authenticated when he logs into the switch stack via one of the management client interfaces. Web Interface To configure a Authentication Method Configuration in the Web interface: 1. Specify the Client (console, telent, ssh, web) that you want to monitor. 2. Specify the Authentication Method (none,local, radius, tacacs+). 3. Check Fallback. 4. Click Save. Figure 4-11.
Chapter 5. Maintenance This chapter describes switch Maintenance configuration tasks to enhance the performance of the local network, including Restart Device, Firmware upgrade, Save/Restore, Import/Export, and Diagnostics. 5-1 Restart Device This section describes how to restart switch for any maintenance needs. Any configuration files or scripts that you saved in the switch should still be available afterwards. Web Interface To configure a Restart Device Configuration in the web interface: 1.
5-2 Firmware This section describes how to upgrade Firmware. The Switch can be enhanced with more value-added functions by installing firmware upgrades. 5-2.1 Firmware Upgrade This page facilitates an update of the firmware controlling the Web Interface To configure a Firmware Upgrade Configuration in the Web interface: 1. Chick Browser to select firmware in you device. 2. Click Upload. Figure 5-2.1: The Firmware update Parameter description: Browse : Click the “Browse...
5-2.2 Firmware Selection The switch supports Dual image for firmware redundancy purpose. You can select the firmware image for your device start firmware or operating firmware. This page provides information about the active and alternate (backup) firmware images in the device, and allows you to revert to the alternate image. Web Interface To configure a Firmware Selection in the Web interface: 1. Chick Activate Alternate Image. 2. Click yes to complete firmware selection.. Figure 5-2.
NOTE: 1. In case the active firmware image is the alternate image, only the "Active Image" table is shown. In this case, the Activate Alternate Image button is also disabled. 2. If the alternate image is active (due to a corruption of the primary image or by manual intervention), uploading a new firmware image to the device will automatically use the primary image slot and activate this. 3. The firmware version and date information may be empty for older firmware releases.
5-3 Save / Restore This section describes how to save and restore the Switch configuration, including reset to Factory Defaults, Save Start, Save Users, or Restore Users for any maintenance needs. 5-3.1 Factory Defaults This section describes how to reset the Switch configuration to Factory Defaults. Any configuration files or scripts will recover to factory default values. Web Interface To configure Factory Defaults in the Web interface: 1. Click Factory Defaults. 2. Click Yes. Figure 5-3.
5-3.3 Save User This section describes how to save users information. Any current configuration files will be saved as XML format. Web Interface To configure a Save User Configuration in the Web interface: 1. Chick Save User. 2. Click Yes. Figure 5-3.3: The Save as Backup Configuration Parameter description: Buttons: Save – Click the “Save” button to save current setting as Backup Configuration. 5-3.4 Restore User This section describes how to restore users information back to the switch.
5-4 Export / Import This section describes how to export and import the Switch configuration. Any current configuration files will be exported as XML format. 5-4.1 Export Config This section describes how to export the Switch Configuration for maintenance needs. Any current configuration files will be exported as XML format. Web Interface To configure a Export Config Configuration in the Web interface: 1. Click Save configuration. 2. Save the file in your device. Figure 5-4.
5-4.2 Import Config This section describes how to export the Switch Configuration for maintenance needs. Any current configuration files will be exported as XML format. Web Interface To configure an Import Config Configuration in the Web interface: 1. Click Browser to select the config file in your device. 2. Click Upload. Figure 5-4.2: The Import Config Parameter description: Browse : Click the “Browse...” button to search the Configuration URL and filename.
5-5 Diagmostics This section provides a set of basic system diagnosis. It let users know that whether the system is healthy or needs to be fixed. The basic system check includes ICMP Ping, ICMPv6, and VeriPHY Cable Diagnostics. 5-5.1 Ping This section allows you to issue ICMP PING packets to troubleshoot IPv6 connectivity issues. Web Interface To configure an ICMP PING Configuration in the Web interface: 1.Specify ICMP PING IP Address. 2.Specify ICMP PING Size. 3.Click Start. Figure 5-5.
5-5.2 Ping6 This section allows you to issue ICMPv6 PING packets to troubleshoot IPv6 connectivity issues. Web Interface To configure an ICMPv6 PING Configuration in the Web interface: 1.Specify ICMPv6 PING IP Address. 2.Specify ICMPv6 PING Size. 3.Click Start. Figure 5-5.2: The ICMPv6 Ping Parameter description: IP Address : The destination IP Address with IPv6 Ping Size : The payload size of the ICMP packet. Values range from 8 bytes to 1400 bytes.
5-5.3 VeriPHY This section is used for running the VeriPHY Cable Diagnostics. Press to run the diagnostics. This will take approximately 5 seconds. If all ports are selected, this can take approximately 15 seconds. When completed, the page refreshes automatically, and you can view the cable diagnostics results in the cable status table. NOTE: VeriPHY is only accurate for cables of length 7–140 meters.10 and 100 Mbps ports will be linked down while running VeriPHY.
A. Glossary of Web-based Management A ACE ACE is an acronym for Access Control Entry. It describes access permission associated with a particular ACE ID. There are three ACE frame types (Ethernet Type, ARP, and IPv4) and two ACE actions (permit and deny). The ACE also contains many detailed, different parameter options that are available for individual application. ACL ACL is an acronym for Access Control List.
Aggregation Using multiple ports in parallel to increase the link speed beyond the limits of a port and to increase the redundancy for higher availability. (Also Port Aggregation, Link Aggregation). ARP ARP is an acronym for Address Resolution Protocol. It is a protocol used to convert an IP address into a physical address, such as an Ethernet address. ARP allows a host to communicate with other hosts when only the Internet address of its neighbors is known.
The DHCP server ensures that all IP addresses are unique, for example, no IP address is assigned to a second client while the first client's assignment is valid (its lease has not expired). Therefore, IP address pool management is done by the server and not by a human network administrator. Dynamic addressing simplifies network administration because the software keeps track of IP addresses rather than requiring an administrator to manage the task.
EEE EEE is an abbreviation for Energy Efficient Ethernet defined in IEEE 802.3az. EPS EPS is an abbreviation for Ethernet Protection Switching defined in ITU/T G.8031. Ethernet Type Ethernet Type, or EtherType, is a field in the Ethernet MAC header, defined by the Ethernet networking standard. It is used to indicate which protocol is being transported in an Ethernet frame. F FTP FTP is an acronym for File Transfer Protocol.
HTTPS HTTPS is an acronym for Hypertext Transfer Protocol over Secure Socket Layer. It is used to indicate a secure HTTP connection. HTTPS provide authentication and encrypted communication and is widely used on the World Wide Web for security-sensitive communication such as payment transactions and corporate logons. HTTPS is really just the use of Netscape's Secure Socket Layer (SSL) as a sub-layer under its regular HTTP application layering.
IP IP is an acronym for Internet Protocol. It is a protocol used for communicating data across an Internet network. IP is a "best effort" system, which means that no packet of information sent over is assured to reach its destination in the same condition it was sent. Each device connected to a Local Area Network (LAN) or Wide Area Network (WAN) is given an Internet Protocol address, and this IP address is used to identify the device uniquely among all other devices connected to the extended network.
LOC is an acronym for Loss Of Connectivity and is detected by a MEP. It indicates lost connectivity in the network. Can be used as switch criteria by EPS. M MAC Table Switching of frames is based upon the DMAC address contained in the frame. The switch builds up a table that maps MAC addresses to switch ports for knowing which ports the frames should go to (based upon the DMAC address in the frame). This table contains both static and dynamic entries.
NetBIOS is an acronym for Network Basic Input/Output System. It is a program that allows applications on separate computers to communicate within a Local Area Network (LAN), and it is not supported on a Wide Area Network (WAN). The NetBIOS gives each computer in the network both a NetBIOS name and an IP address corresponding to a different host name, and provides the session and transport services described in the Open Systems Interconnection (OSI) model. NFS NFS is an acronym for Network File System.
PING ping is a program that sends a series of packets over a network or the Internet to a specific computer to generate a response from that computer. The other computer responds with an acknowledgment that it received the packets. Ping was created to verify whether a specific computer on a network or the Internet exists and is connected. ping uses Internet Control Message Protocol (ICMP) packets.
QCL is an acronym for QoS Control List. It is the list table of QCEs that contains QoS control entries to classify a specific QoS class on specific traffic objects. Each accessible traffic object contains an identifier to its QCL. The privileges determine specific traffic object to specific QoS class. QL QL In SyncE this is the Quality Level of a given clock source. This is received on a port in a SSM indicating the quality of the clock received in the port. QoS QoS is an acronym for Quality of Service.
SMTP SMTP is an acronym for Simple Mail Transfer Protocol. It is a text-based protocol that uses the Transmission Control Protocol (TCP) and provides a mail service modeled on the FTP file transfer service. SMTP transfers mail messages between systems and notifications regarding incoming mail. SNAP The SubNetwork Access Protocol (SNAP) is a mechanism for multiplexing, on networks using IEEE 802.2 LLC, more protocols than can be distinguished by the 8-bit 802.2 Service Access Point (SAP) fields.
SyncE SyncE Is an abbreviation for Synchronous Ethernet. It is used to sychronize a network “clock frequency.” Do not confuse this with real-time clock synchronized (IEEE 1588). T TACACS+ TACACS+ is an acronym for Terminal Acess Controller Access Control System Plus. It is a networking protocol that provides access control for routers, network access servers, and other networked computing devices via one or more centralized servers.
U UDP UDP is an acronym for User Datagram Protocol. It is a communications protocol that uses the Internet Protocol (IP) to exchange the messages between computers. UDP is an alternative to the Transmission Control Protocol (TCP) that uses the Internet Protocol (IP). Unlike TCP, UDP does not provide the service of dividing a message into packet datagrams, and UDP doesn't provide reassembling and sequencing of the packets.
Black Box Tech Support: FREE! Live. 24/7. Tech support the way it should be. Great tech support is just 60 seconds away at 724-746-5500 or blackbox.com. About Black Box Black Box provides an extensive range of networking and infrastructure products. You’ll find everything from cabinets and racks and power and surge protection products to media converters and Ethernet switches all supported by free, live 24/7 Tech support available in 60 seconds or less. © Copyright 2013. Black Box Corporation.
