Simply Connected User Guide XMS-1024P 24 Port Gigabit Managed PoE/PoE+ Switch Use the XMS-1024P to: Cost-effectively Add 802.
XMS-1024P User Guide Model Number: XMS-1024P 24 Port Gigabit Managed PoE/PoE+ Switch © 2014 Luxul. All Rights Reserved. No part of this publication may be modified or adapted in any way, for any purposes without permission in writing from Luxul. The material in this manual is subject to change without notice. Luxul reserves the right to make changes to any product to improve reliability, function, or design.
User Guide CONTENTS 1 ABOUT THIS GUIDE 6 1.1 Intended Readers 6 1.2 Conventions 6 1.3 Overview of This Guide 6 2 INTRODUCTION 10 2.1 Overview of the Switch 10 2.2 Main Features 11 2.3 Description 12 3 LOGGING ON TO THE SWITCH 14 3.1 Login 14 3.2 Configuration 15 4 SYSTEM 16 4.1 System Settings 16 4.2 User Management 24 4.3 System Tools 26 5 SWITCHING 38 5.1 Port Settings 38 5.2 LAG 48 5.3 Traffic Monitor 53 5.4 MAC Address 57 6 VLAN 64 6.1 802.
XMS-1024P 7.5 Application Example for STP Function 111 8 MULTICAST 116 8.1 IGMP Snooping 119 8.2 Multicast IP 130 8.3 Multicast Filter 132 8.4 Packet Statistics 135 9 QOS 137 9.1 DiffServ 141 9.2 Bandwidth Control 147 9.3 Voice VLAN 151 10 POE 157 10.1 PoE Config 158 10.2 PoE Time-Range 161 11 ACL 165 11.1 Time-Range 165 11.2 ACL Config 169 11.3 ACL Policy 176 12 NETWORK SECURITY 186 12.1 IP-MAC Binding 186 12.2 ARP Inspection 199 12.
User Guide 15.3 Cluster 269 16 MAINTENANCE 271 16.1 System Monitor 271 16.2 System Logs 273 16.3 Device Diagnostics 279 16.4 Network Diagnostics 281 17 SAVE CONFIG 282 18 REGULATORY COMPLIANCE 283 APPENDIX A: SPECIFICATIONS 286 GLOSSARY 287 © 2014 Luxul. All Rights Reserved.
XMS-1024P 1 ABOUT THIS GUIDE This User Guide contains information for setup and Management of the XMS-1024P 24 Port Gigabit Managed PoE/PoE+ Switch. Please read this guide carefully. 1.1 Intended Readers This Guide is intended for users or installers familiar with IP concepts and Network terminologies. 1.
User Guide Chapter Chapter 5 Switching Introduction This chapter will show how to configure basic functions of the Switch. Port: Configure the basic features of the Switch Ports. LAG: Configure Link Aggregation Group. A LAG combines a number of Ports together to make a single high-bandwidth Data path. Traffic Monitor: Monitor the traffic statistics of each Port MAC Address: Modify the MAC MAC Table properties of the Switch.
XMS-1024P Chapter Chapter 8 Multicast Introduction This chapter will show how to configure the Multicast functions of the Switch. IGMP Snooping: Configure global parameters of IGMP Snooping, Port properties, VLAN, and Multicast VLAN. Multicast IP: Configure Multicast IP table. Multicast Filter: Configure Multicast Filter to restrict users ordering Multicast programs. Packet Statistics: View the Multicast traffic statistics on each Port of the Switch.
User Guide Chapter Chapter 12 Network Security Introduction This Chapter will show how to configure the multiple protection measures in Network Security. IP-MAC Binding: Bind the IP Address, MAC address, VLAN ID and the Connected Port of the Host together. ARP Inspection: ARP Inspection feature prevent ARP attacks on the Network. DoS Defend: DoS Defense features to prevent DoS attack. 802.1X/RADIUS: Covers the use of 802.1X/RADIUS and Radius Servers.
XMS-1024P Chapter Chapter 16 Maintenance Introduction This chapter will show how to use the common system tools to manage the Switch. System Monitor: The memory and CPU usage of the Switch. Log: View system events. Device Diagnostics: Test the connection status of the cable connected to the Switch. Network Diagnostics: Ping and Traceroute utilities to test connection at the Switch. Appendix A Specifications Lists the hardware specifications of the Switch.
User Guide 2.2 Main Features Resiliency and Availability Link Aggregation (LACP) increases aggregated bandwidth, optimizing the transport of critical Data. IEEE 802.1s Multiple Spanning Tree provides high link availability. Multicast Snooping automatically prevents flooding of IP Network when using Multicast. Layer 2 Switching GVRP (GARP VLAN Registration Protocol) allows automatic learning and dynamic assignment of VLANs. Supports up to 4094 VLANs.
XMS-1024P 2.3 Description 2.3.1 Front Panel Figure 2-1 Front Panel The following parts are located on the front panel of the Switch: 24 10/100/1000Mbps Ports: Designed to connect client devices with a bandwidth of up to 1000Mbps. 4 SFP Ports: Designed to allow the use of an SFP module for fiber interlinking. NOTE: When using the SFP Port with a 100Mbps module or a Gigabit module, you need to configure its corresponding Speed and Duplex mode in Switching>>Port Settings>>Port Config page.
User Guide LED Status Indication Power On The Switch is powered on Off The Switch is powered off or power supply has failed Flashing Indicates a Power fault Flashing The Switch booted without error and is running System On 10/100/1000 Mbps Port LED Green Yellow The Switch encountered a boot error On A 1000 Mbps device is connected to the corresponding Port Flashing Data is being transmitted or received on the corresponding Port On A 10/100 Mbps device is connected to the corresponding P
XMS-1024P 2.3.2 Rear Panel The rear panel of XMS-1024P features a power socket and a Grounding Terminal. Hz 5.0A 60 0V-50/ 100-24 Figure 2-2 Rear Panel 1 Grounding Terminal: The XMS-1024P already comes with a grounding mechanism in the provided three prong power cable and power supply. You can also ground the Switch with the provided Ground Cable. For detailed information, please refer to Installation Guide.
User Guide Figure 3-2 Login 3.2 Configuration After a successful login, the main System page will appear (Figure 3-3). Figure 3-3 Main Setup-Menu CAUTION: By clicking Apply the current configuration changes will be applied to the running configuration. If the Switch is rebooted the configuration will be lost. To save the configuration to nonvolatile memory please click Save Config link in the left-hand menu.
XMS-1024P 4 SYSTEM The System menu offers the various system configuration options of the Switch, and includes four submenus: System Settings User Management System Tools Access Control. 4.1 System Settings The System Settings submenu includes the: Status, Device Description, System Time, Daylight Saving Time and System IP tabs. 4.1.1 Status This page allows you to view the Port connection status and the System Info.
User Guide Port Status Indicates the Port is not connected to a device. Indicates the Port is connected at the speed of 1000Mbps. Indicates the Port is connected at the speed of 10Mbps or 100Mbps. Indicates the SFP Port is not connected. Indicates the SFP Port is connected at the speed of 1000Mbps. Indicates the SFP Port is connected at the speed of 100Mbps. When the cursor is used to highlight the Port, the detailed information of the Port will be displayed.
XMS-1024P You may click a Port to display the bandwidth utilization chart for the Port. The actual rate divided by theoretical maximum rate is the bandwidth utilization. Figure 4-3 displays the bandwidth utilization monitored every four seconds. Monitoring the bandwidth utilization on a Port allows you to monitor the Network traffic and analyze the Network for any abnormalities.
User Guide The following entries are displayed on this screen: Device Description Device Name: A name for the Switch is entered here. Device Location: Location information is entered here to help identify the location and purpose of the Switch. System Contact: Support or Admin contact information is entered here.
XMS-1024P Time Info Current System Date & Time: Displays the current date and time of the Switch. Current Time Source: Displays the current time source of the Switch. Time Config Manual: Get Time from NTP Server: When this option is selected, you can set the date and time manually. When this option is selected, you can configure the time zone and the IP Address for the desired NTP Server. The Switch will get time from NTP Server automatically if it has connected to a NTP Server.
User Guide Choose the menu System>>System Settings>>Daylight Savings Time to load the following page. Figure 4-6 Daylight Savings Time The following entries are displayed on this screen: DST Config DST Status: Enable or Disable DST. Predefined Mode: Select a predefined DST configuration. Recurring Mode: USA: First Sunday in April, 02:00 ~ Last Sunday in October, 02:00. Australia: First Sunday in October, 02:00 ~ First Sunday in April, 03:00.
XMS-1024P DST Config Date Mode: Allows you to specify the DST configuration using a Date format instead of a week, day and month format. This configuration will not run in a recurring mode and must be set each year. Offset: Specifies the change of time in minutes when a DST event occurs. Start Time/End Time: Set the Starting and Ending dates for DST in your geographical location.
User Guide Figure 4-7 System IP The following entries are displayed on this screen: IP Config MAC Address: IP Address Mode: Displays MAC Address or Hardware Address of the Switch. Allows you to select the desired mode for setting the IP Address of the Switch. Static IP: When this option is selected you set the IP Address, Subnet Mask and Default Gateway manually. DHCP: When this option is selected the Switch will obtain all IP Address settings from the DHCP Server in your Network.
XMS-1024P NOTE: The System IP settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: Changing the IP Address to a different IP subnet (i.e. from 192.168.0.XXX to 192.168.1.XXX) will interrupt Network communication. Please keep the new IP Address in the same IP subnet as the rest of the local Network. NOTE: The Switch only requires one IP Address.
User Guide 4.2.2 User Config On this page you can configure the Access Level of the user allowed to log in to the Web Management page. The Switch provides two access levels: Guest and Admin. The Guest user can only view the settings and status with no rights to actually configure the Switch; the Admin user can configure all functions of the Switch. Choose the menu System>>User Management>>User Config to load the following page.
XMS-1024P User Info Confirm Password: User Table Select: User ID, Name, Access Level and status: Operation: Confirm the Password for the Users login. Select the desired entry to delete or edit the corresponding user information. If selecting multiple entries the only option available is Delete. Displays the current User ID, User Name, Access Level and User Status. Click the Edit link of the desired entry to edit the corresponding user information.
User Guide 4.3.1 Config Restore On this page you can upload a previous backup configuration file to restore your Switch to the desired configuration. Choose the menu System>>System Tools>>Config Restore to load the following page. Figure 4-10 Config Restore The following entries are displayed on this screen: Config Restore Config File: Browse to the configuration backup file you would like to Restore. Restore Config: Click the Restore Config button to restore the backup configuration file.
XMS-1024P 4.3.2 Config Backup On this page you can download the current configuration of the Switch and save it as a file to your computer for your future configuration restore or to configure future installations. Choose the menu System>>System Tools>>Config Backup to load the following page. Figure 4-11 Config Backup The following entries are displayed on this screen: Config Backup Backup Config: Click the Backup Config button to save the current running configuration as a file on your computer.
User Guide Choose the menu System>>System Tools>>Firmware Upgrade to load the following page. Figure 4-12 Firmware Upgrade The following entries are displayed on this screen: Firmware Upgrade Firmware File: Browse to the downloaded Firmware file and select it. Visit http:// luxul.com to download the current firmware. Current Firmware Version: Displays the current running version of Firmware on the Switch.
XMS-1024P CAUTION: Please select the proper Firmware version matching your Hardware version. Visit http://luxul.com for more information. NOTE: After the Upgrade process is complete the Switch will reboot automatically. 4.3.4 System Reboot On this page you can Reboot the Switch. Please save the current running configuration before rebooting to avoid losing the configuration. Choose the menu System>>System Tools>>System Reboot to load the following page.
User Guide 4.3.5 Restore Factory Defaults On this page you can restore the Switch to the Factory Default settings. The Switch will reboot as part of this operation once rebooted all settings will return to their default values. Choose the menu System>>System Tools>>Restore Factory Defaults to load the following page.
XMS-1024P 4.4.1 Access Control On this page you can control the users logging on to the Web Management page. The definitions of Admin and Guest refer to section 4.2 User Management. Choose the menu System>>Access Control>>Access Control to load the following page. Figure 4-15 Access Control The following entries are displayed on this screen: Access Control Control Mode: Select the control mode for users to log on to the Web Management page.
User Guide Access Control IP Address & Mask: hese fields are available for configuration only when IP-based mode is selected. Only the users within the IP-range you configure are allowed to login. MAC Address: This field is available for configuration only when MAC-based mode is selected. Only the device with the configured MAC Address is allowed to login. Port: This field is available for configuration only when Port-based mode is selected.
XMS-1024P by this website was not issued by a trusted certificate authority” or “Certificate Errors”. Please choose “add this certificate to trusted certificates” or “continue to this website”. On this page you can configure SSL. Choose the menu System>>Access Control>>SSL Config to load the following page. Figure 4-16 SSL Config The following entries are displayed on this screen: SSL Config SSL: Enable or Disable the SSL function.
User Guide CAUTION: The SSL Certificate and Key uploaded must be a matching pair. If the Certificate and Key are not a matching pair HTTPS access to the Switch will fail.. CAUTION: The SSL Certificate and Key uploaded will not take effect until the Switch is rebooted. NOTE: To establish a secured connection to the Switch using https, please enter https:// before the IP Address of the Switch in your Web Browser.
XMS-1024P Choose the menu System>>Access Control>>SSH Config to load the following page. Figure 4-17 SSH Config The following entries are displayed on this screen: Global Config SSH: Enable or Disable SSH. Protocol V1: Enable or Disable SSH V1 support. Protocol V2: Enable or Disable SSH V2 support. Idle Timeout: Set the connection idle timeout time. The system will automatically release the connection when the time has expired the default timeout is 500 seconds.
User Guide CAUTION: SSH settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. CAUTION: Please ensure the key length of the upload file is between 2563072 bits. CAUTION: After the Key File is uploaded the default key of the same type will be replaced. A failed or corrupt upload will result in SSH access to default to Password Authentication.
XMS-1024P 2. Click the Open button to log on to the Switch. Enter the User Name and Password used to access the Web Management page of the Switch. 5 SWITCHING Switching menu is used to configure the basic functions of the Switch, including: Port Settings, LAG, Traffic Monitor and MAC Settings. 5.
User Guide Choose the menu Switching>>Port Settings>>Port Config to load the following page. Figure 5-1 Port Config Here you can view and configure the Port parameters. Port Config Port Select: Enter a port number and click the Select button to quick-select the corresponding Port. Select: Place a check mark to select the desired Port(s) to be configured. Port: Displays the Port number. Will be blank when selecting multiple ports. Description: Description of the Port for easy identification.
XMS-1024P CAUTION: Port Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. CAUTION: After the Key File is uploaded the default key of the same type will be replaced. A failed or corrupt upload will result in SSH access to default to Password Authentication. NOTE: The parameters of the Ports in a LAG Group should be set the same for optimal operation. 5.1.
User Guide The following entries are displayed on this screen. Mirror Group List Group: The Mirror Group number. Mirroring: The Mirroring Port number (destination Port). Mode: Indicates the traffic mirroring options of Ingress or Egress sources. Mirrored Port: Displays the Mirrored Ports and whether they are mirroring Ingress, Egress or Both. Operation: Click Edit to configure the mirror group. Edit to displays the following page. Figure 5-3 Mirroring Port © 2014 Luxul. All Rights Reserved.
XMS-1024P The following entries are displayed on this screen. Mirror Group Number: The mirror group number you want to configure. Mirroring Port Mirroring Port: The Mirroring Port (destination Port) number. Mirrored Port Port Select: Enter a Port number and click the Select button to quick-select the corresponding Port. Select: Place a check in the check box to select the desired Port(s) as a Mirrored Port (source Port(s)). Port: Displays the Port number.
User Guide 5.1.3 Port Security Port Security is used to protect the Switch from the malicious MAC Address Attacks by limiting the maximum number of MAC Addresses that can be learned on each Port. A Port with the Port Security feature enabled will learn MAC Addresses dynamically. When the number of learned MAC Address reaches the maximum value set the Port will stop learning. Any new devices with an unlearned MAC Address will not be allowed access to the Network via this Port.
XMS-1024P The following entries are displayed on this screen: Port Security Select: Check the check box of the desire Port(s) for Port Security configuration. Port: Displays the Port number. Max Learned MAC: Specify the Maximum number of MAC Addresses that can be learned on the Port(s). Learned Num: Displays the number of MAC Addresses that have been learned by the Port. Learn Mode: Select the Learn Mode for the Port.
User Guide Port to forward packets to Ports not members of its Port Isolation List. Choose the menu Switching>>Port Settings>>Port Isolation to load the following page. Figure 5-5 Port Isolation Config The following entries are displayed on this screen: Port Isolation Config Port: Select a Port number to set its Port Isolation List. Allowed Ports: Select the Allowed Port(s) for the selected Port to Forward too. Port Isolation List Port: Display the Port number.
XMS-1024P NOTE: Port Isolations settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 5.1.5 Loopback Detection The Loopback Detection feature can detect Network loops using loopback detection packets. When a loop is detected, the Switch will display an alert and/or block the corresponding Port according to the settings configured.
User Guide Loopback Detection Loopback Detection: Enable or Disable Loopback Detection globally. Detection Interval: Set a Loopback Detection interval between 1 and 1000 seconds the default value is 30 seconds. Automatic Recovery: The amount of Time after which the blocked Port will automatically return to normal status. It is set as a number of detection intervals to elapse before Automatic Recovery. Refresh Status: Enable or Disable automatic refresh.
XMS-1024P NOTE: Recovery Mode is not available when Alert or Port Based with Manual Recovery is the chosen Operation Mode. NOTE: Loopback Detection requires Storm Control to be configured and active. 5.2 LAG LAG (Link Aggregation Group) is used to combine a number of Ports together to make a single high-bandwidth Data path and to implement traffic load sharing among the member Ports of a group. This also enhances connection reliability.
User Guide Depending on the Aggregation mode, Aggregation groups fall into two types: Static LAG and LACP Config. 5.2.1 LAG Table On this page you can view the information of the current LAG Groups configured on the Switch. Choose the menu Switching>>LAG>>LAG Table to load the following page. Figure 5-7 LAG Table The following entries are displayed on this screen: Lag Hash Hash Algorithm: Select the applied scope of Hash Algorithm which applies to choosing a Port used to transfer the packets.
XMS-1024P Click the Detail button for the detailed information of your selected LAG. Figure 5-8 Detail Information 5.2.2 Static LAG On this page you can manually configure the LAG Group. The LACP feature is disabled for the member Ports of any manually added Static LAG. Choose the menu Switching>>LAG>>Static LAG to load the following page. Figure 5-9 Manual Config 50 a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.
User Guide The following entries are displayed on this screen: LAG Config Group Number: Select a Group Number for the LAG. Description: Displays the description of LAG (not configurable by the user). LAG Table Member Ports: Select the Ports to be added as a LAG member. Clearing all the Ports from the LAG will delete the LAG Group. NOTE: The LAG Group can be deleted by clearing its member Ports.. NOTE: Only a non-member Port can be added to a LAG Group.
XMS-1024P With the LACP feature enabled the Port will notify its partner of the System Priority, System MAC, Port Priority, Port Number and Operation Key (the Operation Key is determined by the physical properties of the Port). The device with higher priority will control dynamic Aggregation. System Priority and System MAC are used to decide the priority of a device. The lower System Priority value will be the Higher Priority.
User Guide LACP Config System Priority: LACP Config Port Select: Specifies the system priority for the Switch. The System Priority and MAC Address constitute the System Identification (ID). A lower System Priority value indicates a higher system priority. When exchanging information between systems the system with higher priority determines which Link Aggregation Group a link belongs to.
XMS-1024P Choose the menu Switching>>Traffic Monitor>>Traffic Summary to load the following page. Figure 5-11 Traffic Summary 54 a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.
User Guide The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable refreshing the Traffic Summary page automatically. Refresh Rate: Enter a value in seconds to specify the Refresh Interval. Traffic Summary Port Select: Click the Select button to quick-select the corresponding Port based on the Port number you entered. Port: Displays the Port number. Packets Rx: Displays the number of Packets Received on the Port. Error packets are not counted in this field.
XMS-1024P The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable refresh of the Traffic Summary page automatically. Refresh Rate: Enter a value in seconds to specify the Refresh Interval. Statistics Port: Enter a Port number and click the Select button to view the traffic statistics of the corresponding Port. Received: Displays the Packets Received on the Port. Sent: Displays the Packets Transmitted on the Port.
User Guide CAUTION: Traffic Statistics settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 5.4 MAC Address The Switch forwards traffic based on the Destination MAC Address contained in the Packet Header. To accelerate this process the Switch maintains a MAC MAC Table, the properties of which can be adjusted to meet the needs of the Network.
XMS-1024P This function includes four submenus: MAC Table, Static MAC, Dynamic MAC and MAC Filtering. 5.4.1 MAC Table On this page, you can view all the information of the MAC Table. Choose the menu Switching>>MAC Settings>>MAC Table to load the following page. Figure 5-13 MAC Table The following entries are displayed on this screen: Address Table MAC Address: Enter the MAC address to search by. VLAN ID: Enter the VLAN ID to search by. Port: Select the corresponding Port number to search by.
User Guide Address Table MAC Address: Displays the MAC address learned by the Switch. VLAN ID: Displays the corresponding VLAN ID of the MAC address. Port: Displays the corresponding Port number of the MAC address. Type: Displays the Type of the MAC address. Aging Status: Displays the Aging status of the MAC address. 5.4.2 Static MAC The Static MAC Table maintains the static MAC Address entries which are added or removed manually.
XMS-1024P The following entries are displayed on this screen: Add Static MAC MAC Address: Enter the static MAC Address to be bound. VLAN ID: Enter the corresponding VLAN ID of the MAC address. Port: Select a Port from the drop-down to be bound. Search Option Search Option: Select a Search Option from the drop-down and click the Search button to find the desired entry in the Static MAC Table. MAC: Enter the MAC address of the desired entry.
User Guide NOTE: The MAC address in the Static MAC Table cannot be added to the Filtering MAC Table or be bound to a Port dynamically. NOTE: The Static MAC Address binding function is not available if the 802.1X/RADIUS/RADIUS feature is enabled. 5.4.3 Dynamic MAC The Dynamic MAC Table updates automatically by learning new MAC Addresses and Auto Aging of old MAC Addresses. To fully utilize the Dynamic MAC Table which has a limited capacity, the Switch uses Auto Aging.
XMS-1024P The following entries are displayed on this screen: Aging Config Auto Aging: Enable/Disable the Auto Aging feature. (Note: We strongly recommend that you do not disable Auto Aging that can result in Data loss and potential connectivity issues.) Aging Time: Enter the Aging Time for the Dynamic MAC Address. Search Option Search Option: Select a Search Option from the drop-down and click the Search button to find the desired entry in the Dynamic MAC Table.
User Guide CAUTION: Dynamic MAC settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 5.4.4 MAC Filtering MAC Filtering is used to control which packets are forwarded. MAC Filtering is added or removed manually and is independent of the Aging Time. MAC Filtering allows the Switch to filter the packets based on the source address or destination address.
XMS-1024P The following entries are displayed on this screen: Add MAC Address Filter MAC Address: Enter the MAC Address to be filtered. VLAN ID: Enter the corresponding VLAN ID of the MAC address. Search Option Search Option: Select a Search Option from the drop-down and click the Search button to find your desired entry in the MAC Filter Table. MAC: Enter the MAC address the desired entry. VLAN ID: Enter the VLAN ID number the desired entry/entries.
User Guide as if they are in a LAN. However, hosts in different VLANs cannot communicate with one another directly. Broadcast packets are limited to the ports or hosts assigned to the same VLAN. Hosts in the same VLAN communicate with one another via Layer 2 (Broadcast Domain), hosts in different VLANs can communicate with one another through Boundary devices such as Routers or the Layer 3 Switches. The following figure illustrates a simple VLAN implementation.
XMS-1024P The Switch can analyze the received untagged packets on the Port and match the packets with the MAC VLAN, Protocol VLAN and/or 802.1Q VLAN in turn. If a packet is matched, the Switch will add a corresponding VLAN tag to it and forward it in the corresponding VLAN. 6.1 802.1Q VLAN VLAN tags used in the packets are necessary for the Switch to identify packets of different VLANs.
User Guide In this User Guide “tagged packet” refers to a packet with a VLAN tag, “untagged packet” refers to a packet without VLAN tag and “priority-tagged” packet refers to a packet with VLAN tag whose VLAN ID is 0. Link Types of Ports When creating the 802.1Q VLAN, you should set the link type for the Port according to the configuration of the connected device.
XMS-1024P Port Type Received Packets Untagged Packets General Tagged Packets If the VID of packet is the same as the PVID of the Port, the packet will be received. Access Trunk Forwarded Packets When untagged packets are received, the Port will add the default VLAN tag, i.e. the PVID of the Ingress Port, to the packets. If the VID of packet is not the same as the PVID of the Port, the packet will be dropped. If the VID of packet is allowed by the Port, the packet will be received.
User Guide To ensure normal communication across the Switch the default VLAN of all Ports is set to VLAN1 and VLAN1 cannot be deleted. The following entries are displayed on this screen: VLAN Table VLAN ID Select: Click the Select button to quick-select the corresponding entry based on the VLAN ID you entered. Select: Select the desired entry to delete the corresponding VLAN(s). VLAN ID: Displays the ID of the VLAN. Description: Displays the description of the VLAN.
XMS-1024P The following entries are displayed on this screen: VLAN Config VLAN ID: Enter the ID number of VLAN. Description: A description of the VLAN for identification. Check: Click the Check button to verify if the VLAN ID entered is valid and available. T VLAN Members Port Select: Click the Select button to quick-select the corresponding entry based on the Port number you entered. Select: Select the desired Port(s) to be added as a member of the VLAN or leave it blank to not add it to the VLAN.
User Guide Choose the menu VLAN>>802.1Q VLAN>>Port Config to load the following page. Figure 6-5 Port VLAN Config The following entries are displayed on this screen: VLAN Config Port Select: Click the Select button to quick-select the corresponding entry based on the Port number entered. Select: Select the desired Port(s) for configuration. Port: Displays the Port number. Link Type: Select the Link Type from the pull-down list for the Port.
XMS-1024P CAUTION: Port Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. 6.2 MAC VLAN MAC VLAN technology is used to classify and assign VLANs according to the MAC Address of Client Devices. Each MAC Address corresponds to a single VLAN ID.
User Guide The following entries are displayed on this screen: VLAN Table MAC Address: Enter the MAC address. Description: Give a description to the MAC address for identification. VLAN ID: Enter the VLAN ID of the MAC VLAN. This VLAN should be one of the 802.1Q VLANs the Ingress Port belongs to. MAC VLAN Table MAC Select: Click the Select button to quick-select the corresponding. Select: Select the desired entry(ies). MAC Address: Displays the MAC address.
XMS-1024P 6.3 Protocol VLAN Protocol VLAN is a way to classify VLANs based on Network protocol used by the packets. Protocol VLANs can be sorted by IP, IPX, DECnet, AppleTalk, Banyan and so forth. Using Protocol VLANs, the broadcast domain can span multiple Switches and the Host can change its physical position in the Network. All with its VLAN membership role always remaining in effect. By creating Protocol VLANs, you can manage the connected devices based on their actual applications and services.
User Guide • The maximum amount of Ethernet Data in a standard packet is 1500 bytes, the Length field in 802.2/802.3 encapsulation is 2 bytes ranging from 0x0000 to 0x05DC and the Type field in Ethernet II encapsulation is also 2 bytes ranging from 0x0600 to 0xFFF. The Type or Length field in the Data range of 0x05DD to 0x05FF is illegal and any packets with a value in that range will be discarded. The Switch will identify whether a packet is Ethernet II or 802.2/802.
XMS-1024P The Identification Process of the Switch using Packet Protocols Figure 6-11 ID Process Switch using Packet Protocols Implementing a Protocol VLAN The Switch can match packets using a Protocol Template and transmit packets within the specified VLAN corresponding to the protocol. The Protocol Template, comprising encapsulation format and protocol type, is the standard to determine the protocol which a packet belongs to.
User Guide Encapsulation Protocol Ethernet II 802.3 raw 802.2 LLC 802.2 SNAP IP (0x0800) Supported Not Supported Not Supported Supported IPX (0x8137) Supported Supported Supported Supported Not Supported Not Supported Supported AppleTalk (0x809B) Supported Table 6-2 Protocol types in common use Protocol VLAN packets are processed in the following manner: When receiving an Untagged packet, the Switch attempts to match the packet with the current Protocol VLAN.
XMS-1024P The following entries are displayed on this screen: Protocol Group Table Select: Select the desired entry or entries. Protocol: Displays the Protocol of the Protocol Group. VLAN ID: Displays the corresponding VLAN ID of the Protocol Group. Member: Displays the member(s) of the Protocol Group. Configuration: Click the Edit button to modify the settings of the entry, then click the Modify button to apply your changes.
User Guide The following entries are displayed on this screen: Protocol Group Config Protocol: Select the desired Protocol Template. VLAN ID: Enter the ID number of the Protocol VLAN. This VLAN must be one of the 802.1Q VLANs the Ingress Port belongs too. Protocol Group Member Select the desired Port(s) for Protocol VLAN Group.
XMS-1024P The following entries are displayed on this screen: Create Protocol Template Protocol Name: Description name of the Protocol Template. Ether Type: Enter the Ethernet Protocol Type in the Protocol Template. Frame Type: Select a Frame Type for the Protocol Template. Protocol Template Table Select: Select the desired entry(ies). ID Displays the ID of the Protocol Template. Protocol Name: Displays the Name of the Protocol Template.
User Guide 6.4 Application Example for 802.1Q VLAN Network Requirements Switch A is connecting to PC A and Server B; Switch B is connecting to PC B and Server A; PC A and Server A are in the same VLAN; PC B and Server B are in the same VLAN; PCs in the two VLANs cannot communicate with each other. Network Diagram Figure 6-15 Network Diagram 802.1Q VLAN © 2014 Luxul. All Rights Reserved.
XMS-1024P Configuration Procedure Configure Switch A Step Operation Description 1 Configure the Link Type of the Ports On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Port 2 as ACCESS, Port 3 as TRUNK and Port 4 as ACCESS 2 Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 10 with members being Port 2 and Port 3 3 Create VLAN20 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 20 with members being Port 3 and Port 4.
User Guide Network Diagram Figure 6-16 Network Diagram MAC VLAN Configuration Procedure Configure Switch A Step Operation Description 1 Configure the Link Type of the Ports On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Port 11 as GENERAL and Port 12 as TRUNK. 2 Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 10 with members being Port 11 and Port 12 and configure the Egress Rule of Port 11 as Untag and Port 12 as Tag.
XMS-1024P Configure Switch B Step Operation Description 1 Configure the Link Type of the Ports On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Port 11 as GENERAL and Port 12 as TRUNK. 2 Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 10 with members being Port 11 and Port 12 and configure the Egress Rule of Port 11 as Untag and Port 12 as Tag. 3 Create VLAN20 On VLAN>>802.
User Guide Network Diagram Figure 6-17 Network Diagram Protocol VLAN Configuration Procedure Configure Switch A Step Operation Description 1 Configure the Link Type of the Ports On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Port 11 as ACCESS, Port 13 as ACCESS, and Port 12 as GENERAL. 2 Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 10 with members being Port 12 and Port 13 and configure the Egress Rule of Port 12 as Untag.
XMS-1024P Configure Switch B Step Operation Description 1 Configure the Link Type of the Ports On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Port 4 as ACCESS, Port 5 as ACCESS and Port 3 as GENERAL. 2 Create VLAN10 On VLAN>>802.1Q VLAN>>VLAN Config page create a VLAN with a VLANID of 10 with members being Port 3 and Port 4 and configure the Egress Rule of Port 3 as Untag. 3 Create VLAN20 On VLAN>>802.
User Guide Leave Message: When a GARP entity expects other Switches to un-register certain attributes, it sends out a Leave Message. When receiving a Leave Message from another entity or un-configuring attributes statically, the device also sends out a Leave Message. LeaveAll Message: Once a GARP entity starts, it also starts the LeaveAll Timer. If the Timer expires, the GARP entity sends a LeaveAll Message.
XMS-1024P the dynamic registration information, which is received from other Switches. On this Switch, only a Port with a TRUNK link type can be set as the GVRP application entity to maintain the VLAN registration information. GVRP has the following three Port registration modes: Normal, Fixed, and Forbidden. Normal: In this mode a Port can dynamically register/un-register a VLAN and propagate the dynamic/static VLAN information.
User Guide The following entries are displayed on this screen: Global Config GVRP: Enable/Disable the GVRP function. Port Config Port Select: Click the Select button to quick-select the corresponding entry. Select: Select the desired Port(s) for configuration. Port: Displays the Port number. Status: Enable/Disable the GVRP feature on the Port. The Port type must be set to TRUNK before enabling the GVRP feature. Registration Mode: Select the Registration Mode for the Port.
XMS-1024P CAUTION: GVRP settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. NOTE: LeaveAll Timer >= 10* Leave Timer, Leave Timer >= 2*Join Timer Configuration Procedure: Step Operation Description 1 Set the link type for Port. On the VLAN>>802.1Q VLAN>>Port Config page set the link type of the Port to be TRUNK. 2 Enable GVRP function.
User Guide Root Bridge: Identifies the Switch with the lowest Bridge ID. Configure the Switch with the lowest latency as the Root Bridge to ensure best Network performance and reliability. Designated Bridge: Identifies the Switch with the lowest path cost to the Root Bridge in each Network segment. BPDUs are forwarded to the Network segment through the designated bridge. If more than one Switch has the same path cost the Switch with the lowest bridge ID will be chosen as the Designated Bridge.
XMS-1024P Figure 7-1 Basic STP diagram STP Timers STP uses three timers to manage when BPDU packets are transmitted they include; Hello Time, Max. Age and Forward Delay. Hello Time: Ranges from 1-10 seconds, default is 2 seconds. It specifies the interval to send BPDU packets. It is used to test for Network Loops. Max. Age: Ranges from 6-40 seconds, default is 20 seconds. It specifies the maximum time the Switch can wait without receiving a BPDU before attempting to reconfigure itself as the Root Bridge.
User Guide If the Root Bridge ID of X equals that of Y, but the Root Path cost of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge. If the Root Bridge ID and the Root Path cost of X equal those of Y, but the Bridge ID of X is smaller than that of Y, X is superior to Y and X will become the Root Bridge.
XMS-1024P Step Operation 2 Using the Root Port BPDU and the Root Path cost, the Switch generates a Designated Port BPDU for each of its Ports. Root ID is replaced with that of the Root Port; Root Path is replaced with the sum of the Root Path cost of the root Port and the path cost between this Port and the Root Port; The ID of the Designated Bridge is replaced with that of the Switch; The ID of the Designated Port is replaced with that of the Port.
User Guide MSTP (Multiple Spanning Tree Protocol) is compatible with both STP and RSTP and subject to the IEEE 802.1s standard. It not only enables Spanning Tree rapid convergence, but also enables packets of different VLANs to be forwarded along their respective paths to provide redundant links with a better Load-Balancing mechanism. Features of MSTP: MSTP combines VLANs and Spanning Tree together via the VLAN-to-Instance mapping table.
XMS-1024P MSTP MSTP divides a Network into several MST Regions. The CST will encompass all MST Regions in the Network, and multiple Spanning Trees can be generated in each MST region. Each Spanning Tree is called an Instance. Like STP MSTP uses BPDUs to generate the Spanning Tree topology. The only difference is that the BPDU for MSTP carries the MSTP configuration information.
User Guide Figure 7-3 Port roles The Spanning Tree module is used for Spanning Tree configuration, including four submenus: STP Config, Port Config, MSTP Instance and STP Security. 7.1 STP Config STP Config is used for global configuration of Spanning Trees implementation and can be implemented on the STP Config and STP Summary pages. 7.1.1 STP Config Before configuring Spanning Tree Protocol you should decide which role each Switch plays in the Spanning Tree instance.
XMS-1024P The following entries are displayed on this screen: Global Config STP: Enable/Disable STP function. Version: Select the desired STP version. STP: Spanning Tree Protocol. RSTP: Rapid Spanning Tree Protocol. MSTP: Multiple Spanning Tree Protocol. Parameters Config CIST Priority: Enter a value from 0 to 61440 to specify the priority of the Switch for comparison in the CIST. CIST priority is important in determining which Switch will be the Root Bridge.
User Guide NOTE: The Forward Delay parameter and the Network size are correlated. Too short of a Forward Delay parameter may result in temporary loops. Too long of a forward delay may cause the Network to be unable to resume normal operations in an acceptable amount of time. Keeping the default value is recommended. NOTE: The Hello Time parameter enables the Switch to discover link failures that occur in the Network without over utilizing Network resources.
XMS-1024P Choose the menu Spanning Tree>>STP Config>>STP Summary to load the following page. Figure 7-5 STP Summary 7.2 Port Config On this page you can configure the parameters of the Ports for STP, RSTP and MSTP. Choose the menu Spanning Tree>>Port STP Config to load the following page. Figure 7-6 Port Config 100 a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.
User Guide The following entries are displayed on this screen: Port Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for STP configuration. Port: Displays the Port number of the Switch. Status: Enable /Disable STP function for the desired Port. Priority: Enter a value from 0-240 that must be divisible by 16. Port priority is an important criterion in determining if the Port connected will be chosen as the Root Port.
XMS-1024P Port Config Port Status: Displays the operating status of the Port. Forwarding: The Port can receive/forward Data, receive/send BPDU packets and learn MAC addresses. Learning: The Port can receive/send BPDU packets and learn MAC addresses. Blocking: The Port can only receive BPDU packets and will drop all other traffic. Disconnected: The Port is not participating in STP. LAG: Displays the LAG Group number the Port belongs to.
User Guide The MSTP Instance is implemented with the Region Config, Instance Config and Instance Port Config pages. 7.3.1 Region Config On this page you can configure the name and revision of the MST region Choose the menu Spanning Tree>>MSTP Instance>>Region Config to load the following page: Figure 7-7 Region Config The following entries are displayed on this screen: Region Config Region Name: Create a name for the MST Region using up to 32 characters.
XMS-1024P Choose the menu Spanning Tree>>MSTP Instance>>Instance Config to load the following page. Figure 7-8 Instance Config The following entries are displayed on this screen: Instance Table Instance ID Select: Select button to quick-select the corresponding Instance ID. Select: Select the desired Instance ID(s) for configuration. Instance: Displays Instance ID of the Switch. Status: Enable/Disable the instance. Priority: Enter the Priority of the Switch in the Instance.
User Guide CAUTION: Instance Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: In a Network with both GVRP and MSTP enabled, GVRP packets are forwarded along the CIST. If you want to broadcast packets of a specific VLAN through GVRP, please be sure to map the VLAN to the CIST when configuring the MSTP VLAN-Instance mapping.
XMS-1024P The following entries are displayed on this screen: Port Config Instance ID: Select the desired instance ID for Port configuration. Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) to specify its priority and path cost. Port: Displays the Port number. Priority: Enter the Priority of the Port in the Instance. Port Priority is an important criterion in determining if the Port connected will be chosen as the Root Port.
User Guide Step Operation Description 4 Configure the MST region Create an MST Region and configure the role the Switch plays in the MST Region on Spanning Tree>>MSTP Instance>>Region Config and Tree>>MSTP Instance>>Instance Config pages. 5 Configure the MSTP Instance Ports parameters If you are going to configure different Instances in the MST Region you can configure MSTP parameters for Instance Ports on Spanning Tree>>MSTP Instance>>Instance Port Config page. 7.
XMS-1024P Root Protect A CIST and its Secondary Root Bridges should be located in the High-Bandwidth core Region. Poor configuration or malicious attacks may result in configuration BPDU packets with higher Priorities being received by the Root Bridge, which can cause the current Root Bridge to lose its position and Network topology inconsistencies to occur. In this case traffic that should travel along high-speed links will be forced to low-speed links and Network congestion will occur.
User Guide BPDU Filter Prevents BPDU floods in the STP Network. If a Switch receives malicious BPDUs, it forwards these BPDUs to the other Switched in the Network, which can result in Spanning Tree continuously regenerating. When this occurs the Switch occupies excessive CPU cycles and the protocol status of BPDUs can be incorrect. With the BPDU Filter function enabled the Port does not receive or forward BPDUs, but it will send out its own BPDU.
XMS-1024P Port Protect TC Protect: Prevents decreases in performance and stability of the Switch brought on by continuous removal of MAC Address entries upon receipt of TC-BPDUs in the STP Network. BPDU Protect: Prevents the edge Port from being attacked by malicious BPDUs. BPDU Filter: Prevents malicious BPDU floods in the STP Network. LAG: Displays the LAG Group number the Port belongs to.
User Guide CAUTION: TC Protect settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 7.5 Application Example for STP Function Network Requirements Switch A, B, C, D and E all support the MSTP function. A is the Central Switch. Switches B and C are in the Convergence layer. Switches D, E and F are in the Access layer.
XMS-1024P Step Operation Description 1 Configure Ports On VLAN>>802.1Q VLAN page, configure the link type of the interconnect Ports as Trunk, and add the Ports to VLAN 101-VLAN 106. Detailed instructions can be found in the section 802.1Q VLAN. 2 Enable STP function On Spanning Tree>>STP Config>>STP Config page, enable STP function and select MSTP as your STP version. On Spanning Tree>>Port STP Config>>Port Config page, enable STP on all Ports.
User Guide Step Operation Description 6 Configure Switch B as the Designated Bridge of Instance 2 On Spanning Tree>>MSTP Instance>>Instance Config page, configure the priority of Instance 2 to be 4096. Configure Switch C: Step Operation Description 1 Configure Ports On VLAN>>802.1Q VLAN page, configure the link type of the interconnect Ports as Trunk, and add the Ports to VLAN 101-VLAN 106. Detailed instructions can be found in the section 802.1Q VLAN.
XMS-1024P Step Operation Description 2 Enable STP function On Spanning Tree>>STP Config>>STP Config page, enable STP function and select MSTP as your STP version. On Spanning Tree>>Port STP Config>>Port Config page, enable STP on all Ports. 3 Configure the region name and the revision of MST region 4 Configure VLAN-to-Instance On Spanning Tree>>MSTP Instance>>Instance Config mapping table of the MST page, configure VLAN-to-Instance mapping table. Map region VLAN 101, 103 and 105 to Instance 1.
User Guide Figure 7-14 Network Diagram Stabilized II Suggested STP Security for this Configuration Enable TC Protect function for all the Ports of Switches. Enable Root Protect function for all the Ports of Root Bridges. Enable Loop Protect function for all non-edge Ports. Enable BPDU Protect function or BPDU Filter function for the edge Ports which are connected to any client device. © 2014 Luxul. All Rights Reserved.
XMS-1024P 8 MULTICAST Multicast Overview Packets are transmitted in one of three modes: Unicast, Broadcast and Multicast. In Unicast the Source transmits information to a single destination device. When a large number of devices require this information, the Server must send Data with the same content to multiple devices-occupying large amounts of bandwidth. In Broadcast, the system transmits information to all devices in a Broadcast Domain (Hub, Switch, Access Point, etc…).
User Guide If the number of client devices is variable, Multicast transmission will be the most efficient delivery method. When multiple client devices are receiving the same information form a Multicast group, the Multicast Server sends the Multicast group information to each device once. The client device then handles the Management of the Multicast session to which it belongs. Each user can join and leave the Multicast group at any time.
XMS-1024P Figure 8-2 Mapping relationship between Multicast IP Address and Multicast MAC address The high-order 4 bits of the IP Multicast address are 1110, identifying the Multicast group. Only 23 bits of the remaining low-order 28 bits are mapped to a Multicast MAC address. In this configuration, 5 bits of the IP Multicast Address are not utilized. As a result, 32 IP Multicast addresses are mapped to the same MAC address.
User Guide The Multicast module is used for Multicast Management configuration of the Switch and includes four submenus: IGMP Snooping, Multicast IP, Multicast Filter and Packet Statistics. 8.1 IGMP Snooping IGMP Snooping Process A Switch running IGMP Snooping listens to the IGMP messages transmitted between the client device and the Multicast Sever, tracking the IGMP messages and the registered Port(s). When the Switch receives an IGMP report message the Switch adds the Port to the Multicast MAC Table.
XMS-1024P An IGMP Report Message is sent by the client device when it applies to join a Multicast group or when responding to the IGMP Query Messages from the Multicast Server. When receiving IGMP Report Message, the Switch will send the Report Message to the Multicast Sever Port in the specified VLAN as well as analyze the message to get the Address of the Multicast Group the host applies to join.
User Guide Leave Time: Indicates the interval between the Switch receiving a leave message from a client device and the Switch removing the client device from the Multicast Group. The default value is 1 second. The IGMP Snooping function is implemented on Snooping Config, Port Config, VLAN Config and Multicast VLAN pages. 8.1.1 Snooping Config To configure IGMP Snooping on the Switch, please first configure the IGMP Global configuration and related parameters on the following page.
XMS-1024P The following entries are displayed on this screen: Global Config IGMP Snooping: Enable/Disable IGMP Snooping function globally on the Switch. Unknown Multicast: Select the operation used for processing Unknown Multicast packets, Forward/Discard: the default is Forward. If you are unsure of your needs, we recommend keeping the default option of Forward. IGMP Snooping Status Description: Displays IGMP Snooping status. Member: Displays the members of the corresponding status.
User Guide The following entries are displayed on this screen: Port Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for IGMP Snooping feature configuration. Port: Displays the Port number of the Switch. IGMP Snooping: Enable/Disable IGMP Snooping for the desired Port. Fast Leave: Enable/Disable Fast Leave feature for the desired Port.
XMS-1024P Choose the menu Multicast>>IGMP Snooping>>VLAN Config to load the following page. Figure 8-6 VLAN IGMP Config The following entries are displayed on this screen: VLAN Config VLAN ID: Enter the VLAN ID to enable IGMP Snooping for the desired VLAN. Router Port Time: Specify the Aging Time of the Router Port (Multicast Server). If the Switch does not receive an IGMP Query Message from the Router Port before the Aging Time elapses, it will no longer consider this Port a Router Port.
User Guide VLAN Config VLAN ID: Displays the VLAN ID. Router Port Time: Displays the Router Port Time of the VLAN. Member Port Time: Displays the Member Port Time of the VLAN. Leave Time: Displays the Leave Time of the VLAN. Router Port: Displays the Router Port of the VLAN. CAUTION: VLAN IGMP Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory.
XMS-1024P Before configuring a Multicast VLAN, you should first configure a VLAN and add the corresponding Ports to the VLAN on the 802.1Q VLAN page. If the Multicast VLAN is enabled, the Multicast configuration for other VLANs on the VLAN Config page will be deleted and the Multicast streams will be transmitted only within the Multicast VLAN. Choose the menu Multicast>>IGMP Snooping>>Multicast VLAN Config to load the following page.
User Guide CAUTION: Multicast VLAN Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. NOTE: The Router Port (Multicast Server) should be in the Multicast VLAN, if it is not, the member Ports cannot receive Multicast streams. NOTE: The Multicast VLAN will not take effect unless you first complete the configuration for the corresponding VLAN and Ports on the 802.
XMS-1024P Step Operation Description 3 Configure parameters for Multicast VLAN Enable and configure a Multicast VLAN on the Multicast>>IGMP Snooping>>Multicast VLAN page. It is recommended to keep the default time parameters. 4 Look over the configuration If it is successfully configured, the VLAN ID of the Multicast VLAN will be displayed in the IGMP Snooping Status table on the Multicast>>IGMP Snooping>>Snooping Config page.
User Guide Network Diagram Configuration Procedure Step Operation Description 1 Create VLANs Create three VLANs with the VLAN IDs of 3, 4 and 5 respectively. Specify the description of VLAN3 as Multicast VLAN on VLAN>>802.1Q VLAN page. 2 Configure Ports On VLAN>>802.1Q VLAN pages, configure Port 3 as Link Type GENERAL and its Egress Rule as TAG and add it to VLAN3, VLAN4 and VLAN5. Configure Port 4 as link type GENERAL and its Egress Rule as UNTAG and add it to VLAN3 and VLAN 4.
XMS-1024P Step Operation Description 5 Check Multicast VLAN 3-5 and Multicast VLAN 3 will be displayed in the IGMP Snooping Status table on the Multicast>>IGMP Snooping>>Snooping Config page. 8.2 Multicast IP In a Network, receivers can join different Multicast groups appropriate to their needs. The Switch forwards Multicast streams based on Multicast MAC Table. The Multicast IP can be implemented on Multicast IP Table, Static Multicast IP page. 8.2.
User Guide Search Option VLAN ID: Displays the VLAN ID of the Multicast Group. Forward Port Displays the forward Port of the Multicast Group. Type: Displays the type of the Multicast IP. CAUTION: If the configuration on VLAN Config page and Multicast VLAN page is changed, the Switch will clear the dynamic Multicast Addresses in Multicast MAC Table and learn new addresses. 8.2.
XMS-1024P Create Static Multicast Search Option: Select the Rule for displaying Multicast IP table to find the desired entries quickly. All: Displays all static Multicast IP entries. Multicast IP: Enter the Multicast IP Address the desired entry contains. VLAN ID: Enter the VLAN ID the desired entry contains. Port: Enter the Port number the desired entry contains. Static Multicast IP Table Select: Select the desired entry(ies) to delete the corresponding static Multicast IP.
User Guide Choose the menu Multicast>>Multicast Filter>>Multicast IP-Range to load the following page. Figure 8-10 Multicast IP-Range The following entries are displayed on this screen: Create IP-Range IP Range ID: Enter the IP-Range ID. Start Multicast IP: Enter starting Multicast IP of the IP-Range. End Multicast IP: Enter ending Multicast IP of the IP-Range. IP-Range Table IP-Range ID Select: Click the Select button to quick-select the corresponding IP-Range ID.
XMS-1024P Choose the menu Multicast>>Multicast Filter>>Multicast Port Filter to load the following page. Figure 8-11 Multicast Port Filter The following entries are displayed on this screen: Port Filter Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for Multicast Filtering. Port: Displays the Port number. Filter: Enable/Disable Multicast Filtering feature on the Port.
User Guide CAUTION: Multicast Port Filter settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. NOTE: Multicast Port Filter Rules can only have effect on VLANs with IGMP Snooping enabled. NOTE: Multicast Port Filter Rules have no effect on Static Multicast IPs. NOTE: Up to 5 IP-Ranges can be bound to one Port.
XMS-1024P Figure 8-12 Packet Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable auto refresh feature. Refresh Period: Enter a time from 3 to 300 in seconds to specify the auto refresh period. (Please note: a short refresh interval can make the page difficult to use.) IGMP Statistics Port Select: Click the Select button to quick-select the corresponding Port. Port: Displays the Port number of the Switch.
User Guide CAUTION: Packet Statistics settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. 9 QOS QoS (Quality of Service) provides different levels of service for various Network applications and requirements. It helps optimize the bandwidth distribution to provide Network service of the best quality.
XMS-1024P Priority Mode This Switch implements three Priority Modes based on Port, 802.1P and DSCP. By default, the priority mode based on Port is enabled. Port Priority Port Priority is a property of the Port. After Port Priority is configured, the Data stream will be mapped to the Egress Queues according to the CoS (Cost of Service) of the Port and the Mapping relationship between CoS and Queues. 802.1P Priority Figure 9-2 802.1Q frame As shown in the figure above, each 802.
User Guide corresponding priority levels. Non-IP Datagrams with 802.1Q tags are mapped to different priority levels based on the 802.1P Priority mode. Any untagged Non-IP Datagrams are Mapped based on the Port Priority mode. Priority Schedule Mode When the Network is congested, packets compete for resources. This is solved using Queue Scheduling. The Switch implements four Scheduling Queues, TC0, TC1, TC2 and TC3. TC0 has the lowest priority while TC3 has the highest priority.
XMS-1024P WRR-Mode (Weight Round Robin Mode): In this mode packets in all Queues are sent in order, based on the Weight Value for each Queue. In this mode, every Queue can be assured of a certain level of service. The Weight Value indicates the occupied proportion of the resource. WRR-Mode overcomes the main disadvantage of SP-Mode Queue. In WRR-Mode the Queues are Scheduled in order. The service time for each queue is not fixed. If a Queue is empty, the next Queue will be Scheduled.
User Guide 9.1 DiffServ This Switch Classifies Ingress packets, Maps the packets to the corresponding Priority Queues and then Forwards the packets according to specified Scheduling Algorithms. This Switch implements three Priority Modes based on: Port, 802.1P and DSCP, and supports four Queue Scheduling Algorithms. The Port priorities are labeled as CoS0-CoS7. The DiffServ function can be implemented on CoS Port Priority, DSCP Priority, CoS/ TC Queue Mapping and Priority Schedule Mode pages. 9.1.
XMS-1024P CAUTION: CoS Port Priority settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. CONFIGURATION PROCEDURE: Step Operation Description 1 Select the Port priority On QoS>>DiffServ>>Port Priority page configure the Port priority. 2 Configure the mapping relation between the 802.
User Guide Choose the menu QoS>>DiffServ>>DSCP Priority to load the following page. Figure 9-7 DSCP Priority The following entries are displayed on this screen: DSCP Priority DSCP Priority: Priority Level DSCP: Priority: Enable/Disable DSCP Priority. Indicates the priority determined by the DS Field of the IP Datagram, it ranges from 0-63. Indicates the 802.1P priority the packets with a DSCP tag are mapped to, the priorities are labeled as CoS0-CoS7.
XMS-1024P CONFIGURATION PROCEDURE: Step Operation Description 1 Configure the mapping relationship between DSCP Priority and 802.1P Priority On QoS>>DiffServ>>DSCP Priority page Enable DSCP Priority and configure the Mapping relationship between the DSCP Priority and 802.1P Priority. (All values have a default mapping that can be changed if needed.) 1 Configure the mapping relationship between the 802.
User Guide Choose the menu QoS>>DiffServ>>CoS/TC Queue Mapping to load the following page. Figure 9-8 CoS/TC Queue Mapping The following entries are displayed on this screen: CoS/TC Queue Mapping Tag-ID/CoS-ID: Indicates the precedence level defined by IEEE 802.1P and the CoS ID. Queue TC-ID: Indicates the priority level of the Egress Queue the packets with a Tag or CoS-ID are mapped to. The priority levels of the Egress Queue are labeled TC0, TC1, TC2 and TC3.
XMS-1024P Configuration Procedure: Step Operation Description 1 Configure the mapping relationship between the 802.1P Priority Tag/CoS-ID and the TC-ID On QoS>>DiffServ>>CoS/TC Queue Mapping page, configure the mapping relationship between the 802.1P priority Tag/CoS-ID and the TC-ID. 2 Select a Priority Schedule Mode On QoS>>DiffServ>>Priority Schedule Mode page select a Priority Schedule Mode. 9.1.4 Priority Schedule Mode On this page you can select a Priority Schedule Mode for the Switch.
User Guide Priority Schedule Mode Config SP+WRR-Mode: In this mode, this Switch provides two scheduling Groups, the SP Group and WRR Group. Queues in SP Group are Scheduled strictly based on the Strict-Priority Mode while the queues in the WRR Group follow the WRR Mode scheduling. In SP+WRR Mode TC3 is in the SP Group; TC0, TC1 and TC2 belong to the WRR Group with the Weight Value ratio of TC0, TC1 and TC2 being 1:2:4 respectively.
XMS-1024P Choose the menu QoS>>Bandwitdth Control>>Rate Limit to load the following page. Figure 9-10 Rate Limit The following entries are displayed on this screen: Rate Limit Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for Rate configuration. Port: Displays the Port number of the Switch. Download Rate (Kbps): Configure the allowed Bandwidth for receiving packets on the Port.
User Guide CAUTION: Rate Limit settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. NOTE: If you enable the Download Rate Limit feature on a Storm ControlEnabled Port, Storm Control will be disabled for this Port. NOTE: When selecting “Manual” to set Download/Upload Rate, the system will automatically select a multiple of 64Kbps that is closest to the rate you entered.
XMS-1024P Choose the menu QoS>>Bandwidth Control>>Storm Control to load the following page. Figure 9-11 Storm Control The following entries are displayed on this screen: Storm Control Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for Storm Control configuration. Port: Displays the Port number of the Switch. Broadcast Rate (bps): Select the Bandwidth Limit for received Broadcast packets on the Port.
User Guide Storm Control Config UL-Frame Rate (bps): Select the Bandwidth Limit for received Unknown Unicast packets on the Port. Any Unknown Unicast packet traffic exceeding the bandwidth will be Discarded. Select Disable to disable the storm control function for the Port. LAG: Displays the LAG Group number to which the Port belongs.
XMS-1024P Number OUI Vendor 3 00-04-0D-00-00-00 Avaya phone 4 00-60-B9-00-00-00 Philips/NEC phone 5 00-D0-1E-00-00-00 Pingtel phone 6 00-E0-75-00-00-00 Polycom phone 7 00-E0-BB-00-00-00 3com phone Table 9-1 OUIs on the Switch Voice VLAN Mode A Voice VLAN can operate in two Modes: Automatic Mode and Manual Mode.
User Guide 9.3.1 VoIP VLAN Config On this page you can configure the global parameters of the Voice VLAN including; VLAN ID, Aging Time and the Transmission Priority of the Voice packets. Choose the menu QoS>>Voice VLAN>>Global Config to load the following page. Figure 9-12 VoIP VLAN Config The following entries are displayed on this screen: Global Config Voice VLAN: Enable/Disable Voice VLAN function. VLAN ID: Enter the VLAN ID of the Voice VLAN.
XMS-1024P Choose the menu QoS>>Voice VLAN>>Port Config to load the following page. Figure 9-13 VoIP VLAN Port Config The following entries are displayed on this screen: Port Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for Voice VLAN configuration. Port: Displays the Port number of the Switch. Port Mode: Select the mode for the Port to use joining the Voice VLAN.
User Guide CAUTION: VoIP VLAN Port Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: To enable Voice VLAN function for a LAG Group Port, please ensure its member state corresponds with its Port mode.
XMS-1024P Choose the menu QoS>>Voice VLAN>>VoIP OUI Config to load the following page. Figure 9-14 OUI Configuration The following entries are displayed on this screen: Create OUI OUI: Enter the OUI of the Voice device. Mask: Enter the OUI mask of the Voice device (this should always be the standard mask of FF-FF-FF-00-00-00 except in rare circumstances). Description: Give a description to the OUI for easy identification. OUI Table Select: Select the desired entry(ies) to be Deleted.
User Guide Configuration Procedure of Voice VLAN: Step Operation Description 1 Configure the link type of the Port On VLAN>>802.1Q VLAN>>Port Config page configure the link type of Ports of the Voice device. 2 Create VLAN On VLAN>>802.1Q VLAN>>Port Config page click the Create button to create a VLAN. 3 Add an OUI On QoS>>Voice VLAN>>VoIP OUI Config page, you can check whether the Switch is supporting the OUI template or not. If not, please add the OUI.
XMS-1024P The XMS-1024P Managed PoE Switch is a PSE (Power Sourcing Equipment). All RJ45 Ports except the Console Port on the Switch support PoE (Power over Ethernet) which automatically detects and supplies power for PDs (Powered Devices) complying with IEEE 802.3af and IEEE 802.3at. The maximum total power the Luxul PoE Switch can supply is 320W and the maximum power to each Port is 30W. The PoE function can be configured in the sections PoE Config and PoE Time-Range. 10.
User Guide The following items are displayed on this screen: PoE Config System Power Limit: The Max power the PoE Switch can supply. System Power Consumption: Displays the PoE Switch’s real time System Power Consumption. System Power Remain: Displays the PoE Switch’s real time Remaining System Power. Port Config Port Select: Click the Select button to quick-select the corresponding entry. Select: Select the desired Port(s) to configure its parameters. Port: Displays the Port number.
XMS-1024P 10.1.2 PoE Profile PoE (Power over Ethernet) Profile is a short cut for configuring the PoE Ports. You can create a profile(s) to be applied to the Ports. In a profile, the PoE status, PoE priority and Power limit are all configured for any Port using the Profile. Choose the menu PoE>>PoE Config>>PoE Profile to load the following page. Figure 10-2 Profile Config The following items are displayed on this screen: Create PoE Profile Profile Name: Enter the name of the profile.
User Guide 10.2 PoE Time-Range A Time-Range based PoE implementation allows you to implement PoE Power by TimeRanges. A Time-Range can be specified for each Port. The Port will not supply power when the specified Time-Range is in effect. Absolute, Week and Holiday Time-Ranges can be configured. Configure Absolute time in the form of “the Start Date to the End Date” to keep the Port based on this TimeRange supplying power during the configured Time-Slice.
XMS-1024P CAUTION: PoE Time-Range Table settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 10.2.2 PoE Time-Range Create On this page you can create Time-Ranges. Choose the menu PoE>>PoE Time-Range>>PoE Time-Range Create to load the following page.
User Guide Create Time-Range Week: Select Week to configure a Weekly Time-Range. The Port using this Time-Range will supply power based on this Time-Range when the System Time is within the configured Time-Slice(s). Create Time-Slice Start Time: Set the Start Time of the Time-Slice. End Time: Set the End Time of the Time-Slice. Time-Slice Table Index: Displays the Index of the Time-Slice. Start Time: Displays the Start Time of the Time-Slice. End Time: Displays the End Time of the Time-Slice.
XMS-1024P Choose the menu PoE>>PoE Time-Range>>PoE Holiday Create to load the following page. Figure 10-5 Holiday Configuration The following entries are displayed on this screen: Create Holiday Start Date: Specify the Start Date of the Holiday. End Date: Specify the End Date of the Holiday. Holiday Name: Enter the Name of the Holiday. Holiday Table Select: Select the desired entry to Delete the corresponding Holiday. Index: Displays the Index of the Holiday.
User Guide 11 ACL ACL (Access Control List) is used to filter packets by configuring Rules and Policies in order to control the access of client devices in the Network. ACL is used to control traffic flows and preserve Network resources. It provides a flexible and secure Access Control Policy facilitating control of network security. ACLs classify packets based on a series of Match Conditions which use Layer2-Layer4 protocol fields in the packets.
XMS-1024P Choose the menu ACL>>ACL Time-Range>>ACL Time-Range Table to load the following page: Figure 11-1 ACL Time-Range Table The following entries are displayed on this screen: ACL Time-Range Table Select: Select the desired entry to Delete the corresponding Time-Range. Index: Displays the Index of the Time-Range. Time-Range Name: Displays the Name of the Time-Range. Slice: Displays the Time-Slice of the Time-Range. Mode: Displays the Mode of the Time-Range.
User Guide Figure 11-2 ACL Time-Range The following entries are displayed on this screen: Create Time-Range Name: Enter the Name of the Time-Range for easy identification. Holiday: Select Holiday to set a Holiday Time-Range. The ACL Rule based on this Time-Range takes effect only when the System Time is within the Holiday period. Absolute: Select Absolute to configure an Absolute Time-Range. The ACL Rule based on this Time-Range takes effect only when the System Time is within the Absolute Time-Range.
XMS-1024P CAUTION: PoE Time-Range settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: To successfully configure Time-Ranges, please specify Time-Slices first and then Time-Ranges. 11.1.3 ACL Holiday Config Holiday mode is a different Time-Range control policy from the Absolute or Week mode. On this page you can define Holidays according to your local calendar.
User Guide The following entries are displayed on this screen: Create Holiday Start Date: Specify the Start Date of the Holiday. End Date: Specify the End Date of the Holiday. Holiday Name: Enter the Name of the Holiday. Holiday Table Select: Select the desired entry to Delete the corresponding Holiday. Index: Displays the Index of the Holiday. Holiday Name: Displays the Name of the Holiday. Start Date: Displays the Start Date of the Holiday. End Date: Displays the End Date of the Holiday.
XMS-1024P Choose the menu ACL>>ACL Config>>ACL Rule Table to load the following page. Figure 11-4 ACL Rule Table The following entries are displayed on this screen: Search Option Select ACL: Select the ACL you have created ACL Type: Displays the type of the ACL you select. Rule Order: Displays the Rule order of the ACL you select. Rule Table Select : Select the desired entry to Delete the corresponding Holiday. Index: Displays the Index of the ACL Rule. Rule ID: Displays the Rule ID of the ACL.
User Guide CAUTION: ACL Rule Table settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. Here you can view the information about the ACL Rule you select. 11.2.2 ACL On this page you can create ACLs. Choose the menu ACL»ACL Config»ACL to load the following page. Figure 11-5 ACL The following entries are displayed on this screen: Create ACL ACL ID: Enter ACL ID you want to create.
XMS-1024P 11.2.3 MAC ACL RULE MAC ACL Rules analyze and process packets based on a series of Match conditions based on MAC Addresses, VLAN ID and Ether Type in the packet. They can analyze the Source MAC Address, Destination MAC Address, VLAN ID and Ether Type of the packets. Choose the menu ACL>>ACL Config>>AC ACL RULE to load the following page. Figure11-6 MAC ACL Rule The following entries are displayed on this screen: Create MAC ACL RULE ACL ID: Select the desired ACL ID for configuration.
User Guide Create MAC ACL RULE MASK: Enter MAC Address Mask. If it is set to 1, the Switch must Match the Address Exactly. VLAN ID: Enter the VLAN ID contained in the Rule. Ether Type: Enter Ether Type contained in the Rule. User Priority: Select the User Priority contained in the Rule for the Matched packets. Time-Range: Select the Time-Range for the Rule to take effect.
XMS-1024P The following entries are displayed on this screen: Create Standard-IP ACL ACL ID: Select the desired Standard-IP ACL for configuration. Rule ID: Enter the Rule ID. Operation: Select the operation the Switch will use to process packets. Permit: Forward Packets. Deny: Discard Packets. S-IP: Enter the Source IP Address to be contained in the Rule. D-IP: Enter the Destination IP Address to be contained in the Rule. Mask: Enter IP Address Mask.
User Guide Choose the menu ACL>>ACL Config>>Extended-IP ACL Rule to load the following page. Figure11-8 Extended-IP ACL Rule The following entries are displayed on this screen: Create Extend-IP ACL ACL ID: Select the desired Extended-IP ACL. Rule ID: Enter the Rule ID. Operation: Select the operation the Switch will use to process packets. Permit: Forward Packets. Deny: Discard Packets. S-IP: Enter the Source IP Address to be contained in the Rule.
XMS-1024P Create Extend-IP ACL IP Protocol: Select the IP Protocol to be contained in the Rule. TCP Flag: Select TCP Flag(s) when TCP is selected from the dropdown list of IP Protocol. S-Port: Configure the TCP/IP Source Port to be contained in the Rule when TCP/UDP is selected from the dropdown list of IP Protocol. D-Port: Configure the TCP/IP Destination Port to be contained in the Rule when TCP/ UDP is selected from the dropdown list of IP Protocol.
User Guide 11.3.1 ACL Policy Table On this page, you can view the ACL and the corresponding actions in the Policy. Choose the menu ACL>>ACL Policy>>ACL Policy Table to load the following page. Figure 11-9 ACL Policy Table The following entries are displayed on this screen: Search Option Select Policy: Select the Name of the desired Policy to view the current settings. If you want to Delete the policy, click the Delete button.
XMS-1024P 11.3.2 ACL Policy On this page you can create an ACL Policy. Choose the menu ACL>>ACL Policy>>ACL Policy to load the following page. Figure 11-10 ACL Policy The following entries are displayed on this screen: Create Policy Policy Name: Enter the Name of the Policy. CAUTION: ACL Policy settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. 11.3.
User Guide The following entries are displayed on this screen: Create Policy Rule Select Policy: Select the Name of the Policy. Select ACL: Select the ACL to be linked to the Policy. S-Mirror: Select a Mirror Port to mirror the Data packets in the policy to the specific Port. Condition: Select a Condition on which to limit the Transmission Rate of Data packets in the Policy. Rate: Specify the Forwarding Rate of the Data packets that match the corresponding ACL.
XMS-1024P Port or VLAN. Policy Binding can be implemented on ACL Policy Binding Table, ACL Policy Port Binding and ACL Policy VLAN Binding pages. 11.4.1 ACL Policy Binding Table On this page you can view the Policy bound to Port or VLAN. Choose the menu ACL>>ACL Policy Binding>>ACL Policy Binding Table to load the following page. Figure 11-12 ACL Policy Binding Table The following entries are displayed on this screen: Search Option Binding Mode: Select a Binding Mode appropriate to your needs.
User Guide 11.4.2 ACL Policy Port Binding On this page you can bind a Policy to a Port. Choose the menu ACL>>ACL Policy Binding>>ACL Policy Port Binding to load the following page: Figure 11-13 ACL Policy Port Binding The following entries are displayed on this screen: Port Binding Config Policy Name: Select the Name of the Policy you want to Bind. Port: Enter the Number of the Port(s) you want to Bind. Port Binding Table Index: Displays the Index of the Binding Policy.
XMS-1024P 11.4.3 ACL Policy VLAN Binding On this page you can Bind a Policy to a VLAN. Choose the menu ACL>>ACL Policy Binding>>ACL Policy VLAN Binding to load the following page: Figure11-14 ACL Policy VLAN Binding The following entries are displayed on this screen: VLAN-Bind Config Policy Name: Select the Name of the Policy you want to Bind. VLAN ID: Enter the ID of the VLAN you want to Bind. VLAN-Bind Table Index: Displays the Index of the Binding Policy.
User Guide CONFIGURATION PROCEDURE: Step Operation Description 1 Configure the effective Time-Range On ACL>>ACL Time-Range configuration pages, configure the effective Time-Range for the ACL. 2 Configure ACL Rules On ACL>>ACL Config pages, configure ACL Rules to Match packets. 3 Configure Policy On ACL>>ACL Policy configuration pages, configure the Policies used to control the Data packets that Match the corresponding ACL Rules.
XMS-1024P Network Diagram Figure 11-15 Network Diagram ACL Configuration Procedure Step Operation Description 1 Configure Time-Range On ACL>>ACL Time-Range page, create a Time-Range named Work Time. Select Week mode and configure the Week from Monday to Friday. Add the Time-Slice 08:00-18:00. 2 Configure for Requirement 1 On ACL>>ACL Config>>ACL page, create ACL 11.
User Guide Step Operation Description 3 Configure requirement and 4 for 2 On ACL>>ACL Config>>ACL page, create ACL 100. On ACL>>ACL Config>>Standard-IP ACL Rule page, select ACL 100, create Rule 1, configure operation as Deny, configure S-IP as 172.31.70.1 and mask as 255.255.255.0, configure D-IP as 172.31.50.1 and mask as 255.255.255.0, configure the Time-Range as No Limit.
XMS-1024P 12 NETWORK SECURITY The Network Security module provides various protection measures and includes four submenus: IP-MAC Binding, ARP Inspection, DoS Defense and 802.1X/RADIUS. 12.1 IP-MAC Binding The IP-MAC Binding function allows you to bind an IP Address, MAC address, VLAN ID and the connected Port Number. Based on the IP-MAC Binding Table and ARP Inspection functions, you can control Network access and only allow the client devices matching the Bound entries access the Network.
User Guide Choose the menu Network Security>>IP-MAC Binding>>IP-MAC Binding Table to load the following page. Figure 12-1 IP-MAC Binding Table The following entries are displayed on this screen: Search Option Source: Select a Source from the dropdown list and click the Search button to view your desired Source in the Binding Table. All: All Bound entries will be displayed. Manual: Only the Manually added entries will be displayed.
XMS-1024P CAUTION: IP-MAC Binding Table settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory NOTE: Among the entries with a Critical collision level the entry with the highest Source Priority will take precedence. NOTE: Among the conflicting entries with the same Source Priority the last added or edited entry will take effect. 12.1.
User Guide Manual Binding Table Select: Select the desired entry(ies) to be Deleted. Host Name: Displays the Host Name. IP Address: Displays the IP Address of the Host. MAC Address: Displays the MAC Address of the Host. VLAN ID: Displays the VLAN ID. Port: Displays the Port Number connected to the Host. Protect Type: Displays the Protect Type of the Entry. Collision: Displays the Collision status of the Entry. Warning: Indicates that a collision may be caused by the MSTP function.
XMS-1024P Figure 12-3 ARP Procedure Suppose there are two devices in the LAN: Host A and Host B. To send a packet to Host B, Host A checks its own ARP Table first to see if the ARP entry related to the IP Address of Host B exists. If it does exist, Host A will send the packets to Host B directly. If the corresponding MAC address is not found in the ARP Table, Host A will broadcast ARP Request Packets, which contain the IP Address of Host B, the IP Address of Host A, and the MAC address of Host A.
User Guide Choose the menu Network Security>>IP-MAC Binding>>ARP IP-MAC Binding to load the following page: Figure 12-4 ARP Scanning The following entries are displayed on this screen: Scanning Config Start IP Address: Specify the Starting IP Address. End IP Address: Specify the Ending IP Address. VLAN ID: Enter the VLAN ID. If left blank, the Switch will send the untagged packets when scanning. Scan: Click the Scan button to Scan the Hosts in the LAN.
XMS-1024P CAUTION: ARP IP-MAC Binding settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: Among the entries with a Critical collision level, the entry with the highest Source Priority will take precedence. NOTE: Among the conflicting entries with the same Source Priority, the last added or edited entry will take effect. 12.1.
User Guide Figure 12-5 Network diagram for DHCP-Snooping implementation Most DHCP Servers provide two methods for assigning IP Addresses: Static IP Address: Allows the administrator to bind the static IP Address to specific Client using the Client Device MAC Address. Dynamic IP Address: DHCP Server assigns any open DHCP Pool address to a connecting Client Device. This can cause the IP Address of Devices in the Network to change from time to time. © 2014 Luxul. All Rights Reserved.
XMS-1024P Most Clients obtain their IP Addresses Dynamically which is illustrated in the following figure. Figure 12-6 Interaction between a DHCP client and a DHCP Server DHCP-DISCOVER Stage: The Client broadcasts the DHCP-DISCOVER packet to find the DHCP Server. DHCP-OFFER Stage: Upon receiving the DHCP-DISCOVER packet, the DHCP Server selects an IP Address from the DHCP Pool and replies to the Client with DHCP-OFFER packet carrying the IP Address and other information.
User Guide Option 82 DHCP packets are classified into 8 types with the same format as the older BOOTP packets. The difference between DHCP packets and BOOTP packets is the Option Field. The Option Field of the DHCP packet is used to expand the functions of the packet. For example, the DHCP Server can transmit control information and Network parameters via the Option field. For more details on the available DHCP Options, please refer to IEEE RFC 2132. Option 82 records the location of the DHCP Client.
XMS-1024P The Rogue DHCP Server is manually configured by a Network user by mistake (i.e. adding a wireless router to a Network for more wireless coverage, turning the DHCP option on in a Server in the Network, etc….). Hacker compromised machine pretending to be a valid DHCP Server to assign the IP Addresses and other parameters to Clients. Hackers use the Rogue DHCP Server to assign a modified DNS Server Address to redirect users to compromised or outright fraudulent Web Sites.
User Guide The DHCP Snooping feature allows you to set the Port connected to the DHCP Server as the only trusted Port to forward DHCP Response packets ensuring that users get IP Addresses from the Approved DHCP Server. DHCP Snooping is used to monitor the process of the Host obtaining the IP Address from a DHCP Server. It records the IP Address, MAC address, VLAN and Port Number of the client device for Automatic Binding.
XMS-1024P DHCP Snooping Config Decline Threshold: Select the value to specify the minimum number of Declined packets to trigger the Decline protection for the specified Port. Decline Flow Control: Select the value to specify the Decline Flow Control rate. The traffic flow of the corresponding Port will be limited to this value if the transmission rate of Declined packets exceeds the Decline Threshold. Option 82 Config Option 82 Support: Enable/Disable the Option 82 feature.
User Guide NOTE: If you want to enable the DHCP Snooping feature for a member Port of a LAG Group, please ensure the parameters of all Member Ports are the same. 12.2 ARP Inspection According to the ARP Implementation Procedure stated in 12.1.3. ARP Scanning, the ARP protocol facilitates Hosts in the Network to communicate with one another or access external Networks via Gateway.
XMS-1024P Cheating Gateway The attacker sends the wrong IP Address-to-MAC Address Mapping entries of Hosts to the Gateway, which causes the Gateway to lose communication with the Hosts. The ARP Attack Cheating Gateway is illustrated in the following figure: Figure 12-10 ARP Attack – Cheating Gateway As the above figure shows, when the Gateway tries to communicate with Host A in the LAN, it will encapsulate the false destination MAC Address, which results in a breakdown of normal communication.
User Guide Figure 12-11 ARP Attack – Cheating Terminal Hosts As the above figure shows, when Host B tries to communicate with Host A, it will encapsulate the false destination MAC Address, which results in a breakdown of normal communication. Man-In-The-Middle Attack The attacker continuously sends counterfeit ARP packets to Hosts in the LAN to get the Hosts to maintain a counterfeit ARP Table.
XMS-1024P Suppose there are three Hosts in LAN connected with one another through a Switch. Host A: IP Address is 192.168.0.101; MAC address is 00-00-00-11-11-11. Host B: IP Address is 192.168.0.102; MAC address is 00-00-00-22-22-22. Attacker: IP Address is 192.168.0.103; MAC address is 00-00-00-33-33-33. The attacker sends the counterfeit ARP Response packets. Upon receiving the ARP Response packets, Host A and Host B update their ARP Tables.
User Guide Choose the menu Network Security>>ARP Inspection>>ARP Detection to load the following page: Figure 12-13 ARP Detection The following entries are displayed on this screen: ARP Detection ARP Detection: Trusted Port Trusted Port: Enable/Disable the ARP Detection function. Select the Port(s) for which the ARP Detection function is unnecessary. Ports such as Uplink Ports, Router Ports and LAG Ports, should be set as Trusted Ports.
XMS-1024P Configuration Procedure: Step Operation Description 1 Bind the IP Address, MAC address, VLAN ID and Port Number of the Host together. On the IP-MAC Binding page bind the IP Address, MAC address, VLAN ID and Port Number of the Host together via Manual Binding, ARP Scanning or DHCP Snooping. 2 Enable Protection for the bound entry. On the Network Security>>IP-MAC Binding>>IP-MAC Binding Table page specify a Protect Type for the corresponding bound entry. 3 Specify the trusted Port(s).
User Guide The following entries are displayed on this screen: ARP Defense Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for configuration. Port: Displays the Port number. Defend: Enable/Disable the ARP Defense feature for the Port. Speed: Enter a value to specify the maximum amount of received ARP packets per second. Current Speed: Displays the current speed of received ARP packets.
XMS-1024P Choose the menu Network Security>>ARP Inspection>>ARP Statistics to load the following page: Figure 12-15 ARP Statistics The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh feature. Refresh Interval: Specify the refresh interval to display the ARP Statistics. Illegal ARP Packet Port: Displays the Port number. Trusted Port: Displays wither the Port is a Trusted ARP Port or not.
User Guide 12.3 DoS Defense DoS (Denial of Service) Attacks attempt to occupy the Network bandwidth by sending massive amounts of service requests to a Host(s). This can cause poor service quality or even a breakdown of Network communication. With the DoS Defense function enabled, the Switch can analyze the Fields of IP packets and distinguish malicious DoS attack packets from permitted traffic.
XMS-1024P DoS Attack Type Description SYN/SYN-ACK Flooding The attacker uses a counterfeit IP Address to send TCP request packets to a Server. Upon receipt of the request packets, the Server responds with SYN-ACK packets. Since the IP Address is fake, no response is returned. The Server keeps sending SYN-ACK packets attempting to reach the counterfeit Host. This attack causes latency on the Network and can block access to Server resources.
User Guide The following entries are displayed on this screen: DoS Defense: Enable/Disable the DoS Defense function. Defend Options Select: Select the Entry to Enable the corresponding Defense Type. Defense Type: Displays the Defense Type. We suggest taking the following steps to ensure the Network security. NOTE: Inspect and Repair system vulnerabilities regularly. We recommend installing the latest system Firmware on all Network devices and backup of all important data.
XMS-1024P 802.1X/RADIUS uses a Client/Server architecture with three entities: a Supplicant, an Authenticator and an Authentication Server, as shown in the following figure: Figure 12-17 Architecture of 802.1X/RADIUS Authentication Supplicant: The Supplicant is an entity in the LAN and is Authenticated by the Authenticator. The Supplicant is usually a common terminal or computer. 802.1X/ RADIUS Authentication is initiated when a user launches a RADIUS Client program on the Supplicant.
User Guide EAP protocol packets transmitted between the Authenticator and the RADIUS Server can either be encapsulated as EAPOR (EAP over RADIUS) packets or the Supplicant transmission will be terminated at Authenticator and the Authenticator then communicates with RADIUS Servers through PAP (Password Authentication Protocol) or CHAP (Challenge Handshake Authentication Protocol) protocol packets.
XMS-1024P Figure 12-18 EAP-MD5 Authentication Procedure A Supplicant launches an 802.1X/RADIUS Client program using its registered User Name and Password to initiate an Access Request by sending an EAPOL-Start packet to the Switch. The 802.1X Client program then forwards the packet to the Switch to start the Authentication process. Upon receiving the Authentication Request packet, the Switch sends an EAPRequest/Identity packet to ask the 802.1X/RADIUS Client program for the User Name. The 802.
User Guide Upon receipt of the key (encapsulated in an EAP-Request/MD5 Challenge packet) from the Switch, the client program encrypts the Password of the Supplicant with the key and sends the encrypted Password (contained in an EAP-Response/MD5 Challenge packet) to the RADIUS Server through the Switch. The RADIUS Server compares the received encrypted Password (contained in a RADIUS Access-Request packet) with the locally-encrypted Password.
XMS-1024P In PAP mode, the Switch (instead of the Server) encrypts the Password and sends the User Name using the Randomly-Generated key, and the Supplicant-Encrypted Password to the RADIUS Server for further Authentication. 802.1X/RADIUS Timer In 802.1X Authentication, the following timers are used to ensure that the Supplicant, the Switch, and the RADIUS Server interact correctly: Supplicant Timeout: This timer is triggered by the Switch after the Switch sends a Request packet to a Supplicant.
User Guide The 802.1X/RADIUS function is implemented on the 802.1X Config, 802.1X Port Config and Radius Server Config pages. 12.4.1 802.1X Config On this page you can enable the 802.1X/RADIUS Authentication function globally and control the Authentication process by specifying the Authentication Method, Guest VLAN and various Timers. Choose the menu Network Security>>802.1X/RADIUS>>802.1X Config to load the following page: Figure 12-20 802.1X Config © 2014 Luxul. All Rights Reserved.
XMS-1024P The following entries are displayed on this screen: 802.1X Config 802.1X: Enable/Disable the 802.1X function. Authentication Select the Authentication Method from the pull-down list. Method: EAP-MD5: IEEE 802.1X/RADIUS Authentication system uses extensible Authentication protocol (EAP) to exchange information between the Switch and the client. The EAP protocol packets with Authentication Data can be encapsulated in advanced protocol packets to be transmitted to the Authentication Server.
User Guide 12.4.2 802.1X Port Config On this page you can configure the 802.1X/RADIUS features for the Ports. Choose the menu Network Security>>802.1X/RADIUS>>802.1X Port Config to load the following page: Figure 12-21 802.1X Port Config The following entries are displayed on this screen: 802.1X Port Config Port Select: Click the Select button to quick-select the corresponding Port. Select: Select the desired Port(s) for configuration. Port: Displays the Port number. Status: Enable/Disable the 802.
XMS-1024P 802.1X Port Config Control Type: Specify the Control Type for the Port. MAC Based: Any client connected to the Port must pass 802.1X/ RADIUS Authentication for access. Port Based: All the clients connected to the Port can access the Network once any one of the connected clients has passed 802.1X/ RADIUS Authentication. Authorized: Displays the Authentication status of the Port. LAG: Displays the LAG Group number the Port belongs to. CAUTION: 802.
User Guide The following entries are displayed on this screen: RADIUS Sever Config Primary IP: Enter the IP Address of the Primary Authentication Server. Secondary IP: Enter the IP Address of the Secondary Authentication Server. Authentication Port: Set the UDP Port for the Authentication Server(s). Default Port 1812 Authentication KEY: Set the shared Password for the Switch and the Authentication Server(s) used when exchanging messages.
XMS-1024P Configuration Procedure: Step Operation Description 1 Connect an Authentication Server to the Switch Record the information for a client in the LAN to the Authentication Server and configure the corresponding Authentication Username and Password for the client. 2 Install the 802.1X/ RADIUS Client software. Client computers are required to install the 802.1X/RADIUS software that is provided with your RADIUS Server. 3 Configure 802.1X/ RADIUS globally. By default, the 802.
User Guide packets from the SNMP Management Station. The SNMP Agent will inform the SNMP Management Station of Events, device Status changes, or if the device encounters any abnormalities such as a device reboot. MIB: The MIB is a set of Managed Objects. The MIB defines the attributes of the managed objects including Names, Access Rights and Data types. Every SNMP Agent has its own specific MIB. The SNMP Management Station can Read/Write to the MIB Objects based on its Management rights.
XMS-1024P SNMP Version 2c: SNMP v2c also uses Community Name Authentication. It is compatible with SNMP v1 and expands the functions of SNMP v1. SNMP Version 3: Based on SNMP v1 and SNMP v2c, SNMP v3 greatly enhances the security and manageability of SNMP. It adopts VACM (View-Based Access Control Model) and USM (User-Based Security Model) Authentication. You can configure the Authentication and Encryption functions.
User Guide forbid Management by the SNMP Management Station by configuring its view type (Included/Excluded). The OID of the Managed Object can be found in the SNMP Client program running on the SNMP Management Station. Create an SNMP Group Settings After creating the SNMP View Config, it is required to create SNMP Group Settings or The Group Name, Security Model and Security Level comprise the identifier of the SNMP Group Settings.
XMS-1024P The following entries are displayed on this screen: SNMP Config SNMP: Enable/Disable the SNMP function globally. Local Engine Local Engine ID: Specifies the Switch’s Engine ID for remote clients. The Engine ID is a unique alphanumeric string used to identify the SNMP engine on the Switch Remote Engine Remote Engine ID: Specifies the Remote client Engine ID on the Switch.
User Guide Choose the menu SNMP>>SNMP Config>>SNMP View Config to load the following page. Figure 13-4 SNMP View Config The following entries are displayed on this screen: View Config View Name: Give a Name to the View for easy identification. Each View can include several entries with the same Name. MIB Object ID: Enter the Object Identifier (OID) of the Entry. View Type: Select the Type for the View Entry. Include: The View Entry can be managed by the SNMP Management Station.
XMS-1024P Choose the menu SNMP>>SNMP Config>>SNMP Group Settings to load the following page. Figure 13-5 SNMP Group Settings The following entries are displayed on this screen: Group Config Group Name: Enter the SNMP Group Name. The Group Name, Security Model and Security Level compose the identifier of the SNMP Group. Groups with these three items set the same are considered to be the same. Security Model: Select the Security Model for the SNMP Group.
User Guide Group Config Write View: Select the View to be the active Write View. Management Access Is set to write only, changes can be made to the assigned SNMP View Config. A View defined both as the Read View and the Write View can be Read and/or Modified. Notify View: Select the View to be the active Notify View. The Management Station can receive Trap Messages from the assigned SNMP View Config. Trap Messages are generated by the Switch’s SNMP Agent.
XMS-1024P Choose the menu SNMP>>SNMP Config>>SNMP User Config to load the following page: Figure 13-6 SNMP User Config The following entries are displayed on this screen: User Config User Name: User Type: Enter the User Name. Select the type of User. Group Name: Local User: Indicates that the User is connected to a Local SNMP Engine. Remote User: Indicates that the User is connected to a Remote SNMP Engine. Select the Group to which the User belongs.
User Guide User Config Auth Mode: Select the Authentication Mode for the User. (SNMP v3 only) None: No Authentication method is used. MD5: Port Authentication is performed using the HMAC-MD5 algorithm. SHA: Port Authentication is performed using the SHA (Secure Hash Algorithm). This Authentication mode uses higher security than MD5 mode. Auth Password: Enter the Password for Authentication. Privacy Mode: Select the Privacy Mode for the User.
XMS-1024P 13.1.5 SNMP Community Config SNMP v1 and SNMP v2c use Community Name Authentication. The Community Name is used to limit access to the SNMP Agent, functioning as a Password. If SNMP v1 or SNMP v2c is employed you can configure the SNMP Community Config on this page without configuring SNMP Group Settings and User Config Settings. Choose the menu SNMP>>SNMP Config>>SNMP Community Config to load the following page.
User Guide CAUTION: SNMP Community Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. NOTE: The default MIB View of SNMP Community Config is view Default. Configuration Procedure: If SNMPv3 is employed please use the following steps: Step Operation Description 1 Enable SNMP function globally.
XMS-1024P If SNMPv1 or SNMPv2c is employed please use the following steps: Step Operation Description 1 Enable SNMP function globally. On the SNMP>>SNMP Config>>SNMP Config page to enable the SNMP function globally. 2 Create SNMP View Config. On the SNMP>>SNMP Config>>SNMP View Config page create an SNMP View for the Management Agent. The default View Name is viewDefault and the default OID is 1. 3 Create an SNMP Community. Configure the Access Level of the user.
User Guide Choose the menu SNMP>>SNMP Notification>>SNMP Notification Config to load the following page. Figure 13-8 SNMP Notification Config The following entries are displayed on this screen: Create Notification IP Address: Enter the IP Address of the Management Station. UDP Port: Enter the UDP Port used to send SNMP Notifications. Default is 162 User: Enter the Username for the Management Station. Security Model: Select the Security Model of the Management Station.
XMS-1024P Create Notification Retry: Specify the number of times the Switch will Retry an Inform Request. The Switch will Retry the Inform Request. If it does not receive a response from the Management Station within the Timeout interval, it will terminate Retrying. If the number of Retry attempts reach the specified maximum number of Retries, the Switch will stop attempting to send the message.
User Guide entire Network. The RMON MIB records Network Statistics, Network Performance and Malfunctions. RMON helps the Network administrator manage large-scale Networks. It also reduces traffic between the Management Station and Managed Agent. RMON Group This Switch supports the following four RMON Groups defined in the RMON standard (RFC1757): History Group, Event Group, Statistic Group and Alarm Group.
XMS-1024P The following entries are displayed on this screen: History Control Config Table Select: Select the desired Entry to configure. Index: Displays the Index number of the Entry. Port: Specifies the Port from which the History samples were taken. Interval: Specifies the Interval to take samplings from the Port. Owner: Enter the Name of the device or User that defined the entry. Status: Enable/Disable the corresponding Sampling Entry.
User Guide The following entries are displayed on this screen: Event Table Select: Select the desired Entry to configure. Index: Displays the Index number of the Entry. User: Enter the Name of the User or the Community to which the Event belongs. Description: Give a Description to the Event for easy identification. Type: Select the Event Type which will determine the action taken by the Network device in response to an Event. None: No action taken. Log: Log the Event.
XMS-1024P The following entries are displayed on this screen: Alarm Table Select: Select the desired Entry to configure. Index: Displays the Index number of the Entry. Variable: Select the Alarm Variable from the dropdown list. Port: Select the Port to which the Alarm Entry is associated. Sample Type: Specify the Sampling method for the selected Variable. Absolute: Compares the values directly with the Thresholds at the end of the Sampling Interval.
User Guide Note: When an Alarm Variable exceeds the Threshold on the same Entry continuously, an Alarm Event will only be generated the first time the Threshold is exceeded. The Rising Alarm and Falling Alarm are triggered independently, so a Rising Alarm would not be considered a reason to block a Falling Alarm. 14 LLDP LLDP (Link Layer Discovery Protocol) is a Layer 2 protocol that is used to allow Network devices to advertise their Device Information to neighbors in the same Local Area Network.
XMS-1024P Figure 14-1 LLDPDU Format The maximum length of the LLDPDU is the maximum information field length allowed by the particular transmission rate and protocol. In IEEE 802.3 MAC for example, the maximum LLDPDU length is the maximum Data Field length for the basic Untagged MAC frame (1500 bytes). LLDP Mechanism 1.
User Guide to the TTL value of TTL (Time To Live) of the TLV. Once the TTL reaches 0 the neighbor information will be Aged Out. The Aging Time of the local information in the neighbor Device is determined by the TTL. A Hold Multiplier is a multiplier used on the Transmit Interval to determine the actual TTL value used in an LLDPDU. TTL = Hold Multiplier * Transmit Interval. TLV TLV refers to Type/Length/Value and is contained in a LLDPDU.
XMS-1024P TLV type TLV Name Description Usage in LLDPDU 2 Port ID Identifies the specific Port that transmitted the LLDP frame. When the Device does not advertise MED TLV, this field displays the Port name; when the device advertises MED TLV, this field displays the MAC Address of the Port. Mandatory 3 Time To Live Indicates the number of seconds that the neighbor Device is to keep the LLDPDU information. Mandatory 4 Port Description Identifies the Description string of the Port.
User Guide Extended Power-via-MDI TLV, Hardware Revision TLV and so on. NOTE: For detailed introduction of TLV, please refer to IEEE 802.1AB standard and ANSI/TIA-1057. In the Switch, the following LLDP optional TLVs are supported: Port Description TLV The Port Description TLV allows Network Management to advertise the IEEE 802 LAN station's Port Description.
XMS-1024P 14.1 LLDP Config LLDP is configured on the LLDP Config and LLDP Port Config pages. 14.1.1 LLDP Config On this page you can configure the LLDP parameters of the Device globally. Choose the menu LLDP>>LLDP Config>>LLDP Config to load the following page: Figure 14-1 LLDP Config The following entries are displayed on this screen: LLDP Config LLDP: Enable/Disable the LLDP function globally.
User Guide LLDP Config SNMP Notification Interval: Fast Start Count:. Specify the interval of Trap Messages to be sent from the local Device to Network Management system. The default value is 5. When the Port’s LLDP state changes from Disable (Rx_Only) to Enable (Tx&Rx or Tx Only), the fast start mechanism will be Enabled. This shortens the transmit interval to one second, and several LLDPDUs will be sent out (the number of LLDPDUs equals this parameter). The default value is 3.
XMS-1024P The following entries are displayed on this screen: LLDP Port Config Port Select: Select the desired Port(s) to configure. Admin Status: Select the Port’s LLDP operating mode: Tx&Rx: Send and Receive LLDP frames. Rx_Only: Receive LLDP frames only. Tx_Only: Send LLDP frames only. Disable: neither Send nor Receive LLDP frames. SNMP Notification Mode: Allows you to Enable or Disable the Ports’ SNMP Notifications.
User Guide 14.2.1 Local Info On this page you can see the Port configurations and System Settings information. Choose the menu LLDP>>Device Info>>Local Info to load the following page: Figure 14-3 LLDP Local Info The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh function. Refresh Rate: Specify the Auto Refresh Rate. Local Info Enter the desired Port number and click Select to display the information for the corresponding Port.
XMS-1024P 14.2.2 Neighbor Info On this page you can view the information of Neighbor Devices: Choose the menu LLDP>>Device Info>>Neighbor Info to load the following page. Figure 14-4 LLDP Neighbor Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh function. Refresh Rate: Specify the Auto Refresh Rate. Neighbor Info Port Select: Click the Select button to quick-select the corresponding Port.
User Guide 14.3 Device Statistics Here you can view the LLDP statistics of the local Device. Choose the menu LLDP>>Device Statistics>>Statistic Info to load the following page: Figure 14-5 LLDP Statistic Information The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh function. Refresh Rate: Specify the Auto Refresh Rate. Global Statistics Last Update: Displays latest Update time for the Statistics.
XMS-1024P Neighbor Statistics Port Select Click the Select button to quick-select the corresponding Port. Port: Displays local Device’s Port number. Transmit Total: Displays the number of LLDPDUs Sent by this Port. Receive Total: Displays the number of LLDPDUs Received by this Port. Discards: Displays the number of LLDPDUs Discarded by this Port. Errors: Displays the number of error LLDPDUs Received by this Port. Ageouts: Displays the number of Aged Out Neighbors linking to this Port.
User Guide Generic Endpoint Device (Class I): The most basic class of Endpoint Device. Media Endpoint Device (Class II): This class of Endpoint Device supports Media Stream capabilities. Communication Device Endpoint (Class III): This class of Endpoint Device supports end Users of the IP communication system. The following LLDP-MED optional TLVs are supported in XMS-1024P.
XMS-1024P LLDP-Media is configured on the LLDP-Media Config, LLDP-Media Port Config, LLDPMedia Local Info and LLDP-Media Neighbor Info pages. 14.4.1 LLDP-Media Config On this page you can configure the Global LLDP-MED parameters of the device.
User Guide 14.4.2 LLDP-Media Port Config On this page you can configure the Port(s) LLDP-MED parameters. Choose the menu LLDP>>LLDP-Media>>LLDP-Media Port Config to load the following page: Figure 14-7 LLDP-Media Port Config The following entries are displayed on this screen: LLDP-MED Port Config Port Select: Select the desired Port(s) to configure. LLDP-MED Status: Configure the Port’s LLDP-MED status: Enable: The Port’s LLDP-MED status, and the Port’s Admin Status will be changed to Tx&Rx.
XMS-1024P Included TLVs Select TLVs to be included in outgoing LLDPDUs. Location Identification Parameters Configure the Location Identification TLV’s content in outgoing LLDPDUs. Emergency Number: An Emergency Call Service ELIN identifier which is used during emergency call setup to a traditional CAMA or ISDN Trunk-Based PSAP. Civic Address: The Civic Address will reuse the relevant sub-fields of the DHCP option for Civic Address based Location Configuration Information as specified by IETF.
User Guide 14.4.3 LLDP-Media Local Info On this page you can view the Port LLDP-MED configuration. Choose the menu LLDP>>LLDP-Media>>LLDP-Media Local Info to load the following page: Figure 14-8 LLDP-Media Local Info The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh function. Refresh Rate: Specify the Auto Refresh Rate. Local Info Enter the desired Port number and click Select to display the information of the corresponding Port.
XMS-1024P CAUTION: LLDP-Media Local Info settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 14.4.4 LLDP-Media Neighbor Info On this page you can view the LLDP-MED information of Neighbor Devices.
User Guide The following entries are displayed on this screen: Auto Refresh Auto Refresh: Enable/Disable the Auto Refresh function. Refresh Rate: Specify the Auto Refresh Rate. Neighbor Info Port Select: Click the Select button to quick-select the corresponding Port. Local Port: Displays the local Port number connected to the Neighbor Device. Device Type: Displays the Device Type of the Neighbor. Application Type: Displays the Application Type of the Neighbor.
XMS-1024P The typical Cluster topology is shown below: Figure 15-1 Cluster topology Cluster Role According to their function and status in a Cluster, Switches in the Cluster will play different roles. You can specify the role this Switch plays. There are three roles in a Cluster. Commander Switch: Indicates this Device can configure and manage all Member Devices in a Cluster.
User Guide After being removed from the Cluster, a Member Switch becomes a Candidate Switch again. The Commander Switch becomes a Candidate Switch only when the Cluster is Deleted. NOTE: The XMS-1024P Switch cannot be configured as Commander Switch and cannot manage the Cluster. Introduction to Cluster The Cluster functions used to Configure and Manage the Switches in the Cluster are based on three protocols, NDP, NTDP and CMP (Cluster Management Protocol).
XMS-1024P A Switch maintains a Neighbor Information table which contains the NDP information of each discovered Neighbor Switch. If a Switch receives the NDP information of a new Neighbor it will add the information to the Neighbor Information Table. If the received NDP information is different from old information already existing in the Table the Switch will update the Neighbor Information Table. If the received NDP information is the same as the old information the Switch will just update the Aging Time.
User Guide 15.1.2 NDP Summary On this page you can view the NDP Configuration of the Switch. Choose the menu Cluster>>NDP>>NDP Summary to load the following page: Figure 15-3 NDP Summary The following entries are displayed on this screen: NDP Config Status NDP: Displays the Global NDP status (Enabled/Disabled) for the Switch. Aging Time: Displays the period of time for the Neighbor Switch to keep the NDP packets from this Switch. Hello Time: Displays the Interval used when sending NDP packets.
XMS-1024P 15.1.3 NDP Config On this page you can configure the NDP functions of the Switch. Choose the menu Cluster>>NDP>>NDP Config to load the following page: Figure 15-4 NDP Config The following entries are displayed on this screen: NDP Config NDP: Select to Enable/Disable NDP function Globally. Aging Time: Enter the period of time the Neighbor Switch should keep the NDP packets from this Switch. Hello Time: Enter the Interval used when sending NDP packets.
User Guide CAUTION: NDP Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to nonvolatile memory. NOTE: The NDP functions are effective only when NDP is enabled Globally and for at least one Port. NOTE: The Aging Time should be set higher than the Hello Time value. 15.2 NTDP NTDP (Neighbor Topology Discovery Protocol) is used by the Commander to collect NDP information.
XMS-1024P 15.2.1 NTDP Device Table On this page you can view the information of the devices collected by NTDP. Even if a cluster is not established, you can manually collect NTDP information at any time to manage and control devices. Choose the menu Cluster>>NTDP>>NTDP Device Table to load the following page: Figure 15-5 NTDP Device Table The following entries are displayed on this screen: Device Table Device Type: Displays the Device Type collected through NTDP.
User Guide Figure 15-6 Detailed Information for the Current Device © 2014 Luxul. All Rights Reserved.
XMS-1024P 15.2.2 NTDP Summary On this page you can view the NTDP configuration. Choose the menu Cluster>>NTDP>>NTDP Summary to load the following page: Figure 15-7 NTDP Summary The following entries are displayed on this screen: NTDP Config Status NTDP: Displays the NTDP status (Enabled/Disabled) of the Switch. NTDP Interval Time: Displays the Interval for collecting Topology information. NTDP Hops: Displays the Hop Count of the Switch topology.
User Guide 15.2.3 NTDP Config On this page you can configure NTDP Globally. Choose the menu Cluster>>NTDP>>NTDP Config to load the following page: Figure 15-8 NTDP Config © 2014 Luxul. All Rights Reserved.
XMS-1024P The following entries are displayed on this screen: Global Config NTDP: Enable/Disable NTDP for the Switch Globally. NTDP Interval Time: Enter the Interval used for collecting Topology information. The default is 1 minute. NTDP Hops: Enter the number of Hops Count for which data is collected. The default is 3 hops. NTDP Hop Delay: Enter the Time between the Switch receiving NTDP request packets and the Switch forwarding NTDP request packets for the first time. The default is 200 milliseconds.
User Guide 15.3 Cluster A Commander Switch can recognize and add a Candidate Switch to a Cluster Automatically based on NDP and NTDP. You can Manually add a Candidate Switch to a Cluster. If the Candidate Switch is successfully added to the Cluster it will receive a private IP Address assigned by the Commander Switch. You can manage and configure the member Switch via the Commander Switch. Note: The XMS-1024P cannot be configured as a Commander Switch and cannot manage the Cluster.
XMS-1024P 15.3.2 Cluster Config On this page you can configure the Status of the Cluster the Switch belongs to. Choose the menu Cluster>>Cluster>>Cluster Config to load the following page: Figure 15-12 Cluster Configuration for Candidate Switch The following entries are displayed on this screen: Current Role Role: Displays the Role the Switch plays in the Cluster. Role Change Individual: Select this option to change the role of the Switch.
User Guide 16 MAINTENANCE The maintenance function provides some commonly used tools to help manage the Switch. It offers a convenient method for locating and solving Network problems. CPU Monitor/Memory Monitor: Monitors the utilization status of Memory and the CPU in the Switch. System Logs: Allows you to view logs generated by the Switch and find errors via the Logs. Cable Test: Allows you to test the connection status of a cable to locate and diagnose potential cabling issues.
XMS-1024P 16.1.1 CPU Monitor Choose the menu Maintenance>>System Monitor>>CPU Monitor to load the following page: Figure 16-1 CPU Monitor Click the Monitor button to enable monitoring and display of the CPU utilization rate every four seconds. 272 a: 14203 Minuteman Drive, Suite 201, Draper, UT 84020-1685 | luxul.
User Guide 16.1.2 Memory Monitor Choose the menu Maintenance>>System Monitor>>Memory Monitor to load the following page: Figure 16-2 Memory Monitor Click the Monitor button to enable monitoring and display its Memory utilization rate every four seconds. 16.2 System Logs The Log system of Switch can record, classify and manage the System Logs effectively, providing powerful support tool for the Network administrator to monitor Network operations and diagnose malfunctions. © 2014 Luxul.
XMS-1024P The switch Logs are classified into the following eight levels. Severity Level Description emergencies 0 The system is unusable. alerts 1 Action must be taken immediately.
User Guide 16.2.1 Log Table The Switch supports log output into two formats: the log buffer and a log file. The information in log buffer will be lost after the Switch is rebooted or powered. The information in log file will be kept even if the Switch is rebooted or powered off. The Log Table displays the information in log buffer.
XMS-1024P Note: Logs are classified into eight levels based on Severity. The higher the Severity, the lower the corresponding level. Note: This page displays logs in the log buffer and has a limit of 512 logs. 16.2.2 Local Log Config Local Log is log information saved on the Switch. By default all system logs are saved in log buffer and the logs with severities from level_0 to level_4 are saved in the log file. On this page you can set the output channel for the logs.
User Guide Local Log Config Severity: Specifies the Severity Level of the log information output to each channel. Only the log with the same or smaller Severity Level will be saved. Status: Enable/Disable the Channel. CAUTION: Local Log Config settings will be restored to defaults if the Switch is restarted and you have not selected Save Config from the main menu and saved your running configuration to non-volatile memory. 16.2.
XMS-1024P The following entries are displayed on this screen: Syslog Hosts Index: Displays the Index of the Syslog Host. The Switch supports up to 4 Syslog Hosts. Host IP: Configure the IP for the Syslog Host. UDP Port: Displays the UDP Port used for Receiving/Sending log information. The default is Port 514. Severity: Specifies the Severity Level of the log information to be sent to each Syslog Host.
User Guide The following entry is displayed on this screen: Backup Log Backup Log: Click the Backup Log button to save the log as a file to your computer. Note: It may take a few minutes to backup the log file. Please be patient. 16.3 Device Diagnostics This Switch provides Cable Test and Loopback functions for device diagnostics. 16.3.1 Cable Test Cable Test function tests the connection status of the cable connected to the Switch, this help you to locate and diagnose cable issues.
XMS-1024P The following entries are displayed on this screen: Cable Test Port: Select the Port for Cable Testing. Pair: Displays the Pair Number. Status: Displays the Connection Status of the cable connected to the Port. The test results of the cable include normal, close, open, short, impedance or unknown. Length: If the Connection Status returned is normal, this will attempt to display the Length Range of the Cable.
User Guide The following entries are displayed on this screen: Loopback Type Internal: Select Internal to test whether the Port is available. External: Select External to test whether the Device connected to the Port of the Switch is available Loopback Port Loopback Port: Select the desired Port for Loopback testing. Test: Click the Test button to start the Loopback test on the Port. 16.4 Network Diagnostics This Switch provides Ping and Trace Route test functions for Network diagnostics. 16.4.
XMS-1024P Choose the menu Maintenance>>Network Diagnostics>>Trace Route to load the following page: Figure 16-10 Trace Route The following entries are displayed on this screen: Trace Route Config Destination IP: Enter the IP Address of the Destination Device. Max Hop: Specify the Maximum number of the Route Hops the test Data can pass through. 17 SAVE CONFIG The Save Config function is used to Save the Running Configuration of the Switch to Non-Volatile RAM.
User Guide 18 REGULATORY COMPLIANCE The device complies with internationally recognized standards covering human exposure to electromagnetic fields from radio devices. This equipment also complies with FCC radiation exposure set forth for an uncontrolled environment. In order to avoid the possibility of exceeding the FCC radio frequency exposure limits, human proximity to the antenna shall not be less than 20 cm (8 inches) during normal operation.
XMS-1024P The antenna used for this transmitter must be installed to provide a separation distance of at least 20cm from all persons and must not be co-located or operating in conjunction with any other antenna or transmitter. The following safety precautions should be observed: Do not touch or move the antenna while the unit is transmitting or receiving.
User Guide Industry Canada (RSS-Gen Issue 2) This device complies with Industry Canada licence-exempt RSS standard(s). Operation is subject to the following two conditions: (1) this device may not cause interference, and (2)this device must accept any interference, including interference that may cause undesired operation of the device. Le présent appareil est conforme aux CNR d’Industrie Canada applicables aux appareilsradio exempts de licence.
XMS-1024P APPENDIX A: SPECIFICATIONS Standards IEEE802.3 10Base-T Ethernet IEEE802.3u 100Base-TX/100Base-FX Fast Ethernet IEEE802.3ab 1000Base-T Gigabit Ethernet IEEE802.3z 1000Base-X Gigabit Ethernet IEEE802.3x Flow Control IEEE802.1p QoS IEEE802.1q VLAN IEEE802.1X/RADIUS Port-based Access Authentication Transmission Rate Ethernet: 10Mbps HD,20Mbps FD Fast Ethernet: 100Mbps HD,200Mbps FD Gigabit Ethernet: 2000Mbps FD Transmission Medium 10Base-T: UTP/STP of Cat. 3 or above 100Base-TX: UTP/STP of Cat.
User Guide GLOSSARY Access Control List (ACL) ACLs are used to limit Network traffic and restrict access to certain users or devices by checking each packet for specified IP or MAC (i.e., Layer 2) information. Boot Protocol (BOOTP) BOOTP is used to provide boot IP information for Network devices, including IP Address information, the address of a TFTP Server that contains the devices system files, and the name of the boot file.
XMS-1024P GARP VLAN Registration Protocol (GVRP) Allows Switches to exchange VLAN information in order to register necessary VLAN members on Ports across the Spanning Tree so that VLANs defined in each Switch will function automatically over a Spanning Tree Network.
User Guide IEEE 802.3X Defines Ethernet frame start/stop requests and timers used for flow control on fullduplex links. (Now incorporated in IEEE 802.3-2002) Internet Group Management Protocol (IGMP) A protocol through which hosts can register with their local Router for Multicast services. If there is more than one Multicast Switch/Router on a given subnetwork, one of the devices is made the “querier” and assumes responsibility for keeping track of group membership.
XMS-1024P Management Information Base (MIB) MIB is an acronym for Management Information Base. It is a set of Database objects that contains information about a specific device. MD5 Message-Digest Algorithm An algorithm that is used to create digital signatures. It is intended for use with 32 bit machines and is safer than the MD4 algorithm. MD5 is a one-way hash function. It takes a message and converts it into a fixed string of digits also called a message digest.
User Guide Secure Shell (SSH) A secure replacement for remote access functions, including Telnet. SSH can authenticate users with a cryptographic key, and encrypt Data connections between Management clients and the Switch. Simple Network Management Protocol (SNMP) The application protocol in the Internet suite of protocols that offers Network Management services.
User Datagram Protocol (UDP) Provides a Datagram mode for packet-Switched communications. It uses IP as the underlying transport mechanism to provide access to IP-like services. UDP packets are delivered just like IP packets – connection-less Datagrams that may be discarded before reaching their targets. UDP is useful when TCP would be too complex, too slow, or just unnecessary.